Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 19:41
General
-
Target
235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe
-
Size
293KB
-
MD5
235507aa5337ec878fa469519003aed0
-
SHA1
224fab2f9646c32b0c81afa3b3b95d4afc211a21
-
SHA256
f04a98632698e49d16c992dd6340521bae2cf7ea38ae67dd8be97fd480d85bdd
-
SHA512
1685155a98920dd76c43bbd7e009c5a63cd062b8fb2f26abc902b386403e8a3535b1d4c93dc915117b2fc80736fd5f361531d11eaca6133274c723d04892023c
-
SSDEEP
6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftOH:K4wFHoSQkuUHk1zBR/pMT9XvEhdfw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\235507aa5337ec878fa469519003aed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpp.exec:\3vvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhbb.exec:\5hnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxrl.exec:\rllfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnn.exec:\tnhtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthbb.exec:\tbthbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpd.exec:\1vvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbn.exec:\tnbhbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnn.exec:\bbnbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjjd.exec:\9vjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfxrlr.exec:\7xfxrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbb.exec:\hbnbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxx.exec:\frfxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthb.exec:\nbtthb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxrrl.exec:\3rxxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\llffxxr.exec:\llffxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe27⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhhhn.exec:\tbhhhn.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhbbh.exec:\bnhbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxrxrr.exec:\lrxrxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\thnhbh.exec:\thnhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\1flfxxr.exec:\1flfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrfxlf.exec:\rxrfxlf.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rfllllf.exec:\rfllllf.exe40⤵
- Executes dropped EXE
-
\??\c:\3bnnhn.exec:\3bnnhn.exe41⤵
- Executes dropped EXE
-
\??\c:\tnnhhn.exec:\tnnhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe43⤵
- Executes dropped EXE
-
\??\c:\rlrllfr.exec:\rlrllfr.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe47⤵
- Executes dropped EXE
-
\??\c:\1jpdd.exec:\1jpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\xfllllf.exec:\xfllllf.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\lrlfflf.exec:\lrlfflf.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe54⤵
- Executes dropped EXE
-
\??\c:\5xrlxxr.exec:\5xrlxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxrlfl.exec:\xrxrlfl.exe59⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe61⤵
- Executes dropped EXE
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrrllf.exec:\xrrrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe64⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe65⤵
- Executes dropped EXE
-
\??\c:\rrxrllf.exec:\rrxrllf.exe66⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe67⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe68⤵
-
\??\c:\xlxlfxf.exec:\xlxlfxf.exe69⤵
-
\??\c:\hnbtnh.exec:\hnbtnh.exe70⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe71⤵
-
\??\c:\3vvdd.exec:\3vvdd.exe72⤵
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe73⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe74⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe75⤵
-
\??\c:\ddppp.exec:\ddppp.exe76⤵
-
\??\c:\ffxxfxr.exec:\ffxxfxr.exe77⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe78⤵
-
\??\c:\7nhbbb.exec:\7nhbbb.exe79⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe80⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe81⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe82⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe83⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe84⤵
-
\??\c:\9xxrfxr.exec:\9xxrfxr.exe85⤵
-
\??\c:\bnthtb.exec:\bnthtb.exe86⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe87⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe88⤵
-
\??\c:\xrffxfr.exec:\xrffxfr.exe89⤵
-
\??\c:\rflxrll.exec:\rflxrll.exe90⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe91⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe92⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe93⤵
-
\??\c:\rffxrll.exec:\rffxrll.exe94⤵
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe95⤵
-
\??\c:\7thtnb.exec:\7thtnb.exe96⤵
-
\??\c:\7rrlllf.exec:\7rrlllf.exe97⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe98⤵
-
\??\c:\1hhbbb.exec:\1hhbbb.exe99⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe100⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe101⤵
-
\??\c:\rxfxllf.exec:\rxfxllf.exe102⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe103⤵
-
\??\c:\nnnnhb.exec:\nnnnhb.exe104⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe105⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe106⤵
-
\??\c:\xxffrrx.exec:\xxffrrx.exe107⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe108⤵
-
\??\c:\5btnhn.exec:\5btnhn.exe109⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe110⤵
-
\??\c:\tbnnht.exec:\tbnnht.exe111⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe112⤵
-
\??\c:\vddvj.exec:\vddvj.exe113⤵
-
\??\c:\xxxxxxl.exec:\xxxxxxl.exe114⤵
-
\??\c:\1xxrllr.exec:\1xxrllr.exe115⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe116⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe117⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe118⤵
-
\??\c:\bhhnhn.exec:\bhhnhn.exe119⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe120⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-