Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
20-05-2024 08:27
General
-
Target
df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe
-
Size
190KB
-
MD5
df4a2f0950fd5fd0232ebafb11bc79f0
-
SHA1
c7d9216b255bf48a667a7ffe05134b7954527a70
-
SHA256
296aba48d67da8c2fd5637e13c8636a0c56acfaa8e899e4ed9ea2f75ccbe1369
-
SHA512
3af1ee0096c24f07239bccb54fc2bd37de1ebf6594f52b3c2e75b75701c705b8249a43efc92bf1174923e4c222b61a57cdf2c56b7073f1359b45a175cedc6e73
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+k:Ycm4FmowdHoSLEaTBftapTsyFeOk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrff.exec:\lllrrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrllx.exec:\xrlrllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnh.exec:\nnnbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdj.exec:\djpdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhttt.exec:\bbhttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flxlrx.exec:\7flxlrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrxx.exec:\rlflrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjjv.exec:\1pjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfxxr.exec:\rrxfxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\tbttth.exec:\tbttth.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe19⤵
- Executes dropped EXE
-
\??\c:\rfrxrxf.exec:\rfrxrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\fxrlrxr.exec:\fxrlrxr.exe21⤵
- Executes dropped EXE
-
\??\c:\hnbhnt.exec:\hnbhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\xxflfxx.exec:\xxflfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe25⤵
- Executes dropped EXE
-
\??\c:\xxlllrr.exec:\xxlllrr.exe26⤵
- Executes dropped EXE
-
\??\c:\thbnbb.exec:\thbnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxffff.exec:\xfxffff.exe29⤵
- Executes dropped EXE
-
\??\c:\hntbnt.exec:\hntbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe31⤵
- Executes dropped EXE
-
\??\c:\rflrlfx.exec:\rflrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnttn.exec:\nhnttn.exe33⤵
- Executes dropped EXE
-
\??\c:\9pjjj.exec:\9pjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxxflf.exec:\rlxxflf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhnbt.exec:\tnhnbt.exe36⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe38⤵
- Executes dropped EXE
-
\??\c:\fffrrlx.exec:\fffrrlx.exe39⤵
- Executes dropped EXE
-
\??\c:\1nbntn.exec:\1nbntn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe42⤵
- Executes dropped EXE
-
\??\c:\rrflxxx.exec:\rrflxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\rxrfffl.exec:\rxrfffl.exe44⤵
- Executes dropped EXE
-
\??\c:\nnnhht.exec:\nnnhht.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\fllfxlr.exec:\fllfxlr.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlrxlx.exec:\lxlrxlx.exe48⤵
- Executes dropped EXE
-
\??\c:\hnbnbt.exec:\hnbnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\flllfxf.exec:\flllfxf.exe52⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\xfrfrfl.exec:\xfrfrfl.exe56⤵
- Executes dropped EXE
-
\??\c:\hnnnht.exec:\hnnnht.exe57⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\5pvvj.exec:\5pvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\llrflxl.exec:\llrflxl.exe61⤵
- Executes dropped EXE
-
\??\c:\3lxrrrr.exec:\3lxrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhnnh.exec:\nhhnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe65⤵
- Executes dropped EXE
-
\??\c:\flfxrfx.exec:\flfxrfx.exe66⤵
-
\??\c:\1nhthn.exec:\1nhthn.exe67⤵
-
\??\c:\nnntth.exec:\nnntth.exe68⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe69⤵
-
\??\c:\fflxlxx.exec:\fflxlxx.exe70⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe71⤵
-
\??\c:\3pddj.exec:\3pddj.exe72⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe73⤵
-
\??\c:\rxfrffx.exec:\rxfrffx.exe74⤵
-
\??\c:\5xrxffr.exec:\5xrxffr.exe75⤵
-
\??\c:\ntthtb.exec:\ntthtb.exe76⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe77⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe78⤵
-
\??\c:\xrflxxf.exec:\xrflxxf.exe79⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe80⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe81⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵
-
\??\c:\xrlfxfr.exec:\xrlfxfr.exe83⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe84⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe85⤵
-
\??\c:\5pvdp.exec:\5pvdp.exe86⤵
-
\??\c:\5llrxlr.exec:\5llrxlr.exe87⤵
-
\??\c:\9bbbnt.exec:\9bbbnt.exe88⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe89⤵
-
\??\c:\7pvdd.exec:\7pvdd.exe90⤵
-
\??\c:\fxxrxlf.exec:\fxxrxlf.exe91⤵
-
\??\c:\tbhbnb.exec:\tbhbnb.exe92⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe93⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe94⤵
-
\??\c:\lfffflr.exec:\lfffflr.exe95⤵
-
\??\c:\fxlllfr.exec:\fxlllfr.exe96⤵
-
\??\c:\nhntht.exec:\nhntht.exe97⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe98⤵
-
\??\c:\djvvj.exec:\djvvj.exe99⤵
-
\??\c:\rlxflxr.exec:\rlxflxr.exe100⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe101⤵
-
\??\c:\1bhhnt.exec:\1bhhnt.exe102⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe103⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe104⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe105⤵
-
\??\c:\3nbtnh.exec:\3nbtnh.exe106⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe107⤵
-
\??\c:\3djjd.exec:\3djjd.exe108⤵
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe109⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe110⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe111⤵
-
\??\c:\tthtth.exec:\tthtth.exe112⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe113⤵
-
\??\c:\lrfrflr.exec:\lrfrflr.exe114⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe115⤵
-
\??\c:\nthntn.exec:\nthntn.exe116⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe117⤵
-
\??\c:\lrrfxrr.exec:\lrrfxrr.exe118⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe119⤵
-
\??\c:\btntnn.exec:\btntnn.exe120⤵
-
\??\c:\5nbbhh.exec:\5nbbhh.exe121⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe122⤵
-
\??\c:\3rlrflr.exec:\3rlrflr.exe123⤵
-
\??\c:\rrfxxrf.exec:\rrfxxrf.exe124⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe125⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe126⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe127⤵
-
\??\c:\3lxlfrr.exec:\3lxlfrr.exe128⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe129⤵
-
\??\c:\nnnbhn.exec:\nnnbhn.exe130⤵
-
\??\c:\7vddd.exec:\7vddd.exe131⤵
-
\??\c:\1djpd.exec:\1djpd.exe132⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe133⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe134⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe135⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe136⤵
-
\??\c:\ffflfxx.exec:\ffflfxx.exe137⤵
-
\??\c:\frlffrl.exec:\frlffrl.exe138⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe139⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe140⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe141⤵
-
\??\c:\djvdj.exec:\djvdj.exe142⤵
-
\??\c:\flrrxfx.exec:\flrrxfx.exe143⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe144⤵
-
\??\c:\9btbht.exec:\9btbht.exe145⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe146⤵
-
\??\c:\3pvjv.exec:\3pvjv.exe147⤵
-
\??\c:\pvddv.exec:\pvddv.exe148⤵
-
\??\c:\dppjv.exec:\dppjv.exe149⤵
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe150⤵
-
\??\c:\llxfxlx.exec:\llxfxlx.exe151⤵
-
\??\c:\thbthh.exec:\thbthh.exe152⤵
-
\??\c:\djppv.exec:\djppv.exe153⤵
-
\??\c:\5lxxflx.exec:\5lxxflx.exe154⤵
-
\??\c:\xfxflrf.exec:\xfxflrf.exe155⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe156⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe157⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe158⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe159⤵
-
\??\c:\xrlffxl.exec:\xrlffxl.exe160⤵
-
\??\c:\xffxrfx.exec:\xffxrfx.exe161⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe162⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe163⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe164⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe165⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe166⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe167⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe168⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe169⤵
-
\??\c:\rrlrrxf.exec:\rrlrrxf.exe170⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe171⤵
-
\??\c:\5bthtt.exec:\5bthtt.exe172⤵
-
\??\c:\jjddj.exec:\jjddj.exe173⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe174⤵
-
\??\c:\5xllxff.exec:\5xllxff.exe175⤵
-
\??\c:\lfxxrrx.exec:\lfxxrrx.exe176⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe177⤵
-
\??\c:\dpddj.exec:\dpddj.exe178⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe179⤵
-
\??\c:\rxffrfx.exec:\rxffrfx.exe180⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe181⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe182⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe183⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe184⤵
-
\??\c:\lrlflrx.exec:\lrlflrx.exe185⤵
-
\??\c:\rfxxxrr.exec:\rfxxxrr.exe186⤵
-
\??\c:\3nhhtb.exec:\3nhhtb.exe187⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe188⤵
-
\??\c:\xflxxxr.exec:\xflxxxr.exe189⤵
-
\??\c:\fffrlff.exec:\fffrlff.exe190⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe191⤵
-
\??\c:\ntnbnb.exec:\ntnbnb.exe192⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe193⤵
-
\??\c:\pjddp.exec:\pjddp.exe194⤵
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe195⤵
-
\??\c:\llffxrf.exec:\llffxrf.exe196⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe197⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe198⤵
-
\??\c:\7dvpv.exec:\7dvpv.exe199⤵
-
\??\c:\pddpv.exec:\pddpv.exe200⤵
-
\??\c:\rlrfllx.exec:\rlrfllx.exe201⤵
-
\??\c:\fxffrfr.exec:\fxffrfr.exe202⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe203⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe204⤵
-
\??\c:\dddvp.exec:\dddvp.exe205⤵
-
\??\c:\xfrxlrx.exec:\xfrxlrx.exe206⤵
-
\??\c:\flfxflx.exec:\flfxflx.exe207⤵
-
\??\c:\bntbnh.exec:\bntbnh.exe208⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe209⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe210⤵
-
\??\c:\5fxlrxl.exec:\5fxlrxl.exe211⤵
-
\??\c:\fxrxffl.exec:\fxrxffl.exe212⤵
-
\??\c:\9nbtbb.exec:\9nbtbb.exe213⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe214⤵
-
\??\c:\9djjj.exec:\9djjj.exe215⤵
-
\??\c:\xxxrxrf.exec:\xxxrxrf.exe216⤵
-
\??\c:\hhtntn.exec:\hhtntn.exe217⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe218⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe219⤵
-
\??\c:\xrllxff.exec:\xrllxff.exe220⤵
-
\??\c:\xrlxrxf.exec:\xrlxrxf.exe221⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe222⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe223⤵
-
\??\c:\dddvj.exec:\dddvj.exe224⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe225⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe226⤵
-
\??\c:\xrrxxlf.exec:\xrrxxlf.exe227⤵
-
\??\c:\ntbbhb.exec:\ntbbhb.exe228⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe229⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe230⤵
-
\??\c:\lffxxxl.exec:\lffxxxl.exe231⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe232⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe233⤵
-
\??\c:\7jpdv.exec:\7jpdv.exe234⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe235⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe236⤵
-
\??\c:\frxxxfl.exec:\frxxxfl.exe237⤵
-
\??\c:\hnhntn.exec:\hnhntn.exe238⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe239⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe240⤵
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe241⤵