Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 06:52
General
-
Target
b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe
-
Size
226KB
-
MD5
b5db5cb9cceb76898ade3123ac943d40
-
SHA1
8ac29c8be1e49e481afa9843880bdfa53eb0ec38
-
SHA256
c126a63b253799dedfd2c1c67b87ed7b66367df89e34828d01759fefeb8c0485
-
SHA512
d5b623e4198301806e35de7c6d4e1a49b0eca48d02950825638a4790c8f4affa18465536258399a6c9f99ea08ddf40538bb864a0bbd4a375c0f9bdbacac31deb
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzl+SL:T4wFHoS3dJS4ZzeFaKHpCc7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\40666.exec:\40666.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxflr.exec:\rlrxflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0844062.exec:\0844062.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s0244.exec:\s0244.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\646284.exec:\646284.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththn.exec:\bththn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\480066.exec:\480066.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrlll.exec:\lrfrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dppv.exec:\7dppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w80844.exec:\w80844.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrrxx.exec:\3fxrrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\480682.exec:\480682.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddd.exec:\7pddd.exe17⤵
- Executes dropped EXE
-
\??\c:\bntnxx.exec:\bntnxx.exe18⤵
- Executes dropped EXE
-
\??\c:\rlrxrrx.exec:\rlrxrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\m2440.exec:\m2440.exe20⤵
- Executes dropped EXE
-
\??\c:\7jddj.exec:\7jddj.exe21⤵
- Executes dropped EXE
-
\??\c:\c866884.exec:\c866884.exe22⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\3lxrxrf.exec:\3lxrxrf.exe24⤵
- Executes dropped EXE
-
\??\c:\3nnbhh.exec:\3nnbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\480688.exec:\480688.exe26⤵
- Executes dropped EXE
-
\??\c:\68666.exec:\68666.exe27⤵
- Executes dropped EXE
-
\??\c:\8880824.exec:\8880824.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\bnnhnh.exec:\bnnhnh.exe31⤵
- Executes dropped EXE
-
\??\c:\8688426.exec:\8688426.exe32⤵
- Executes dropped EXE
-
\??\c:\q84222.exec:\q84222.exe33⤵
- Executes dropped EXE
-
\??\c:\6228668.exec:\6228668.exe34⤵
- Executes dropped EXE
-
\??\c:\20406.exec:\20406.exe35⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\0800628.exec:\0800628.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe38⤵
- Executes dropped EXE
-
\??\c:\3tbbbt.exec:\3tbbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\7vppv.exec:\7vppv.exe40⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe41⤵
- Executes dropped EXE
-
\??\c:\04280.exec:\04280.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrrffr.exec:\lfrrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\02488.exec:\02488.exe44⤵
- Executes dropped EXE
-
\??\c:\9rllllr.exec:\9rllllr.exe45⤵
- Executes dropped EXE
-
\??\c:\9dddj.exec:\9dddj.exe46⤵
- Executes dropped EXE
-
\??\c:\2600840.exec:\2600840.exe47⤵
- Executes dropped EXE
-
\??\c:\20228.exec:\20228.exe48⤵
- Executes dropped EXE
-
\??\c:\426404.exec:\426404.exe49⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe50⤵
- Executes dropped EXE
-
\??\c:\028822.exec:\028822.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\u466606.exec:\u466606.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\0684484.exec:\0684484.exe55⤵
- Executes dropped EXE
-
\??\c:\208028.exec:\208028.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlrlrx.exec:\fxlrlrx.exe57⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe58⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe59⤵
- Executes dropped EXE
-
\??\c:\202844.exec:\202844.exe60⤵
- Executes dropped EXE
-
\??\c:\1frxllx.exec:\1frxllx.exe61⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\42802.exec:\42802.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\824066.exec:\824066.exe66⤵
-
\??\c:\9vddj.exec:\9vddj.exe67⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe68⤵
-
\??\c:\3bbbbn.exec:\3bbbbn.exe69⤵
-
\??\c:\ttnbhb.exec:\ttnbhb.exe70⤵
-
\??\c:\w24444.exec:\w24444.exe71⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe72⤵
-
\??\c:\0244284.exec:\0244284.exe73⤵
-
\??\c:\nbnnnb.exec:\nbnnnb.exe74⤵
-
\??\c:\9bnbtn.exec:\9bnbtn.exe75⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe76⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe77⤵
-
\??\c:\8624448.exec:\8624448.exe78⤵
-
\??\c:\e46448.exec:\e46448.exe79⤵
-
\??\c:\00222.exec:\00222.exe80⤵
-
\??\c:\9jppp.exec:\9jppp.exe81⤵
-
\??\c:\s8628.exec:\s8628.exe82⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe83⤵
-
\??\c:\fxflrlr.exec:\fxflrlr.exe84⤵
-
\??\c:\486828.exec:\486828.exe85⤵
-
\??\c:\8022206.exec:\8022206.exe86⤵
-
\??\c:\084844.exec:\084844.exe87⤵
-
\??\c:\a2002.exec:\a2002.exe88⤵
-
\??\c:\7rlllfl.exec:\7rlllfl.exe89⤵
-
\??\c:\a8066.exec:\a8066.exe90⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe91⤵
-
\??\c:\c602444.exec:\c602444.exe92⤵
-
\??\c:\680406.exec:\680406.exe93⤵
-
\??\c:\486226.exec:\486226.exe94⤵
-
\??\c:\6800600.exec:\6800600.exe95⤵
-
\??\c:\86600.exec:\86600.exe96⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe97⤵
-
\??\c:\844460.exec:\844460.exe98⤵
-
\??\c:\64222.exec:\64222.exe99⤵
-
\??\c:\48826.exec:\48826.exe100⤵
-
\??\c:\20284.exec:\20284.exe101⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe102⤵
-
\??\c:\6468824.exec:\6468824.exe103⤵
-
\??\c:\u228222.exec:\u228222.exe104⤵
-
\??\c:\a8668.exec:\a8668.exe105⤵
-
\??\c:\1pppd.exec:\1pppd.exe106⤵
-
\??\c:\q84826.exec:\q84826.exe107⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe108⤵
-
\??\c:\3dppv.exec:\3dppv.exe109⤵
-
\??\c:\xlxrrll.exec:\xlxrrll.exe110⤵
-
\??\c:\8066284.exec:\8066284.exe111⤵
-
\??\c:\48006.exec:\48006.exe112⤵
-
\??\c:\w80244.exec:\w80244.exe113⤵
-
\??\c:\i422884.exec:\i422884.exe114⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe115⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe116⤵
-
\??\c:\frfxfff.exec:\frfxfff.exe117⤵
-
\??\c:\642622.exec:\642622.exe118⤵
-
\??\c:\lfxlrxr.exec:\lfxlrxr.exe119⤵
-
\??\c:\80408.exec:\80408.exe120⤵
-
\??\c:\e64404.exec:\e64404.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-