Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 22:05
Behavioral task
behavioral1
Sample
147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
6 signatures
150 seconds
General
-
Target
147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe
-
Size
483KB
-
MD5
147b98352cb8d036930e526f25cece70
-
SHA1
959a208d1c156e50ae9f7f16e7b85356bfcc76fd
-
SHA256
92d8d5645b2169c8caae759257d9aaf0b3491fd2447a4b5f34be07a51c9b3d22
-
SHA512
e6d24ade0639292603863d505fd103aae300236e39292b614c4f5018d0b9fd0a5ca10d390f09023d0bb0596ae477a2b6cf84ce47882caf1197efdbaa18eb2491
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nh:Cu49lmPh2kkkkK4kXkkkkkkkkT
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/5076-0-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1040-10-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1868-21-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4380-32-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3340-26-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1612-18-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4940-45-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4708-60-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3680-62-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5068-70-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3688-75-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4504-85-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1608-94-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2272-100-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4188-93-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3260-112-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5048-126-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2936-142-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2168-153-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1988-166-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1128-168-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3024-160-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3000-179-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4788-188-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2344-201-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4396-205-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/5076-209-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4540-211-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4696-218-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4932-220-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3032-226-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1520-233-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2680-242-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2976-257-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/836-264-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1744-271-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4488-284-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2440-285-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1608-292-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4612-296-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3588-297-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3756-304-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1448-325-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1220-330-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1988-350-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1552-397-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1152-401-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1520-406-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2964-426-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1480-496-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1220-509-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3312-513-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2224-526-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/880-573-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2068-602-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1820-657-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4172-675-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4140-724-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2884-755-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4120-810-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1796-847-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2148-926-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3340-939-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3340-943-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/memory/5076-0-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000900000002328e-4.dat family_berbew behavioral2/memory/1040-6-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1040-10-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x00090000000233f8-11.dat family_berbew behavioral2/memory/1868-13-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023406-14.dat family_berbew behavioral2/memory/1868-21-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023407-23.dat family_berbew behavioral2/files/0x0007000000023408-29.dat family_berbew behavioral2/memory/4380-32-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023409-36.dat family_berbew behavioral2/memory/4456-37-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3340-26-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1612-18-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002340a-41.dat family_berbew behavioral2/files/0x000700000002340b-47.dat family_berbew behavioral2/files/0x000700000002340c-53.dat family_berbew behavioral2/memory/4940-45-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002340d-57.dat family_berbew behavioral2/memory/4708-60-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3680-62-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002340e-65.dat family_berbew behavioral2/memory/5068-70-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002340f-69.dat family_berbew behavioral2/memory/3688-75-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x00090000000233ff-74.dat family_berbew behavioral2/files/0x0007000000023410-80.dat family_berbew behavioral2/files/0x0007000000023411-86.dat family_berbew behavioral2/memory/4504-85-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023412-91.dat family_berbew behavioral2/memory/1608-94-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023413-97.dat family_berbew behavioral2/memory/2272-100-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023414-103.dat family_berbew behavioral2/memory/4188-93-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0008000000023415-108.dat family_berbew behavioral2/memory/3260-112-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0008000000023417-115.dat family_berbew behavioral2/files/0x0008000000023418-120.dat family_berbew behavioral2/files/0x000800000002341a-124.dat family_berbew behavioral2/memory/5048-126-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002341b-131.dat family_berbew behavioral2/files/0x000700000002341c-135.dat family_berbew behavioral2/memory/2936-142-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000300000001e323-140.dat family_berbew behavioral2/files/0x000700000002341d-148.dat family_berbew behavioral2/memory/2168-153-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002341e-151.dat family_berbew behavioral2/files/0x000700000002341f-158.dat family_berbew behavioral2/files/0x0007000000023420-163.dat family_berbew behavioral2/memory/1988-166-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1128-168-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3024-160-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023421-171.dat family_berbew behavioral2/files/0x0009000000023378-174.dat family_berbew behavioral2/memory/3000-179-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000900000002337f-181.dat family_berbew behavioral2/memory/4788-188-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/2344-197-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/2344-201-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/4396-205-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/5076-209-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/4540-211-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
pid Process 1040 tthhnn.exe 1868 1dvvp.exe 1612 lxfrlfx.exe 3340 nbnhhh.exe 4380 jdpjd.exe 4456 xlxrrrr.exe 4940 tnbtbb.exe 704 ppdvj.exe 4708 lfxxxxr.exe 3680 thnhnn.exe 5068 jpddv.exe 3688 vpdvv.exe 1416 nhhbtt.exe 4504 5pdvd.exe 4188 rxrxlxl.exe 1608 rllfxxr.exe 2272 hbnhtb.exe 3848 vvppp.exe 3260 7jjvp.exe 4780 fxfflxf.exe 5048 ddpvv.exe 652 btnnnn.exe 4632 vpvpj.exe 2936 hthtnh.exe 812 lxxrlff.exe 2168 ttbbbb.exe 3024 llffllr.exe 1128 hhbntn.exe 1988 nnnhnn.exe 3372 ddddv.exe 3000 rrrrlll.exe 4140 5nnbtb.exe 4788 ddpjd.exe 2012 1lrrlrr.exe 744 tnnnnn.exe 2344 vpjdj.exe 4396 rxrlrxr.exe 5076 tbnhhb.exe 4540 pjdvv.exe 4696 3lrlxxr.exe 4932 bnnnhn.exe 3032 tnnnnn.exe 1612 dpppd.exe 1520 5nbtnt.exe 4996 jjjdv.exe 1724 rlxrxxf.exe 2680 nntnnn.exe 3656 vdvpj.exe 1528 xlrlllf.exe 2732 5tbnnh.exe 2976 dvjjd.exe 4476 jddvp.exe 836 1xlflrr.exe 1600 hhttnt.exe 1744 jvjjd.exe 3688 rflfxxf.exe 4464 tnnhhh.exe 4504 pvdjd.exe 4488 xrxffxx.exe 2440 thtttt.exe 1608 vvdvp.exe 4612 rlffffl.exe 3588 lfrfxlr.exe 3464 xfxxrxx.exe -
resource yara_rule behavioral2/memory/5076-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000900000002328e-4.dat upx behavioral2/memory/1040-6-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1040-10-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00090000000233f8-11.dat upx behavioral2/memory/1868-13-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023406-14.dat upx behavioral2/memory/1868-21-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023407-23.dat upx behavioral2/files/0x0007000000023408-29.dat upx behavioral2/memory/4380-32-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023409-36.dat upx behavioral2/memory/4456-37-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3340-26-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1612-18-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002340a-41.dat upx behavioral2/files/0x000700000002340b-47.dat upx behavioral2/files/0x000700000002340c-53.dat upx behavioral2/memory/4940-45-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002340d-57.dat upx behavioral2/memory/4708-60-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3680-62-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002340e-65.dat upx behavioral2/memory/5068-70-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002340f-69.dat upx behavioral2/memory/3688-75-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x00090000000233ff-74.dat upx behavioral2/files/0x0007000000023410-80.dat upx behavioral2/files/0x0007000000023411-86.dat upx behavioral2/memory/4504-85-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023412-91.dat upx behavioral2/memory/1608-94-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023413-97.dat upx behavioral2/memory/2272-100-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023414-103.dat upx behavioral2/memory/4188-93-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023415-108.dat upx behavioral2/memory/3260-112-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023417-115.dat upx behavioral2/files/0x0008000000023418-120.dat upx behavioral2/files/0x000800000002341a-124.dat upx behavioral2/memory/5048-126-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341b-131.dat upx behavioral2/files/0x000700000002341c-135.dat upx behavioral2/memory/2936-142-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000300000001e323-140.dat upx behavioral2/files/0x000700000002341d-148.dat upx behavioral2/memory/2168-153-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341e-151.dat upx behavioral2/files/0x000700000002341f-158.dat upx behavioral2/files/0x0007000000023420-163.dat upx behavioral2/memory/1988-166-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1128-168-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3024-160-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023421-171.dat upx behavioral2/files/0x0009000000023378-174.dat upx behavioral2/memory/3000-179-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000900000002337f-181.dat upx behavioral2/memory/4788-188-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2344-197-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2344-201-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4396-205-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/5076-209-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4540-211-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5076 wrote to memory of 1040 5076 147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe 83 PID 5076 wrote to memory of 1040 5076 147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe 83 PID 5076 wrote to memory of 1040 5076 147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe 83 PID 1040 wrote to memory of 1868 1040 tthhnn.exe 84 PID 1040 wrote to memory of 1868 1040 tthhnn.exe 84 PID 1040 wrote to memory of 1868 1040 tthhnn.exe 84 PID 1868 wrote to memory of 1612 1868 1dvvp.exe 86 PID 1868 wrote to memory of 1612 1868 1dvvp.exe 86 PID 1868 wrote to memory of 1612 1868 1dvvp.exe 86 PID 1612 wrote to memory of 3340 1612 lxfrlfx.exe 87 PID 1612 wrote to memory of 3340 1612 lxfrlfx.exe 87 PID 1612 wrote to memory of 3340 1612 lxfrlfx.exe 87 PID 3340 wrote to memory of 4380 3340 nbnhhh.exe 88 PID 3340 wrote to memory of 4380 3340 nbnhhh.exe 88 PID 3340 wrote to memory of 4380 3340 nbnhhh.exe 88 PID 4380 wrote to memory of 4456 4380 jdpjd.exe 89 PID 4380 wrote to memory of 4456 4380 jdpjd.exe 89 PID 4380 wrote to memory of 4456 4380 jdpjd.exe 89 PID 4456 wrote to memory of 4940 4456 xlxrrrr.exe 91 PID 4456 wrote to memory of 4940 4456 xlxrrrr.exe 91 PID 4456 wrote to memory of 4940 4456 xlxrrrr.exe 91 PID 4940 wrote to memory of 704 4940 tnbtbb.exe 92 PID 4940 wrote to memory of 704 4940 tnbtbb.exe 92 PID 4940 wrote to memory of 704 4940 tnbtbb.exe 92 PID 704 wrote to memory of 4708 704 ppdvj.exe 93 PID 704 wrote to memory of 4708 704 ppdvj.exe 93 PID 704 wrote to memory of 4708 704 ppdvj.exe 93 PID 4708 wrote to memory of 3680 4708 lfxxxxr.exe 94 PID 4708 wrote to memory of 3680 4708 lfxxxxr.exe 94 PID 4708 wrote to memory of 3680 4708 lfxxxxr.exe 94 PID 3680 wrote to memory of 5068 3680 thnhnn.exe 95 PID 3680 wrote to memory of 5068 3680 thnhnn.exe 95 PID 3680 wrote to memory of 5068 3680 thnhnn.exe 95 PID 5068 wrote to memory of 3688 5068 jpddv.exe 96 PID 5068 wrote to memory of 3688 5068 jpddv.exe 96 PID 5068 wrote to memory of 3688 5068 jpddv.exe 96 PID 3688 wrote to memory of 1416 3688 vpdvv.exe 97 PID 3688 wrote to memory of 1416 3688 vpdvv.exe 97 PID 3688 wrote to memory of 1416 3688 vpdvv.exe 97 PID 1416 wrote to memory of 4504 1416 nhhbtt.exe 98 PID 1416 wrote to memory of 4504 1416 nhhbtt.exe 98 PID 1416 wrote to memory of 4504 1416 nhhbtt.exe 98 PID 4504 wrote to memory of 4188 4504 5pdvd.exe 99 PID 4504 wrote to memory of 4188 4504 5pdvd.exe 99 PID 4504 wrote to memory of 4188 4504 5pdvd.exe 99 PID 4188 wrote to memory of 1608 4188 rxrxlxl.exe 100 PID 4188 wrote to memory of 1608 4188 rxrxlxl.exe 100 PID 4188 wrote to memory of 1608 4188 rxrxlxl.exe 100 PID 1608 wrote to memory of 2272 1608 rllfxxr.exe 101 PID 1608 wrote to memory of 2272 1608 rllfxxr.exe 101 PID 1608 wrote to memory of 2272 1608 rllfxxr.exe 101 PID 2272 wrote to memory of 3848 2272 hbnhtb.exe 102 PID 2272 wrote to memory of 3848 2272 hbnhtb.exe 102 PID 2272 wrote to memory of 3848 2272 hbnhtb.exe 102 PID 3848 wrote to memory of 3260 3848 vvppp.exe 103 PID 3848 wrote to memory of 3260 3848 vvppp.exe 103 PID 3848 wrote to memory of 3260 3848 vvppp.exe 103 PID 3260 wrote to memory of 4780 3260 7jjvp.exe 104 PID 3260 wrote to memory of 4780 3260 7jjvp.exe 104 PID 3260 wrote to memory of 4780 3260 7jjvp.exe 104 PID 4780 wrote to memory of 5048 4780 fxfflxf.exe 105 PID 4780 wrote to memory of 5048 4780 fxfflxf.exe 105 PID 4780 wrote to memory of 5048 4780 fxfflxf.exe 105 PID 5048 wrote to memory of 652 5048 ddpvv.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\147b98352cb8d036930e526f25cece70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:5076 -
\??\c:\tthhnn.exec:\tthhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1040 -
\??\c:\1dvvp.exec:\1dvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1868 -
\??\c:\lxfrlfx.exec:\lxfrlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\nbnhhh.exec:\nbnhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3340 -
\??\c:\jdpjd.exec:\jdpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\xlxrrrr.exec:\xlxrrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4456 -
\??\c:\tnbtbb.exec:\tnbtbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4940 -
\??\c:\ppdvj.exec:\ppdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:704 -
\??\c:\lfxxxxr.exec:\lfxxxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4708 -
\??\c:\thnhnn.exec:\thnhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3680 -
\??\c:\jpddv.exec:\jpddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5068 -
\??\c:\vpdvv.exec:\vpdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3688 -
\??\c:\nhhbtt.exec:\nhhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\5pdvd.exec:\5pdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4504 -
\??\c:\rxrxlxl.exec:\rxrxlxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4188 -
\??\c:\rllfxxr.exec:\rllfxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\hbnhtb.exec:\hbnhtb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2272 -
\??\c:\vvppp.exec:\vvppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3848 -
\??\c:\7jjvp.exec:\7jjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3260 -
\??\c:\fxfflxf.exec:\fxfflxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4780 -
\??\c:\ddpvv.exec:\ddpvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5048 -
\??\c:\btnnnn.exec:\btnnnn.exe23⤵
- Executes dropped EXE
PID:652 -
\??\c:\vpvpj.exec:\vpvpj.exe24⤵
- Executes dropped EXE
PID:4632 -
\??\c:\hthtnh.exec:\hthtnh.exe25⤵
- Executes dropped EXE
PID:2936 -
\??\c:\lxxrlff.exec:\lxxrlff.exe26⤵
- Executes dropped EXE
PID:812 -
\??\c:\ttbbbb.exec:\ttbbbb.exe27⤵
- Executes dropped EXE
PID:2168 -
\??\c:\llffllr.exec:\llffllr.exe28⤵
- Executes dropped EXE
PID:3024 -
\??\c:\hhbntn.exec:\hhbntn.exe29⤵
- Executes dropped EXE
PID:1128 -
\??\c:\nnnhnn.exec:\nnnhnn.exe30⤵
- Executes dropped EXE
PID:1988 -
\??\c:\ddddv.exec:\ddddv.exe31⤵
- Executes dropped EXE
PID:3372 -
\??\c:\rrrrlll.exec:\rrrrlll.exe32⤵
- Executes dropped EXE
PID:3000 -
\??\c:\5nnbtb.exec:\5nnbtb.exe33⤵
- Executes dropped EXE
PID:4140 -
\??\c:\ddpjd.exec:\ddpjd.exe34⤵
- Executes dropped EXE
PID:4788 -
\??\c:\1lrrlrr.exec:\1lrrlrr.exe35⤵
- Executes dropped EXE
PID:2012 -
\??\c:\tnnnnn.exec:\tnnnnn.exe36⤵
- Executes dropped EXE
PID:744 -
\??\c:\vpjdj.exec:\vpjdj.exe37⤵
- Executes dropped EXE
PID:2344 -
\??\c:\rxrlrxr.exec:\rxrlrxr.exe38⤵
- Executes dropped EXE
PID:4396 -
\??\c:\tbnhhb.exec:\tbnhhb.exe39⤵
- Executes dropped EXE
PID:5076 -
\??\c:\pjdvv.exec:\pjdvv.exe40⤵
- Executes dropped EXE
PID:4540 -
\??\c:\3lrlxxr.exec:\3lrlxxr.exe41⤵
- Executes dropped EXE
PID:4696 -
\??\c:\bnnnhn.exec:\bnnnhn.exe42⤵
- Executes dropped EXE
PID:4932 -
\??\c:\tnnnnn.exec:\tnnnnn.exe43⤵
- Executes dropped EXE
PID:3032 -
\??\c:\dpppd.exec:\dpppd.exe44⤵
- Executes dropped EXE
PID:1612 -
\??\c:\5nbtnt.exec:\5nbtnt.exe45⤵
- Executes dropped EXE
PID:1520 -
\??\c:\jjjdv.exec:\jjjdv.exe46⤵
- Executes dropped EXE
PID:4996 -
\??\c:\rlxrxxf.exec:\rlxrxxf.exe47⤵
- Executes dropped EXE
PID:1724 -
\??\c:\nntnnn.exec:\nntnnn.exe48⤵
- Executes dropped EXE
PID:2680 -
\??\c:\vdvpj.exec:\vdvpj.exe49⤵
- Executes dropped EXE
PID:3656 -
\??\c:\xlrlllf.exec:\xlrlllf.exe50⤵
- Executes dropped EXE
PID:1528 -
\??\c:\5tbnnh.exec:\5tbnnh.exe51⤵
- Executes dropped EXE
PID:2732 -
\??\c:\dvjjd.exec:\dvjjd.exe52⤵
- Executes dropped EXE
PID:2976 -
\??\c:\jddvp.exec:\jddvp.exe53⤵
- Executes dropped EXE
PID:4476 -
\??\c:\1xlflrr.exec:\1xlflrr.exe54⤵
- Executes dropped EXE
PID:836 -
\??\c:\hhttnt.exec:\hhttnt.exe55⤵
- Executes dropped EXE
PID:1600 -
\??\c:\jvjjd.exec:\jvjjd.exe56⤵
- Executes dropped EXE
PID:1744 -
\??\c:\rflfxxf.exec:\rflfxxf.exe57⤵
- Executes dropped EXE
PID:3688 -
\??\c:\tnnhhh.exec:\tnnhhh.exe58⤵
- Executes dropped EXE
PID:4464 -
\??\c:\pvdjd.exec:\pvdjd.exe59⤵
- Executes dropped EXE
PID:4504 -
\??\c:\xrxffxx.exec:\xrxffxx.exe60⤵
- Executes dropped EXE
PID:4488 -
\??\c:\thtttt.exec:\thtttt.exe61⤵
- Executes dropped EXE
PID:2440 -
\??\c:\vvdvp.exec:\vvdvp.exe62⤵
- Executes dropped EXE
PID:1608 -
\??\c:\rlffffl.exec:\rlffffl.exe63⤵
- Executes dropped EXE
PID:4612 -
\??\c:\lfrfxlr.exec:\lfrfxlr.exe64⤵
- Executes dropped EXE
PID:3588 -
\??\c:\xfxxrxx.exec:\xfxxrxx.exe65⤵
- Executes dropped EXE
PID:3464 -
\??\c:\nhhbbb.exec:\nhhbbb.exe66⤵PID:3756
-
\??\c:\jdjjd.exec:\jdjjd.exe67⤵PID:884
-
\??\c:\lflfffx.exec:\lflfffx.exe68⤵PID:1644
-
\??\c:\5lllfff.exec:\5lllfff.exe69⤵PID:680
-
\??\c:\thtbtt.exec:\thtbtt.exe70⤵PID:4544
-
\??\c:\jddjp.exec:\jddjp.exe71⤵PID:1448
-
\??\c:\1xxlffx.exec:\1xxlffx.exe72⤵PID:4364
-
\??\c:\bntbbt.exec:\bntbbt.exe73⤵PID:1220
-
\??\c:\tnnhbb.exec:\tnnhbb.exe74⤵PID:1540
-
\??\c:\dvdvp.exec:\dvdvp.exe75⤵PID:3556
-
\??\c:\3xxxrxr.exec:\3xxxrxr.exe76⤵PID:2136
-
\??\c:\thnhhh.exec:\thnhhh.exe77⤵PID:3892
-
\??\c:\bhhbtt.exec:\bhhbtt.exe78⤵PID:2400
-
\??\c:\5pvvv.exec:\5pvvv.exe79⤵PID:1988
-
\??\c:\frfrllf.exec:\frfrllf.exe80⤵PID:4052
-
\??\c:\hnbnbt.exec:\hnbnbt.exe81⤵PID:2384
-
\??\c:\nhnnhb.exec:\nhnnhb.exe82⤵PID:3000
-
\??\c:\jpvdd.exec:\jpvdd.exe83⤵PID:3100
-
\??\c:\llxxxll.exec:\llxxxll.exe84⤵PID:4784
-
\??\c:\btttnn.exec:\btttnn.exe85⤵PID:1396
-
\??\c:\vjjdv.exec:\vjjdv.exe86⤵PID:3040
-
\??\c:\vjdpv.exec:\vjdpv.exe87⤵PID:1936
-
\??\c:\rllfxlf.exec:\rllfxlf.exe88⤵PID:4308
-
\??\c:\nhbbbn.exec:\nhbbbn.exe89⤵PID:212
-
\??\c:\nhtnnn.exec:\nhtnnn.exe90⤵PID:1800
-
\??\c:\jdpjj.exec:\jdpjj.exe91⤵PID:4124
-
\??\c:\frfxrrr.exec:\frfxrrr.exe92⤵PID:4540
-
\??\c:\3rrlllf.exec:\3rrlllf.exe93⤵PID:1636
-
\??\c:\thnhbb.exec:\thnhbb.exe94⤵PID:8
-
\??\c:\jdjjd.exec:\jdjjd.exe95⤵PID:1552
-
\??\c:\djvvp.exec:\djvvp.exe96⤵PID:1152
-
\??\c:\xfllrrr.exec:\xfllrrr.exe97⤵PID:1520
-
\??\c:\3tbbtt.exec:\3tbbtt.exe98⤵PID:4228
-
\??\c:\3dddd.exec:\3dddd.exe99⤵PID:1724
-
\??\c:\xfrrllf.exec:\xfrrllf.exe100⤵PID:1928
-
\??\c:\rrfxlxr.exec:\rrfxlxr.exe101⤵PID:4940
-
\??\c:\nnnhhb.exec:\nnnhhb.exe102⤵PID:4984
-
\??\c:\vjppj.exec:\vjppj.exe103⤵PID:2964
-
\??\c:\rxllflf.exec:\rxllflf.exe104⤵PID:2900
-
\??\c:\9xxxrxx.exec:\9xxxrxx.exe105⤵PID:2424
-
\??\c:\hbhhhh.exec:\hbhhhh.exe106⤵PID:2604
-
\??\c:\pdjdd.exec:\pdjdd.exe107⤵PID:1392
-
\??\c:\xrllrxr.exec:\xrllrxr.exe108⤵PID:3152
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe109⤵PID:2492
-
\??\c:\bttbbh.exec:\bttbbh.exe110⤵PID:2488
-
\??\c:\jjpjj.exec:\jjpjj.exe111⤵PID:516
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe112⤵PID:4560
-
\??\c:\ffrffrr.exec:\ffrffrr.exe113⤵PID:4392
-
\??\c:\bnbbhb.exec:\bnbbhb.exe114⤵PID:4500
-
\??\c:\vjpjj.exec:\vjpjj.exe115⤵PID:1232
-
\??\c:\xlrlllf.exec:\xlrlllf.exe116⤵PID:4576
-
\??\c:\nnnntn.exec:\nnnntn.exe117⤵PID:1608
-
\??\c:\vjpjd.exec:\vjpjd.exe118⤵PID:3988
-
\??\c:\pvjjv.exec:\pvjjv.exe119⤵PID:3588
-
\??\c:\fxfrlfx.exec:\fxfrlfx.exe120⤵PID:5092
-
\??\c:\bnnhbt.exec:\bnnhbt.exe121⤵PID:3348
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-