Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 22:05
General
-
Target
147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe
-
Size
483KB
-
MD5
147b98352cb8d036930e526f25cece70
-
SHA1
959a208d1c156e50ae9f7f16e7b85356bfcc76fd
-
SHA256
92d8d5645b2169c8caae759257d9aaf0b3491fd2447a4b5f34be07a51c9b3d22
-
SHA512
e6d24ade0639292603863d505fd103aae300236e39292b614c4f5018d0b9fd0a5ca10d390f09023d0bb0596ae477a2b6cf84ce47882caf1197efdbaa18eb2491
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nh:Cu49lmPh2kkkkK4kXkkkkkkkkT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnb.exec:\tbnbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpv.exec:\vdjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrxf.exec:\xrrlrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhtt.exec:\9bhhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppdp.exec:\1ppdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bntbb.exec:\1bntbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjd.exec:\3jdjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhnt.exec:\3thhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrxxl.exec:\rllrxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnbt.exec:\btnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjv.exec:\vddjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbbtt.exec:\7tbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvp.exec:\9ddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbnt.exec:\hhbbnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\9tnhht.exec:\9tnhht.exe18⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe19⤵
- Executes dropped EXE
-
\??\c:\7xfrlll.exec:\7xfrlll.exe20⤵
- Executes dropped EXE
-
\??\c:\hhthbt.exec:\hhthbt.exe21⤵
- Executes dropped EXE
-
\??\c:\3lxfflx.exec:\3lxfflx.exe22⤵
- Executes dropped EXE
-
\??\c:\lflxflf.exec:\lflxflf.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrflrf.exec:\xrrflrf.exe24⤵
- Executes dropped EXE
-
\??\c:\tbnnhn.exec:\tbnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\rrxlrfx.exec:\rrxlrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\1rfrxfl.exec:\1rfrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\1bnthn.exec:\1bnthn.exe29⤵
- Executes dropped EXE
-
\??\c:\fxlrxrr.exec:\fxlrxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\7jjpd.exec:\7jjpd.exe31⤵
- Executes dropped EXE
-
\??\c:\9rfrxfl.exec:\9rfrxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbhnh.exec:\tnbhnh.exe33⤵
- Executes dropped EXE
-
\??\c:\9jpvd.exec:\9jpvd.exe34⤵
- Executes dropped EXE
-
\??\c:\7ttbnh.exec:\7ttbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbhnn.exec:\bnbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrxllf.exec:\rlrxllf.exe41⤵
- Executes dropped EXE
-
\??\c:\bhbnhn.exec:\bhbnhn.exe42⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\nttnbh.exec:\nttnbh.exe45⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe46⤵
- Executes dropped EXE
-
\??\c:\3jvdj.exec:\3jvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\lfffflx.exec:\lfffflx.exe48⤵
- Executes dropped EXE
-
\??\c:\nbtbbt.exec:\nbtbbt.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnttb.exec:\ttnttb.exe50⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrxxxl.exec:\ffrxxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\btnbhn.exec:\btnbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\3dppd.exec:\3dppd.exe54⤵
- Executes dropped EXE
-
\??\c:\5xrxflx.exec:\5xrxflx.exe55⤵
- Executes dropped EXE
-
\??\c:\5hhthn.exec:\5hhthn.exe56⤵
- Executes dropped EXE
-
\??\c:\5bbbnt.exec:\5bbbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\9jpvj.exec:\9jpvj.exe58⤵
- Executes dropped EXE
-
\??\c:\3lflllf.exec:\3lflllf.exe59⤵
- Executes dropped EXE
-
\??\c:\1hhbnn.exec:\1hhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\1bbbhn.exec:\1bbbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrrrfl.exec:\lxrrrfl.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrfllx.exec:\lfrfllx.exe64⤵
- Executes dropped EXE
-
\??\c:\5bttbh.exec:\5bttbh.exe65⤵
- Executes dropped EXE
-
\??\c:\3dppd.exec:\3dppd.exe66⤵
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe67⤵
-
\??\c:\9nnnth.exec:\9nnnth.exe68⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe69⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe70⤵
-
\??\c:\xxrflxf.exec:\xxrflxf.exe71⤵
-
\??\c:\lfllxfl.exec:\lfllxfl.exe72⤵
-
\??\c:\7bthhh.exec:\7bthhh.exe73⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe74⤵
-
\??\c:\jddpv.exec:\jddpv.exe75⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe76⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe77⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe78⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe79⤵
-
\??\c:\rxfrrxx.exec:\rxfrrxx.exe80⤵
-
\??\c:\bbttht.exec:\bbttht.exe81⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe82⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe83⤵
-
\??\c:\rlfrffr.exec:\rlfrffr.exe84⤵
-
\??\c:\3ntbnb.exec:\3ntbnb.exe85⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe86⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe87⤵
-
\??\c:\7lxfrrx.exec:\7lxfrrx.exe88⤵
-
\??\c:\7hnnnt.exec:\7hnnnt.exe89⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe90⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe91⤵
-
\??\c:\flxlfrf.exec:\flxlfrf.exe92⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe93⤵
-
\??\c:\5pdvj.exec:\5pdvj.exe94⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe95⤵
-
\??\c:\5xrxfll.exec:\5xrxfll.exe96⤵
-
\??\c:\nhtntb.exec:\nhtntb.exe97⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe98⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe99⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe100⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe101⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe102⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe103⤵
-
\??\c:\llfrxfr.exec:\llfrxfr.exe104⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe105⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe106⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe107⤵
-
\??\c:\lfxflxf.exec:\lfxflxf.exe108⤵
-
\??\c:\3rlrflr.exec:\3rlrflr.exe109⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe110⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe111⤵
-
\??\c:\rrrrxfx.exec:\rrrrxfx.exe112⤵
-
\??\c:\9bthbn.exec:\9bthbn.exe113⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe114⤵
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe115⤵
-
\??\c:\5bhbnt.exec:\5bhbnt.exe116⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe117⤵
-
\??\c:\xrfxxfr.exec:\xrfxxfr.exe118⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe119⤵
-
\??\c:\3bbtnb.exec:\3bbtnb.exe120⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-