Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 04:36
General
-
Target
753bd48781b42cea6614f8b73454c820_NeikiAnalytics.exe
-
Size
320KB
-
MD5
753bd48781b42cea6614f8b73454c820
-
SHA1
0c944cbe24ee222a9baea1a36b9df329faf81264
-
SHA256
b9beae4dec64849f9cce65ec6810aeedb3c1d9a1a8e413a675d9173addf13569
-
SHA512
25bb1b8b2de248e9459e3a049de932ecc5dc27885553e35584499ad891b6f77d8918eae26d3f7a4debae0650807c8bdd4f8a3b66e6c1a1dbc35113bf2c1fbb02
-
SSDEEP
6144:9cm4FmowdHoSZrv9AEa3F2Y9iE9mJrtMsQBcqNLq3x5:/4wFHoSB969P9mJRMsfqV2r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\753bd48781b42cea6614f8b73454c820_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\753bd48781b42cea6614f8b73454c820_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflrxl.exec:\3rflrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbhn.exec:\7htbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnb.exec:\nhbhnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvj.exec:\pdjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxfllr.exec:\7lxfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvdj.exec:\5jvdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflrlr.exec:\7lflrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrfrr.exec:\fllrfrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnht.exec:\nbnnht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtbh.exec:\hthtbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfllx.exec:\fxrfllx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe17⤵
- Executes dropped EXE
-
\??\c:\lffxrfx.exec:\lffxrfx.exe18⤵
- Executes dropped EXE
-
\??\c:\hnnbht.exec:\hnnbht.exe19⤵
- Executes dropped EXE
-
\??\c:\llxfrrf.exec:\llxfrrf.exe20⤵
- Executes dropped EXE
-
\??\c:\rrlxxxl.exec:\rrlxxxl.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe22⤵
- Executes dropped EXE
-
\??\c:\lfxllrl.exec:\lfxllrl.exe23⤵
- Executes dropped EXE
-
\??\c:\tbnnnb.exec:\tbnnnb.exe24⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe25⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhhbn.exec:\hhhhbn.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnbnb.exec:\nbnbnb.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxfllx.exec:\lfxfllx.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlllrx.exec:\fxlllrx.exe31⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe32⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrllrxf.exec:\xrllrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe36⤵
- Executes dropped EXE
-
\??\c:\nnbhbb.exec:\nnbhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe39⤵
- Executes dropped EXE
-
\??\c:\9llxllx.exec:\9llxllx.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\9jpjd.exec:\9jpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxfllx.exec:\fxxfllx.exe43⤵
- Executes dropped EXE
-
\??\c:\5xlfrfr.exec:\5xlfrfr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\7pjpj.exec:\7pjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\9dpvd.exec:\9dpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxfxlr.exec:\xrxfxlr.exe48⤵
- Executes dropped EXE
-
\??\c:\9htntb.exec:\9htntb.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\1ddjd.exec:\1ddjd.exe51⤵
- Executes dropped EXE
-
\??\c:\rrxrlrx.exec:\rrxrlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xxllxxf.exec:\xxllxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe54⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\fllfxfx.exec:\fllfxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\djpvv.exec:\djpvv.exe59⤵
- Executes dropped EXE
-
\??\c:\5vpjv.exec:\5vpjv.exe60⤵
- Executes dropped EXE
-
\??\c:\xrllxxf.exec:\xrllxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhhth.exec:\tnhhth.exe62⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlxffx.exec:\xrlxffx.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe66⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe67⤵
-
\??\c:\1ppvv.exec:\1ppvv.exe68⤵
-
\??\c:\5frflxl.exec:\5frflxl.exe69⤵
-
\??\c:\rlrfllr.exec:\rlrfllr.exe70⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe71⤵
-
\??\c:\ttttth.exec:\ttttth.exe72⤵
-
\??\c:\1vpvv.exec:\1vpvv.exe73⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe74⤵
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe75⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe76⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe77⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe78⤵
-
\??\c:\rrffllr.exec:\rrffllr.exe79⤵
-
\??\c:\fxlxffr.exec:\fxlxffr.exe80⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe81⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe82⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe83⤵
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe84⤵
-
\??\c:\7lflrfr.exec:\7lflrfr.exe85⤵
-
\??\c:\hhbntn.exec:\hhbntn.exe86⤵
-
\??\c:\pppvv.exec:\pppvv.exe87⤵
-
\??\c:\xxxlxfr.exec:\xxxlxfr.exe88⤵
-
\??\c:\llrlxfl.exec:\llrlxfl.exe89⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe90⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe91⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe92⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe93⤵
-
\??\c:\httbhh.exec:\httbhh.exe94⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe95⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe96⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe97⤵
-
\??\c:\5hnhhn.exec:\5hnhhn.exe98⤵
-
\??\c:\3tnbbb.exec:\3tnbbb.exe99⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe100⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe101⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe102⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe103⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe104⤵
-
\??\c:\ffflfxf.exec:\ffflfxf.exe105⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe106⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe107⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe108⤵
-
\??\c:\frlrrfr.exec:\frlrrfr.exe109⤵
-
\??\c:\7nnnhb.exec:\7nnnhb.exe110⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe111⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe112⤵
-
\??\c:\fxrxxfl.exec:\fxrxxfl.exe113⤵
-
\??\c:\rrrrflx.exec:\rrrrflx.exe114⤵
-
\??\c:\7tnttt.exec:\7tnttt.exe115⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe116⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe117⤵
-
\??\c:\lrlffll.exec:\lrlffll.exe118⤵
-
\??\c:\fxffrxf.exec:\fxffrxf.exe119⤵
-
\??\c:\1ttbhh.exec:\1ttbhh.exe120⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe121⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe122⤵
-
\??\c:\1xllrxx.exec:\1xllrxx.exe123⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe124⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe125⤵
-
\??\c:\3pvpv.exec:\3pvpv.exe126⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe127⤵
-
\??\c:\xxrxfrf.exec:\xxrxfrf.exe128⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe129⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe130⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe131⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe132⤵
-
\??\c:\rlxlfrx.exec:\rlxlfrx.exe133⤵
-
\??\c:\9nbbht.exec:\9nbbht.exe134⤵
-
\??\c:\5vddd.exec:\5vddd.exe135⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe136⤵
-
\??\c:\3rrrrrf.exec:\3rrrrrf.exe137⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe138⤵
-
\??\c:\9btbhn.exec:\9btbhn.exe139⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe140⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe141⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe142⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe143⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe144⤵
-
\??\c:\jdppv.exec:\jdppv.exe145⤵
-
\??\c:\rlrrfrl.exec:\rlrrfrl.exe146⤵
-
\??\c:\xrxflfr.exec:\xrxflfr.exe147⤵
-
\??\c:\nnbhtn.exec:\nnbhtn.exe148⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe149⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe150⤵
-
\??\c:\7fxrrxf.exec:\7fxrrxf.exe151⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe152⤵
-
\??\c:\bbtnth.exec:\bbtnth.exe153⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe154⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe155⤵
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe156⤵
-
\??\c:\bththh.exec:\bththh.exe157⤵
-
\??\c:\5btbhn.exec:\5btbhn.exe158⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe159⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe160⤵
-
\??\c:\xrxrxxl.exec:\xrxrxxl.exe161⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe162⤵
-
\??\c:\thnntn.exec:\thnntn.exe163⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe164⤵
-
\??\c:\fxrxxll.exec:\fxrxxll.exe165⤵
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe166⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe167⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe168⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe169⤵
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe170⤵
-
\??\c:\7rfxfff.exec:\7rfxfff.exe171⤵
-
\??\c:\1nbhth.exec:\1nbhth.exe172⤵
-
\??\c:\7bthnn.exec:\7bthnn.exe173⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe174⤵
-
\??\c:\djdvj.exec:\djdvj.exe175⤵
-
\??\c:\rrrxfrx.exec:\rrrxfrx.exe176⤵
-
\??\c:\9httbn.exec:\9httbn.exe177⤵
-
\??\c:\bbtbbh.exec:\bbtbbh.exe178⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe179⤵
-
\??\c:\9rlllrr.exec:\9rlllrr.exe180⤵
-
\??\c:\llxllrr.exec:\llxllrr.exe181⤵
-
\??\c:\btthtt.exec:\btthtt.exe182⤵
-
\??\c:\bttttb.exec:\bttttb.exe183⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe184⤵
-
\??\c:\5xrlxfr.exec:\5xrlxfr.exe185⤵
-
\??\c:\lfxffll.exec:\lfxffll.exe186⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe187⤵
-
\??\c:\5bhtbh.exec:\5bhtbh.exe188⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe189⤵
-
\??\c:\3pdpp.exec:\3pdpp.exe190⤵
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe191⤵
-
\??\c:\nththb.exec:\nththb.exe192⤵
-
\??\c:\7tbthn.exec:\7tbthn.exe193⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe194⤵
-
\??\c:\ffrxffl.exec:\ffrxffl.exe195⤵
-
\??\c:\3rlxxxx.exec:\3rlxxxx.exe196⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe197⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe198⤵
-
\??\c:\3vdpv.exec:\3vdpv.exe199⤵
-
\??\c:\rlxlrfl.exec:\rlxlrfl.exe200⤵
-
\??\c:\1lllxxf.exec:\1lllxxf.exe201⤵
-
\??\c:\5nhnbb.exec:\5nhnbb.exe202⤵
-
\??\c:\tththn.exec:\tththn.exe203⤵
-
\??\c:\9vvjj.exec:\9vvjj.exe204⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe205⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe206⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe207⤵
-
\??\c:\tttnth.exec:\tttnth.exe208⤵
-
\??\c:\1jjdd.exec:\1jjdd.exe209⤵
-
\??\c:\rrlrxxl.exec:\rrlrxxl.exe210⤵
-
\??\c:\9xlrxfl.exec:\9xlrxfl.exe211⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe212⤵
-
\??\c:\1bntnb.exec:\1bntnb.exe213⤵
-
\??\c:\dpddd.exec:\dpddd.exe214⤵
-
\??\c:\vppjp.exec:\vppjp.exe215⤵
-
\??\c:\xrlflxf.exec:\xrlflxf.exe216⤵
-
\??\c:\5tntnt.exec:\5tntnt.exe217⤵
-
\??\c:\3bbntt.exec:\3bbntt.exe218⤵
-
\??\c:\vvppv.exec:\vvppv.exe219⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe220⤵
-
\??\c:\3xrxfxf.exec:\3xrxfxf.exe221⤵
-
\??\c:\lfflxfr.exec:\lfflxfr.exe222⤵
-
\??\c:\thntbt.exec:\thntbt.exe223⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe224⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe225⤵
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe226⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe227⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe228⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe229⤵
-
\??\c:\5lxxxfx.exec:\5lxxxfx.exe230⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe231⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe232⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe233⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe234⤵
-
\??\c:\5llrfrf.exec:\5llrfrf.exe235⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe236⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe237⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe238⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe239⤵
-
\??\c:\rfrxxff.exec:\rfrxxff.exe240⤵
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe241⤵