Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2024, 14:44
Behavioral task
behavioral1
Sample
632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe
-
Size
484KB
-
MD5
632f524916b9a699959b5078dc5c6b70
-
SHA1
5e5b3b024861fe0e1a23f0cb0236bc3e081f65b9
-
SHA256
a36a5b29ddda1ead9dae55d81e1a00d0906c250ddc1b126c6e44985469d7e234
-
SHA512
0b6155fdfe7ad42599c827c15e60b2813d01483dbfac2d56e265a605212eeb15c5f3b5546c1e6cace3d6c271e38da25b2acc98d7c26d2ba1e3b856c25c53f7fa
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nr:Cu49lmPh2kkkkK4kXkkkkkkkkZ
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1464-7-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/792-18-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1420-17-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3716-32-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4788-29-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1252-40-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1888-47-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3692-48-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1580-60-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2488-62-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2740-72-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3888-84-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3276-89-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1240-91-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3012-97-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1144-104-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3296-112-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4360-119-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4564-128-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4440-127-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1300-136-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4852-139-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4852-145-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1200-150-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2040-158-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2668-156-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3008-168-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/756-175-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3404-191-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3260-195-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4764-208-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4556-212-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4316-216-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4304-219-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1488-223-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1496-227-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3224-238-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4756-248-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4540-266-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1608-283-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2412-285-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2508-292-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/904-301-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4564-317-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3832-328-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4644-362-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3220-378-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1560-390-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/380-400-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4356-410-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3484-420-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2508-467-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4440-498-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4644-544-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4548-566-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/3412-637-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1808-693-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4540-804-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/4152-951-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1124-966-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1712-1090-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1408-1107-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/1612-1202-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon behavioral2/memory/2088-1269-0x0000000000400000-0x0000000000436000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/memory/1464-0-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1464-7-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000a000000023400-4.dat family_berbew behavioral2/files/0x000b00000002340e-9.dat family_berbew behavioral2/files/0x000700000002341b-14.dat family_berbew behavioral2/memory/792-18-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1420-17-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002341c-22.dat family_berbew behavioral2/files/0x000700000002341d-26.dat family_berbew behavioral2/files/0x000700000002341e-34.dat family_berbew behavioral2/memory/3716-32-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/4788-29-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002341f-38.dat family_berbew behavioral2/memory/1252-40-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023420-44.dat family_berbew behavioral2/memory/1888-47-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3692-48-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023421-51.dat family_berbew behavioral2/memory/1580-54-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/1580-60-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/2488-62-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023423-65.dat family_berbew behavioral2/files/0x0007000000023422-58.dat family_berbew behavioral2/files/0x0007000000023424-69.dat family_berbew behavioral2/memory/2740-72-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023425-75.dat family_berbew behavioral2/memory/3888-78-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0008000000023418-81.dat family_berbew behavioral2/memory/3888-84-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3276-89-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023426-87.dat family_berbew behavioral2/memory/1240-91-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023427-95.dat family_berbew behavioral2/memory/3012-97-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023428-100.dat family_berbew behavioral2/memory/1144-104-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0008000000023429-108.dat family_berbew behavioral2/files/0x000800000002342b-114.dat family_berbew behavioral2/memory/3296-112-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/4360-119-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000700000002342e-117.dat family_berbew behavioral2/files/0x000700000002342f-124.dat family_berbew behavioral2/memory/4564-128-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/4440-127-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023431-130.dat family_berbew behavioral2/memory/1300-136-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0011000000016964-138.dat family_berbew behavioral2/memory/4852-139-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x000800000002342c-142.dat family_berbew behavioral2/memory/4852-145-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0008000000023430-148.dat family_berbew behavioral2/memory/1200-150-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023432-154.dat family_berbew behavioral2/memory/2040-158-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/2668-156-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023433-161.dat family_berbew behavioral2/files/0x0007000000023434-166.dat family_berbew behavioral2/memory/3008-168-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023435-172.dat family_berbew behavioral2/memory/756-175-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/files/0x0007000000023436-180.dat family_berbew behavioral2/files/0x0007000000023437-183.dat family_berbew behavioral2/memory/3404-191-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew behavioral2/memory/3260-195-0x0000000000400000-0x0000000000436000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
pid Process 2428 pdpjj.exe 1420 xrrrrrr.exe 792 3xrrrrr.exe 4788 htnnhn.exe 3716 9vppj.exe 1252 dppjp.exe 1888 nhhbbh.exe 3692 rrfrlll.exe 1580 lfxxxrr.exe 2488 hbbbtn.exe 880 hbhhtn.exe 2740 5xfxrxx.exe 3888 nhbtnn.exe 3276 xrlffxx.exe 1240 tnnhbb.exe 3012 lfffxrl.exe 1144 9rxxffl.exe 3296 nthbbb.exe 4360 vppjd.exe 4440 vjppj.exe 4564 xlfxlxr.exe 1300 rxfflff.exe 4852 bhnhbb.exe 1200 frfxrrl.exe 2668 vpjvp.exe 2040 frxrllf.exe 3008 1dpjd.exe 756 xrrlxxr.exe 404 lllfrrf.exe 4108 jdjjd.exe 3404 pvjvp.exe 3260 dpvvp.exe 4736 1xxrllf.exe 512 bbnbtn.exe 2336 bbnhbt.exe 4764 pdjdv.exe 4556 1fxrllf.exe 4316 thhhbb.exe 4304 hbhhbt.exe 1488 vppdv.exe 1496 fxfxxfx.exe 576 thnnhh.exe 1708 1vvvp.exe 2416 5llffff.exe 3224 hhnhbb.exe 1124 ppdvv.exe 1176 lfxrrrr.exe 4756 1rxxxfl.exe 1840 hbnhhn.exe 1588 dpddj.exe 2604 frlxffl.exe 3944 rfllfxx.exe 4540 btttnn.exe 4972 1ppjj.exe 4020 tbhhbb.exe 3152 pdjjd.exe 1336 rrxxffl.exe 1608 tnbttt.exe 2412 dvdvj.exe 3288 ddjjd.exe 2508 xxlrllf.exe 4396 thnnhn.exe 904 vdpjd.exe 1120 9rxrlfx.exe -
resource yara_rule behavioral2/memory/1464-0-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1464-7-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000a000000023400-4.dat upx behavioral2/files/0x000b00000002340e-9.dat upx behavioral2/files/0x000700000002341b-14.dat upx behavioral2/memory/792-18-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1420-17-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341c-22.dat upx behavioral2/files/0x000700000002341d-26.dat upx behavioral2/files/0x000700000002341e-34.dat upx behavioral2/memory/3716-32-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4788-29-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002341f-38.dat upx behavioral2/memory/1252-40-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023420-44.dat upx behavioral2/memory/1888-47-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3692-48-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023421-51.dat upx behavioral2/memory/1580-54-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/1580-60-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2488-62-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023423-65.dat upx behavioral2/files/0x0007000000023422-58.dat upx behavioral2/files/0x0007000000023424-69.dat upx behavioral2/memory/2740-72-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023425-75.dat upx behavioral2/memory/3888-78-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023418-81.dat upx behavioral2/memory/3888-84-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3276-89-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023426-87.dat upx behavioral2/memory/1240-91-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023427-95.dat upx behavioral2/memory/3012-97-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023428-100.dat upx behavioral2/memory/1144-104-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023429-108.dat upx behavioral2/files/0x000800000002342b-114.dat upx behavioral2/memory/3296-112-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4360-119-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000700000002342e-117.dat upx behavioral2/files/0x000700000002342f-124.dat upx behavioral2/memory/4564-128-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/4440-127-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023431-130.dat upx behavioral2/memory/1300-136-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0011000000016964-138.dat upx behavioral2/memory/4852-139-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x000800000002342c-142.dat upx behavioral2/memory/4852-145-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0008000000023430-148.dat upx behavioral2/memory/1200-150-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023432-154.dat upx behavioral2/memory/2040-158-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/2668-156-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023433-161.dat upx behavioral2/files/0x0007000000023434-166.dat upx behavioral2/memory/3008-168-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023435-172.dat upx behavioral2/memory/756-175-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/files/0x0007000000023436-180.dat upx behavioral2/files/0x0007000000023437-183.dat upx behavioral2/memory/3404-191-0x0000000000400000-0x0000000000436000-memory.dmp upx behavioral2/memory/3260-195-0x0000000000400000-0x0000000000436000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1464 wrote to memory of 2428 1464 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 82 PID 1464 wrote to memory of 2428 1464 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 82 PID 1464 wrote to memory of 2428 1464 632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe 82 PID 2428 wrote to memory of 1420 2428 pdpjj.exe 84 PID 2428 wrote to memory of 1420 2428 pdpjj.exe 84 PID 2428 wrote to memory of 1420 2428 pdpjj.exe 84 PID 1420 wrote to memory of 792 1420 xrrrrrr.exe 86 PID 1420 wrote to memory of 792 1420 xrrrrrr.exe 86 PID 1420 wrote to memory of 792 1420 xrrrrrr.exe 86 PID 792 wrote to memory of 4788 792 3xrrrrr.exe 88 PID 792 wrote to memory of 4788 792 3xrrrrr.exe 88 PID 792 wrote to memory of 4788 792 3xrrrrr.exe 88 PID 4788 wrote to memory of 3716 4788 htnnhn.exe 89 PID 4788 wrote to memory of 3716 4788 htnnhn.exe 89 PID 4788 wrote to memory of 3716 4788 htnnhn.exe 89 PID 3716 wrote to memory of 1252 3716 9vppj.exe 90 PID 3716 wrote to memory of 1252 3716 9vppj.exe 90 PID 3716 wrote to memory of 1252 3716 9vppj.exe 90 PID 1252 wrote to memory of 1888 1252 dppjp.exe 91 PID 1252 wrote to memory of 1888 1252 dppjp.exe 91 PID 1252 wrote to memory of 1888 1252 dppjp.exe 91 PID 1888 wrote to memory of 3692 1888 nhhbbh.exe 92 PID 1888 wrote to memory of 3692 1888 nhhbbh.exe 92 PID 1888 wrote to memory of 3692 1888 nhhbbh.exe 92 PID 3692 wrote to memory of 1580 3692 rrfrlll.exe 93 PID 3692 wrote to memory of 1580 3692 rrfrlll.exe 93 PID 3692 wrote to memory of 1580 3692 rrfrlll.exe 93 PID 1580 wrote to memory of 2488 1580 lfxxxrr.exe 94 PID 1580 wrote to memory of 2488 1580 lfxxxrr.exe 94 PID 1580 wrote to memory of 2488 1580 lfxxxrr.exe 94 PID 2488 wrote to memory of 880 2488 hbbbtn.exe 95 PID 2488 wrote to memory of 880 2488 hbbbtn.exe 95 PID 2488 wrote to memory of 880 2488 hbbbtn.exe 95 PID 880 wrote to memory of 2740 880 hbhhtn.exe 96 PID 880 wrote to memory of 2740 880 hbhhtn.exe 96 PID 880 wrote to memory of 2740 880 hbhhtn.exe 96 PID 2740 wrote to memory of 3888 2740 5xfxrxx.exe 97 PID 2740 wrote to memory of 3888 2740 5xfxrxx.exe 97 PID 2740 wrote to memory of 3888 2740 5xfxrxx.exe 97 PID 3888 wrote to memory of 3276 3888 nhbtnn.exe 98 PID 3888 wrote to memory of 3276 3888 nhbtnn.exe 98 PID 3888 wrote to memory of 3276 3888 nhbtnn.exe 98 PID 3276 wrote to memory of 1240 3276 xrlffxx.exe 99 PID 3276 wrote to memory of 1240 3276 xrlffxx.exe 99 PID 3276 wrote to memory of 1240 3276 xrlffxx.exe 99 PID 1240 wrote to memory of 3012 1240 tnnhbb.exe 100 PID 1240 wrote to memory of 3012 1240 tnnhbb.exe 100 PID 1240 wrote to memory of 3012 1240 tnnhbb.exe 100 PID 3012 wrote to memory of 1144 3012 lfffxrl.exe 101 PID 3012 wrote to memory of 1144 3012 lfffxrl.exe 101 PID 3012 wrote to memory of 1144 3012 lfffxrl.exe 101 PID 1144 wrote to memory of 3296 1144 9rxxffl.exe 102 PID 1144 wrote to memory of 3296 1144 9rxxffl.exe 102 PID 1144 wrote to memory of 3296 1144 9rxxffl.exe 102 PID 3296 wrote to memory of 4360 3296 nthbbb.exe 103 PID 3296 wrote to memory of 4360 3296 nthbbb.exe 103 PID 3296 wrote to memory of 4360 3296 nthbbb.exe 103 PID 4360 wrote to memory of 4440 4360 vppjd.exe 104 PID 4360 wrote to memory of 4440 4360 vppjd.exe 104 PID 4360 wrote to memory of 4440 4360 vppjd.exe 104 PID 4440 wrote to memory of 4564 4440 vjppj.exe 105 PID 4440 wrote to memory of 4564 4440 vjppj.exe 105 PID 4440 wrote to memory of 4564 4440 vjppj.exe 105 PID 4564 wrote to memory of 1300 4564 xlfxlxr.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\632f524916b9a699959b5078dc5c6b70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1464 -
\??\c:\pdpjj.exec:\pdpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\xrrrrrr.exec:\xrrrrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1420 -
\??\c:\3xrrrrr.exec:\3xrrrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:792 -
\??\c:\htnnhn.exec:\htnnhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4788 -
\??\c:\9vppj.exec:\9vppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3716 -
\??\c:\dppjp.exec:\dppjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1252 -
\??\c:\nhhbbh.exec:\nhhbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\rrfrlll.exec:\rrfrlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3692 -
\??\c:\lfxxxrr.exec:\lfxxxrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1580 -
\??\c:\hbbbtn.exec:\hbbbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\hbhhtn.exec:\hbhhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\5xfxrxx.exec:\5xfxrxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\nhbtnn.exec:\nhbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3888 -
\??\c:\xrlffxx.exec:\xrlffxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3276 -
\??\c:\tnnhbb.exec:\tnnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1240 -
\??\c:\lfffxrl.exec:\lfffxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\9rxxffl.exec:\9rxxffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1144 -
\??\c:\nthbbb.exec:\nthbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\vppjd.exec:\vppjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4360 -
\??\c:\vjppj.exec:\vjppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4440 -
\??\c:\xlfxlxr.exec:\xlfxlxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4564 -
\??\c:\rxfflff.exec:\rxfflff.exe23⤵
- Executes dropped EXE
PID:1300 -
\??\c:\bhnhbb.exec:\bhnhbb.exe24⤵
- Executes dropped EXE
PID:4852 -
\??\c:\frfxrrl.exec:\frfxrrl.exe25⤵
- Executes dropped EXE
PID:1200 -
\??\c:\vpjvp.exec:\vpjvp.exe26⤵
- Executes dropped EXE
PID:2668 -
\??\c:\frxrllf.exec:\frxrllf.exe27⤵
- Executes dropped EXE
PID:2040 -
\??\c:\1dpjd.exec:\1dpjd.exe28⤵
- Executes dropped EXE
PID:3008 -
\??\c:\xrrlxxr.exec:\xrrlxxr.exe29⤵
- Executes dropped EXE
PID:756 -
\??\c:\lllfrrf.exec:\lllfrrf.exe30⤵
- Executes dropped EXE
PID:404 -
\??\c:\jdjjd.exec:\jdjjd.exe31⤵
- Executes dropped EXE
PID:4108 -
\??\c:\pvjvp.exec:\pvjvp.exe32⤵
- Executes dropped EXE
PID:3404 -
\??\c:\dpvvp.exec:\dpvvp.exe33⤵
- Executes dropped EXE
PID:3260 -
\??\c:\1xxrllf.exec:\1xxrllf.exe34⤵
- Executes dropped EXE
PID:4736 -
\??\c:\bbnbtn.exec:\bbnbtn.exe35⤵
- Executes dropped EXE
PID:512 -
\??\c:\bbnhbt.exec:\bbnhbt.exe36⤵
- Executes dropped EXE
PID:2336 -
\??\c:\pdjdv.exec:\pdjdv.exe37⤵
- Executes dropped EXE
PID:4764 -
\??\c:\1fxrllf.exec:\1fxrllf.exe38⤵
- Executes dropped EXE
PID:4556 -
\??\c:\thhhbb.exec:\thhhbb.exe39⤵
- Executes dropped EXE
PID:4316 -
\??\c:\hbhhbt.exec:\hbhhbt.exe40⤵
- Executes dropped EXE
PID:4304 -
\??\c:\vppdv.exec:\vppdv.exe41⤵
- Executes dropped EXE
PID:1488 -
\??\c:\fxfxxfx.exec:\fxfxxfx.exe42⤵
- Executes dropped EXE
PID:1496 -
\??\c:\thnnhh.exec:\thnnhh.exe43⤵
- Executes dropped EXE
PID:576 -
\??\c:\1vvvp.exec:\1vvvp.exe44⤵
- Executes dropped EXE
PID:1708 -
\??\c:\5llffff.exec:\5llffff.exe45⤵
- Executes dropped EXE
PID:2416 -
\??\c:\hhnhbb.exec:\hhnhbb.exe46⤵
- Executes dropped EXE
PID:3224 -
\??\c:\ppdvv.exec:\ppdvv.exe47⤵
- Executes dropped EXE
PID:1124 -
\??\c:\lfxrrrr.exec:\lfxrrrr.exe48⤵
- Executes dropped EXE
PID:1176 -
\??\c:\1rxxxfl.exec:\1rxxxfl.exe49⤵
- Executes dropped EXE
PID:4756 -
\??\c:\hbnhhn.exec:\hbnhhn.exe50⤵
- Executes dropped EXE
PID:1840 -
\??\c:\dpddj.exec:\dpddj.exe51⤵
- Executes dropped EXE
PID:1588 -
\??\c:\frlxffl.exec:\frlxffl.exe52⤵
- Executes dropped EXE
PID:2604 -
\??\c:\rfllfxx.exec:\rfllfxx.exe53⤵
- Executes dropped EXE
PID:3944 -
\??\c:\btttnn.exec:\btttnn.exe54⤵
- Executes dropped EXE
PID:4540 -
\??\c:\1ppjj.exec:\1ppjj.exe55⤵
- Executes dropped EXE
PID:4972 -
\??\c:\tbhhbb.exec:\tbhhbb.exe56⤵
- Executes dropped EXE
PID:4020 -
\??\c:\pdjjd.exec:\pdjjd.exe57⤵
- Executes dropped EXE
PID:3152 -
\??\c:\rrxxffl.exec:\rrxxffl.exe58⤵
- Executes dropped EXE
PID:1336 -
\??\c:\tnbttt.exec:\tnbttt.exe59⤵
- Executes dropped EXE
PID:1608 -
\??\c:\dvdvj.exec:\dvdvj.exe60⤵
- Executes dropped EXE
PID:2412 -
\??\c:\ddjjd.exec:\ddjjd.exe61⤵
- Executes dropped EXE
PID:3288 -
\??\c:\xxlrllf.exec:\xxlrllf.exe62⤵
- Executes dropped EXE
PID:2508 -
\??\c:\thnnhn.exec:\thnnhn.exe63⤵
- Executes dropped EXE
PID:4396 -
\??\c:\vdpjd.exec:\vdpjd.exe64⤵
- Executes dropped EXE
PID:904 -
\??\c:\9rxrlfx.exec:\9rxrlfx.exe65⤵
- Executes dropped EXE
PID:1120 -
\??\c:\hhhhbb.exec:\hhhhbb.exe66⤵PID:1928
-
\??\c:\tttnnn.exec:\tttnnn.exe67⤵PID:1132
-
\??\c:\pvvpj.exec:\pvvpj.exe68⤵PID:4440
-
\??\c:\fxxxfxx.exec:\fxxxfxx.exe69⤵PID:1528
-
\??\c:\xllfxxf.exec:\xllfxxf.exe70⤵PID:4564
-
\??\c:\1tnnnn.exec:\1tnnnn.exe71⤵PID:1908
-
\??\c:\ppppj.exec:\ppppj.exe72⤵PID:3832
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe73⤵PID:4040
-
\??\c:\thhbbb.exec:\thhbbb.exe74⤵PID:1808
-
\??\c:\htbttt.exec:\htbttt.exe75⤵PID:4148
-
\??\c:\vppdd.exec:\vppdd.exe76⤵PID:324
-
\??\c:\fxfxllf.exec:\fxfxllf.exe77⤵PID:1788
-
\??\c:\bnnnhn.exec:\bnnnhn.exe78⤵PID:2660
-
\??\c:\htbtnn.exec:\htbtnn.exe79⤵PID:3628
-
\??\c:\jpjjj.exec:\jpjjj.exe80⤵PID:2224
-
\??\c:\ppvpj.exec:\ppvpj.exe81⤵PID:1044
-
\??\c:\flfxxxx.exec:\flfxxxx.exe82⤵PID:5024
-
\??\c:\hbnnhh.exec:\hbnnhh.exe83⤵PID:4644
-
\??\c:\thtnbb.exec:\thtnbb.exe84⤵PID:5080
-
\??\c:\vvvpd.exec:\vvvpd.exe85⤵PID:3260
-
\??\c:\pdjdv.exec:\pdjdv.exe86⤵PID:2024
-
\??\c:\xxlfxxf.exec:\xxlfxxf.exe87⤵PID:3056
-
\??\c:\tbhhtt.exec:\tbhhtt.exe88⤵PID:3220
-
\??\c:\bbtthh.exec:\bbtthh.exe89⤵PID:4016
-
\??\c:\1djjj.exec:\1djjj.exe90⤵PID:3468
-
\??\c:\rflfxrl.exec:\rflfxrl.exe91⤵PID:2056
-
\??\c:\9lfxlxl.exec:\9lfxlxl.exe92⤵PID:1560
-
\??\c:\hbnhbt.exec:\hbnhbt.exe93⤵PID:4052
-
\??\c:\jjvdd.exec:\jjvdd.exe94⤵PID:380
-
\??\c:\jpvvp.exec:\jpvvp.exe95⤵PID:4260
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe96⤵PID:2452
-
\??\c:\btbbtt.exec:\btbbtt.exe97⤵PID:940
-
\??\c:\3nbbtt.exec:\3nbbtt.exe98⤵PID:4356
-
\??\c:\vjpvp.exec:\vjpvp.exe99⤵PID:1340
-
\??\c:\fflfxll.exec:\fflfxll.exe100⤵PID:3484
-
\??\c:\xrffffl.exec:\xrffffl.exe101⤵PID:5008
-
\??\c:\nnbhbb.exec:\nnbhbb.exe102⤵PID:2720
-
\??\c:\vpddv.exec:\vpddv.exe103⤵PID:3788
-
\??\c:\3rlffff.exec:\3rlffff.exe104⤵PID:4308
-
\??\c:\9nnnnb.exec:\9nnnnb.exe105⤵PID:4100
-
\??\c:\bthbbb.exec:\bthbbb.exe106⤵PID:3912
-
\??\c:\vpjdv.exec:\vpjdv.exe107⤵PID:2180
-
\??\c:\xrrfffx.exec:\xrrfffx.exe108⤵PID:2140
-
\??\c:\1bbtnn.exec:\1bbtnn.exe109⤵PID:448
-
\??\c:\3vvpd.exec:\3vvpd.exe110⤵PID:4408
-
\??\c:\vvdvj.exec:\vvdvj.exe111⤵PID:2812
-
\??\c:\7lrlflf.exec:\7lrlflf.exe112⤵PID:3304
-
\??\c:\hhnnnn.exec:\hhnnnn.exe113⤵PID:2652
-
\??\c:\hbbtnt.exec:\hbbtnt.exe114⤵PID:3276
-
\??\c:\vdvpp.exec:\vdvpp.exe115⤵PID:3512
-
\??\c:\flrlffx.exec:\flrlffx.exe116⤵PID:2508
-
\??\c:\rrflxxx.exec:\rrflxxx.exe117⤵PID:5060
-
\??\c:\nhtbnn.exec:\nhtbnn.exe118⤵PID:1288
-
\??\c:\dvjdv.exec:\dvjdv.exe119⤵PID:2400
-
\??\c:\pvjdv.exec:\pvjdv.exe120⤵PID:4296
-
\??\c:\7lrfllf.exec:\7lrfllf.exe121⤵PID:1120
-
\??\c:\htnntb.exec:\htnntb.exe122⤵PID:1728
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-