Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15/05/2024, 11:07
General
-
Target
cdd51d1b11ce82e65ef693b6d1996500_NeikiAnalytics.exe
-
Size
252KB
-
MD5
cdd51d1b11ce82e65ef693b6d1996500
-
SHA1
3b2fdcc562bf752983c944a5d6a14a80cc641848
-
SHA256
2e7173ef01778541bd29e2d7cabebfb00c15de17175d8296ee01ab70f9dc0812
-
SHA512
49c320c1a002a0794f04f3dc47470089dae1a58f97ca9c40f7e069036b11299366925a9a3283fd4b639fb4741c01bfb16285120f5ff55ada82b5b8890815b386
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THk8:ccm4FmowdHoSi9EIBftapTs4WZazeE8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdd51d1b11ce82e65ef693b6d1996500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cdd51d1b11ce82e65ef693b6d1996500_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvj.exec:\vjvvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhn.exec:\nhtbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfllr.exec:\lflfllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthh.exec:\htnthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbb.exec:\bbntbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhnn.exec:\3bhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhhn.exec:\7tbhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpd.exec:\vjdpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrrr.exec:\xrllrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbh.exec:\bthtbh.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe18⤵
- Executes dropped EXE
-
\??\c:\7bntbh.exec:\7bntbh.exe19⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe20⤵
- Executes dropped EXE
-
\??\c:\fxlrrrf.exec:\fxlrrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe22⤵
- Executes dropped EXE
-
\??\c:\7jddd.exec:\7jddd.exe23⤵
- Executes dropped EXE
-
\??\c:\9xxlrxf.exec:\9xxlrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxlrfx.exec:\xlxlrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrfxfr.exec:\fxrfxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\1pjpj.exec:\1pjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrfxfx.exec:\lfrfxfx.exe31⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\3btnbh.exec:\3btnbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe35⤵
- Executes dropped EXE
-
\??\c:\lxllxxr.exec:\lxllxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\9tttnb.exec:\9tttnb.exe38⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe39⤵
- Executes dropped EXE
-
\??\c:\9rlrlxf.exec:\9rlrlxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xllxlxx.exec:\xllxlxx.exe41⤵
- Executes dropped EXE
-
\??\c:\5hbnbn.exec:\5hbnbn.exe42⤵
- Executes dropped EXE
-
\??\c:\9vpvd.exec:\9vpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\3xlxfrx.exec:\3xlxfrx.exe44⤵
- Executes dropped EXE
-
\??\c:\frlrfxf.exec:\frlrfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe46⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\lxxxxxl.exec:\lxxxxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\5djjp.exec:\5djjp.exe51⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\1rrfllr.exec:\1rrfllr.exe53⤵
- Executes dropped EXE
-
\??\c:\nnbbht.exec:\nnbbht.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\9ppdj.exec:\9ppdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrfrfll.exec:\xrfrfll.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhnhn.exec:\tnhnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe59⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlflrxl.exec:\rlflrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\hhttnb.exec:\hhttnb.exe63⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe64⤵
- Executes dropped EXE
-
\??\c:\jvdpd.exec:\jvdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxrffl.exec:\ffxrffl.exe66⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe67⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe68⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe69⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe70⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe71⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe72⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe73⤵
-
\??\c:\rfrrlfl.exec:\rfrrlfl.exe74⤵
-
\??\c:\tbnhbh.exec:\tbnhbh.exe75⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe76⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe77⤵
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe78⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe79⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe80⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe81⤵
-
\??\c:\fxxrxfr.exec:\fxxrxfr.exe82⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe83⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe84⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe85⤵
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe86⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe87⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe88⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe89⤵
-
\??\c:\5djvp.exec:\5djvp.exe90⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe91⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe92⤵
-
\??\c:\vpppj.exec:\vpppj.exe93⤵
-
\??\c:\fxrlflr.exec:\fxrlflr.exe94⤵
-
\??\c:\9lxfffr.exec:\9lxfffr.exe95⤵
-
\??\c:\bbhtbh.exec:\bbhtbh.exe96⤵
-
\??\c:\thntbt.exec:\thntbt.exe97⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe98⤵
-
\??\c:\lxrxffr.exec:\lxrxffr.exe99⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe100⤵
-
\??\c:\3tbhbh.exec:\3tbhbh.exe101⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe102⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe103⤵
-
\??\c:\9rlxflr.exec:\9rlxflr.exe104⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe105⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe106⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe107⤵
-
\??\c:\ffxrffr.exec:\ffxrffr.exe108⤵
-
\??\c:\fxrxrlr.exec:\fxrxrlr.exe109⤵
-
\??\c:\nttbtn.exec:\nttbtn.exe110⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe111⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe112⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe113⤵
-
\??\c:\3rfxxlf.exec:\3rfxxlf.exe114⤵
-
\??\c:\tttbnn.exec:\tttbnn.exe115⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe116⤵
-
\??\c:\1vvjp.exec:\1vvjp.exe117⤵
-
\??\c:\5fxxxxl.exec:\5fxxxxl.exe118⤵
-
\??\c:\frxfflr.exec:\frxfflr.exe119⤵
-
\??\c:\bnbtht.exec:\bnbtht.exe120⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-