Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-05-2024 18:18
General
-
Target
288763a376e5d2ee4c22b599fb670a50_NeikiAnalytics.exe
-
Size
464KB
-
MD5
288763a376e5d2ee4c22b599fb670a50
-
SHA1
58d40d48aa364bde7c9d8859564bda4aedaad785
-
SHA256
88099c8a7df5af0c47312285577d5c694413e8430b0aeaa54c8f50046a095dd1
-
SHA512
8d0f492d049e8c2b9349c2ba5057800fd1e05499165c5a775c58b9f365a6c1bad35f0c35e8ab19cea605540d16abf7066f9fe16eb2c7c75b9f1213f404e7fdb8
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1VP:VeR0oykayRFp3lztP+OKaf1VP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\288763a376e5d2ee4c22b599fb670a50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\288763a376e5d2ee4c22b599fb670a50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbht.exec:\bthbht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdp.exec:\1jjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrfxf.exec:\lffrfxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxfxlx.exec:\7fxfxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbnh.exec:\thtbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffr.exec:\fxlxffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrxl.exec:\xrlfrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpj.exec:\jdjpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrfx.exec:\fxlrrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnn.exec:\tbhbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfrxfr.exec:\7rfrxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrlll.exec:\3frrlll.exe17⤵
- Executes dropped EXE
-
\??\c:\9dpvv.exec:\9dpvv.exe18⤵
- Executes dropped EXE
-
\??\c:\lffrffx.exec:\lffrffx.exe19⤵
- Executes dropped EXE
-
\??\c:\9djvj.exec:\9djvj.exe20⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe21⤵
- Executes dropped EXE
-
\??\c:\httnnt.exec:\httnnt.exe22⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe23⤵
- Executes dropped EXE
-
\??\c:\5xfrxrx.exec:\5xfrxrx.exe24⤵
- Executes dropped EXE
-
\??\c:\nbttnn.exec:\nbttnn.exe25⤵
- Executes dropped EXE
-
\??\c:\xrllfrx.exec:\xrllfrx.exe26⤵
- Executes dropped EXE
-
\??\c:\7frxfll.exec:\7frxfll.exe27⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhbbh.exec:\bhhbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe30⤵
- Executes dropped EXE
-
\??\c:\xlllrll.exec:\xlllrll.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe33⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe35⤵
- Executes dropped EXE
-
\??\c:\9rfffxf.exec:\9rfffxf.exe36⤵
- Executes dropped EXE
-
\??\c:\flrrrxf.exec:\flrrrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\1ntnnn.exec:\1ntnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe39⤵
- Executes dropped EXE
-
\??\c:\7lrrrrx.exec:\7lrrrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\thtntt.exec:\thtntt.exe41⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\lrlrflx.exec:\lrlrflx.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbbbt.exec:\bnbbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrlxrx.exec:\rfrlxrx.exe46⤵
- Executes dropped EXE
-
\??\c:\3rfffxf.exec:\3rfffxf.exe47⤵
- Executes dropped EXE
-
\??\c:\nbnnth.exec:\nbnnth.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe49⤵
- Executes dropped EXE
-
\??\c:\1lrlxrr.exec:\1lrlxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\1tbtnn.exec:\1tbtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\9flxxxx.exec:\9flxxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe54⤵
- Executes dropped EXE
-
\??\c:\1ddpp.exec:\1ddpp.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrfllx.exec:\lfrfllx.exe56⤵
- Executes dropped EXE
-
\??\c:\hthnnh.exec:\hthnnh.exe57⤵
- Executes dropped EXE
-
\??\c:\9jvdj.exec:\9jvdj.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxrxxf.exec:\rfxrxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe60⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe61⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\1fllllr.exec:\1fllllr.exe63⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe64⤵
- Executes dropped EXE
-
\??\c:\llrxxrr.exec:\llrxxrr.exe65⤵
- Executes dropped EXE
-
\??\c:\7thhhh.exec:\7thhhh.exe66⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe67⤵
-
\??\c:\jjddj.exec:\jjddj.exe68⤵
-
\??\c:\fxllffr.exec:\fxllffr.exe69⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe70⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe71⤵
-
\??\c:\frfllrx.exec:\frfllrx.exe72⤵
-
\??\c:\ffxflrf.exec:\ffxflrf.exe73⤵
-
\??\c:\5tnthn.exec:\5tnthn.exe74⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe75⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe76⤵
-
\??\c:\rrfxlrf.exec:\rrfxlrf.exe77⤵
-
\??\c:\5hbhtb.exec:\5hbhtb.exe78⤵
-
\??\c:\btthth.exec:\btthth.exe79⤵
-
\??\c:\1pjjv.exec:\1pjjv.exe80⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe81⤵
-
\??\c:\5lffxxl.exec:\5lffxxl.exe82⤵
-
\??\c:\7bhnhn.exec:\7bhnhn.exe83⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe84⤵
-
\??\c:\7jjpv.exec:\7jjpv.exe85⤵
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe86⤵
-
\??\c:\bhhntb.exec:\bhhntb.exe87⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe88⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe89⤵
-
\??\c:\llllxfr.exec:\llllxfr.exe90⤵
-
\??\c:\1nnhnt.exec:\1nnhnt.exe91⤵
-
\??\c:\djjjj.exec:\djjjj.exe92⤵
-
\??\c:\9xlrrxr.exec:\9xlrrxr.exe93⤵
-
\??\c:\1lfrrlx.exec:\1lfrrlx.exe94⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe95⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe96⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe97⤵
-
\??\c:\rllrxff.exec:\rllrxff.exe98⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe99⤵
-
\??\c:\3jjpv.exec:\3jjpv.exe100⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe101⤵
-
\??\c:\1rlxflf.exec:\1rlxflf.exe102⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe103⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe104⤵
-
\??\c:\9pddd.exec:\9pddd.exe105⤵
-
\??\c:\3llrffl.exec:\3llrffl.exe106⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe107⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe108⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe109⤵
-
\??\c:\1xrlrxl.exec:\1xrlrxl.exe110⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe111⤵
-
\??\c:\vvppd.exec:\vvppd.exe112⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe113⤵
-
\??\c:\xrfxrrx.exec:\xrfxrrx.exe114⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe115⤵
-
\??\c:\5hnhhn.exec:\5hnhhn.exe116⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe117⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe118⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe119⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe120⤵
-
\??\c:\3fxflrr.exec:\3fxflrr.exe121⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe122⤵
-
\??\c:\5bthtn.exec:\5bthtn.exe123⤵
-
\??\c:\3hbnnt.exec:\3hbnnt.exe124⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe125⤵
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe126⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe127⤵
-
\??\c:\7bhhnt.exec:\7bhhnt.exe128⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe129⤵
-
\??\c:\frfllfr.exec:\frfllfr.exe130⤵
-
\??\c:\lflrxxl.exec:\lflrxxl.exe131⤵
-
\??\c:\hnbnnb.exec:\hnbnnb.exe132⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe133⤵
-
\??\c:\fllrrff.exec:\fllrrff.exe134⤵
-
\??\c:\9xxxrxf.exec:\9xxxrxf.exe135⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe136⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe137⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe138⤵
-
\??\c:\9frllll.exec:\9frllll.exe139⤵
-
\??\c:\3hnnth.exec:\3hnnth.exe140⤵
-
\??\c:\bhbbnn.exec:\bhbbnn.exe141⤵
-
\??\c:\7jddd.exec:\7jddd.exe142⤵
-
\??\c:\xlxfrlf.exec:\xlxfrlf.exe143⤵
-
\??\c:\rflllll.exec:\rflllll.exe144⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe145⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe146⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe147⤵
-
\??\c:\frllxxl.exec:\frllxxl.exe148⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe149⤵
-
\??\c:\5htbnh.exec:\5htbnh.exe150⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe151⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe152⤵
-
\??\c:\7xrrfxx.exec:\7xrrfxx.exe153⤵
-
\??\c:\3nhhtn.exec:\3nhhtn.exe154⤵
-
\??\c:\5ppvj.exec:\5ppvj.exe155⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe156⤵
-
\??\c:\7rfxxxx.exec:\7rfxxxx.exe157⤵
-
\??\c:\9htnth.exec:\9htnth.exe158⤵
-
\??\c:\3bnnbn.exec:\3bnnbn.exe159⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe160⤵
-
\??\c:\7fxflrr.exec:\7fxflrr.exe161⤵
-
\??\c:\xlflrxl.exec:\xlflrxl.exe162⤵
-
\??\c:\thtthb.exec:\thtthb.exe163⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe164⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe165⤵
-
\??\c:\fxrfrrx.exec:\fxrfrrx.exe166⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe167⤵
-
\??\c:\3tnbnh.exec:\3tnbnh.exe168⤵
-
\??\c:\3dvdv.exec:\3dvdv.exe169⤵
-
\??\c:\5frxxll.exec:\5frxxll.exe170⤵
-
\??\c:\5lrxffl.exec:\5lrxffl.exe171⤵
-
\??\c:\5btnhh.exec:\5btnhh.exe172⤵
-
\??\c:\dvddd.exec:\dvddd.exe173⤵
-
\??\c:\9rrxrxx.exec:\9rrxrxx.exe174⤵
-
\??\c:\3flfrrx.exec:\3flfrrx.exe175⤵
-
\??\c:\nnttth.exec:\nnttth.exe176⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe177⤵
-
\??\c:\jpddj.exec:\jpddj.exe178⤵
-
\??\c:\ffxrlrr.exec:\ffxrlrr.exe179⤵
-
\??\c:\5rxxxrl.exec:\5rxxxrl.exe180⤵
-
\??\c:\bhtntn.exec:\bhtntn.exe181⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe182⤵
-
\??\c:\jvddj.exec:\jvddj.exe183⤵
-
\??\c:\xlxxfll.exec:\xlxxfll.exe184⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe185⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe186⤵
-
\??\c:\5dddv.exec:\5dddv.exe187⤵
-
\??\c:\9thhbb.exec:\9thhbb.exe188⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe189⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe190⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe191⤵
-
\??\c:\rffflrl.exec:\rffflrl.exe192⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe193⤵
-
\??\c:\3ntttn.exec:\3ntttn.exe194⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe195⤵
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe196⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe197⤵
-
\??\c:\9tnbbn.exec:\9tnbbn.exe198⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe199⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe200⤵
-
\??\c:\frrxxxr.exec:\frrxxxr.exe201⤵
-
\??\c:\thtttt.exec:\thtttt.exe202⤵
-
\??\c:\5ttbhn.exec:\5ttbhn.exe203⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe204⤵
-
\??\c:\3dppv.exec:\3dppv.exe205⤵
-
\??\c:\xrlllfl.exec:\xrlllfl.exe206⤵
-
\??\c:\tthhhb.exec:\tthhhb.exe207⤵
-
\??\c:\pdppd.exec:\pdppd.exe208⤵
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe209⤵
-
\??\c:\xlxfxxf.exec:\xlxfxxf.exe210⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe211⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe212⤵
-
\??\c:\dpddv.exec:\dpddv.exe213⤵
-
\??\c:\fxllrfl.exec:\fxllrfl.exe214⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe215⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe216⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe217⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe218⤵
-
\??\c:\lxrfxxx.exec:\lxrfxxx.exe219⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe220⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe221⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe222⤵
-
\??\c:\1xrrfxf.exec:\1xrrfxf.exe223⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe224⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe225⤵
-
\??\c:\3dppd.exec:\3dppd.exe226⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe227⤵
-
\??\c:\9xlrllf.exec:\9xlrllf.exe228⤵
-
\??\c:\7hnnnh.exec:\7hnnnh.exe229⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe230⤵
-
\??\c:\ddddj.exec:\ddddj.exe231⤵
-
\??\c:\1xxfxrx.exec:\1xxfxrx.exe232⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe233⤵
-
\??\c:\5hbttt.exec:\5hbttt.exe234⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe235⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe236⤵
-
\??\c:\7lffffx.exec:\7lffffx.exe237⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe238⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe239⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe240⤵
-
\??\c:\3xxrxxf.exec:\3xxrxxf.exe241⤵