Analysis
-
max time kernel
144s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 05:43
General
-
Target
a78eb8c8ed59b6d1d26e62e38eb071d0_NeikiAnalytics.exe
-
Size
276KB
-
MD5
a78eb8c8ed59b6d1d26e62e38eb071d0
-
SHA1
08317666333d87e915e2ea130fd43d249c015e94
-
SHA256
964c219a5ec620232fde237355f925c4a29ef338a4ef6247a601a76ba96f7fee
-
SHA512
4f1d2ce2067e981b52cd0cbf9737e7104ae543327c3436ee84d38c8efa970205a8d786ecd6ef49a30e7deb20ad1e6f404b7bfe09cca43568d615dc189a2f3e87
-
SSDEEP
6144:ncm4FmowdHoS6rW3NNTvBu6wo2J4JAgNXkArR/rtXOLtu4J6KvvLp3OKtUuuuTEr:14wFHoSeM/Tpu6w14JAOkIRhOBu4JhvC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a78eb8c8ed59b6d1d26e62e38eb071d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a78eb8c8ed59b6d1d26e62e38eb071d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\0848668.exec:\0848668.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flfxxr.exec:\1flfxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhb.exec:\bnnnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\646080.exec:\646080.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\208262.exec:\208262.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\268800.exec:\268800.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\446288.exec:\446288.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnh.exec:\nnbhnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjp.exec:\9jdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvv.exec:\3pvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08064.exec:\08064.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrxf.exec:\frxrrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u644006.exec:\u644006.exe17⤵
- Executes dropped EXE
-
\??\c:\i462440.exec:\i462440.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe19⤵
- Executes dropped EXE
-
\??\c:\08002.exec:\08002.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe21⤵
- Executes dropped EXE
-
\??\c:\6026824.exec:\6026824.exe22⤵
- Executes dropped EXE
-
\??\c:\6462284.exec:\6462284.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\608866.exec:\608866.exe25⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\s8008.exec:\s8008.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe29⤵
- Executes dropped EXE
-
\??\c:\g6846.exec:\g6846.exe30⤵
- Executes dropped EXE
-
\??\c:\48662.exec:\48662.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\3pddv.exec:\3pddv.exe33⤵
- Executes dropped EXE
-
\??\c:\frxfxxf.exec:\frxfxxf.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnnbh.exec:\nhnnbh.exe35⤵
- Executes dropped EXE
-
\??\c:\48884.exec:\48884.exe36⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe37⤵
- Executes dropped EXE
-
\??\c:\42002.exec:\42002.exe38⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe39⤵
- Executes dropped EXE
-
\??\c:\thbttb.exec:\thbttb.exe40⤵
- Executes dropped EXE
-
\??\c:\042400.exec:\042400.exe41⤵
- Executes dropped EXE
-
\??\c:\bttntt.exec:\bttntt.exe42⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe43⤵
- Executes dropped EXE
-
\??\c:\20224.exec:\20224.exe44⤵
- Executes dropped EXE
-
\??\c:\42444.exec:\42444.exe45⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe46⤵
- Executes dropped EXE
-
\??\c:\646284.exec:\646284.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxlrr.exec:\fxrxlrr.exe48⤵
- Executes dropped EXE
-
\??\c:\424404.exec:\424404.exe49⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\c648040.exec:\c648040.exe52⤵
- Executes dropped EXE
-
\??\c:\860028.exec:\860028.exe53⤵
- Executes dropped EXE
-
\??\c:\1tbbhn.exec:\1tbbhn.exe54⤵
- Executes dropped EXE
-
\??\c:\0246888.exec:\0246888.exe55⤵
- Executes dropped EXE
-
\??\c:\w86684.exec:\w86684.exe56⤵
- Executes dropped EXE
-
\??\c:\5djjp.exec:\5djjp.exe57⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe58⤵
- Executes dropped EXE
-
\??\c:\0462844.exec:\0462844.exe59⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\nnbbhh.exec:\nnbbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\3thbbh.exec:\3thbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\k46200.exec:\k46200.exe64⤵
- Executes dropped EXE
-
\??\c:\i428840.exec:\i428840.exe65⤵
- Executes dropped EXE
-
\??\c:\264022.exec:\264022.exe66⤵
-
\??\c:\888404.exec:\888404.exe67⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe68⤵
-
\??\c:\1lrlllr.exec:\1lrlllr.exe69⤵
-
\??\c:\424426.exec:\424426.exe70⤵
-
\??\c:\dvddj.exec:\dvddj.exe71⤵
-
\??\c:\04444.exec:\04444.exe72⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe73⤵
-
\??\c:\3rlrxfl.exec:\3rlrxfl.exe74⤵
-
\??\c:\86446.exec:\86446.exe75⤵
-
\??\c:\6082888.exec:\6082888.exe76⤵
-
\??\c:\w20622.exec:\w20622.exe77⤵
-
\??\c:\860624.exec:\860624.exe78⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe79⤵
-
\??\c:\m6884.exec:\m6884.exe80⤵
-
\??\c:\82464.exec:\82464.exe81⤵
-
\??\c:\486244.exec:\486244.exe82⤵
-
\??\c:\8240606.exec:\8240606.exe83⤵
-
\??\c:\820688.exec:\820688.exe84⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe85⤵
-
\??\c:\xrflxxx.exec:\xrflxxx.exe86⤵
-
\??\c:\424066.exec:\424066.exe87⤵
-
\??\c:\7rllffr.exec:\7rllffr.exe88⤵
-
\??\c:\2028884.exec:\2028884.exe89⤵
-
\??\c:\g0802.exec:\g0802.exe90⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe91⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe92⤵
-
\??\c:\w42802.exec:\w42802.exe93⤵
-
\??\c:\084848.exec:\084848.exe94⤵
-
\??\c:\82402.exec:\82402.exe95⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe96⤵
-
\??\c:\5nhhtn.exec:\5nhhtn.exe97⤵
-
\??\c:\1nnntb.exec:\1nnntb.exe98⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe99⤵
-
\??\c:\042800.exec:\042800.exe100⤵
-
\??\c:\64006.exec:\64006.exe101⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe102⤵
-
\??\c:\a2224.exec:\a2224.exe103⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe104⤵
-
\??\c:\u262284.exec:\u262284.exe105⤵
-
\??\c:\rlxfxfl.exec:\rlxfxfl.exe106⤵
-
\??\c:\rrfflrl.exec:\rrfflrl.exe107⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe108⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe109⤵
-
\??\c:\xlfxlrx.exec:\xlfxlrx.exe110⤵
-
\??\c:\424400.exec:\424400.exe111⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe112⤵
-
\??\c:\pdppv.exec:\pdppv.exe113⤵
-
\??\c:\tnhnbt.exec:\tnhnbt.exe114⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe115⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe116⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe117⤵
-
\??\c:\c600224.exec:\c600224.exe118⤵
-
\??\c:\046644.exec:\046644.exe119⤵
-
\??\c:\5xfxxfl.exec:\5xfxxfl.exe120⤵
-
\??\c:\426248.exec:\426248.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-