Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14-05-2024 18:03
General
-
Target
06aa51bee03cf4ec44c597248f9a7c40_NeikiAnalytics.exe
-
Size
253KB
-
MD5
06aa51bee03cf4ec44c597248f9a7c40
-
SHA1
7baf638a17b10460be29ef1df2769e18e154160c
-
SHA256
f6d0f1845435dce3ad821655a27df61a39133467c2d7ca18004d3af727da888c
-
SHA512
efcc28ce20fc7ff9ea177ef9ee220ba0ac23bcd44ba2cb5286265d98642cbdfa8b718e76506f293a38da0fa290da2592e9d2284d3972505b708a7aa8bce85751
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THkS:ccm4FmowdHoSi9EIBftapTs4WZazeES
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06aa51bee03cf4ec44c597248f9a7c40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06aa51bee03cf4ec44c597248f9a7c40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxrr.exec:\llfxxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrrr.exec:\fxrxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlfxxr.exec:\5xlfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbt.exec:\tbnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlxx.exec:\frrrlxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbn.exec:\tbnhbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvv.exec:\1ddvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhb.exec:\nbtnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnhn.exec:\bnbnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlflff.exec:\lxlflff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhtt.exec:\nhnhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnhh.exec:\bntnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxfxr.exec:\3llxfxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbhn.exec:\bhbbhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpp.exec:\9jvpp.exe23⤵
- Executes dropped EXE
-
\??\c:\3flfxxr.exec:\3flfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnnhn.exec:\bbnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe30⤵
- Executes dropped EXE
-
\??\c:\xlffrrr.exec:\xlffrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\1hnnhh.exec:\1hnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\5jdvp.exec:\5jdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\llxrxxf.exec:\llxrxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\1hnhhn.exec:\1hnhhn.exe35⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\1rxxxlf.exec:\1rxxxlf.exe37⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe38⤵
- Executes dropped EXE
-
\??\c:\hthnbn.exec:\hthnbn.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe41⤵
- Executes dropped EXE
-
\??\c:\flllfxr.exec:\flllfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe43⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\7pvdv.exec:\7pvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\lllflll.exec:\lllflll.exe46⤵
- Executes dropped EXE
-
\??\c:\ffrflrl.exec:\ffrflrl.exe47⤵
- Executes dropped EXE
-
\??\c:\htbhth.exec:\htbhth.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\flflfxx.exec:\flflfxx.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\3rxrfrl.exec:\3rxrfrl.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe56⤵
- Executes dropped EXE
-
\??\c:\htbbtb.exec:\htbbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxrlxll.exec:\lxrlxll.exe59⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\ttbtnh.exec:\ttbtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrfxrll.exec:\xrfxrll.exe63⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe64⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe66⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe67⤵
-
\??\c:\7lxlxrl.exec:\7lxlxrl.exe68⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe69⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe70⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe71⤵
-
\??\c:\rrlfffx.exec:\rrlfffx.exe72⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe73⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe74⤵
-
\??\c:\fllrrxr.exec:\fllrrxr.exe75⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe76⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe77⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe78⤵
-
\??\c:\lfrrlrl.exec:\lfrrlrl.exe79⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe80⤵
-
\??\c:\dvddv.exec:\dvddv.exe81⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe82⤵
-
\??\c:\frrllff.exec:\frrllff.exe83⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe84⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe85⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe86⤵
-
\??\c:\ffrrxff.exec:\ffrrxff.exe87⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe88⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe89⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe90⤵
-
\??\c:\nbhnhh.exec:\nbhnhh.exe91⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe92⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe93⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe94⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe95⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe96⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe97⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe98⤵
-
\??\c:\5nnhbh.exec:\5nnhbh.exe99⤵
-
\??\c:\vjppj.exec:\vjppj.exe100⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe101⤵
-
\??\c:\llxlffx.exec:\llxlffx.exe102⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe103⤵
-
\??\c:\tnbtht.exec:\tnbtht.exe104⤵
-
\??\c:\1jddv.exec:\1jddv.exe105⤵
-
\??\c:\1llfxrr.exec:\1llfxrr.exe106⤵
-
\??\c:\flffrlx.exec:\flffrlx.exe107⤵
-
\??\c:\9nbhnn.exec:\9nbhnn.exe108⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe109⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe110⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe111⤵
-
\??\c:\bhntnn.exec:\bhntnn.exe112⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe113⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe114⤵
-
\??\c:\xxffxxr.exec:\xxffxxr.exe115⤵
-
\??\c:\fxfxlff.exec:\fxfxlff.exe116⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe117⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe118⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe119⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe120⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-