Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25/06/2024, 13:37
General
-
Target
66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f_NeikiAnalytics.exe
-
Size
169KB
-
MD5
5e832c1cf14a3dbd44c14e2616169af0
-
SHA1
66f568676d2d0e72dd86575b6855389e51d097e0
-
SHA256
66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f
-
SHA512
558f581ba47fe998c0c20e0c80ad58f9ba46d74473394883d993bc4684b6b1f84630f028248ade60b56fe6e5120d9780ace49d4695713822d094a65249896c6c
-
SSDEEP
1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2p:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8V2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f_NeikiAnalytics.exe"2⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\66c38a85d4873e171d0538bdecad163d204b3c4790e0c1731a05d1d870589b8f_NeikiAnalytics.exe"3⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrfl.exec:\lfxlrfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrxflx.exec:\5xrxflx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxxl.exec:\fxllxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlxlr.exec:\lxxlxlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnt.exec:\tnbtnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpj.exec:\ppdpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrrrxr.exec:\9rrrrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhth.exec:\tnbhth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvd.exec:\vdjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllrfl.exec:\5xllrfl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllxxf.exec:\lxllxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\5pjdp.exec:\5pjdp.exe19⤵
- Executes dropped EXE
-
\??\c:\lxrrlfr.exec:\lxrrlfr.exe20⤵
- Executes dropped EXE
-
\??\c:\bthnhh.exec:\bthnhh.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe22⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe23⤵
- Executes dropped EXE
-
\??\c:\xlxrflr.exec:\xlxrflr.exe24⤵
- Executes dropped EXE
-
\??\c:\9bbnbn.exec:\9bbnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe26⤵
- Executes dropped EXE
-
\??\c:\5lflrfl.exec:\5lflrfl.exe27⤵
- Executes dropped EXE
-
\??\c:\7xrrfll.exec:\7xrrfll.exe28⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrrfff.exec:\rfrrfff.exe31⤵
- Executes dropped EXE
-
\??\c:\hbtntb.exec:\hbtntb.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\9frrxrx.exec:\9frrxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\nhthth.exec:\nhthth.exe35⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe36⤵
- Executes dropped EXE
-
\??\c:\lflfxxl.exec:\lflfxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\lrffxxf.exec:\lrffxxf.exe38⤵
-
\??\c:\9htthb.exec:\9htthb.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\7fxfrxf.exec:\7fxfrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe43⤵
- Executes dropped EXE
-
\??\c:\7fxxfrx.exec:\7fxxfrx.exe44⤵
- Executes dropped EXE
-
\??\c:\fxflxfl.exec:\fxflxfl.exe45⤵
- Executes dropped EXE
-
\??\c:\bntbhn.exec:\bntbhn.exe46⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe47⤵
- Executes dropped EXE
-
\??\c:\5dvdj.exec:\5dvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\flflrrr.exec:\flflrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnbnb.exec:\nbnbnb.exe50⤵
- Executes dropped EXE
-
\??\c:\5thhnt.exec:\5thhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\frxxllr.exec:\frxxllr.exe52⤵
- Executes dropped EXE
-
\??\c:\7tnbhn.exec:\7tnbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\7ntbhh.exec:\7ntbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\1rlfllr.exec:\1rlfllr.exe56⤵
- Executes dropped EXE
-
\??\c:\5fxrffr.exec:\5fxrffr.exe57⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe58⤵
- Executes dropped EXE
-
\??\c:\3vpvd.exec:\3vpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\rrfrfxf.exec:\rrfrfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdpdv.exec:\pdpdv.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxfllr.exec:\xrxfllr.exe65⤵
- Executes dropped EXE
-
\??\c:\3nhntt.exec:\3nhntt.exe66⤵
- Executes dropped EXE
-
\??\c:\7nhnhn.exec:\7nhnhn.exe67⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe68⤵
- Executes dropped EXE
-
\??\c:\1rflrrx.exec:\1rflrrx.exe69⤵
-
\??\c:\3htttn.exec:\3htttn.exe70⤵
-
\??\c:\bthntb.exec:\bthntb.exe71⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe72⤵
-
\??\c:\xrxfffr.exec:\xrxfffr.exe73⤵
-
\??\c:\1ttthb.exec:\1ttthb.exe74⤵
-
\??\c:\tnhthb.exec:\tnhthb.exe75⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe76⤵
-
\??\c:\xxfrllf.exec:\xxfrllf.exe77⤵
-
\??\c:\5frrflr.exec:\5frrflr.exe78⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe79⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe80⤵
-
\??\c:\1fxxxxx.exec:\1fxxxxx.exe81⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe82⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe83⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe84⤵
-
\??\c:\3hbhtt.exec:\3hbhtt.exe85⤵
-
\??\c:\ththnn.exec:\ththnn.exe86⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe87⤵
-
\??\c:\xlfrlfr.exec:\xlfrlfr.exe88⤵
-
\??\c:\9htbhh.exec:\9htbhh.exe89⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe90⤵
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe91⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe92⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe93⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe94⤵
-
\??\c:\7xllrxr.exec:\7xllrxr.exe95⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe96⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe97⤵
-
\??\c:\pddpd.exec:\pddpd.exe98⤵
-
\??\c:\flxxlll.exec:\flxxlll.exe99⤵
-
\??\c:\rfrrfxx.exec:\rfrrfxx.exe100⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe101⤵
-
\??\c:\ppddd.exec:\ppddd.exe102⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe103⤵
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe104⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe105⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe106⤵
-
\??\c:\7dvjp.exec:\7dvjp.exe107⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe108⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe109⤵
-
\??\c:\9hnhnt.exec:\9hnhnt.exe110⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe111⤵
-
\??\c:\1djvv.exec:\1djvv.exe112⤵
-
\??\c:\lfrrxlr.exec:\lfrrxlr.exe113⤵
-
\??\c:\5lfrxfr.exec:\5lfrxfr.exe114⤵
-
\??\c:\tntbth.exec:\tntbth.exe115⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe116⤵
-
\??\c:\7rlrxxl.exec:\7rlrxxl.exe117⤵
-
\??\c:\lflrxff.exec:\lflrxff.exe118⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe119⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe120⤵
-
\??\c:\pjddp.exec:\pjddp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-