Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 14:25
General
-
Target
d64692d61a03efb9d3f836f211f9b9f0_NeikiAnalytics.exe
-
Size
294KB
-
MD5
d64692d61a03efb9d3f836f211f9b9f0
-
SHA1
b35d54915b9225686f44b4fad37d1e0aac1c3f4b
-
SHA256
38ae333826c44d95deb16e76acb94d31d19c677e4c23a8ad6c5c6bbb35e88833
-
SHA512
1d1725b2e5429dab45adc33dd0a227f797a5f098b3da41ae8266bcd42fe098c2880918233e8f0b4a0ccfe29ac1604801377dfcc14b07677291d69a31a8b54b43
-
SSDEEP
6144:ccm4FmowdHoSQkuObHq9ltAszBd+za/p1slTjZXvEQo9dftOv:K4wFHoSQkuUHk1zBR/pMT9XvEhdfW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d64692d61a03efb9d3f836f211f9b9f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d64692d61a03efb9d3f836f211f9b9f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrfrf.exec:\rffrfrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbht.exec:\nbnbht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthth.exec:\tnthth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxrxr.exec:\9llxrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtb.exec:\btbhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbt.exec:\bnhhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxffl.exec:\9rxxffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbn.exec:\bnbbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxllr.exec:\xrxxllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhnn.exec:\7hbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddv.exec:\7pddv.exe17⤵
- Executes dropped EXE
-
\??\c:\frrxrxf.exec:\frrxrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe20⤵
- Executes dropped EXE
-
\??\c:\lfllxfl.exec:\lfllxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe22⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\1httbh.exec:\1httbh.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\7rfxlrf.exec:\7rfxlrf.exe29⤵
- Executes dropped EXE
-
\??\c:\9bhnbh.exec:\9bhnbh.exe30⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe31⤵
- Executes dropped EXE
-
\??\c:\lflrxxl.exec:\lflrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\3xxxlrr.exec:\3xxxlrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe36⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe37⤵
- Executes dropped EXE
-
\??\c:\3jpdd.exec:\3jpdd.exe38⤵
- Executes dropped EXE
-
\??\c:\7flflfl.exec:\7flflfl.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnnth.exec:\hbnnth.exe40⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe41⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe42⤵
- Executes dropped EXE
-
\??\c:\xrfxlrx.exec:\xrfxlrx.exe43⤵
- Executes dropped EXE
-
\??\c:\bttbnb.exec:\bttbnb.exe44⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe46⤵
- Executes dropped EXE
-
\??\c:\lfffflr.exec:\lfffflr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbhbh.exec:\tnbhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\5dpvv.exec:\5dpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\7flrllx.exec:\7flrllx.exe51⤵
- Executes dropped EXE
-
\??\c:\9htthn.exec:\9htthn.exe52⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe55⤵
- Executes dropped EXE
-
\??\c:\lflffll.exec:\lflffll.exe56⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\7lflrrx.exec:\7lflrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\5btbhn.exec:\5btbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\9ppdp.exec:\9ppdp.exe62⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe63⤵
- Executes dropped EXE
-
\??\c:\ffrrxff.exec:\ffrrxff.exe64⤵
- Executes dropped EXE
-
\??\c:\xlfxlrx.exec:\xlfxlrx.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe66⤵
-
\??\c:\5tttbb.exec:\5tttbb.exe67⤵
-
\??\c:\pjppv.exec:\pjppv.exe68⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe69⤵
-
\??\c:\frxxfxf.exec:\frxxfxf.exe70⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe71⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe72⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe73⤵
-
\??\c:\lrfxrll.exec:\lrfxrll.exe74⤵
-
\??\c:\xlxlxxx.exec:\xlxlxxx.exe75⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe76⤵
-
\??\c:\htbhbn.exec:\htbhbn.exe77⤵
-
\??\c:\3jddj.exec:\3jddj.exe78⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe79⤵
-
\??\c:\rfxlrll.exec:\rfxlrll.exe80⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe81⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe82⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe83⤵
-
\??\c:\9djvv.exec:\9djvv.exe84⤵
-
\??\c:\frrxfrx.exec:\frrxfrx.exe85⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe86⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe87⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe88⤵
-
\??\c:\9xxrrrl.exec:\9xxrrrl.exe89⤵
-
\??\c:\frllrrx.exec:\frllrrx.exe90⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe91⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe92⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe93⤵
-
\??\c:\lxlrlfl.exec:\lxlrlfl.exe94⤵
-
\??\c:\9rrxllr.exec:\9rrxllr.exe95⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe96⤵
-
\??\c:\hhthbt.exec:\hhthbt.exe97⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe98⤵
-
\??\c:\9djdv.exec:\9djdv.exe99⤵
-
\??\c:\llfrxxl.exec:\llfrxxl.exe100⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe101⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe102⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe103⤵
-
\??\c:\jdddj.exec:\jdddj.exe104⤵
-
\??\c:\xrffrlr.exec:\xrffrlr.exe105⤵
-
\??\c:\hthntb.exec:\hthntb.exe106⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe107⤵
-
\??\c:\pdppd.exec:\pdppd.exe108⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe109⤵
-
\??\c:\5lrrxxl.exec:\5lrrxxl.exe110⤵
-
\??\c:\lffflxf.exec:\lffflxf.exe111⤵
-
\??\c:\tttthh.exec:\tttthh.exe112⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe113⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe114⤵
-
\??\c:\rlrrffx.exec:\rlrrffx.exe115⤵
-
\??\c:\rfxxlfr.exec:\rfxxlfr.exe116⤵
-
\??\c:\bntntn.exec:\bntntn.exe117⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe118⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe119⤵
-
\??\c:\rlxlrxx.exec:\rlxlrxx.exe120⤵
-
\??\c:\7lllxxl.exec:\7lllxxl.exe121⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe122⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe123⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe124⤵
-
\??\c:\jdppd.exec:\jdppd.exe125⤵
-
\??\c:\xrfflfl.exec:\xrfflfl.exe126⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe127⤵
-
\??\c:\7nbhnt.exec:\7nbhnt.exe128⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe129⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe130⤵
-
\??\c:\rxlllxf.exec:\rxlllxf.exe131⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe132⤵
-
\??\c:\9thhtt.exec:\9thhtt.exe133⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe134⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe135⤵
-
\??\c:\9xxxxxf.exec:\9xxxxxf.exe136⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe137⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe138⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe139⤵
-
\??\c:\jdppd.exec:\jdppd.exe140⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe141⤵
-
\??\c:\5hnbbn.exec:\5hnbbn.exe142⤵
-
\??\c:\tnnbnb.exec:\tnnbnb.exe143⤵
-
\??\c:\9vdjp.exec:\9vdjp.exe144⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe145⤵
-
\??\c:\frffllr.exec:\frffllr.exe146⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe147⤵
-
\??\c:\hbhhbt.exec:\hbhhbt.exe148⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe149⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe150⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe151⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe152⤵
-
\??\c:\lxlrfll.exec:\lxlrfll.exe153⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe154⤵
-
\??\c:\jvddd.exec:\jvddd.exe155⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe156⤵
-
\??\c:\frxrxrx.exec:\frxrxrx.exe157⤵
-
\??\c:\3xlrxfl.exec:\3xlrxfl.exe158⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe159⤵
-
\??\c:\bttntn.exec:\bttntn.exe160⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe161⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe162⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe163⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe164⤵
-
\??\c:\9pjpp.exec:\9pjpp.exe165⤵
-
\??\c:\jdddp.exec:\jdddp.exe166⤵
-
\??\c:\llxxlfr.exec:\llxxlfr.exe167⤵
-
\??\c:\9fxxllr.exec:\9fxxllr.exe168⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe169⤵
-
\??\c:\nhbtth.exec:\nhbtth.exe170⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe171⤵
-
\??\c:\dpddj.exec:\dpddj.exe172⤵
-
\??\c:\rlffxfl.exec:\rlffxfl.exe173⤵
-
\??\c:\xrffrlr.exec:\xrffrlr.exe174⤵
-
\??\c:\3ttthh.exec:\3ttthh.exe175⤵
-
\??\c:\bbnttn.exec:\bbnttn.exe176⤵
-
\??\c:\5pddd.exec:\5pddd.exe177⤵
-
\??\c:\fxxrffl.exec:\fxxrffl.exe178⤵
-
\??\c:\llflxxf.exec:\llflxxf.exe179⤵
-
\??\c:\hbhntn.exec:\hbhntn.exe180⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe181⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe182⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe183⤵
-
\??\c:\lxrrflf.exec:\lxrrflf.exe184⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe185⤵
-
\??\c:\9bhtnn.exec:\9bhtnn.exe186⤵
-
\??\c:\dvddd.exec:\dvddd.exe187⤵
-
\??\c:\vpddj.exec:\vpddj.exe188⤵
-
\??\c:\5fxlxff.exec:\5fxlxff.exe189⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe190⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe191⤵
-
\??\c:\dvppd.exec:\dvppd.exe192⤵
-
\??\c:\7djpp.exec:\7djpp.exe193⤵
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe194⤵
-
\??\c:\frlrxxf.exec:\frlrxxf.exe195⤵
-
\??\c:\hhbtbn.exec:\hhbtbn.exe196⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe197⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe198⤵
-
\??\c:\vpddp.exec:\vpddp.exe199⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe200⤵
-
\??\c:\3ntnnh.exec:\3ntnnh.exe201⤵
-
\??\c:\7hhntn.exec:\7hhntn.exe202⤵
-
\??\c:\9vppp.exec:\9vppp.exe203⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe204⤵
-
\??\c:\5rllfxf.exec:\5rllfxf.exe205⤵
-
\??\c:\3rffflr.exec:\3rffflr.exe206⤵
-
\??\c:\ttbntt.exec:\ttbntt.exe207⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe208⤵
-
\??\c:\1jpjp.exec:\1jpjp.exe209⤵
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe210⤵
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe211⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe212⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe213⤵
-
\??\c:\9ppvd.exec:\9ppvd.exe214⤵
-
\??\c:\djvpj.exec:\djvpj.exe215⤵
-
\??\c:\frfrfxf.exec:\frfrfxf.exe216⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe217⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe218⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe219⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe220⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe221⤵
-
\??\c:\lxfxflx.exec:\lxfxflx.exe222⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe223⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe224⤵
-
\??\c:\vjppp.exec:\vjppp.exe225⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe226⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe227⤵
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe228⤵
-
\??\c:\lfxxrlr.exec:\lfxxrlr.exe229⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe230⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe231⤵
-
\??\c:\jdppp.exec:\jdppp.exe232⤵
-
\??\c:\lxllxxx.exec:\lxllxxx.exe233⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe234⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe235⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe236⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe237⤵
-
\??\c:\fxrrfll.exec:\fxrrfll.exe238⤵
-
\??\c:\rfrrxff.exec:\rfrrxff.exe239⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe240⤵
-
\??\c:\5bbtbh.exec:\5bbtbh.exe241⤵