Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
13/05/2024, 21:07
General
-
Target
1ab9b23c73e4327a28d2c479b21d23b0_NeikiAnalytics.exe
-
Size
253KB
-
MD5
1ab9b23c73e4327a28d2c479b21d23b0
-
SHA1
df2c0546797f1e6ec05ef0cf8d1ce43f0e92c8e0
-
SHA256
bbc007f42421f01b9e4019f8ab3b802db0a3f24a4dba377bcb90b96a27305737
-
SHA512
295838a8bfa73066a9b940a359dbc8283e391336744ecc56049068af79ddec92046c00432ca2065385244fd9e36af357b5961ab6f95c2327c5cae88348d778b3
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THkN:ccm4FmowdHoSi9EIBftapTs4WZazeEN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ab9b23c73e4327a28d2c479b21d23b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ab9b23c73e4327a28d2c479b21d23b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bththn.exec:\bththn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbht.exec:\btnbht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthnt.exec:\bbthnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxfx.exec:\fxfxxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtt.exec:\hbnbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxlrf.exec:\fflxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntntb.exec:\bntntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdp.exec:\7vvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlrflx.exec:\1rlrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvd.exec:\jjjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfrxl.exec:\xxlfrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnb.exec:\hbntnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdpd.exec:\9jdpd.exe17⤵
- Executes dropped EXE
-
\??\c:\rrxfrxx.exec:\rrxfrxx.exe18⤵
- Executes dropped EXE
-
\??\c:\3rlxlrf.exec:\3rlxlrf.exe19⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe20⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\xlfxxrr.exec:\xlfxxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbntt.exec:\bbbntt.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrrflr.exec:\rrrrflr.exe26⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe27⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\1lfxllr.exec:\1lfxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe30⤵
- Executes dropped EXE
-
\??\c:\fllrfrl.exec:\fllrfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe32⤵
- Executes dropped EXE
-
\??\c:\3bntht.exec:\3bntht.exe33⤵
- Executes dropped EXE
-
\??\c:\5jjvd.exec:\5jjvd.exe34⤵
- Executes dropped EXE
-
\??\c:\7xxfxfl.exec:\7xxfxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\5bnhbh.exec:\5bnhbh.exe36⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe37⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\7fxxllx.exec:\7fxxllx.exe39⤵
- Executes dropped EXE
-
\??\c:\hnthtb.exec:\hnthtb.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrxfff.exec:\fxrxfff.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxfllx.exec:\fxxfllx.exe43⤵
- Executes dropped EXE
-
\??\c:\tbtttb.exec:\tbtttb.exe44⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe45⤵
- Executes dropped EXE
-
\??\c:\3lflrxf.exec:\3lflrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe47⤵
- Executes dropped EXE
-
\??\c:\9jdpd.exec:\9jdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxlfrx.exec:\lfxlfrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9lrfxfx.exec:\9lrfxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe53⤵
- Executes dropped EXE
-
\??\c:\5frxlrx.exec:\5frxlrx.exe54⤵
- Executes dropped EXE
-
\??\c:\bbbnbb.exec:\bbbnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\9pjpd.exec:\9pjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\1rxflll.exec:\1rxflll.exe58⤵
- Executes dropped EXE
-
\??\c:\5xlxrxl.exec:\5xlxrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe60⤵
- Executes dropped EXE
-
\??\c:\5jjvj.exec:\5jjvj.exe61⤵
- Executes dropped EXE
-
\??\c:\5rxxxfx.exec:\5rxxxfx.exe62⤵
- Executes dropped EXE
-
\??\c:\5lfrlrr.exec:\5lfrlrr.exe63⤵
- Executes dropped EXE
-
\??\c:\hhthtn.exec:\hhthtn.exe64⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\5ppjj.exec:\5ppjj.exe66⤵
-
\??\c:\9rlxrff.exec:\9rlxrff.exe67⤵
-
\??\c:\rfxfrrl.exec:\rfxfrrl.exe68⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe69⤵
-
\??\c:\dvppd.exec:\dvppd.exe70⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe71⤵
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe72⤵
-
\??\c:\7lflxxl.exec:\7lflxxl.exe73⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe74⤵
-
\??\c:\dpppd.exec:\dpppd.exe75⤵
-
\??\c:\5xrfrfr.exec:\5xrfrfr.exe76⤵
-
\??\c:\lrfllfl.exec:\lrfllfl.exe77⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe78⤵
-
\??\c:\5ttbhn.exec:\5ttbhn.exe79⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe80⤵
-
\??\c:\frrflxl.exec:\frrflxl.exe81⤵
-
\??\c:\fxrfxxf.exec:\fxrfxxf.exe82⤵
-
\??\c:\hnnnbh.exec:\hnnnbh.exe83⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe84⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe85⤵
-
\??\c:\ffffrxl.exec:\ffffrxl.exe86⤵
-
\??\c:\rfrrffr.exec:\rfrrffr.exe87⤵
-
\??\c:\bhhnhn.exec:\bhhnhn.exe88⤵
-
\??\c:\5tnbht.exec:\5tnbht.exe89⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe90⤵
-
\??\c:\xfxxrxl.exec:\xfxxrxl.exe91⤵
-
\??\c:\xxrfxfr.exec:\xxrfxfr.exe92⤵
-
\??\c:\tnthth.exec:\tnthth.exe93⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe94⤵
-
\??\c:\dddjj.exec:\dddjj.exe95⤵
-
\??\c:\3lxxflx.exec:\3lxxflx.exe96⤵
-
\??\c:\hntbth.exec:\hntbth.exe97⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe98⤵
-
\??\c:\dppvj.exec:\dppvj.exe99⤵
-
\??\c:\xxrflrl.exec:\xxrflrl.exe100⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe101⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe102⤵
-
\??\c:\jddjj.exec:\jddjj.exe103⤵
-
\??\c:\1djpv.exec:\1djpv.exe104⤵
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe105⤵
-
\??\c:\lllfrxl.exec:\lllfrxl.exe106⤵
-
\??\c:\hhbbht.exec:\hhbbht.exe107⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe108⤵
-
\??\c:\1jddp.exec:\1jddp.exe109⤵
-
\??\c:\fflfrlr.exec:\fflfrlr.exe110⤵
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe111⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe112⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe113⤵
-
\??\c:\xxlrffx.exec:\xxlrffx.exe114⤵
-
\??\c:\3xrlrxr.exec:\3xrlrxr.exe115⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe116⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe117⤵
-
\??\c:\1lrrrrx.exec:\1lrrrrx.exe118⤵
-
\??\c:\3rlrflx.exec:\3rlrflx.exe119⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe120⤵
-
\??\c:\7ttbth.exec:\7ttbth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-