Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
20/05/2024, 08:27
General
-
Target
df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe
-
Size
190KB
-
MD5
df4a2f0950fd5fd0232ebafb11bc79f0
-
SHA1
c7d9216b255bf48a667a7ffe05134b7954527a70
-
SHA256
296aba48d67da8c2fd5637e13c8636a0c56acfaa8e899e4ed9ea2f75ccbe1369
-
SHA512
3af1ee0096c24f07239bccb54fc2bd37de1ebf6594f52b3c2e75b75701c705b8249a43efc92bf1174923e4c222b61a57cdf2c56b7073f1359b45a175cedc6e73
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+k:Ycm4FmowdHoSLEaTBftapTsyFeOk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrff.exec:\lllrrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrllx.exec:\xrlrllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnh.exec:\nnnbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdj.exec:\djpdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhttt.exec:\bbhttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxlrx.exec:\7flxlrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrxx.exec:\rlflrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjjv.exec:\1pjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\tbttth.exec:\tbttth.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe19⤵
- Executes dropped EXE
-
\??\c:\rfrxrxf.exec:\rfrxrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\fxrlrxr.exec:\fxrlrxr.exe21⤵
- Executes dropped EXE
-
\??\c:\hnbhnt.exec:\hnbhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\xxflfxx.exec:\xxflfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe25⤵
- Executes dropped EXE
-
\??\c:\xxlllrr.exec:\xxlllrr.exe26⤵
- Executes dropped EXE
-
\??\c:\thbnbb.exec:\thbnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxffff.exec:\xfxffff.exe29⤵
- Executes dropped EXE
-
\??\c:\hntbnt.exec:\hntbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\rflrlfx.exec:\rflrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnttn.exec:\nhnttn.exe33⤵
- Executes dropped EXE
-
\??\c:\9pjjj.exec:\9pjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxxflf.exec:\rlxxflf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhnbt.exec:\tnhnbt.exe36⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe38⤵
- Executes dropped EXE
-
\??\c:\fffrrlx.exec:\fffrrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\1nbntn.exec:\1nbntn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe42⤵
- Executes dropped EXE
-
\??\c:\rrflxxx.exec:\rrflxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\rxrfffl.exec:\rxrfffl.exe44⤵
- Executes dropped EXE
-
\??\c:\nnnhht.exec:\nnnhht.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\fllfxlr.exec:\fllfxlr.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlrxlx.exec:\lxlrxlx.exe48⤵
- Executes dropped EXE
-
\??\c:\hnbnbt.exec:\hnbnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\flllfxf.exec:\flllfxf.exe52⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\xfrfrfl.exec:\xfrfrfl.exe56⤵
- Executes dropped EXE
-
\??\c:\hnnnht.exec:\hnnnht.exe57⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\5pvvj.exec:\5pvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\llrflxl.exec:\llrflxl.exe61⤵
- Executes dropped EXE
-
\??\c:\3lxrrrr.exec:\3lxrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhnnh.exec:\nhhnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\flfxrfx.exec:\flfxrfx.exe66⤵
-
\??\c:\1nhthn.exec:\1nhthn.exe67⤵
-
\??\c:\nnntth.exec:\nnntth.exe68⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe69⤵
-
\??\c:\fflxlxx.exec:\fflxlxx.exe70⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe71⤵
-
\??\c:\3pddj.exec:\3pddj.exe72⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe73⤵
-
\??\c:\rxfrffx.exec:\rxfrffx.exe74⤵
-
\??\c:\5xrxffr.exec:\5xrxffr.exe75⤵
-
\??\c:\ntthtb.exec:\ntthtb.exe76⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe77⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe78⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe79⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe80⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe81⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵
-
\??\c:\xrlfxfr.exec:\xrlfxfr.exe83⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe84⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe85⤵
-
\??\c:\5pvdp.exec:\5pvdp.exe86⤵
-
\??\c:\5llrxlr.exec:\5llrxlr.exe87⤵
-
\??\c:\9bbbnt.exec:\9bbbnt.exe88⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe89⤵
-
\??\c:\7pvdd.exec:\7pvdd.exe90⤵
-
\??\c:\fxxrxlf.exec:\fxxrxlf.exe91⤵
-
\??\c:\tbhbnb.exec:\tbhbnb.exe92⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe93⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe94⤵
-
\??\c:\lfffflr.exec:\lfffflr.exe95⤵
-
\??\c:\fxlllfr.exec:\fxlllfr.exe96⤵
-
\??\c:\nhntht.exec:\nhntht.exe97⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe98⤵
-
\??\c:\djvvj.exec:\djvvj.exe99⤵
-
\??\c:\rlxflxr.exec:\rlxflxr.exe100⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe101⤵
-
\??\c:\1bhhnt.exec:\1bhhnt.exe102⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe103⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe104⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe105⤵
-
\??\c:\3nbtnh.exec:\3nbtnh.exe106⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe107⤵
-
\??\c:\3djjd.exec:\3djjd.exe108⤵
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe109⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe110⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe111⤵
-
\??\c:\tthtth.exec:\tthtth.exe112⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe113⤵
-
\??\c:\lrfrflr.exec:\lrfrflr.exe114⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe115⤵
-
\??\c:\nthntn.exec:\nthntn.exe116⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe117⤵
-
\??\c:\lrrfxrr.exec:\lrrfxrr.exe118⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe119⤵
-
\??\c:\btntnn.exec:\btntnn.exe120⤵
-
\??\c:\5nbbhh.exec:\5nbbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-