Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25/06/2024, 03:42
General
-
Target
2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe
-
Size
92KB
-
MD5
38f49eff137b92c50a9d7945572185b0
-
SHA1
8952db17f47e0755af64c5b8c03a9441df0fa8ff
-
SHA256
2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983
-
SHA512
ace7991c6350e41e848da3f78e39186bc8d28c46168d5322cfe521e80ad0eafe1e4be156d952f08cd91643d3610626c90662782706bd1f4f44d64094fbfa342a
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWprCTI:8hOmTsF93UYfwC6GIout0fmCiiiXA6mP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\391v9k.exec:\391v9k.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8wljw.exec:\8wljw.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nn7o.exec:\9nn7o.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n47t9.exec:\n47t9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qit8b.exec:\qit8b.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m34o3wn.exec:\m34o3wn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7528o3l.exec:\7528o3l.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cqo452.exec:\cqo452.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nq34wc.exec:\nq34wc.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sf000q.exec:\sf000q.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0m463.exec:\0m463.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6b83jh.exec:\6b83jh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ma4kp0.exec:\8ma4kp0.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\11vaa0v.exec:\11vaa0v.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\98o17j6.exec:\98o17j6.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5679f.exec:\5679f.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68420a.exec:\68420a.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\37j895.exec:\37j895.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhk505r.exec:\lhk505r.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lr9fp.exec:\lr9fp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f95u9.exec:\f95u9.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\98m5gd0.exec:\98m5gd0.exe23⤵
- Executes dropped EXE
-
\??\c:\1ll999.exec:\1ll999.exe24⤵
- Executes dropped EXE
-
\??\c:\f37k79.exec:\f37k79.exe25⤵
- Executes dropped EXE
-
\??\c:\x6rw35p.exec:\x6rw35p.exe26⤵
- Executes dropped EXE
-
\??\c:\vq8e4.exec:\vq8e4.exe27⤵
- Executes dropped EXE
-
\??\c:\18f4up.exec:\18f4up.exe28⤵
- Executes dropped EXE
-
\??\c:\bgpac.exec:\bgpac.exe29⤵
- Executes dropped EXE
-
\??\c:\14ur3.exec:\14ur3.exe30⤵
- Executes dropped EXE
-
\??\c:\2qh96.exec:\2qh96.exe31⤵
- Executes dropped EXE
-
\??\c:\0w37w1.exec:\0w37w1.exe32⤵
- Executes dropped EXE
-
\??\c:\smbk7if.exec:\smbk7if.exe33⤵
- Executes dropped EXE
-
\??\c:\016hm2.exec:\016hm2.exe34⤵
- Executes dropped EXE
-
\??\c:\0484957.exec:\0484957.exe35⤵
- Executes dropped EXE
-
\??\c:\a74k5.exec:\a74k5.exe36⤵
- Executes dropped EXE
-
\??\c:\t15249j.exec:\t15249j.exe37⤵
- Executes dropped EXE
-
\??\c:\5l7c27s.exec:\5l7c27s.exe38⤵
- Executes dropped EXE
-
\??\c:\g4qnf.exec:\g4qnf.exe39⤵
- Executes dropped EXE
-
\??\c:\4616g5m.exec:\4616g5m.exe40⤵
- Executes dropped EXE
-
\??\c:\x9dv3.exec:\x9dv3.exe41⤵
- Executes dropped EXE
-
\??\c:\x682bs.exec:\x682bs.exe42⤵
- Executes dropped EXE
-
\??\c:\3fvc47.exec:\3fvc47.exe43⤵
- Executes dropped EXE
-
\??\c:\9654s.exec:\9654s.exe44⤵
- Executes dropped EXE
-
\??\c:\2sr618.exec:\2sr618.exe45⤵
- Executes dropped EXE
-
\??\c:\6l4qe5.exec:\6l4qe5.exe46⤵
- Executes dropped EXE
-
\??\c:\nniec7f.exec:\nniec7f.exe47⤵
- Executes dropped EXE
-
\??\c:\823551.exec:\823551.exe48⤵
- Executes dropped EXE
-
\??\c:\w6551.exec:\w6551.exe49⤵
- Executes dropped EXE
-
\??\c:\fag43a.exec:\fag43a.exe50⤵
- Executes dropped EXE
-
\??\c:\0fog3gw.exec:\0fog3gw.exe51⤵
- Executes dropped EXE
-
\??\c:\x1fr33.exec:\x1fr33.exe52⤵
- Executes dropped EXE
-
\??\c:\4l98o93.exec:\4l98o93.exe53⤵
- Executes dropped EXE
-
\??\c:\6ecj31s.exec:\6ecj31s.exe54⤵
- Executes dropped EXE
-
\??\c:\1fn45f.exec:\1fn45f.exe55⤵
- Executes dropped EXE
-
\??\c:\eieew8e.exec:\eieew8e.exe56⤵
- Executes dropped EXE
-
\??\c:\6o2e513.exec:\6o2e513.exe57⤵
- Executes dropped EXE
-
\??\c:\k21s0.exec:\k21s0.exe58⤵
- Executes dropped EXE
-
\??\c:\630352.exec:\630352.exe59⤵
- Executes dropped EXE
-
\??\c:\1nk4u7.exec:\1nk4u7.exe60⤵
- Executes dropped EXE
-
\??\c:\o1go67r.exec:\o1go67r.exe61⤵
- Executes dropped EXE
-
\??\c:\w55sxq.exec:\w55sxq.exe62⤵
- Executes dropped EXE
-
\??\c:\im53t3s.exec:\im53t3s.exe63⤵
- Executes dropped EXE
-
\??\c:\6j8263.exec:\6j8263.exe64⤵
- Executes dropped EXE
-
\??\c:\1w040.exec:\1w040.exe65⤵
- Executes dropped EXE
-
\??\c:\s201t.exec:\s201t.exe66⤵
-
\??\c:\gwe6pd.exec:\gwe6pd.exe67⤵
-
\??\c:\829f2w.exec:\829f2w.exe68⤵
-
\??\c:\dl7oq7c.exec:\dl7oq7c.exe69⤵
-
\??\c:\n706602.exec:\n706602.exe70⤵
-
\??\c:\qu187r7.exec:\qu187r7.exe71⤵
-
\??\c:\exig103.exec:\exig103.exe72⤵
-
\??\c:\4umpl.exec:\4umpl.exe73⤵
-
\??\c:\47sq43f.exec:\47sq43f.exe74⤵
-
\??\c:\5h4492.exec:\5h4492.exe75⤵
-
\??\c:\2wwb9tx.exec:\2wwb9tx.exe76⤵
-
\??\c:\9298jhn.exec:\9298jhn.exe77⤵
-
\??\c:\00806.exec:\00806.exe78⤵
-
\??\c:\hlmj73.exec:\hlmj73.exe79⤵
-
\??\c:\i50v5.exec:\i50v5.exe80⤵
-
\??\c:\g1k5a2q.exec:\g1k5a2q.exe81⤵
-
\??\c:\c8gaeu.exec:\c8gaeu.exe82⤵
-
\??\c:\6809l2.exec:\6809l2.exe83⤵
-
\??\c:\7h5jo2j.exec:\7h5jo2j.exe84⤵
-
\??\c:\xqad40.exec:\xqad40.exe85⤵
-
\??\c:\s09gpe.exec:\s09gpe.exe86⤵
-
\??\c:\3adko.exec:\3adko.exe87⤵
-
\??\c:\5ac3p.exec:\5ac3p.exe88⤵
-
\??\c:\di0kie.exec:\di0kie.exe89⤵
-
\??\c:\45199.exec:\45199.exe90⤵
-
\??\c:\3965r7.exec:\3965r7.exe91⤵
-
\??\c:\f7s9lkf.exec:\f7s9lkf.exe92⤵
-
\??\c:\8869d0.exec:\8869d0.exe93⤵
-
\??\c:\a06xxa3.exec:\a06xxa3.exe94⤵
-
\??\c:\i7724k9.exec:\i7724k9.exe95⤵
-
\??\c:\8n6o90.exec:\8n6o90.exe96⤵
-
\??\c:\602808.exec:\602808.exe97⤵
-
\??\c:\c3969r.exec:\c3969r.exe98⤵
-
\??\c:\b83tdw.exec:\b83tdw.exe99⤵
-
\??\c:\1w5ih.exec:\1w5ih.exe100⤵
-
\??\c:\6jx2x41.exec:\6jx2x41.exe101⤵
-
\??\c:\2cd3lcd.exec:\2cd3lcd.exe102⤵
-
\??\c:\eu7e47w.exec:\eu7e47w.exe103⤵
-
\??\c:\60244.exec:\60244.exe104⤵
-
\??\c:\fg93l1k.exec:\fg93l1k.exe105⤵
-
\??\c:\36sjqo.exec:\36sjqo.exe106⤵
-
\??\c:\q0w8o.exec:\q0w8o.exe107⤵
-
\??\c:\mv17ff6.exec:\mv17ff6.exe108⤵
-
\??\c:\r9i1a.exec:\r9i1a.exe109⤵
-
\??\c:\wq760.exec:\wq760.exe110⤵
-
\??\c:\l52cl2k.exec:\l52cl2k.exe111⤵
-
\??\c:\1o3gc.exec:\1o3gc.exe112⤵
-
\??\c:\1p68413.exec:\1p68413.exe113⤵
-
\??\c:\v479u9.exec:\v479u9.exe114⤵
-
\??\c:\7oa10.exec:\7oa10.exe115⤵
-
\??\c:\2ee126.exec:\2ee126.exe116⤵
-
\??\c:\45mxuu.exec:\45mxuu.exe117⤵
-
\??\c:\1rva6.exec:\1rva6.exe118⤵
-
\??\c:\ad628.exec:\ad628.exe119⤵
-
\??\c:\mhd45f8.exec:\mhd45f8.exe120⤵
-
\??\c:\3sw25xu.exec:\3sw25xu.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-