Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
09/05/2024, 23:25
General
-
Target
1e137b509cf9e3e32fba57d9ff621080_NeikiAnalytics.exe
-
Size
320KB
-
MD5
1e137b509cf9e3e32fba57d9ff621080
-
SHA1
3dea7263b1bccaa4ac6b10a9f8d465d7c24d6b93
-
SHA256
0d0cd342a4a2a5763bb4ca2f0bba5b4fd753d887b8b07c4769d8766df2181b1f
-
SHA512
6c52a7c2cac35fac2aa7b39384cb65d6931376f4d19ea8e1c4ae32953020f2675b4cfbb5f18d402c147b23683a32ddc373ffa1cfed856d8934966ff417908aac
-
SSDEEP
6144:9cm4FmowdHoSZrv9AEa3F2Y9iE9mJrtMsQBcqNLq3xB:/4wFHoSB969P9mJRMsfqV2f
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e137b509cf9e3e32fba57d9ff621080_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1e137b509cf9e3e32fba57d9ff621080_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnnbn.exec:\9nnnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvp.exec:\pjpvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxlxl.exec:\fffxlxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llrflx.exec:\3llrflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbtbb.exec:\7hbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrffrxx.exec:\lrffrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnt.exec:\thtnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrxxl.exec:\rllrxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbht.exec:\nnbbht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfrx.exec:\xrrrfrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflffr.exec:\rrflffr.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe18⤵
- Executes dropped EXE
-
\??\c:\rrflfrf.exec:\rrflfrf.exe19⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe20⤵
- Executes dropped EXE
-
\??\c:\xrrffxf.exec:\xrrffxf.exe21⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe23⤵
- Executes dropped EXE
-
\??\c:\tttntb.exec:\tttntb.exe24⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe25⤵
- Executes dropped EXE
-
\??\c:\lxrrxlx.exec:\lxrrxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe28⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrxfrx.exec:\fxrxfrx.exe31⤵
- Executes dropped EXE
-
\??\c:\7dpvj.exec:\7dpvj.exe32⤵
- Executes dropped EXE
-
\??\c:\1ffxxrx.exec:\1ffxxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\9dpdj.exec:\9dpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe35⤵
- Executes dropped EXE
-
\??\c:\lfxxxfx.exec:\lfxxxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\nbhbbn.exec:\nbhbbn.exe37⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrllflx.exec:\rrllflx.exe39⤵
- Executes dropped EXE
-
\??\c:\9thhnh.exec:\9thhnh.exe40⤵
- Executes dropped EXE
-
\??\c:\5ppvj.exec:\5ppvj.exe41⤵
- Executes dropped EXE
-
\??\c:\1xrflfr.exec:\1xrflfr.exe42⤵
- Executes dropped EXE
-
\??\c:\thbhhn.exec:\thbhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxrxx.exec:\fxrxrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\xxxfxlx.exec:\xxxfxlx.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\5vvvj.exec:\5vvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\5lflrrr.exec:\5lflrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\9nbbhh.exec:\9nbbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe54⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxfllr.exec:\xlxfllr.exe56⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe57⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe60⤵
- Executes dropped EXE
-
\??\c:\7htnnb.exec:\7htnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\lxxllxf.exec:\lxxllxf.exe63⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\7jjjj.exec:\7jjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\3rllxfr.exec:\3rllxfr.exe66⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe67⤵
-
\??\c:\5pdjj.exec:\5pdjj.exe68⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe69⤵
-
\??\c:\3lxfxfr.exec:\3lxfxfr.exe70⤵
-
\??\c:\bttthh.exec:\bttthh.exe71⤵
-
\??\c:\jppjj.exec:\jppjj.exe72⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe73⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe74⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe75⤵
-
\??\c:\1rllxfr.exec:\1rllxfr.exe76⤵
-
\??\c:\ttbhtn.exec:\ttbhtn.exe77⤵
-
\??\c:\ppppv.exec:\ppppv.exe78⤵
-
\??\c:\fxxfxxr.exec:\fxxfxxr.exe79⤵
-
\??\c:\xrllxrl.exec:\xrllxrl.exe80⤵
-
\??\c:\nbhbnt.exec:\nbhbnt.exe81⤵
-
\??\c:\5ddjj.exec:\5ddjj.exe82⤵
-
\??\c:\xrfrrxx.exec:\xrfrrxx.exe83⤵
-
\??\c:\nbhbnt.exec:\nbhbnt.exe84⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe85⤵
-
\??\c:\3dpdj.exec:\3dpdj.exe86⤵
-
\??\c:\1lxfrfl.exec:\1lxfrfl.exe87⤵
-
\??\c:\nntttt.exec:\nntttt.exe88⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe89⤵
-
\??\c:\9fxflrr.exec:\9fxflrr.exe90⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe91⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe92⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe93⤵
-
\??\c:\rrrflrf.exec:\rrrflrf.exe94⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe95⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe96⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe97⤵
-
\??\c:\tnbtnt.exec:\tnbtnt.exe98⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe99⤵
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe100⤵
-
\??\c:\hnhthn.exec:\hnhthn.exe101⤵
-
\??\c:\3jvvj.exec:\3jvvj.exe102⤵
-
\??\c:\xrxlrfr.exec:\xrxlrfr.exe103⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe104⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe105⤵
-
\??\c:\tbnnnb.exec:\tbnnnb.exe106⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe107⤵
-
\??\c:\xrrfflf.exec:\xrrfflf.exe108⤵
-
\??\c:\5htbht.exec:\5htbht.exe109⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe110⤵
-
\??\c:\xrfrfll.exec:\xrfrfll.exe111⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe112⤵
-
\??\c:\9nbnbn.exec:\9nbnbn.exe113⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe114⤵
-
\??\c:\5xxxflx.exec:\5xxxflx.exe115⤵
-
\??\c:\9lxxlll.exec:\9lxxlll.exe116⤵
-
\??\c:\9nhhbn.exec:\9nhhbn.exe117⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe118⤵
-
\??\c:\5jvdp.exec:\5jvdp.exe119⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe120⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-