Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
30/05/2024, 21:54
General
-
Target
69d9be638f02536a48e42f4d1ef28960_NeikiAnalytics.exe
-
Size
251KB
-
MD5
69d9be638f02536a48e42f4d1ef28960
-
SHA1
f962f39ce5e07410b9c255290b4f408e67829f51
-
SHA256
f9f19f07a5996f19be240df6c403f571898a2cdb9b2d379dd8d0966694b233c9
-
SHA512
e4302773a46cc376a12b8a397c7263cfdc5164c186c826133f1c8c08e9364a25eded2e0b293e6ee7efbc85a4f620dbe90ea1d183a628e44d7e3a55b93ca6c9a9
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+H:ccm4FmowdHoSi9EIBftapTs4WZazY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\69d9be638f02536a48e42f4d1ef28960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\69d9be638f02536a48e42f4d1ef28960_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrf.exec:\ffrlrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhn.exec:\tnbbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5httbb.exec:\5httbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbbh.exec:\hbtbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddj.exec:\1pddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrlr.exec:\lfffrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htnnh.exec:\5htnnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfflr.exec:\lllfflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflx.exec:\rlxxflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\xrrrffl.exec:\xrrrffl.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbhht.exec:\nhbhht.exe20⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe22⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\3vdjv.exec:\3vdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrxffl.exec:\xrrxffl.exe25⤵
- Executes dropped EXE
-
\??\c:\tthntt.exec:\tthntt.exe26⤵
- Executes dropped EXE
-
\??\c:\3rllllx.exec:\3rllllx.exe27⤵
- Executes dropped EXE
-
\??\c:\3xrrxxf.exec:\3xrrxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbbnh.exec:\hhbbnh.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\1fxfllx.exec:\1fxfllx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe34⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe42⤵
- Executes dropped EXE
-
\??\c:\bthtth.exec:\bthtth.exe43⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\3rfxffl.exec:\3rfxffl.exe46⤵
- Executes dropped EXE
-
\??\c:\5nttbh.exec:\5nttbh.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\9fffllx.exec:\9fffllx.exe49⤵
- Executes dropped EXE
-
\??\c:\rfxfllr.exec:\rfxfllr.exe50⤵
- Executes dropped EXE
-
\??\c:\btbnhh.exec:\btbnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\9dvjj.exec:\9dvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\fxflxrx.exec:\fxflxrx.exe53⤵
- Executes dropped EXE
-
\??\c:\fflrfxf.exec:\fflrfxf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbnbt.exec:\hbbnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\7dpvv.exec:\7dpvv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfxxffr.exec:\lfxxffr.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlrlfl.exec:\fxlrlfl.exe59⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe62⤵
- Executes dropped EXE
-
\??\c:\frlfllx.exec:\frlfllx.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrrrfx.exec:\rlrrrfx.exe64⤵
- Executes dropped EXE
-
\??\c:\3bhbht.exec:\3bhbht.exe65⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe66⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe67⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe68⤵
-
\??\c:\rxxxllf.exec:\rxxxllf.exe69⤵
-
\??\c:\5hhbhn.exec:\5hhbhn.exe70⤵
-
\??\c:\7tbbhn.exec:\7tbbhn.exe71⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe72⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe73⤵
-
\??\c:\xrrfrfr.exec:\xrrfrfr.exe74⤵
-
\??\c:\9xrxflr.exec:\9xrxflr.exe75⤵
-
\??\c:\bnhnth.exec:\bnhnth.exe76⤵
-
\??\c:\5tttbh.exec:\5tttbh.exe77⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe78⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe79⤵
-
\??\c:\fxrxffl.exec:\fxrxffl.exe80⤵
-
\??\c:\1llrxfl.exec:\1llrxfl.exe81⤵
-
\??\c:\hhnthh.exec:\hhnthh.exe82⤵
-
\??\c:\pjddp.exec:\pjddp.exe83⤵
-
\??\c:\9jjvv.exec:\9jjvv.exe84⤵
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe85⤵
-
\??\c:\9bbhbt.exec:\9bbhbt.exe86⤵
-
\??\c:\7bhhtt.exec:\7bhhtt.exe87⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe88⤵
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe89⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe90⤵
-
\??\c:\nbnbth.exec:\nbnbth.exe91⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe92⤵
-
\??\c:\9lffrrf.exec:\9lffrrf.exe93⤵
-
\??\c:\lflflff.exec:\lflflff.exe94⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe95⤵
-
\??\c:\hntnht.exec:\hntnht.exe96⤵
-
\??\c:\pjppd.exec:\pjppd.exe97⤵
-
\??\c:\ffrrrlr.exec:\ffrrrlr.exe98⤵
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe99⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe100⤵
-
\??\c:\5vjpp.exec:\5vjpp.exe101⤵
-
\??\c:\9vppv.exec:\9vppv.exe102⤵
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe103⤵
-
\??\c:\rfrxflf.exec:\rfrxflf.exe104⤵
-
\??\c:\1htbhn.exec:\1htbhn.exe105⤵
-
\??\c:\5hbhtn.exec:\5hbhtn.exe106⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe107⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe108⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe109⤵
-
\??\c:\9bhhnt.exec:\9bhhnt.exe110⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe111⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe112⤵
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe113⤵
-
\??\c:\3lxflrf.exec:\3lxflrf.exe114⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe115⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe116⤵
-
\??\c:\9ddpv.exec:\9ddpv.exe117⤵
-
\??\c:\lxlxffx.exec:\lxlxffx.exe118⤵
-
\??\c:\3hbhnh.exec:\3hbhnh.exe119⤵
-
\??\c:\nhhbnb.exec:\nhhbnb.exe120⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-