Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
07/05/2024, 20:05
General
-
Target
1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe
-
Size
351KB
-
MD5
1c693a60202ab21ec468e72d13cccbc0
-
SHA1
fcfb1405f40b31429d6344e39c466c5d4797e8b5
-
SHA256
f62958629395ecabe50259cfec131f1cd602e0ed2668bdd951e513bc6ffeda0c
-
SHA512
dd10f9914c201c8a74389d26bb433059e52b5804afbd437041897d0955acec414de1f3e8d7ea6c6b497135f44fcefbed4f1d9271cf4f513d157d04d84fc3d7f6
-
SSDEEP
6144:bcm4FmowdHoSgWrXD486jCpoAhlq1mEjBqLyOSlhNFF23k:h4wFHoSgWj168w1VjsyvhNFF20
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfxrf.exec:\flxfxrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ththb.exec:\9ththb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvp.exec:\jpjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxrr.exec:\xrxfxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhtn.exec:\bbnhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrfxf.exec:\fllrfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhttn.exec:\3hhttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllfr.exec:\rlfllfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrllf.exec:\fxfrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnbt.exec:\hnhnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlrl.exec:\lfxrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbhh.exec:\tbhbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpp.exec:\vdvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlxxr.exec:\lxxlxxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxlxlx.exec:\1lxlxlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjj.exec:\9vvjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbn.exec:\thbnbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnhtt.exec:\3tnhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\9pdpv.exec:\9pdpv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrlrlf.exec:\fxrlrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxrfxl.exec:\xxxrfxl.exe26⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxrxfx.exec:\xrxrxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnnbt.exec:\ntnnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhtbn.exec:\nbhtbn.exe30⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\tttnth.exec:\tttnth.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe33⤵
- Executes dropped EXE
-
\??\c:\rfxfxrx.exec:\rfxfxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\9nhbbh.exec:\9nhbbh.exe35⤵
- Executes dropped EXE
-
\??\c:\nhnhbt.exec:\nhnhbt.exe36⤵
- Executes dropped EXE
-
\??\c:\1dvpv.exec:\1dvpv.exe37⤵
- Executes dropped EXE
-
\??\c:\3lfxfrl.exec:\3lfxfrl.exe38⤵
- Executes dropped EXE
-
\??\c:\bhntnh.exec:\bhntnh.exe39⤵
- Executes dropped EXE
-
\??\c:\jvvdj.exec:\jvvdj.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxflxf.exec:\xlxflxf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxllff.exec:\xrxllff.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\9pvpv.exec:\9pvpv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\3btbnh.exec:\3btbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrllxr.exec:\xrrllxr.exe48⤵
- Executes dropped EXE
-
\??\c:\bnntbt.exec:\bnntbt.exe49⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe50⤵
- Executes dropped EXE
-
\??\c:\lxxfxxl.exec:\lxxfxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\bhthbn.exec:\bhthbn.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe54⤵
- Executes dropped EXE
-
\??\c:\xffrlxr.exec:\xffrlxr.exe55⤵
- Executes dropped EXE
-
\??\c:\5thbnh.exec:\5thbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe58⤵
- Executes dropped EXE
-
\??\c:\5rlxfxl.exec:\5rlxfxl.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnhtn.exec:\ttnhtn.exe60⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\3llfxxr.exec:\3llfxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe65⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe66⤵
-
\??\c:\lrlxlfl.exec:\lrlxlfl.exe67⤵
-
\??\c:\1nnbnh.exec:\1nnbnh.exe68⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe69⤵
-
\??\c:\fllxrfx.exec:\fllxrfx.exe70⤵
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe71⤵
-
\??\c:\ttnnbt.exec:\ttnnbt.exe72⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe73⤵
-
\??\c:\3fxlxrf.exec:\3fxlxrf.exe74⤵
-
\??\c:\llfxlfr.exec:\llfxlfr.exe75⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe76⤵
-
\??\c:\bnttbn.exec:\bnttbn.exe77⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe78⤵
-
\??\c:\lrlxlxl.exec:\lrlxlxl.exe79⤵
-
\??\c:\nthbnh.exec:\nthbnh.exe80⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe81⤵
-
\??\c:\rllxlfr.exec:\rllxlfr.exe82⤵
-
\??\c:\hbnbth.exec:\hbnbth.exe83⤵
-
\??\c:\djdvp.exec:\djdvp.exe84⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe85⤵
-
\??\c:\rffxfxf.exec:\rffxfxf.exe86⤵
-
\??\c:\bnnbnb.exec:\bnnbnb.exe87⤵
-
\??\c:\5pdpj.exec:\5pdpj.exe88⤵
-
\??\c:\vddpd.exec:\vddpd.exe89⤵
-
\??\c:\llxfxxx.exec:\llxfxxx.exe90⤵
-
\??\c:\lffrfxl.exec:\lffrfxl.exe91⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe92⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe93⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe94⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe95⤵
-
\??\c:\xlflxlx.exec:\xlflxlx.exe96⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe97⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe98⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe99⤵
-
\??\c:\rrrlrlf.exec:\rrrlrlf.exe100⤵
-
\??\c:\5llxxrf.exec:\5llxxrf.exe101⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe102⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe103⤵
-
\??\c:\5ddpd.exec:\5ddpd.exe104⤵
-
\??\c:\rlxffrr.exec:\rlxffrr.exe105⤵
-
\??\c:\7xxlxrf.exec:\7xxlxrf.exe106⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe107⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe108⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe109⤵
-
\??\c:\rlfflfx.exec:\rlfflfx.exe110⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe111⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe112⤵
-
\??\c:\rxrfxlf.exec:\rxrfxlf.exe113⤵
-
\??\c:\rffrfxr.exec:\rffrfxr.exe114⤵
-
\??\c:\htthtn.exec:\htthtn.exe115⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe116⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe117⤵
-
\??\c:\llxrllr.exec:\llxrllr.exe118⤵
-
\??\c:\7hntnt.exec:\7hntnt.exe119⤵
-
\??\c:\7pvjv.exec:\7pvjv.exe120⤵
-
\??\c:\9pvjp.exec:\9pvjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-