Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 18:53
General
-
Target
1b0d9c6ed23852de54ff9e18db778470_NeikiAnalytics.exe
-
Size
329KB
-
MD5
1b0d9c6ed23852de54ff9e18db778470
-
SHA1
b444e900fc5ab31a71564519bc3f00e84ebd9e9a
-
SHA256
9b256baffab58b009b05489e753e2c8aa8141411113c75d87fdc956a2070d87c
-
SHA512
ccd49b0566ed5ced043affcdbd8477883138406af7c7fc37dc0aae7be8e7a08a6c7f22211cbe00a6f3d65d6f400a4e374bca0716d8198256b191dc247413a337
-
SSDEEP
6144:3cm7ImGddXsJdJIjaRleL42bL37BoTPkhu9gX5yGsTshQc8R0nxA5ij8+RC7tPhh:F7Tc8JdSjylh2b77BoTMA9gX59sTsuTR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b0d9c6ed23852de54ff9e18db778470_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1b0d9c6ed23852de54ff9e18db778470_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtbh.exec:\nnbtbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxflfl.exec:\xxxflfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnn.exec:\tbbtnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtttb.exec:\bhtttb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbh.exec:\hnntbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnhbn.exec:\3tnhbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxff.exec:\fxlfxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfflxx.exec:\flfflxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnbb.exec:\nntnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhtt.exec:\hnhhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntnb.exec:\ntntnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxfl.exec:\xrllxfl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppd.exec:\pdppd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtbh.exec:\hhhtbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjjd.exec:\3jjjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxrxxl.exec:\lxxrxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\ffllfff.exec:\ffllfff.exe25⤵
- Executes dropped EXE
-
\??\c:\nbhtnn.exec:\nbhtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlllll.exec:\fxlllll.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbbth.exec:\hbbbth.exe29⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\djjpv.exec:\djjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\bbhnhn.exec:\bbhnhn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe33⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\fffflll.exec:\fffflll.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe37⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxxxrx.exec:\lxxxxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe42⤵
- Executes dropped EXE
-
\??\c:\bnhtth.exec:\bnhtth.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe44⤵
- Executes dropped EXE
-
\??\c:\frxllxf.exec:\frxllxf.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhhbt.exec:\tnhhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe47⤵
- Executes dropped EXE
-
\??\c:\xlffrll.exec:\xlffrll.exe48⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe49⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe50⤵
- Executes dropped EXE
-
\??\c:\xlrrrfl.exec:\xlrrrfl.exe51⤵
- Executes dropped EXE
-
\??\c:\hnhbhn.exec:\hnhbhn.exe52⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe53⤵
- Executes dropped EXE
-
\??\c:\rxlllxr.exec:\rxlllxr.exe54⤵
- Executes dropped EXE
-
\??\c:\nbtbbt.exec:\nbtbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrrllr.exec:\lfrrllr.exe59⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxrfl.exec:\rlxxrfl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhtbtb.exec:\hhtbtb.exe62⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe64⤵
- Executes dropped EXE
-
\??\c:\flfxlll.exec:\flfxlll.exe65⤵
- Executes dropped EXE
-
\??\c:\hnhbhn.exec:\hnhbhn.exe66⤵
-
\??\c:\llxrllf.exec:\llxrllf.exe67⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe68⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe69⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe70⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe71⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe72⤵
-
\??\c:\7bttbn.exec:\7bttbn.exe73⤵
-
\??\c:\5fllffl.exec:\5fllffl.exe74⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe75⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe76⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe77⤵
-
\??\c:\xxlfrxx.exec:\xxlfrxx.exe78⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe79⤵
-
\??\c:\flrxfrr.exec:\flrxfrr.exe80⤵
-
\??\c:\btnntb.exec:\btnntb.exe81⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe82⤵
-
\??\c:\djppj.exec:\djppj.exe83⤵
-
\??\c:\frlllrr.exec:\frlllrr.exe84⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe85⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe86⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe87⤵
-
\??\c:\hnntth.exec:\hnntth.exe88⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe89⤵
-
\??\c:\xfrrlrr.exec:\xfrrlrr.exe90⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe91⤵
-
\??\c:\bhbttb.exec:\bhbttb.exe92⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe93⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe94⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe95⤵
-
\??\c:\tbbhth.exec:\tbbhth.exe96⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe97⤵
-
\??\c:\rrrfrlr.exec:\rrrfrlr.exe98⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe99⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe100⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe101⤵
-
\??\c:\bttbhb.exec:\bttbhb.exe102⤵
-
\??\c:\5xfxrff.exec:\5xfxrff.exe103⤵
-
\??\c:\bbbnnn.exec:\bbbnnn.exe104⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe105⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe106⤵
-
\??\c:\bnntth.exec:\bnntth.exe107⤵
-
\??\c:\jvddd.exec:\jvddd.exe108⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe109⤵
-
\??\c:\rffllrx.exec:\rffllrx.exe110⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe111⤵
-
\??\c:\djvpj.exec:\djvpj.exe112⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe113⤵
-
\??\c:\hnbtht.exec:\hnbtht.exe114⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe115⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe116⤵
-
\??\c:\llfxfff.exec:\llfxfff.exe117⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe118⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe119⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe120⤵
-
\??\c:\frlrxlx.exec:\frlrxlx.exe121⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe122⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe123⤵
-
\??\c:\rxfflfx.exec:\rxfflfx.exe124⤵
-
\??\c:\xllflfr.exec:\xllflfr.exe125⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe126⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe127⤵
-
\??\c:\rxfxxff.exec:\rxfxxff.exe128⤵
-
\??\c:\thbhhh.exec:\thbhhh.exe129⤵
-
\??\c:\rfxxxrr.exec:\rfxxxrr.exe130⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe131⤵
-
\??\c:\btbttt.exec:\btbttt.exe132⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe133⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe134⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe135⤵
-
\??\c:\jppjd.exec:\jppjd.exe136⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe137⤵
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe138⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe139⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe140⤵
-
\??\c:\lfxxfff.exec:\lfxxfff.exe141⤵
-
\??\c:\9hhhnn.exec:\9hhhnn.exe142⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe143⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe144⤵
-
\??\c:\9thbnn.exec:\9thbnn.exe145⤵
-
\??\c:\ppppp.exec:\ppppp.exe146⤵
-
\??\c:\7vvvd.exec:\7vvvd.exe147⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe148⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe149⤵
-
\??\c:\jpddd.exec:\jpddd.exe150⤵
-
\??\c:\pvppj.exec:\pvppj.exe151⤵
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe152⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe153⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe154⤵
-
\??\c:\xfrxxlx.exec:\xfrxxlx.exe155⤵
-
\??\c:\fxllfll.exec:\fxllfll.exe156⤵
-
\??\c:\nntntt.exec:\nntntt.exe157⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe158⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe159⤵
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe160⤵
-
\??\c:\3hbbbb.exec:\3hbbbb.exe161⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe162⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe163⤵
-
\??\c:\ffrrrll.exec:\ffrrrll.exe164⤵
-
\??\c:\rlrlrrl.exec:\rlrlrrl.exe165⤵
-
\??\c:\bthhht.exec:\bthhht.exe166⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe167⤵
-
\??\c:\lxlfffl.exec:\lxlfffl.exe168⤵
-
\??\c:\llflffr.exec:\llflffr.exe169⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe170⤵
-
\??\c:\pppjp.exec:\pppjp.exe171⤵
-
\??\c:\lxlllxf.exec:\lxlllxf.exe172⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe173⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe174⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe175⤵
-
\??\c:\rrxrlff.exec:\rrxrlff.exe176⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe177⤵
-
\??\c:\jppjv.exec:\jppjv.exe178⤵
-
\??\c:\djppp.exec:\djppp.exe179⤵
-
\??\c:\rrfxxrf.exec:\rrfxxrf.exe180⤵
-
\??\c:\nntbnh.exec:\nntbnh.exe181⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe182⤵
-
\??\c:\xllfffr.exec:\xllfffr.exe183⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe184⤵
-
\??\c:\tnbttb.exec:\tnbttb.exe185⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe186⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe187⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe188⤵
-
\??\c:\hnbbtb.exec:\hnbbtb.exe189⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe190⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe191⤵
-
\??\c:\lxffxxf.exec:\lxffxxf.exe192⤵
-
\??\c:\nntttn.exec:\nntttn.exe193⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe194⤵
-
\??\c:\lfxxrxl.exec:\lfxxrxl.exe195⤵
-
\??\c:\5tntth.exec:\5tntth.exe196⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe197⤵
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe198⤵
-
\??\c:\pjddj.exec:\pjddj.exe199⤵
-
\??\c:\lrrrffx.exec:\lrrrffx.exe200⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe201⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe202⤵
-
\??\c:\1lrrlll.exec:\1lrrlll.exe203⤵
-
\??\c:\lffffrx.exec:\lffffrx.exe204⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe205⤵
-
\??\c:\lrxxllx.exec:\lrxxllx.exe206⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe207⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe208⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe209⤵
-
\??\c:\xxxrrxx.exec:\xxxrrxx.exe210⤵
-
\??\c:\bhhtnn.exec:\bhhtnn.exe211⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe212⤵
-
\??\c:\lfllrfr.exec:\lfllrfr.exe213⤵
-
\??\c:\tntthn.exec:\tntthn.exe214⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe215⤵
-
\??\c:\1ffrrll.exec:\1ffrrll.exe216⤵
-
\??\c:\hnbnnn.exec:\hnbnnn.exe217⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe218⤵
-
\??\c:\lrlrlrx.exec:\lrlrlrx.exe219⤵
-
\??\c:\tbhhbn.exec:\tbhhbn.exe220⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe221⤵
-
\??\c:\9rflrll.exec:\9rflrll.exe222⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe223⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe224⤵
-
\??\c:\pdppj.exec:\pdppj.exe225⤵
-
\??\c:\nnnnnh.exec:\nnnnnh.exe226⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe227⤵
-
\??\c:\3lxrxxf.exec:\3lxrxxf.exe228⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe229⤵
-
\??\c:\bthnht.exec:\bthnht.exe230⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe231⤵
-
\??\c:\7tttth.exec:\7tttth.exe232⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe233⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe234⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe235⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe236⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe237⤵
-
\??\c:\fxrlffl.exec:\fxrlffl.exe238⤵
-
\??\c:\httthh.exec:\httthh.exe239⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe240⤵
-
\??\c:\flxlffx.exec:\flxlffx.exe241⤵