Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 06:52
General
-
Target
b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe
-
Size
226KB
-
MD5
b5db5cb9cceb76898ade3123ac943d40
-
SHA1
8ac29c8be1e49e481afa9843880bdfa53eb0ec38
-
SHA256
c126a63b253799dedfd2c1c67b87ed7b66367df89e34828d01759fefeb8c0485
-
SHA512
d5b623e4198301806e35de7c6d4e1a49b0eca48d02950825638a4790c8f4affa18465536258399a6c9f99ea08ddf40538bb864a0bbd4a375c0f9bdbacac31deb
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzl+SL:T4wFHoS3dJS4ZzeFaKHpCc7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b5db5cb9cceb76898ade3123ac943d40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpv.exec:\jvvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdpj.exec:\5vdpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnhtt.exec:\3tnhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbnh.exec:\bbhbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpdp.exec:\5vpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllfx.exec:\rrrllfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjp.exec:\djjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfrffx.exec:\7xfrffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllf.exec:\rlxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbnn.exec:\1thbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntthh.exec:\nntthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjd.exec:\3pjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlffxl.exec:\5rlffxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbt.exec:\bbnhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbt.exec:\tbtnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\jpjdd.exec:\jpjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\7fxrlrl.exec:\7fxrlrl.exe25⤵
- Executes dropped EXE
-
\??\c:\frrllff.exec:\frrllff.exe26⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\htnhhn.exec:\htnhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe29⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfxxrl.exec:\fxfxxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhttn.exec:\tbhttn.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\llrrfrl.exec:\llrrfrl.exe36⤵
- Executes dropped EXE
-
\??\c:\1xrlxxl.exec:\1xrlxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\7vpjv.exec:\7vpjv.exe40⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe41⤵
- Executes dropped EXE
-
\??\c:\flxlrrf.exec:\flxlrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfxlll.exec:\rxfxlll.exe43⤵
- Executes dropped EXE
-
\??\c:\bnthhb.exec:\bnthhb.exe44⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\5xfxlfx.exec:\5xfxlfx.exe47⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnhbt.exec:\nhnhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\1nnnhh.exec:\1nnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe52⤵
- Executes dropped EXE
-
\??\c:\flxlxrx.exec:\flxlxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\3hhbbt.exec:\3hhbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe56⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\9xxlxrl.exec:\9xxlxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlrlfx.exec:\rxlrlfx.exe61⤵
- Executes dropped EXE
-
\??\c:\xxrfxrl.exec:\xxrfxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhhbt.exec:\hbhhbt.exe63⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlffff.exec:\fxlffff.exe65⤵
- Executes dropped EXE
-
\??\c:\bthtnh.exec:\bthtnh.exe66⤵
- Executes dropped EXE
-
\??\c:\bhbhth.exec:\bhbhth.exe67⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe68⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe69⤵
-
\??\c:\1nhbtn.exec:\1nhbtn.exe70⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe71⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe72⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe73⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe74⤵
-
\??\c:\1djdp.exec:\1djdp.exe75⤵
-
\??\c:\1jvpj.exec:\1jvpj.exe76⤵
-
\??\c:\xxxlxfx.exec:\xxxlxfx.exe77⤵
-
\??\c:\nhnbnh.exec:\nhnbnh.exe78⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe79⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe80⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe81⤵
-
\??\c:\7xlfxxr.exec:\7xlfxxr.exe82⤵
-
\??\c:\3nnnnn.exec:\3nnnnn.exe83⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe84⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe85⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe86⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe87⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe88⤵
-
\??\c:\pjddd.exec:\pjddd.exe89⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe90⤵
-
\??\c:\lrffffx.exec:\lrffffx.exe91⤵
-
\??\c:\xxfxxxr.exec:\xxfxxxr.exe92⤵
-
\??\c:\3bhbtn.exec:\3bhbtn.exe93⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe94⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe95⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe96⤵
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe97⤵
-
\??\c:\5llfxxr.exec:\5llfxxr.exe98⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe99⤵
-
\??\c:\ntnnht.exec:\ntnnht.exe100⤵
-
\??\c:\rxxrlff.exec:\rxxrlff.exe101⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe102⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe103⤵
-
\??\c:\jddjd.exec:\jddjd.exe104⤵
-
\??\c:\nbbtnb.exec:\nbbtnb.exe105⤵
-
\??\c:\5vvdv.exec:\5vvdv.exe106⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe107⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe108⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe109⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe110⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe111⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe112⤵
-
\??\c:\5hhhhh.exec:\5hhhhh.exe113⤵
-
\??\c:\btbttt.exec:\btbttt.exe114⤵
-
\??\c:\vdppj.exec:\vdppj.exe115⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe116⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe117⤵
-
\??\c:\lflfxrx.exec:\lflfxrx.exe118⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe119⤵
-
\??\c:\llxrrrr.exec:\llxrrrr.exe120⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-