Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 18:26
General
-
Target
2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe
-
Size
214KB
-
MD5
2a3e913357b13787491af6f585e14730
-
SHA1
47561dfce54b352e8fbbcecdf3d58f6ad33a9e73
-
SHA256
cf0b860b7f26e20a2c66174002e7e76ec5610817abfac351f5169cc1c70e1857
-
SHA512
f360573afcfe5c02776d78deda4af793cf2c8144bd078056913c3cccb7195be3635d79f3b303c36b1a576532f10b97bdc11a368c7adad046a2d335994c502ed9
-
SSDEEP
3072:ZhOm2sI93UufdC67ciEu0P5axvqdUmdznCvs7BuRoYFBg/gXVqPfSoi0yG24ePe:Zcm7ImGddXEu0ucju6/4kf724f
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxxl.exec:\llxrxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnh.exec:\hbnhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7httnh.exec:\7httnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrxxr.exec:\9lfrxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhn.exec:\btnhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppj.exec:\jdppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnb.exec:\bbtbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfflrf.exec:\rlfflrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbt.exec:\tnhtbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpj.exec:\1vjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrrx.exec:\lfflrrx.exe17⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe18⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe19⤵
- Executes dropped EXE
-
\??\c:\5htbbh.exec:\5htbbh.exe20⤵
- Executes dropped EXE
-
\??\c:\nhhntt.exec:\nhhntt.exe21⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxlrrf.exec:\xrxlrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\9tthbb.exec:\9tthbb.exe24⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe25⤵
- Executes dropped EXE
-
\??\c:\1rflfrx.exec:\1rflfrx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnthbn.exec:\nnthbn.exe27⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnhnb.exec:\nhnhnb.exe30⤵
- Executes dropped EXE
-
\??\c:\9djpv.exec:\9djpv.exe31⤵
- Executes dropped EXE
-
\??\c:\7xlxxff.exec:\7xlxxff.exe32⤵
- Executes dropped EXE
-
\??\c:\nbttbb.exec:\nbttbb.exe33⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\rrfxxrf.exec:\rrfxxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\7bhnnb.exec:\7bhnnb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\9vvdp.exec:\9vvdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rfllfff.exec:\rfllfff.exe40⤵
- Executes dropped EXE
-
\??\c:\hnnbbt.exec:\hnnbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\5jdjd.exec:\5jdjd.exe42⤵
- Executes dropped EXE
-
\??\c:\1jjpj.exec:\1jjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\rlffrfl.exec:\rlffrfl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\hhhbnb.exec:\hhhbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\9xxrfrf.exec:\9xxrfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe53⤵
- Executes dropped EXE
-
\??\c:\bthnbt.exec:\bthnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe55⤵
- Executes dropped EXE
-
\??\c:\5fflxfr.exec:\5fflxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrfxlx.exec:\rxrfxlx.exe57⤵
- Executes dropped EXE
-
\??\c:\bthttb.exec:\bthttb.exe58⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe59⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe60⤵
- Executes dropped EXE
-
\??\c:\xfxlxlf.exec:\xfxlxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\3hbhbb.exec:\3hbhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\btthth.exec:\btthth.exe63⤵
- Executes dropped EXE
-
\??\c:\5jjjd.exec:\5jjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\5vpdd.exec:\5vpdd.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxlllx.exec:\ffxlllx.exe66⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe67⤵
-
\??\c:\7btntb.exec:\7btntb.exe68⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe69⤵
-
\??\c:\flfffxf.exec:\flfffxf.exe70⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe71⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe72⤵
-
\??\c:\jjddp.exec:\jjddp.exe73⤵
-
\??\c:\1pvvj.exec:\1pvvj.exe74⤵
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe75⤵
-
\??\c:\bbttht.exec:\bbttht.exe76⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe77⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe78⤵
-
\??\c:\xrxfllr.exec:\xrxfllr.exe79⤵
-
\??\c:\3fffxfx.exec:\3fffxfx.exe80⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe81⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe82⤵
-
\??\c:\1dpvj.exec:\1dpvj.exe83⤵
-
\??\c:\frllrfl.exec:\frllrfl.exe84⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe85⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe86⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe87⤵
-
\??\c:\5lxxrlx.exec:\5lxxrlx.exe88⤵
-
\??\c:\7nbbtb.exec:\7nbbtb.exe89⤵
-
\??\c:\3nbhbb.exec:\3nbhbb.exe90⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe91⤵
-
\??\c:\9frrxxf.exec:\9frrxxf.exe92⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe93⤵
-
\??\c:\3tthnt.exec:\3tthnt.exe94⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe95⤵
-
\??\c:\rlxfxxr.exec:\rlxfxxr.exe96⤵
-
\??\c:\lxxxlfl.exec:\lxxxlfl.exe97⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe98⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe99⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe100⤵
-
\??\c:\rflrrxf.exec:\rflrrxf.exe101⤵
-
\??\c:\thtnbh.exec:\thtnbh.exe102⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe103⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe104⤵
-
\??\c:\vjppv.exec:\vjppv.exe105⤵
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe106⤵
-
\??\c:\bthttt.exec:\bthttt.exe107⤵
-
\??\c:\nnhtbb.exec:\nnhtbb.exe108⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe109⤵
-
\??\c:\lfflrxl.exec:\lfflrxl.exe110⤵
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe111⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe112⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe113⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe114⤵
-
\??\c:\xrxflfr.exec:\xrxflfr.exe115⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe116⤵
-
\??\c:\tbtnth.exec:\tbtnth.exe117⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe118⤵
-
\??\c:\llxxrlx.exec:\llxxrlx.exe119⤵
-
\??\c:\xxrfxfr.exec:\xxrfxfr.exe120⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe121⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe122⤵
-
\??\c:\vppjp.exec:\vppjp.exe123⤵
-
\??\c:\lffflrr.exec:\lffflrr.exe124⤵
-
\??\c:\7frxrrf.exec:\7frxrrf.exe125⤵
-
\??\c:\5bnttb.exec:\5bnttb.exe126⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe127⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe128⤵
-
\??\c:\xlxfxfl.exec:\xlxfxfl.exe129⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe130⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe131⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe132⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe133⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe134⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe135⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe136⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe137⤵
-
\??\c:\5frrllr.exec:\5frrllr.exe138⤵
-
\??\c:\rlflrxx.exec:\rlflrxx.exe139⤵
-
\??\c:\9nnhth.exec:\9nnhth.exe140⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe141⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe142⤵
-
\??\c:\fxxflxf.exec:\fxxflxf.exe143⤵
-
\??\c:\3bttbb.exec:\3bttbb.exe144⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe145⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe146⤵
-
\??\c:\xrxrxfr.exec:\xrxrxfr.exe147⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe148⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe149⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe150⤵
-
\??\c:\rxfffrf.exec:\rxfffrf.exe151⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe152⤵
-
\??\c:\3nnthn.exec:\3nnthn.exe153⤵
-
\??\c:\dvppv.exec:\dvppv.exe154⤵
-
\??\c:\llflrxl.exec:\llflrxl.exe155⤵
-
\??\c:\hnhhnh.exec:\hnhhnh.exe156⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe157⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe158⤵
-
\??\c:\fxlxxxl.exec:\fxlxxxl.exe159⤵
-
\??\c:\7xlrffr.exec:\7xlrffr.exe160⤵
-
\??\c:\1nbbnn.exec:\1nbbnn.exe161⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe162⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe163⤵
-
\??\c:\frlxxxf.exec:\frlxxxf.exe164⤵
-
\??\c:\rlxrffx.exec:\rlxrffx.exe165⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe166⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe167⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe168⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe169⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe170⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe171⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe172⤵
-
\??\c:\jjddp.exec:\jjddp.exe173⤵
-
\??\c:\rfxfrrx.exec:\rfxfrrx.exe174⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe175⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe176⤵
-
\??\c:\vppvj.exec:\vppvj.exe177⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe178⤵
-
\??\c:\7xlrfll.exec:\7xlrfll.exe179⤵
-
\??\c:\hhthht.exec:\hhthht.exe180⤵
-
\??\c:\hhtbnh.exec:\hhtbnh.exe181⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe182⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe183⤵
-
\??\c:\lrlrflx.exec:\lrlrflx.exe184⤵
-
\??\c:\ffxfxxf.exec:\ffxfxxf.exe185⤵
-
\??\c:\tbhhnn.exec:\tbhhnn.exe186⤵
-
\??\c:\vdddp.exec:\vdddp.exe187⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe188⤵
-
\??\c:\7rfflll.exec:\7rfflll.exe189⤵
-
\??\c:\9nttbb.exec:\9nttbb.exe190⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe191⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe192⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe193⤵
-
\??\c:\3lxrrrx.exec:\3lxrrrx.exe194⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe195⤵
-
\??\c:\bnhntn.exec:\bnhntn.exe196⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe197⤵
-
\??\c:\vdddj.exec:\vdddj.exe198⤵
-
\??\c:\3fxfrrx.exec:\3fxfrrx.exe199⤵
-
\??\c:\9lffffl.exec:\9lffffl.exe200⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe201⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe202⤵
-
\??\c:\jvddp.exec:\jvddp.exe203⤵
-
\??\c:\lfxxxff.exec:\lfxxxff.exe204⤵
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe205⤵
-
\??\c:\7thbnh.exec:\7thbnh.exe206⤵
-
\??\c:\1vjpd.exec:\1vjpd.exe207⤵
-
\??\c:\7pdjd.exec:\7pdjd.exe208⤵
-
\??\c:\xrfffrf.exec:\xrfffrf.exe209⤵
-
\??\c:\xrxfrlr.exec:\xrxfrlr.exe210⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe211⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe212⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe213⤵
-
\??\c:\llfxrff.exec:\llfxrff.exe214⤵
-
\??\c:\5lxfrrl.exec:\5lxfrrl.exe215⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe216⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe217⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe218⤵
-
\??\c:\5lrrxxl.exec:\5lrrxxl.exe219⤵
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe220⤵
-
\??\c:\3thbnt.exec:\3thbnt.exe221⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe222⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe223⤵
-
\??\c:\3xrxrxr.exec:\3xrxrxr.exe224⤵
-
\??\c:\hbthhn.exec:\hbthhn.exe225⤵
-
\??\c:\btntht.exec:\btntht.exe226⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe227⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe228⤵
-
\??\c:\xxxrxrf.exec:\xxxrxrf.exe229⤵
-
\??\c:\5lflrxr.exec:\5lflrxr.exe230⤵
-
\??\c:\bnnntn.exec:\bnnntn.exe231⤵
-
\??\c:\vppdp.exec:\vppdp.exe232⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe233⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe234⤵
-
\??\c:\3xflrrx.exec:\3xflrrx.exe235⤵
-
\??\c:\nnnbbt.exec:\nnnbbt.exe236⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe237⤵
-
\??\c:\3pdjd.exec:\3pdjd.exe238⤵
-
\??\c:\xxrxffx.exec:\xxrxffx.exe239⤵
-
\??\c:\rrfxlfr.exec:\rrfxlfr.exe240⤵
-
\??\c:\5tntbn.exec:\5tntbn.exe241⤵