Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13/05/2024, 12:43
General
-
Target
b84ec787916e123f663eae0afe12c800_NeikiAnalytics.exe
-
Size
470KB
-
MD5
b84ec787916e123f663eae0afe12c800
-
SHA1
4ec60e3bad65ff3e3fee66a6efb00261db82659b
-
SHA256
928fde4de0f361c8da6f8e179529e47d107d8ff8a375dcda78865b20cdadabd1
-
SHA512
60b46d453e975708c38cc9539f395e070c428004afdd4926b26cdb19b9283fc0947e14f36a8e95bbb4bd961f87fb36a7524161defa23592a7e327184720e0229
-
SSDEEP
12288:57Tc1WjdpKGATTk/6Aihgth7L/QOKs+Q/RIVBjdB/22LX1W:TZpTATrAihgth7L/QOKs+Q/RIVBjdB/0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b84ec787916e123f663eae0afe12c800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b84ec787916e123f663eae0afe12c800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrxff.exec:\rxfrxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnth.exec:\5bnnth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxrxr.exec:\lrfxrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxrrr.exec:\frrxrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlrlrl.exec:\9xlrlrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbtn.exec:\9nhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnh.exec:\nnbbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxfx.exec:\flrfxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxrl.exec:\rflfxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrlx.exec:\fxrlrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe24⤵
- Executes dropped EXE
-
\??\c:\lfllffr.exec:\lfllffr.exe25⤵
- Executes dropped EXE
-
\??\c:\3hhbnh.exec:\3hhbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe27⤵
- Executes dropped EXE
-
\??\c:\rlffrlf.exec:\rlffrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\7jjvp.exec:\7jjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\9flxlrx.exec:\9flxlrx.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\rflfrrf.exec:\rflfrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\bbnhtn.exec:\bbnhtn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhntn.exec:\tnhntn.exe38⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe39⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\5rrlffx.exec:\5rrlffx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\7llfxfx.exec:\7llfxfx.exe50⤵
- Executes dropped EXE
-
\??\c:\5tnhbb.exec:\5tnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\7ppjj.exec:\7ppjj.exe52⤵
- Executes dropped EXE
-
\??\c:\frfrlfx.exec:\frfrlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\5rrxrlf.exec:\5rrxrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\lrlxrrf.exec:\lrlxrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnnhn.exec:\bnnnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\hhbbnt.exec:\hhbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\lxrlffr.exec:\lxrlffr.exe61⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrlllr.exec:\lfrlllr.exe64⤵
- Executes dropped EXE
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe66⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe67⤵
-
\??\c:\jdppv.exec:\jdppv.exe68⤵
-
\??\c:\7ffrllf.exec:\7ffrllf.exe69⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe70⤵
-
\??\c:\pppvv.exec:\pppvv.exe71⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe72⤵
-
\??\c:\lflxrrf.exec:\lflxrrf.exe73⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe74⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe75⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe76⤵
-
\??\c:\ffllfrr.exec:\ffllfrr.exe77⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe78⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe79⤵
-
\??\c:\jppjj.exec:\jppjj.exe80⤵
-
\??\c:\rxlrrrr.exec:\rxlrrrr.exe81⤵
-
\??\c:\3ttnhb.exec:\3ttnhb.exe82⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe83⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe84⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe85⤵
-
\??\c:\lfxrxrf.exec:\lfxrxrf.exe86⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe87⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe88⤵
-
\??\c:\rlffrxx.exec:\rlffrxx.exe89⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe90⤵
-
\??\c:\3flfxrl.exec:\3flfxrl.exe91⤵
-
\??\c:\htnbhb.exec:\htnbhb.exe92⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe93⤵
-
\??\c:\9vddv.exec:\9vddv.exe94⤵
-
\??\c:\frfrfxr.exec:\frfrfxr.exe95⤵
-
\??\c:\nnnbbt.exec:\nnnbbt.exe96⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe97⤵
-
\??\c:\xlxlrff.exec:\xlxlrff.exe98⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe99⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe100⤵
-
\??\c:\pdppv.exec:\pdppv.exe101⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe102⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe103⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe104⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe105⤵
-
\??\c:\7xfxrrl.exec:\7xfxrrl.exe106⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe107⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe108⤵
-
\??\c:\dppjd.exec:\dppjd.exe109⤵
-
\??\c:\rrlffxf.exec:\rrlffxf.exe110⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe111⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe112⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe113⤵
-
\??\c:\fllfrxr.exec:\fllfrxr.exe114⤵
-
\??\c:\ttthnh.exec:\ttthnh.exe115⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe116⤵
-
\??\c:\ddddp.exec:\ddddp.exe117⤵
-
\??\c:\3llxrrl.exec:\3llxrrl.exe118⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe119⤵
-
\??\c:\bhnbhb.exec:\bhnbhb.exe120⤵
-
\??\c:\1djjj.exec:\1djjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-