Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/05/2024, 23:54
General
-
Target
2512d4385e88b81fdffe82d7e38e95b0_NeikiAnalytics.exe
-
Size
192KB
-
MD5
2512d4385e88b81fdffe82d7e38e95b0
-
SHA1
11bff0f6914b76390cf60765f23cd48ce8bb81b1
-
SHA256
7792a28004f9aca52ee2a87bb545ea49f8adba95f8b7a5a6a2db68a7d29a36ce
-
SHA512
e57797be0d03f44274555380e44941e5902e1837d2e01aac5398e947561ab13f3962c4b9ad64d6fa2ae2c1082fafc65aaa731b157446fe77bc03d00095e8de13
-
SSDEEP
3072:FhOmTsF93UYfwC6GIoutrVCfMoh52waAyiJ8mqtbfUVKty16hDsI/tSvv:Fcm4FmowdHoS8fMoSVAHubPtyYxfe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2512d4385e88b81fdffe82d7e38e95b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2512d4385e88b81fdffe82d7e38e95b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpp.exec:\5ddpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfxf.exec:\llllfxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhntt.exec:\bbhntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxlf.exec:\xxxlxlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frrxxx.exec:\7frrxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbtt.exec:\nbtbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpv.exec:\vdvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrflf.exec:\7xrrflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntt.exec:\tthntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdj.exec:\djpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflxfl.exec:\rfflxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxrxx.exec:\lrrxrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtnb.exec:\nthtnb.exe17⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxflxx.exec:\lfxflxx.exe19⤵
- Executes dropped EXE
-
\??\c:\3nhhhh.exec:\3nhhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\5vpdj.exec:\5vpdj.exe21⤵
- Executes dropped EXE
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\hthbtb.exec:\hthbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe24⤵
- Executes dropped EXE
-
\??\c:\ffxlxll.exec:\ffxlxll.exe25⤵
- Executes dropped EXE
-
\??\c:\5btbbb.exec:\5btbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\7jpvv.exec:\7jpvv.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhtnh.exec:\nnhtnh.exe29⤵
- Executes dropped EXE
-
\??\c:\9nbttt.exec:\9nbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\9jjdd.exec:\9jjdd.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxfrrr.exec:\ffxfrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbbnt.exec:\hbbbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbbtb.exec:\bhbbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxrxxfr.exec:\lxrxxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbbtbb.exec:\bbbtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe39⤵
- Executes dropped EXE
-
\??\c:\9flllrf.exec:\9flllrf.exe40⤵
- Executes dropped EXE
-
\??\c:\thhttn.exec:\thhttn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxlfrf.exec:\fxxlfrf.exe44⤵
- Executes dropped EXE
-
\??\c:\7lxflrf.exec:\7lxflrf.exe45⤵
- Executes dropped EXE
-
\??\c:\ntnhnh.exec:\ntnhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\bbhbtn.exec:\bbhbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\9lffflx.exec:\9lffflx.exe49⤵
- Executes dropped EXE
-
\??\c:\3rlxfrf.exec:\3rlxfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhtnb.exec:\nnhtnb.exe51⤵
- Executes dropped EXE
-
\??\c:\9bnhtt.exec:\9bnhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe53⤵
- Executes dropped EXE
-
\??\c:\llrxxrf.exec:\llrxxrf.exe54⤵
- Executes dropped EXE
-
\??\c:\5xlxxfl.exec:\5xlxxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\nthtbb.exec:\nthtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\5rrxflx.exec:\5rrxflx.exe59⤵
- Executes dropped EXE
-
\??\c:\1lrlllr.exec:\1lrlllr.exe60⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe62⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe63⤵
- Executes dropped EXE
-
\??\c:\9xfrrxl.exec:\9xfrrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\7rlrrrl.exec:\7rlrrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbtbth.exec:\bbtbth.exe66⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe67⤵
-
\??\c:\pddvd.exec:\pddvd.exe68⤵
-
\??\c:\9rlrfrf.exec:\9rlrfrf.exe69⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe70⤵
-
\??\c:\bbhtnn.exec:\bbhtnn.exe71⤵
-
\??\c:\9jdjd.exec:\9jdjd.exe72⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe73⤵
-
\??\c:\xxrxrlx.exec:\xxrxrlx.exe74⤵
-
\??\c:\5nbnht.exec:\5nbnht.exe75⤵
-
\??\c:\jddjj.exec:\jddjj.exe76⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe77⤵
-
\??\c:\lrfrlxx.exec:\lrfrlxx.exe78⤵
-
\??\c:\5rlrffl.exec:\5rlrffl.exe79⤵
-
\??\c:\htnthn.exec:\htnthn.exe80⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe81⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe82⤵
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe83⤵
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe84⤵
-
\??\c:\7hbntt.exec:\7hbntt.exe85⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe86⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe87⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe88⤵
-
\??\c:\lfrxllf.exec:\lfrxllf.exe89⤵
-
\??\c:\hbbtht.exec:\hbbtht.exe90⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe91⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe92⤵
-
\??\c:\3lxrxxl.exec:\3lxrxxl.exe93⤵
-
\??\c:\1xxlfrf.exec:\1xxlfrf.exe94⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe95⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe96⤵
-
\??\c:\ffrxxlr.exec:\ffrxxlr.exe97⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe98⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe99⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe100⤵
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe101⤵
-
\??\c:\lllxrrf.exec:\lllxrrf.exe102⤵
-
\??\c:\9nhntb.exec:\9nhntb.exe103⤵
-
\??\c:\bnnbtb.exec:\bnnbtb.exe104⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe105⤵
-
\??\c:\pjppp.exec:\pjppp.exe106⤵
-
\??\c:\rlrlxfl.exec:\rlrlxfl.exe107⤵
-
\??\c:\thbntb.exec:\thbntb.exe108⤵
-
\??\c:\nhthbt.exec:\nhthbt.exe109⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe110⤵
-
\??\c:\rxrfrfl.exec:\rxrfrfl.exe111⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe112⤵
-
\??\c:\thbnbb.exec:\thbnbb.exe113⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe114⤵
-
\??\c:\dpppd.exec:\dpppd.exe115⤵
-
\??\c:\llrxlrl.exec:\llrxlrl.exe116⤵
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe117⤵
-
\??\c:\3nbbnt.exec:\3nbbnt.exe118⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe119⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe120⤵
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-