Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
12/05/2024, 21:12
General
-
Target
5d549d505d11b326710642081ff4f580_NeikiAnalytics.exe
-
Size
463KB
-
MD5
5d549d505d11b326710642081ff4f580
-
SHA1
886a3dac091fb65f5b1272d152b8819e3be9e9f7
-
SHA256
0f9b0d94bbe2067271978c67b5378542a5e91b5d91bcd2ece536f0ab11a439a9
-
SHA512
f39b8b0b0978c221aa92400c10c88d2a78695e1523d45aba5f8a2e74dcc072edf8f63089d482439e4d14dcc5e7cd96dd14f9b7da39e4962cb105020882ee3ffd
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1Vf:VeR0oykayRFp3lztP+OKaf1Vf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d549d505d11b326710642081ff4f580_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5d549d505d11b326710642081ff4f580_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxflx.exec:\fxlxflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflrf.exec:\fxxflrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxfrf.exec:\xfxxfrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntbn.exec:\bnntbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdj.exec:\ddvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxfxxr.exec:\3xxfxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhnt.exec:\bbbhnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntnn.exec:\tbntnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrf.exec:\rlfflrf.exe17⤵
- Executes dropped EXE
-
\??\c:\5htntb.exec:\5htntb.exe18⤵
- Executes dropped EXE
-
\??\c:\jppvd.exec:\jppvd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfrxlr.exec:\xrfrxlr.exe20⤵
- Executes dropped EXE
-
\??\c:\3tttbb.exec:\3tttbb.exe21⤵
- Executes dropped EXE
-
\??\c:\vpvjp.exec:\vpvjp.exe22⤵
- Executes dropped EXE
-
\??\c:\9rffffl.exec:\9rffffl.exe23⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\7hbhnt.exec:\7hbhnt.exe26⤵
- Executes dropped EXE
-
\??\c:\5vdjv.exec:\5vdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\5bhhnt.exec:\5bhhnt.exe28⤵
- Executes dropped EXE
-
\??\c:\7pvdd.exec:\7pvdd.exe29⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\7vpvv.exec:\7vpvv.exe32⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrfllr.exec:\fxrfllr.exe34⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\5lxxffr.exec:\5lxxffr.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhhtb.exec:\hhhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxflxl.exec:\xxxflxl.exe42⤵
- Executes dropped EXE
-
\??\c:\7nbbnn.exec:\7nbbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe44⤵
- Executes dropped EXE
-
\??\c:\rxxlffr.exec:\rxxlffr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrxffx.exec:\fxrxffx.exe47⤵
- Executes dropped EXE
-
\??\c:\fxxflrf.exec:\fxxflrf.exe48⤵
- Executes dropped EXE
-
\??\c:\hnbnhh.exec:\hnbnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe50⤵
- Executes dropped EXE
-
\??\c:\rllfllx.exec:\rllfllx.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrrfll.exec:\lfrrfll.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhtbh.exec:\nhhtbh.exe53⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\xrflrrr.exec:\xrflrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\llffllx.exec:\llffllx.exe56⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe57⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe60⤵
- Executes dropped EXE
-
\??\c:\9btttb.exec:\9btttb.exe61⤵
- Executes dropped EXE
-
\??\c:\3hbntb.exec:\3hbntb.exe62⤵
- Executes dropped EXE
-
\??\c:\9jdjp.exec:\9jdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\xfxlflr.exec:\xfxlflr.exe65⤵
- Executes dropped EXE
-
\??\c:\1hbhtb.exec:\1hbhtb.exe66⤵
-
\??\c:\1jdpp.exec:\1jdpp.exe67⤵
-
\??\c:\vppvj.exec:\vppvj.exe68⤵
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe69⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe70⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe71⤵
-
\??\c:\vjppv.exec:\vjppv.exe72⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe73⤵
-
\??\c:\9frrrxf.exec:\9frrrxf.exe74⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe75⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe76⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe77⤵
-
\??\c:\lfxxlll.exec:\lfxxlll.exe78⤵
-
\??\c:\1bbbbn.exec:\1bbbbn.exe79⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe80⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe81⤵
-
\??\c:\rlffrxl.exec:\rlffrxl.exe82⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe83⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe84⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe85⤵
-
\??\c:\3xxfxfl.exec:\3xxfxfl.exe86⤵
-
\??\c:\lffllll.exec:\lffllll.exe87⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe88⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe89⤵
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe90⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe91⤵
-
\??\c:\7bttbb.exec:\7bttbb.exe92⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe93⤵
-
\??\c:\xrffrlr.exec:\xrffrlr.exe94⤵
-
\??\c:\fxfllrf.exec:\fxfllrf.exe95⤵
-
\??\c:\hthttt.exec:\hthttt.exe96⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe97⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe98⤵
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe99⤵
-
\??\c:\htnthn.exec:\htnthn.exe100⤵
-
\??\c:\tbthnt.exec:\tbthnt.exe101⤵
-
\??\c:\dpddd.exec:\dpddd.exe102⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe103⤵
-
\??\c:\5tbhtb.exec:\5tbhtb.exe104⤵
-
\??\c:\7bhtbh.exec:\7bhtbh.exe105⤵
-
\??\c:\1pddj.exec:\1pddj.exe106⤵
-
\??\c:\lrfxllr.exec:\lrfxllr.exe107⤵
-
\??\c:\7rlfrlr.exec:\7rlfrlr.exe108⤵
-
\??\c:\thnntt.exec:\thnntt.exe109⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe110⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe111⤵
-
\??\c:\fffxlrf.exec:\fffxlrf.exe112⤵
-
\??\c:\hthtbh.exec:\hthtbh.exe113⤵
-
\??\c:\1httbt.exec:\1httbt.exe114⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe115⤵
-
\??\c:\1fxlrrf.exec:\1fxlrrf.exe116⤵
-
\??\c:\rxlrxlr.exec:\rxlrxlr.exe117⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe118⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe119⤵
-
\??\c:\vpppd.exec:\vpppd.exe120⤵
-
\??\c:\lxrrrxx.exec:\lxrrrxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-