Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 08:27
General
-
Target
df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe
-
Size
190KB
-
MD5
df4a2f0950fd5fd0232ebafb11bc79f0
-
SHA1
c7d9216b255bf48a667a7ffe05134b7954527a70
-
SHA256
296aba48d67da8c2fd5637e13c8636a0c56acfaa8e899e4ed9ea2f75ccbe1369
-
SHA512
3af1ee0096c24f07239bccb54fc2bd37de1ebf6594f52b3c2e75b75701c705b8249a43efc92bf1174923e4c222b61a57cdf2c56b7073f1359b45a175cedc6e73
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+k:Ycm4FmowdHoSLEaTBftapTsyFeOk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\df4a2f0950fd5fd0232ebafb11bc79f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\86048.exec:\86048.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48288.exec:\48288.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2402840.exec:\2402840.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6680828.exec:\6680828.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u260640.exec:\u260640.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhtt.exec:\ntnhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6666840.exec:\6666840.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6644446.exec:\6644446.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfxl.exec:\xrrlfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllff.exec:\lrrllff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllxx.exec:\llrllxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\008082.exec:\008082.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbtn.exec:\bntbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlxx.exec:\fxrrlxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdd.exec:\5pjdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06822.exec:\06822.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhh.exec:\nhhbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\2620422.exec:\2620422.exe24⤵
- Executes dropped EXE
-
\??\c:\hnnbtn.exec:\hnnbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\bbnnhn.exec:\bbnnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe27⤵
- Executes dropped EXE
-
\??\c:\00066.exec:\00066.exe28⤵
- Executes dropped EXE
-
\??\c:\fffxflr.exec:\fffxflr.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\46408.exec:\46408.exe31⤵
- Executes dropped EXE
-
\??\c:\5tttnh.exec:\5tttnh.exe32⤵
- Executes dropped EXE
-
\??\c:\6000488.exec:\6000488.exe33⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe34⤵
- Executes dropped EXE
-
\??\c:\862206.exec:\862206.exe35⤵
- Executes dropped EXE
-
\??\c:\a6642.exec:\a6642.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe37⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhnnh.exec:\hbhnnh.exe39⤵
- Executes dropped EXE
-
\??\c:\408664.exec:\408664.exe40⤵
- Executes dropped EXE
-
\??\c:\4802288.exec:\4802288.exe41⤵
- Executes dropped EXE
-
\??\c:\3ttbth.exec:\3ttbth.exe42⤵
- Executes dropped EXE
-
\??\c:\28004.exec:\28004.exe43⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe44⤵
- Executes dropped EXE
-
\??\c:\tbbbht.exec:\tbbbht.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe46⤵
- Executes dropped EXE
-
\??\c:\42600.exec:\42600.exe47⤵
- Executes dropped EXE
-
\??\c:\lffrxlr.exec:\lffrxlr.exe48⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\tbntnn.exec:\tbntnn.exe52⤵
- Executes dropped EXE
-
\??\c:\flffxxx.exec:\flffxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\8860422.exec:\8860422.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\24004.exec:\24004.exe56⤵
- Executes dropped EXE
-
\??\c:\nntbbn.exec:\nntbbn.exe57⤵
- Executes dropped EXE
-
\??\c:\008482.exec:\008482.exe58⤵
- Executes dropped EXE
-
\??\c:\802040.exec:\802040.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\026446.exec:\026446.exe61⤵
- Executes dropped EXE
-
\??\c:\660606.exec:\660606.exe62⤵
- Executes dropped EXE
-
\??\c:\44480.exec:\44480.exe63⤵
- Executes dropped EXE
-
\??\c:\488066.exec:\488066.exe64⤵
- Executes dropped EXE
-
\??\c:\66466.exec:\66466.exe65⤵
- Executes dropped EXE
-
\??\c:\nttnnn.exec:\nttnnn.exe66⤵
-
\??\c:\xxxxrlf.exec:\xxxxrlf.exe67⤵
-
\??\c:\422208.exec:\422208.exe68⤵
-
\??\c:\8866206.exec:\8866206.exe69⤵
-
\??\c:\1hbhbh.exec:\1hbhbh.exe70⤵
-
\??\c:\fflfffx.exec:\fflfffx.exe71⤵
-
\??\c:\2244888.exec:\2244888.exe72⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe73⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe74⤵
-
\??\c:\bbtntn.exec:\bbtntn.exe75⤵
-
\??\c:\thtntb.exec:\thtntb.exe76⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe77⤵
-
\??\c:\44648.exec:\44648.exe78⤵
-
\??\c:\btttnn.exec:\btttnn.exe79⤵
-
\??\c:\2248006.exec:\2248006.exe80⤵
-
\??\c:\lrrxflf.exec:\lrrxflf.exe81⤵
-
\??\c:\40282.exec:\40282.exe82⤵
-
\??\c:\flfxrrf.exec:\flfxrrf.exe83⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe84⤵
-
\??\c:\1vppp.exec:\1vppp.exe85⤵
-
\??\c:\xrxfffl.exec:\xrxfffl.exe86⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe87⤵
-
\??\c:\8244880.exec:\8244880.exe88⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe89⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe90⤵
-
\??\c:\20822.exec:\20822.exe91⤵
-
\??\c:\xfrrlfx.exec:\xfrrlfx.exe92⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe93⤵
-
\??\c:\688822.exec:\688822.exe94⤵
-
\??\c:\622004.exec:\622004.exe95⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe96⤵
-
\??\c:\4844888.exec:\4844888.exe97⤵
-
\??\c:\682664.exec:\682664.exe98⤵
-
\??\c:\602422.exec:\602422.exe99⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe100⤵
-
\??\c:\q28622.exec:\q28622.exe101⤵
-
\??\c:\66222.exec:\66222.exe102⤵
-
\??\c:\04846.exec:\04846.exe103⤵
-
\??\c:\tnbbbn.exec:\tnbbbn.exe104⤵
-
\??\c:\42860.exec:\42860.exe105⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe106⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe107⤵
-
\??\c:\80282.exec:\80282.exe108⤵
-
\??\c:\6640600.exec:\6640600.exe109⤵
-
\??\c:\3xrxxxr.exec:\3xrxxxr.exe110⤵
-
\??\c:\jppvd.exec:\jppvd.exe111⤵
-
\??\c:\llllfrr.exec:\llllfrr.exe112⤵
-
\??\c:\llffrxf.exec:\llffrxf.exe113⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe114⤵
-
\??\c:\84400.exec:\84400.exe115⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe116⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe117⤵
-
\??\c:\u442648.exec:\u442648.exe118⤵
-
\??\c:\4260480.exec:\4260480.exe119⤵
-
\??\c:\64268.exec:\64268.exe120⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-