Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 01:08
General
-
Target
3dec43c7be61490b7de0f0039ee57d70_NeikiAnalytics.exe
-
Size
464KB
-
MD5
3dec43c7be61490b7de0f0039ee57d70
-
SHA1
3598d955d6aab03de714a078da703fdf7a1b067c
-
SHA256
1f0ee41fb65b04cd416b7e06c781a80e7194055829d284f4d80718c8264fcdac
-
SHA512
5fc7e21de1027cadcf3282b14a3d51af0a8ddc0ed6e86350a8eb3e5c0f9050b648e60533afda4804ba795d41512f518553adfc924e7eb058376638baedad2b45
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1Vq:VeR0oykayRFp3lztP+OKaf1Vq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3dec43c7be61490b7de0f0039ee57d70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3dec43c7be61490b7de0f0039ee57d70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxll.exec:\xrfxxll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnhhn.exec:\1tnhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnntt.exec:\9hnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djjj.exec:\1djjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpj.exec:\ppjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflll.exec:\xrfflll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlff.exec:\rrxrlff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrllf.exec:\rfrrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbbn.exec:\5tnbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnbt.exec:\nntnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrffr.exec:\rrrrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbh.exec:\nnthbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxxxx.exec:\flfxxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnnhh.exec:\7hnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllfff.exec:\xxllfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrll.exec:\frxrrll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbbn.exec:\7bbbbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\thbbtb.exec:\thbbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\frlxrff.exec:\frlxrff.exe25⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\hntnbt.exec:\hntnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe33⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe34⤵
- Executes dropped EXE
-
\??\c:\nbnhtt.exec:\nbnhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe36⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\frllxff.exec:\frllxff.exe38⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\lxrxxff.exec:\lxrxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\hbttnt.exec:\hbttnt.exe41⤵
- Executes dropped EXE
-
\??\c:\rxxrfff.exec:\rxxrfff.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\xflxrrl.exec:\xflxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\thnttn.exec:\thnttn.exe46⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\9pvvj.exec:\9pvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxlffx.exec:\lfxlffx.exe50⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe52⤵
- Executes dropped EXE
-
\??\c:\fflfxxl.exec:\fflfxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe54⤵
- Executes dropped EXE
-
\??\c:\5vvvp.exec:\5vvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxxlxr.exec:\xrxxlxr.exe57⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\3ffrfxf.exec:\3ffrfxf.exe60⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\llxrrrl.exec:\llxrrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe66⤵
-
\??\c:\llxfllx.exec:\llxfllx.exe67⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe68⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe69⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe70⤵
-
\??\c:\dvppj.exec:\dvppj.exe71⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe72⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe73⤵
-
\??\c:\djddj.exec:\djddj.exe74⤵
-
\??\c:\djjjd.exec:\djjjd.exe75⤵
-
\??\c:\rfxxlxl.exec:\rfxxlxl.exe76⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe77⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe78⤵
-
\??\c:\xxrfflf.exec:\xxrfflf.exe79⤵
-
\??\c:\thbnnb.exec:\thbnnb.exe80⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe81⤵
-
\??\c:\rfrrffx.exec:\rfrrffx.exe82⤵
-
\??\c:\7flfxxx.exec:\7flfxxx.exe83⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe84⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe85⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe86⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe87⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe88⤵
-
\??\c:\dddvd.exec:\dddvd.exe89⤵
-
\??\c:\flfxrrr.exec:\flfxrrr.exe90⤵
-
\??\c:\thhbhh.exec:\thhbhh.exe91⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe92⤵
-
\??\c:\xrlfxxf.exec:\xrlfxxf.exe93⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe94⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe95⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe96⤵
-
\??\c:\llffllf.exec:\llffllf.exe97⤵
-
\??\c:\nnnnbn.exec:\nnnnbn.exe98⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe99⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe100⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe101⤵
-
\??\c:\jjppj.exec:\jjppj.exe102⤵
-
\??\c:\rfffflf.exec:\rfffflf.exe103⤵
-
\??\c:\tbbbtn.exec:\tbbbtn.exe104⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe105⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe106⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe107⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe108⤵
-
\??\c:\fffxxxr.exec:\fffxxxr.exe109⤵
-
\??\c:\7nhhhh.exec:\7nhhhh.exe110⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe111⤵
-
\??\c:\3rrrflf.exec:\3rrrflf.exe112⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe113⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe114⤵
-
\??\c:\3llfflf.exec:\3llfflf.exe115⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe116⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe117⤵
-
\??\c:\llxrrrx.exec:\llxrrrx.exe118⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe119⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe120⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe121⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe122⤵
-
\??\c:\djpjj.exec:\djpjj.exe123⤵
-
\??\c:\fllxrrl.exec:\fllxrrl.exe124⤵
-
\??\c:\fxxxxff.exec:\fxxxxff.exe125⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe126⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe127⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe128⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe129⤵
-
\??\c:\7jppd.exec:\7jppd.exe130⤵
-
\??\c:\9xrrrrr.exec:\9xrrrrr.exe131⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe132⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe133⤵
-
\??\c:\flfffff.exec:\flfffff.exe134⤵
-
\??\c:\nbthbn.exec:\nbthbn.exe135⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe136⤵
-
\??\c:\3nnbbh.exec:\3nnbbh.exe137⤵
-
\??\c:\djjjv.exec:\djjjv.exe138⤵
-
\??\c:\flxxxxf.exec:\flxxxxf.exe139⤵
-
\??\c:\thtnnb.exec:\thtnnb.exe140⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe141⤵
-
\??\c:\vpppp.exec:\vpppp.exe142⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe143⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe144⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe145⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe146⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe147⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe148⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe149⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe150⤵
-
\??\c:\llrrffl.exec:\llrrffl.exe151⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe152⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe153⤵
-
\??\c:\lxrlflx.exec:\lxrlflx.exe154⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe155⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe156⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe157⤵
-
\??\c:\nnbbth.exec:\nnbbth.exe158⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe159⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe160⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe161⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe162⤵
-
\??\c:\jdddd.exec:\jdddd.exe163⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe164⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe165⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe166⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe167⤵
-
\??\c:\xxlffxl.exec:\xxlffxl.exe168⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe169⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe170⤵
-
\??\c:\flllllr.exec:\flllllr.exe171⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe172⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe173⤵
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe174⤵
-
\??\c:\7rlfrxl.exec:\7rlfrxl.exe175⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe176⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe177⤵
-
\??\c:\fxffxfx.exec:\fxffxfx.exe178⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe179⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe180⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe181⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe182⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe183⤵
-
\??\c:\djpjp.exec:\djpjp.exe184⤵
-
\??\c:\1xxrrxx.exec:\1xxrrxx.exe185⤵
-
\??\c:\httttt.exec:\httttt.exe186⤵
-
\??\c:\lrfrlff.exec:\lrfrlff.exe187⤵
-
\??\c:\rfxrxfl.exec:\rfxrxfl.exe188⤵
-
\??\c:\bntttt.exec:\bntttt.exe189⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe190⤵
-
\??\c:\nbtnnb.exec:\nbtnnb.exe191⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe192⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe193⤵
-
\??\c:\htnnnb.exec:\htnnnb.exe194⤵
-
\??\c:\djvdd.exec:\djvdd.exe195⤵
-
\??\c:\lfrrxrl.exec:\lfrrxrl.exe196⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe197⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe198⤵
-
\??\c:\rlxrlfl.exec:\rlxrlfl.exe199⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe200⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe201⤵
-
\??\c:\lxffxxf.exec:\lxffxxf.exe202⤵
-
\??\c:\ddppv.exec:\ddppv.exe203⤵
-
\??\c:\rxllrrl.exec:\rxllrrl.exe204⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe205⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe206⤵
-
\??\c:\xxxxffx.exec:\xxxxffx.exe207⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe208⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe209⤵
-
\??\c:\ddppv.exec:\ddppv.exe210⤵
-
\??\c:\rlrlfrr.exec:\rlrlfrr.exe211⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe212⤵
-
\??\c:\3frlrrr.exec:\3frlrrr.exe213⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe214⤵
-
\??\c:\pdppd.exec:\pdppd.exe215⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe216⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe217⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe218⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe219⤵
-
\??\c:\1ntnnh.exec:\1ntnnh.exe220⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe221⤵
-
\??\c:\ppddj.exec:\ppddj.exe222⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe223⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe224⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe225⤵
-
\??\c:\xxffffl.exec:\xxffffl.exe226⤵
-
\??\c:\bnbnnh.exec:\bnbnnh.exe227⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe228⤵
-
\??\c:\1rxrlrr.exec:\1rxrlrr.exe229⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe230⤵
-
\??\c:\jdddd.exec:\jdddd.exe231⤵
-
\??\c:\lrlxrxx.exec:\lrlxrxx.exe232⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe233⤵
-
\??\c:\djvpp.exec:\djvpp.exe234⤵
-
\??\c:\llxlxlr.exec:\llxlxlr.exe235⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe236⤵
-
\??\c:\ppddj.exec:\ppddj.exe237⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe238⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe239⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe240⤵
-
\??\c:\frrxlfr.exec:\frrxlfr.exe241⤵