Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 18:15
General
-
Target
1239f186c38b31a8a149c378ad5d9210_NeikiAnalytics.exe
-
Size
398KB
-
MD5
1239f186c38b31a8a149c378ad5d9210
-
SHA1
ffbd9a9860cd9f9df4ffbcbf43e29d2336967f8f
-
SHA256
dc6353745cd10375095e5682eed502ec4b25f18239df149b0dfc4e59a903388f
-
SHA512
0bb3b6ed17a25a070c81863844f00bc5ad93d3671c401199432c7f11320cc9f3ee67c1ef3d20d311d8564c47d5d7089e0fb1e6b5fb310e98417b057ad9aaba2f
-
SSDEEP
12288:Q4wFHoSqRyddW7xJCc5TugZKS9sUvkclI0/RTk:BRyLWFMu91RlI0/RTk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1239f186c38b31a8a149c378ad5d9210_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1239f186c38b31a8a149c378ad5d9210_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnnn.exec:\tnbnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhnbb.exec:\5hhnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfrxf.exec:\fllfrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbh.exec:\btbbbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrfx.exec:\xfllrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbth.exec:\bbnbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtthn.exec:\hbtthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffrlxl.exec:\3ffrlxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhntt.exec:\bbhntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdv.exec:\jdpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrffrf.exec:\xlrffrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhnn.exec:\ntnhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe19⤵
- Executes dropped EXE
-
\??\c:\7bbhtt.exec:\7bbhtt.exe20⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\lrlrllf.exec:\lrlrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe25⤵
- Executes dropped EXE
-
\??\c:\1rlxllr.exec:\1rlxllr.exe26⤵
- Executes dropped EXE
-
\??\c:\9hhbth.exec:\9hhbth.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxflxf.exec:\lfxflxf.exe29⤵
- Executes dropped EXE
-
\??\c:\9bhttb.exec:\9bhttb.exe30⤵
- Executes dropped EXE
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrfllr.exec:\ffrfllr.exe32⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe33⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrfllx.exec:\lfrfllx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbthhh.exec:\bbthhh.exe36⤵
- Executes dropped EXE
-
\??\c:\djdjv.exec:\djdjv.exe37⤵
- Executes dropped EXE
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe40⤵
- Executes dropped EXE
-
\??\c:\rfllrlx.exec:\rfllrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\1ntbht.exec:\1ntbht.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe43⤵
- Executes dropped EXE
-
\??\c:\fflxffr.exec:\fflxffr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnnbnt.exec:\hnnbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe46⤵
- Executes dropped EXE
-
\??\c:\flxxllx.exec:\flxxllx.exe47⤵
- Executes dropped EXE
-
\??\c:\9xrfllx.exec:\9xrfllx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe51⤵
- Executes dropped EXE
-
\??\c:\bbbhnn.exec:\bbbhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\9vdpj.exec:\9vdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\rllxfrl.exec:\rllxfrl.exe54⤵
- Executes dropped EXE
-
\??\c:\rxrffxl.exec:\rxrffxl.exe55⤵
- Executes dropped EXE
-
\??\c:\7tnnbb.exec:\7tnnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\7ntntb.exec:\7ntntb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe60⤵
- Executes dropped EXE
-
\??\c:\xxffffr.exec:\xxffffr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtntb.exec:\hbtntb.exe62⤵
- Executes dropped EXE
-
\??\c:\9bbhnh.exec:\9bbhnh.exe63⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe64⤵
- Executes dropped EXE
-
\??\c:\1rfrxxl.exec:\1rfrxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe66⤵
-
\??\c:\jjddd.exec:\jjddd.exe67⤵
-
\??\c:\frrrxfx.exec:\frrrxfx.exe68⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe69⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe70⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe71⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe72⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe73⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe74⤵
-
\??\c:\xxrxxfr.exec:\xxrxxfr.exe75⤵
-
\??\c:\fxllxxl.exec:\fxllxxl.exe76⤵
-
\??\c:\bnbbnb.exec:\bnbbnb.exe77⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe78⤵
-
\??\c:\lfflrxf.exec:\lfflrxf.exe79⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe80⤵
-
\??\c:\ttnhnt.exec:\ttnhnt.exe81⤵
-
\??\c:\5ppvd.exec:\5ppvd.exe82⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe83⤵
-
\??\c:\tnhbnt.exec:\tnhbnt.exe84⤵
-
\??\c:\thbhht.exec:\thbhht.exe85⤵
-
\??\c:\5jddv.exec:\5jddv.exe86⤵
-
\??\c:\1fllffx.exec:\1fllffx.exe87⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe88⤵
-
\??\c:\3hnnnn.exec:\3hnnnn.exe89⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe90⤵
-
\??\c:\fxllrfl.exec:\fxllrfl.exe91⤵
-
\??\c:\xxfxflr.exec:\xxfxflr.exe92⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe93⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe94⤵
-
\??\c:\flfflrf.exec:\flfflrf.exe95⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe96⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe97⤵
-
\??\c:\pjddj.exec:\pjddj.exe98⤵
-
\??\c:\5flrxlx.exec:\5flrxlx.exe99⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe100⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe101⤵
-
\??\c:\jddjv.exec:\jddjv.exe102⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe103⤵
-
\??\c:\tbnntb.exec:\tbnntb.exe104⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe105⤵
-
\??\c:\pjddp.exec:\pjddp.exe106⤵
-
\??\c:\lrfflrf.exec:\lrfflrf.exe107⤵
-
\??\c:\thhhtn.exec:\thhhtn.exe108⤵
-
\??\c:\1jddd.exec:\1jddd.exe109⤵
-
\??\c:\xxflrrr.exec:\xxflrrr.exe110⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe111⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe112⤵
-
\??\c:\bnbbbt.exec:\bnbbbt.exe113⤵
-
\??\c:\jjddd.exec:\jjddd.exe114⤵
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe115⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe116⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe117⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe118⤵
-
\??\c:\xrlllff.exec:\xrlllff.exe119⤵
-
\??\c:\rrllllr.exec:\rrllllr.exe120⤵
-
\??\c:\bhnhnn.exec:\bhnhnn.exe121⤵
-
\??\c:\rlxfxfl.exec:\rlxfxfl.exe122⤵
-
\??\c:\nbnthn.exec:\nbnthn.exe123⤵
-
\??\c:\7httbt.exec:\7httbt.exe124⤵
-
\??\c:\9pppp.exec:\9pppp.exe125⤵
-
\??\c:\dvppp.exec:\dvppp.exe126⤵
-
\??\c:\1rlxxxf.exec:\1rlxxxf.exe127⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe128⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe129⤵
-
\??\c:\5djjv.exec:\5djjv.exe130⤵
-
\??\c:\lxrfrxx.exec:\lxrfrxx.exe131⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe132⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe133⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe134⤵
-
\??\c:\9frxxxf.exec:\9frxxxf.exe135⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe136⤵
-
\??\c:\3nhnbb.exec:\3nhnbb.exe137⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe138⤵
-
\??\c:\lxlrxlx.exec:\lxlrxlx.exe139⤵
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe140⤵
-
\??\c:\bbnbbh.exec:\bbnbbh.exe141⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe142⤵
-
\??\c:\djdvd.exec:\djdvd.exe143⤵
-
\??\c:\1lxflrf.exec:\1lxflrf.exe144⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe145⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe146⤵
-
\??\c:\fxxflll.exec:\fxxflll.exe147⤵
-
\??\c:\fxfxxfl.exec:\fxfxxfl.exe148⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe149⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe150⤵
-
\??\c:\3pvjj.exec:\3pvjj.exe151⤵
-
\??\c:\rxrxllx.exec:\rxrxllx.exe152⤵
-
\??\c:\xxrlfrf.exec:\xxrlfrf.exe153⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe154⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe155⤵
-
\??\c:\vpddj.exec:\vpddj.exe156⤵
-
\??\c:\xxlffxx.exec:\xxlffxx.exe157⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe158⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe159⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe160⤵
-
\??\c:\xfxxrxl.exec:\xfxxrxl.exe161⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe162⤵
-
\??\c:\7jjjj.exec:\7jjjj.exe163⤵
-
\??\c:\pvdjp.exec:\pvdjp.exe164⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe165⤵
-
\??\c:\rlfrffl.exec:\rlfrffl.exe166⤵
-
\??\c:\7htthb.exec:\7htthb.exe167⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe168⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe169⤵
-
\??\c:\1xflfrf.exec:\1xflfrf.exe170⤵
-
\??\c:\nhhbnt.exec:\nhhbnt.exe171⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe172⤵
-
\??\c:\dppdv.exec:\dppdv.exe173⤵
-
\??\c:\3rfxxrf.exec:\3rfxxrf.exe174⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe175⤵
-
\??\c:\bhbbnt.exec:\bhbbnt.exe176⤵
-
\??\c:\vvppj.exec:\vvppj.exe177⤵
-
\??\c:\9frrxxl.exec:\9frrxxl.exe178⤵
-
\??\c:\rlllxlx.exec:\rlllxlx.exe179⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe180⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe181⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe182⤵
-
\??\c:\rrrxfxf.exec:\rrrxfxf.exe183⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe184⤵
-
\??\c:\7jjpd.exec:\7jjpd.exe185⤵
-
\??\c:\pddvd.exec:\pddvd.exe186⤵
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe187⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe188⤵
-
\??\c:\bhhntb.exec:\bhhntb.exe189⤵
-
\??\c:\9pppd.exec:\9pppd.exe190⤵
-
\??\c:\fllxfrx.exec:\fllxfrx.exe191⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe192⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe193⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe194⤵
-
\??\c:\rxrfxlx.exec:\rxrfxlx.exe195⤵
-
\??\c:\lfxxfff.exec:\lfxxfff.exe196⤵
-
\??\c:\tbthbh.exec:\tbthbh.exe197⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe198⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe199⤵
-
\??\c:\lfxxxlr.exec:\lfxxxlr.exe200⤵
-
\??\c:\frlrflx.exec:\frlrflx.exe201⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe202⤵
-
\??\c:\djjpd.exec:\djjpd.exe203⤵
-
\??\c:\fxlxllr.exec:\fxlxllr.exe204⤵
-
\??\c:\ffxrlrl.exec:\ffxrlrl.exe205⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe206⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe207⤵
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe208⤵
-
\??\c:\lllxlrr.exec:\lllxlrr.exe209⤵
-
\??\c:\hnhnnh.exec:\hnhnnh.exe210⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe211⤵
-
\??\c:\3rllllr.exec:\3rllllr.exe212⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe213⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe214⤵
-
\??\c:\vdpvd.exec:\vdpvd.exe215⤵
-
\??\c:\3fxxxxx.exec:\3fxxxxx.exe216⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe217⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe218⤵
-
\??\c:\9vppp.exec:\9vppp.exe219⤵
-
\??\c:\xlxxflr.exec:\xlxxflr.exe220⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe221⤵
-
\??\c:\hnhhtb.exec:\hnhhtb.exe222⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe223⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe224⤵
-
\??\c:\lfxllll.exec:\lfxllll.exe225⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe226⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe227⤵
-
\??\c:\3vdjp.exec:\3vdjp.exe228⤵
-
\??\c:\xxrxllx.exec:\xxrxllx.exe229⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe230⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe231⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe232⤵
-
\??\c:\9xlfrrf.exec:\9xlfrrf.exe233⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe234⤵
-
\??\c:\7tnhnn.exec:\7tnhnn.exe235⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe236⤵
-
\??\c:\pjddj.exec:\pjddj.exe237⤵
-
\??\c:\frlflff.exec:\frlflff.exe238⤵
-
\??\c:\7hbhnn.exec:\7hbhnn.exe239⤵
-
\??\c:\vddpj.exec:\vddpj.exe240⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe241⤵