Analysis
-
max time kernel
128s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10/05/2024, 22:18
General
-
Target
185ea6159579e02231770a3101dab3d0_NeikiAnalytics.exe
-
Size
398KB
-
MD5
185ea6159579e02231770a3101dab3d0
-
SHA1
e657342e3f1148f83cb4c58057508eba83063775
-
SHA256
6e5fb06623261aea9c19f21886a79469e5d3e640cc83923cc664e7b0b799cfb1
-
SHA512
f85bd7041a540ce86628c3d9edcb9c910709489ce3b5c15baf0152ae463808c05256801bb009b7c37ca635443f87e24a5f91a7fe58a0f5c22d06058b6927099f
-
SSDEEP
12288:Q4wFHoSqRyddW7xJCc5TugZKS9sUvkclI0/RTf:BRyLWFMu91RlI0/RTf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\185ea6159579e02231770a3101dab3d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\185ea6159579e02231770a3101dab3d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnntn.exec:\bnnntn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxlfx.exec:\3xrxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbth.exec:\hhhbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthtb.exec:\bhthtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbnt.exec:\tttbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxfr.exec:\lfflxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnbn.exec:\3tnnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnb.exec:\bhhtnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfflx.exec:\rrlfflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthnt.exec:\htthnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlxll.exec:\llxlxll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbb.exec:\hhnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvj.exec:\9pdvj.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe19⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe20⤵
- Executes dropped EXE
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe22⤵
- Executes dropped EXE
-
\??\c:\nbnnbb.exec:\nbnnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe26⤵
- Executes dropped EXE
-
\??\c:\3vvpp.exec:\3vvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\3jjjv.exec:\3jjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\ttnhbn.exec:\ttnhbn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\3thbth.exec:\3thbth.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnntt.exec:\tnnntt.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtbhn.exec:\nbtbhn.exe34⤵
- Executes dropped EXE
-
\??\c:\3jjpv.exec:\3jjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\xxfrllf.exec:\xxfrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\llxrllx.exec:\llxrllx.exe37⤵
- Executes dropped EXE
-
\??\c:\ttthhn.exec:\ttthhn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\xrflrrr.exec:\xrflrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\vddpp.exec:\vddpp.exe42⤵
- Executes dropped EXE
-
\??\c:\rrfxfrr.exec:\rrfxfrr.exe43⤵
- Executes dropped EXE
-
\??\c:\9xlfllx.exec:\9xlfllx.exe44⤵
- Executes dropped EXE
-
\??\c:\ttthbh.exec:\ttthbh.exe45⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe46⤵
- Executes dropped EXE
-
\??\c:\frflflx.exec:\frflflx.exe47⤵
- Executes dropped EXE
-
\??\c:\7bbhtt.exec:\7bbhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\vdvjj.exec:\vdvjj.exe50⤵
- Executes dropped EXE
-
\??\c:\7lrxrff.exec:\7lrxrff.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhtnh.exec:\hhhtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\3vdpv.exec:\3vdpv.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\5lrlfxx.exec:\5lrlfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\9hthnt.exec:\9hthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe58⤵
- Executes dropped EXE
-
\??\c:\5frxlll.exec:\5frxlll.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhtnt.exec:\tbhtnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrfrxf.exec:\xrrfrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\httbtt.exec:\httbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\1djjp.exec:\1djjp.exe65⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe66⤵
-
\??\c:\xfxxfrf.exec:\xfxxfrf.exe67⤵
-
\??\c:\5tthnt.exec:\5tthnt.exe68⤵
-
\??\c:\3pddp.exec:\3pddp.exe69⤵
-
\??\c:\3rrllfx.exec:\3rrllfx.exe70⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe71⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe72⤵
-
\??\c:\dppdj.exec:\dppdj.exe73⤵
-
\??\c:\7frrxxf.exec:\7frrxxf.exe74⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe75⤵
-
\??\c:\djpdv.exec:\djpdv.exe76⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe77⤵
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe78⤵
-
\??\c:\7thbht.exec:\7thbht.exe79⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe80⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe81⤵
-
\??\c:\7rlxrrx.exec:\7rlxrrx.exe82⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe83⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe84⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe85⤵
-
\??\c:\lfxfflx.exec:\lfxfflx.exe86⤵
-
\??\c:\tbhttb.exec:\tbhttb.exe87⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe88⤵
-
\??\c:\5ppvd.exec:\5ppvd.exe89⤵
-
\??\c:\fxrffll.exec:\fxrffll.exe90⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe91⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe92⤵
-
\??\c:\3dpvp.exec:\3dpvp.exe93⤵
-
\??\c:\lrlfxfx.exec:\lrlfxfx.exe94⤵
-
\??\c:\llflxfx.exec:\llflxfx.exe95⤵
-
\??\c:\bbbthn.exec:\bbbthn.exe96⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe97⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe98⤵
-
\??\c:\flrfrfx.exec:\flrfrfx.exe99⤵
-
\??\c:\tbbhnt.exec:\tbbhnt.exe100⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe101⤵
-
\??\c:\xrfrxll.exec:\xrfrxll.exe102⤵
-
\??\c:\xxxrflx.exec:\xxxrflx.exe103⤵
-
\??\c:\thbttb.exec:\thbttb.exe104⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe105⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe106⤵
-
\??\c:\xfxflrx.exec:\xfxflrx.exe107⤵
-
\??\c:\nntnbn.exec:\nntnbn.exe108⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe109⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe110⤵
-
\??\c:\lrrffrr.exec:\lrrffrr.exe111⤵
-
\??\c:\xxxfxrl.exec:\xxxfxrl.exe112⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe113⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe114⤵
-
\??\c:\lfllxfx.exec:\lfllxfx.exe115⤵
-
\??\c:\3rxllff.exec:\3rxllff.exe116⤵
-
\??\c:\htbnbh.exec:\htbnbh.exe117⤵
-
\??\c:\jppdj.exec:\jppdj.exe118⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe119⤵
-
\??\c:\ttnhhb.exec:\ttnhhb.exe120⤵
-
\??\c:\pjddv.exec:\pjddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-