Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17/05/2024, 19:41
General
-
Target
235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe
-
Size
293KB
-
MD5
235507aa5337ec878fa469519003aed0
-
SHA1
224fab2f9646c32b0c81afa3b3b95d4afc211a21
-
SHA256
f04a98632698e49d16c992dd6340521bae2cf7ea38ae67dd8be97fd480d85bdd
-
SHA512
1685155a98920dd76c43bbd7e009c5a63cd062b8fb2f26abc902b386403e8a3535b1d4c93dc915117b2fc80736fd5f361531d11eaca6133274c723d04892023c
-
SSDEEP
6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftOH:K4wFHoSQkuUHk1zBR/pMT9XvEhdfw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vppj.exec:\7vppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvdp.exec:\9vvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtbh.exec:\hbhtbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnh.exec:\btnbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhht.exec:\hbnhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlrxf.exec:\5xxlrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhhnn.exec:\5nhhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbntn.exec:\hnbntn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthb.exec:\nhbthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbnn.exec:\3nbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjp.exec:\5vjjp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbbtnt.exec:\bbbtnt.exe19⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe20⤵
- Executes dropped EXE
-
\??\c:\5llxrfx.exec:\5llxrfx.exe21⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe24⤵
- Executes dropped EXE
-
\??\c:\3nhtth.exec:\3nhtth.exe25⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlrlxl.exec:\rrlrlxl.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxxlxf.exec:\ffxxlxf.exe30⤵
- Executes dropped EXE
-
\??\c:\9hbntb.exec:\9hbntb.exe31⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnbht.exec:\hbnbht.exe34⤵
- Executes dropped EXE
-
\??\c:\nthtnt.exec:\nthtnt.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\5lxfrxl.exec:\5lxfrxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe39⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrfrff.exec:\ffrfrff.exe41⤵
- Executes dropped EXE
-
\??\c:\frffrxx.exec:\frffrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\nnthtt.exec:\nnthtt.exe43⤵
- Executes dropped EXE
-
\??\c:\1jdvj.exec:\1jdvj.exe44⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe45⤵
- Executes dropped EXE
-
\??\c:\xxlxlxr.exec:\xxlxlxr.exe46⤵
- Executes dropped EXE
-
\??\c:\tthhtb.exec:\tthhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe49⤵
- Executes dropped EXE
-
\??\c:\5pdpp.exec:\5pdpp.exe50⤵
- Executes dropped EXE
-
\??\c:\3rrlllf.exec:\3rrlllf.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhntn.exec:\nnhntn.exe52⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe54⤵
- Executes dropped EXE
-
\??\c:\xxlrxxr.exec:\xxlrxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\nnhhth.exec:\nnhhth.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnhhn.exec:\bnnhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\1jjvj.exec:\1jjvj.exe59⤵
- Executes dropped EXE
-
\??\c:\xrllxxl.exec:\xrllxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\1nnhth.exec:\1nnhth.exe62⤵
- Executes dropped EXE
-
\??\c:\hthtbn.exec:\hthtbn.exe63⤵
- Executes dropped EXE
-
\??\c:\7djdj.exec:\7djdj.exe64⤵
- Executes dropped EXE
-
\??\c:\rfxrfll.exec:\rfxrfll.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrxfrx.exec:\xxrxfrx.exe66⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe67⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe68⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe69⤵
-
\??\c:\3lfrxxl.exec:\3lfrxxl.exe70⤵
-
\??\c:\xxflflx.exec:\xxflflx.exe71⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe72⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe73⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe74⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe75⤵
-
\??\c:\1xxrxlx.exec:\1xxrxlx.exe76⤵
-
\??\c:\5bhnhh.exec:\5bhnhh.exe77⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe78⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe79⤵
-
\??\c:\1pvjp.exec:\1pvjp.exe80⤵
-
\??\c:\1xffflr.exec:\1xffflr.exe81⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe82⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe83⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe84⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe85⤵
-
\??\c:\frlrxxl.exec:\frlrxxl.exe86⤵
-
\??\c:\9llxxrr.exec:\9llxxrr.exe87⤵
-
\??\c:\bttthn.exec:\bttthn.exe88⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe89⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe90⤵
-
\??\c:\jdppd.exec:\jdppd.exe91⤵
-
\??\c:\xrflxlr.exec:\xrflxlr.exe92⤵
-
\??\c:\7lllxrf.exec:\7lllxrf.exe93⤵
-
\??\c:\nhhtbb.exec:\nhhtbb.exe94⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe95⤵
-
\??\c:\vjppp.exec:\vjppp.exe96⤵
-
\??\c:\1lxrxxf.exec:\1lxrxxf.exe97⤵
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe98⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe99⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe100⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe101⤵
-
\??\c:\rllrffr.exec:\rllrffr.exe102⤵
-
\??\c:\fllxlll.exec:\fllxlll.exe103⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe104⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe105⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe106⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe107⤵
-
\??\c:\rlxlxrf.exec:\rlxlxrf.exe108⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe109⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe110⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe111⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe112⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe113⤵
-
\??\c:\7hthnn.exec:\7hthnn.exe114⤵
-
\??\c:\5htttt.exec:\5htttt.exe115⤵
-
\??\c:\7dddj.exec:\7dddj.exe116⤵
-
\??\c:\rlxxrrf.exec:\rlxxrrf.exe117⤵
-
\??\c:\9lxfrxf.exec:\9lxfrxf.exe118⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe119⤵
-
\??\c:\1bhnht.exec:\1bhnht.exe120⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-