Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 14:55
General
-
Target
dc0496679542939a7fc9583d4daa8400_NeikiAnalytics.exe
-
Size
483KB
-
MD5
dc0496679542939a7fc9583d4daa8400
-
SHA1
e39a40b58a3be8b7fd86d0dc786ceb555554fa48
-
SHA256
d80495709bae1b9732128146ec3e5d7f90f8f6edd42c162355b28d287316a4bf
-
SHA512
0c6db140ae3302b6719176fdd784c7c7b35d34261d70eafdbd43f0f94a13512e0c6ba5324fb0130b125531c8eb696f6df732fd2cda057edd244bd9756f818cf1
-
SSDEEP
6144:mcm7ImGddXv/VWrXD486jCpoAhlq1mEjBqLyOSlhNFF2t:I7TcfNWj168w1VjsyvhNFF2t
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Malware Dropper & Backdoor - Berbew 34 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 42 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc0496679542939a7fc9583d4daa8400_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dc0496679542939a7fc9583d4daa8400_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllv.exec:\xrllv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvnp.exec:\ddvvnp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndxbhr.exec:\bndxbhr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrpdhdb.exec:\jrpdhdb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtdvr.exec:\hhtdvr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tjplvjb.exec:\tjplvjb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrjrfp.exec:\lrrjrfp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrvfd.exec:\jrvfd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhrph.exec:\vhrph.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhftvpn.exec:\hhftvpn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvpdj.exec:\lvpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrthpv.exec:\ffrthpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbjxlf.exec:\tbjxlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nfdhjhd.exec:\nfdhjhd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnnjjht.exec:\fnnjjht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbxjlbd.exec:\xbxjlbd.exe17⤵
- Executes dropped EXE
-
\??\c:\phdhr.exec:\phdhr.exe18⤵
- Executes dropped EXE
-
\??\c:\ffndfj.exec:\ffndfj.exe19⤵
- Executes dropped EXE
-
\??\c:\hhftdl.exec:\hhftdl.exe20⤵
- Executes dropped EXE
-
\??\c:\bpbjp.exec:\bpbjp.exe21⤵
- Executes dropped EXE
-
\??\c:\bfllll.exec:\bfllll.exe22⤵
- Executes dropped EXE
-
\??\c:\pxxhv.exec:\pxxhv.exe23⤵
- Executes dropped EXE
-
\??\c:\rtfbrr.exec:\rtfbrr.exe24⤵
- Executes dropped EXE
-
\??\c:\tvxdp.exec:\tvxdp.exe25⤵
- Executes dropped EXE
-
\??\c:\xdphbp.exec:\xdphbp.exe26⤵
- Executes dropped EXE
-
\??\c:\fjbnf.exec:\fjbnf.exe27⤵
- Executes dropped EXE
-
\??\c:\xppxt.exec:\xppxt.exe28⤵
- Executes dropped EXE
-
\??\c:\lvlthpn.exec:\lvlthpn.exe29⤵
- Executes dropped EXE
-
\??\c:\pblrn.exec:\pblrn.exe30⤵
- Executes dropped EXE
-
\??\c:\ltbjlhj.exec:\ltbjlhj.exe31⤵
- Executes dropped EXE
-
\??\c:\xbpxbp.exec:\xbpxbp.exe32⤵
- Executes dropped EXE
-
\??\c:\jbjpn.exec:\jbjpn.exe33⤵
- Executes dropped EXE
-
\??\c:\tjrvf.exec:\tjrvf.exe34⤵
- Executes dropped EXE
-
\??\c:\btthv.exec:\btthv.exe35⤵
- Executes dropped EXE
-
\??\c:\xtvjhrh.exec:\xtvjhrh.exe36⤵
- Executes dropped EXE
-
\??\c:\tlffx.exec:\tlffx.exe37⤵
- Executes dropped EXE
-
\??\c:\fjhvbd.exec:\fjhvbd.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlvlr.exec:\lxlvlr.exe39⤵
- Executes dropped EXE
-
\??\c:\fxpxvh.exec:\fxpxvh.exe40⤵
- Executes dropped EXE
-
\??\c:\jvvrf.exec:\jvvrf.exe41⤵
- Executes dropped EXE
-
\??\c:\xhpvh.exec:\xhpvh.exe42⤵
- Executes dropped EXE
-
\??\c:\pjprfrl.exec:\pjprfrl.exe43⤵
- Executes dropped EXE
-
\??\c:\lhbljvt.exec:\lhbljvt.exe44⤵
- Executes dropped EXE
-
\??\c:\hnpnhrl.exec:\hnpnhrl.exe45⤵
- Executes dropped EXE
-
\??\c:\frlnbb.exec:\frlnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jpdrj.exec:\jpdrj.exe47⤵
- Executes dropped EXE
-
\??\c:\hjtvx.exec:\hjtvx.exe48⤵
- Executes dropped EXE
-
\??\c:\vhbvfft.exec:\vhbvfft.exe49⤵
- Executes dropped EXE
-
\??\c:\xdpxxhf.exec:\xdpxxhf.exe50⤵
- Executes dropped EXE
-
\??\c:\rfjfl.exec:\rfjfl.exe51⤵
- Executes dropped EXE
-
\??\c:\rjvrvrp.exec:\rjvrvrp.exe52⤵
- Executes dropped EXE
-
\??\c:\dnvdxr.exec:\dnvdxr.exe53⤵
- Executes dropped EXE
-
\??\c:\ntddl.exec:\ntddl.exe54⤵
- Executes dropped EXE
-
\??\c:\bfxjrd.exec:\bfxjrd.exe55⤵
- Executes dropped EXE
-
\??\c:\rxtpt.exec:\rxtpt.exe56⤵
- Executes dropped EXE
-
\??\c:\jtxvvd.exec:\jtxvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\nvvbj.exec:\nvvbj.exe58⤵
- Executes dropped EXE
-
\??\c:\pvdtbt.exec:\pvdtbt.exe59⤵
- Executes dropped EXE
-
\??\c:\hlvxdvh.exec:\hlvxdvh.exe60⤵
- Executes dropped EXE
-
\??\c:\jlpdr.exec:\jlpdr.exe61⤵
- Executes dropped EXE
-
\??\c:\nfvnl.exec:\nfvnl.exe62⤵
- Executes dropped EXE
-
\??\c:\nvfxr.exec:\nvfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\flrrhb.exec:\flrrhb.exe64⤵
- Executes dropped EXE
-
\??\c:\lttllb.exec:\lttllb.exe65⤵
- Executes dropped EXE
-
\??\c:\ldbxrtl.exec:\ldbxrtl.exe66⤵
-
\??\c:\nhbvpdt.exec:\nhbvpdt.exe67⤵
-
\??\c:\dttprj.exec:\dttprj.exe68⤵
-
\??\c:\ldvnfxx.exec:\ldvnfxx.exe69⤵
-
\??\c:\djrfddp.exec:\djrfddp.exe70⤵
-
\??\c:\nhtrblr.exec:\nhtrblr.exe71⤵
-
\??\c:\btdjhnn.exec:\btdjhnn.exe72⤵
-
\??\c:\xvbpxr.exec:\xvbpxr.exe73⤵
-
\??\c:\hbnnxb.exec:\hbnnxb.exe74⤵
-
\??\c:\pxhjtjh.exec:\pxhjtjh.exe75⤵
-
\??\c:\rjpvl.exec:\rjpvl.exe76⤵
-
\??\c:\hrjnv.exec:\hrjnv.exe77⤵
-
\??\c:\nxjdjr.exec:\nxjdjr.exe78⤵
-
\??\c:\njtjjd.exec:\njtjjd.exe79⤵
-
\??\c:\tlrnl.exec:\tlrnl.exe80⤵
-
\??\c:\btrbt.exec:\btrbt.exe81⤵
-
\??\c:\pprfvrx.exec:\pprfvrx.exe82⤵
-
\??\c:\llrxxhn.exec:\llrxxhn.exe83⤵
-
\??\c:\rbbdlrn.exec:\rbbdlrn.exe84⤵
-
\??\c:\jdxjnxl.exec:\jdxjnxl.exe85⤵
-
\??\c:\bnnhv.exec:\bnnhv.exe86⤵
-
\??\c:\lfjfhpl.exec:\lfjfhpl.exe87⤵
-
\??\c:\nrrrv.exec:\nrrrv.exe88⤵
-
\??\c:\tjfdxrb.exec:\tjfdxrb.exe89⤵
-
\??\c:\xtjnh.exec:\xtjnh.exe90⤵
-
\??\c:\rfnrh.exec:\rfnrh.exe91⤵
-
\??\c:\xbfbjl.exec:\xbfbjl.exe92⤵
-
\??\c:\nrpjhrr.exec:\nrpjhrr.exe93⤵
-
\??\c:\plvhn.exec:\plvhn.exe94⤵
-
\??\c:\vnppbb.exec:\vnppbb.exe95⤵
-
\??\c:\nvnhf.exec:\nvnhf.exe96⤵
-
\??\c:\pxhvhd.exec:\pxhvhd.exe97⤵
-
\??\c:\ffbfx.exec:\ffbfx.exe98⤵
-
\??\c:\bvfpjl.exec:\bvfpjl.exe99⤵
-
\??\c:\fplxrhj.exec:\fplxrhj.exe100⤵
-
\??\c:\rnbrd.exec:\rnbrd.exe101⤵
-
\??\c:\rbndlv.exec:\rbndlv.exe102⤵
-
\??\c:\vdvpl.exec:\vdvpl.exe103⤵
-
\??\c:\dhlbnlr.exec:\dhlbnlr.exe104⤵
-
\??\c:\jxjblf.exec:\jxjblf.exe105⤵
-
\??\c:\jnhdn.exec:\jnhdn.exe106⤵
-
\??\c:\nxvhvb.exec:\nxvhvb.exe107⤵
-
\??\c:\rrjxvlh.exec:\rrjxvlh.exe108⤵
-
\??\c:\lbfftb.exec:\lbfftb.exe109⤵
-
\??\c:\dntnb.exec:\dntnb.exe110⤵
-
\??\c:\rbbbrv.exec:\rbbbrv.exe111⤵
-
\??\c:\bdjbtvx.exec:\bdjbtvx.exe112⤵
-
\??\c:\xnpptvb.exec:\xnpptvb.exe113⤵
-
\??\c:\hffvfx.exec:\hffvfx.exe114⤵
-
\??\c:\htpjn.exec:\htpjn.exe115⤵
-
\??\c:\lllfpn.exec:\lllfpn.exe116⤵
-
\??\c:\brxxx.exec:\brxxx.exe117⤵
-
\??\c:\rjbbhpj.exec:\rjbbhpj.exe118⤵
-
\??\c:\ndpxr.exec:\ndpxr.exe119⤵
-
\??\c:\btnjntj.exec:\btnjntj.exe120⤵
-
\??\c:\njhhjtb.exec:\njhhjtb.exe121⤵
-
\??\c:\vfftd.exec:\vfftd.exe122⤵
-
\??\c:\btfbdr.exec:\btfbdr.exe123⤵
-
\??\c:\dfbpfl.exec:\dfbpfl.exe124⤵
-
\??\c:\jjxxn.exec:\jjxxn.exe125⤵
-
\??\c:\dhpthv.exec:\dhpthv.exe126⤵
-
\??\c:\tdbhd.exec:\tdbhd.exe127⤵
-
\??\c:\pppbtvh.exec:\pppbtvh.exe128⤵
-
\??\c:\dfdvx.exec:\dfdvx.exe129⤵
-
\??\c:\tjfdv.exec:\tjfdv.exe130⤵
-
\??\c:\hnrnljn.exec:\hnrnljn.exe131⤵
-
\??\c:\thxdxrr.exec:\thxdxrr.exe132⤵
-
\??\c:\vpvtfxt.exec:\vpvtfxt.exe133⤵
-
\??\c:\pvhtdb.exec:\pvhtdb.exe134⤵
-
\??\c:\pxjhnjp.exec:\pxjhnjp.exe135⤵
-
\??\c:\jbrlj.exec:\jbrlj.exe136⤵
-
\??\c:\hjjnxp.exec:\hjjnxp.exe137⤵
-
\??\c:\rrtjbrv.exec:\rrtjbrv.exe138⤵
-
\??\c:\fvlbl.exec:\fvlbl.exe139⤵
-
\??\c:\xndxf.exec:\xndxf.exe140⤵
-
\??\c:\ftdpbxr.exec:\ftdpbxr.exe141⤵
-
\??\c:\tnvdbnp.exec:\tnvdbnp.exe142⤵
-
\??\c:\pdxbj.exec:\pdxbj.exe143⤵
-
\??\c:\jjxjbv.exec:\jjxjbv.exe144⤵
-
\??\c:\bdhfnjj.exec:\bdhfnjj.exe145⤵
-
\??\c:\fvhtr.exec:\fvhtr.exe146⤵
-
\??\c:\thjjv.exec:\thjjv.exe147⤵
-
\??\c:\blnvnj.exec:\blnvnj.exe148⤵
-
\??\c:\dvddn.exec:\dvddn.exe149⤵
-
\??\c:\rdtpv.exec:\rdtpv.exe150⤵
-
\??\c:\pjxdn.exec:\pjxdn.exe151⤵
-
\??\c:\pdbrr.exec:\pdbrr.exe152⤵
-
\??\c:\pfpjr.exec:\pfpjr.exe153⤵
-
\??\c:\hdljj.exec:\hdljj.exe154⤵
-
\??\c:\vjvhbhn.exec:\vjvhbhn.exe155⤵
-
\??\c:\nxrjrx.exec:\nxrjrx.exe156⤵
-
\??\c:\jvtnxr.exec:\jvtnxr.exe157⤵
-
\??\c:\hjpvnd.exec:\hjpvnd.exe158⤵
-
\??\c:\xhlvnxj.exec:\xhlvnxj.exe159⤵
-
\??\c:\fnvfr.exec:\fnvfr.exe160⤵
-
\??\c:\jjvnbf.exec:\jjvnbf.exe161⤵
-
\??\c:\fnlhjtp.exec:\fnlhjtp.exe162⤵
-
\??\c:\hbhtbtt.exec:\hbhtbtt.exe163⤵
-
\??\c:\pvvpx.exec:\pvvpx.exe164⤵
-
\??\c:\dfvvp.exec:\dfvvp.exe165⤵
-
\??\c:\vvtttnl.exec:\vvtttnl.exe166⤵
-
\??\c:\pdfvj.exec:\pdfvj.exe167⤵
-
\??\c:\fjbvdb.exec:\fjbvdb.exe168⤵
-
\??\c:\vlppj.exec:\vlppj.exe169⤵
-
\??\c:\xjlnfn.exec:\xjlnfn.exe170⤵
-
\??\c:\hhbxbbh.exec:\hhbxbbh.exe171⤵
-
\??\c:\xtvfd.exec:\xtvfd.exe172⤵
-
\??\c:\lpvxh.exec:\lpvxh.exe173⤵
-
\??\c:\bnrpdv.exec:\bnrpdv.exe174⤵
-
\??\c:\plhhh.exec:\plhhh.exe175⤵
-
\??\c:\nlvdrx.exec:\nlvdrx.exe176⤵
-
\??\c:\xbfll.exec:\xbfll.exe177⤵
-
\??\c:\thjhllf.exec:\thjhllf.exe178⤵
-
\??\c:\bxlrbr.exec:\bxlrbr.exe179⤵
-
\??\c:\bpffdf.exec:\bpffdf.exe180⤵
-
\??\c:\tldhb.exec:\tldhb.exe181⤵
-
\??\c:\pdrbl.exec:\pdrbl.exe182⤵
-
\??\c:\pxhpth.exec:\pxhpth.exe183⤵
-
\??\c:\jnflfh.exec:\jnflfh.exe184⤵
-
\??\c:\ndrlhvb.exec:\ndrlhvb.exe185⤵
-
\??\c:\ftfpdp.exec:\ftfpdp.exe186⤵
-
\??\c:\tdpvxpx.exec:\tdpvxpx.exe187⤵
-
\??\c:\pvxnfr.exec:\pvxnfr.exe188⤵
-
\??\c:\bvfnflp.exec:\bvfnflp.exe189⤵
-
\??\c:\bthpbhf.exec:\bthpbhf.exe190⤵
-
\??\c:\bfhbl.exec:\bfhbl.exe191⤵
-
\??\c:\nvtnlp.exec:\nvtnlp.exe192⤵
-
\??\c:\ppnjjt.exec:\ppnjjt.exe193⤵
-
\??\c:\hvbvpp.exec:\hvbvpp.exe194⤵
-
\??\c:\xllhdxf.exec:\xllhdxf.exe195⤵
-
\??\c:\rldtt.exec:\rldtt.exe196⤵
-
\??\c:\fdnltlx.exec:\fdnltlx.exe197⤵
-
\??\c:\tpvjr.exec:\tpvjr.exe198⤵
-
\??\c:\pbtlvxb.exec:\pbtlvxb.exe199⤵
-
\??\c:\hrthfpt.exec:\hrthfpt.exe200⤵
-
\??\c:\pdxvvr.exec:\pdxvvr.exe201⤵
-
\??\c:\tttrlb.exec:\tttrlb.exe202⤵
-
\??\c:\xvvtjf.exec:\xvvtjf.exe203⤵
-
\??\c:\pthljbp.exec:\pthljbp.exe204⤵
-
\??\c:\lvftr.exec:\lvftr.exe205⤵
-
\??\c:\jbhfvdx.exec:\jbhfvdx.exe206⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe207⤵
-
\??\c:\jdfpv.exec:\jdfpv.exe208⤵
-
\??\c:\rhblx.exec:\rhblx.exe209⤵
-
\??\c:\dptnb.exec:\dptnb.exe210⤵
-
\??\c:\rdljtrl.exec:\rdljtrl.exe211⤵
-
\??\c:\fjhrj.exec:\fjhrj.exe212⤵
-
\??\c:\dtvbnhf.exec:\dtvbnhf.exe213⤵
-
\??\c:\plpffdh.exec:\plpffdh.exe214⤵
-
\??\c:\fpjjf.exec:\fpjjf.exe215⤵
-
\??\c:\tdnfrb.exec:\tdnfrb.exe216⤵
-
\??\c:\tvldll.exec:\tvldll.exe217⤵
-
\??\c:\hxhbjtb.exec:\hxhbjtb.exe218⤵
-
\??\c:\bnhhrb.exec:\bnhhrb.exe219⤵
-
\??\c:\vjrrh.exec:\vjrrh.exe220⤵
-
\??\c:\jpvpb.exec:\jpvpb.exe221⤵
-
\??\c:\tdhjx.exec:\tdhjx.exe222⤵
-
\??\c:\vlpvv.exec:\vlpvv.exe223⤵
-
\??\c:\vppjffj.exec:\vppjffj.exe224⤵
-
\??\c:\pndnvnt.exec:\pndnvnt.exe225⤵
-
\??\c:\ftbdhjt.exec:\ftbdhjt.exe226⤵
-
\??\c:\hlvlt.exec:\hlvlt.exe227⤵
-
\??\c:\bxjhnb.exec:\bxjhnb.exe228⤵
-
\??\c:\xjvpl.exec:\xjvpl.exe229⤵
-
\??\c:\xhhvlp.exec:\xhhvlp.exe230⤵
-
\??\c:\vjpxrr.exec:\vjpxrr.exe231⤵
-
\??\c:\pfnlxd.exec:\pfnlxd.exe232⤵
-
\??\c:\nbnvhh.exec:\nbnvhh.exe233⤵
-
\??\c:\rvrttl.exec:\rvrttl.exe234⤵
-
\??\c:\hrhjrx.exec:\hrhjrx.exe235⤵
-
\??\c:\trnvpt.exec:\trnvpt.exe236⤵
-
\??\c:\dnjjxtv.exec:\dnjjxtv.exe237⤵
-
\??\c:\djflvjt.exec:\djflvjt.exe238⤵
-
\??\c:\jrrrjd.exec:\jrrrjd.exe239⤵
-
\??\c:\vfdnlhj.exec:\vfdnlhj.exe240⤵
-
\??\c:\vjnprfj.exec:\vjnprfj.exe241⤵