Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22-05-2024 04:07
General
-
Target
1ae466e8564aee7c6498f1e6e533dde0_NeikiAnalytics.exe
-
Size
441KB
-
MD5
1ae466e8564aee7c6498f1e6e533dde0
-
SHA1
7923159b58bce1aaf5af11afebac476d5dab7c20
-
SHA256
03df51a6b1bf2723485e07381b545b7fdbad8e850e923e72c3efcd37386b68ba
-
SHA512
d375f1180a74ee25ca03884252b477df5cc0980a28cb6064789d771e1d3f6a67619858040b201d82bae83a97b087e156686994b1d1a48718bc014a6746bfaf18
-
SSDEEP
12288:w4wFHoS9KxbNnidEhjEJd1kNpeUgI95yRoZHVaoJMOxFXnRV4PiGO0hUmH7:kKxbNndhjEJd1kNpeUgI95yRoZHgoJMx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 33 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ae466e8564aee7c6498f1e6e533dde0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ae466e8564aee7c6498f1e6e533dde0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnb.exec:\nhhnnb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhtb.exec:\7nbhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxrxl.exec:\9llxrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbhh.exec:\thtbhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdj.exec:\djpdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbt.exec:\nhnbbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppvj.exec:\5ppvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrfxx.exec:\rfrrfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntt.exec:\tthntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrffr.exec:\lrfrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnn.exec:\bttbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrxfl.exec:\5lrrxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhtb.exec:\3nhhtb.exe17⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe18⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe19⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\xlrfxlf.exec:\xlrfxlf.exe21⤵
- Executes dropped EXE
-
\??\c:\htnthn.exec:\htnthn.exe22⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe23⤵
- Executes dropped EXE
-
\??\c:\1bnnnh.exec:\1bnnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\5flrxxf.exec:\5flrxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\bbtbnb.exec:\bbtbnb.exe27⤵
- Executes dropped EXE
-
\??\c:\rrllxfl.exec:\rrllxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\7httbb.exec:\7httbb.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhntb.exec:\nbhntb.exe31⤵
- Executes dropped EXE
-
\??\c:\5dvjd.exec:\5dvjd.exe32⤵
- Executes dropped EXE
-
\??\c:\hbttbn.exec:\hbttbn.exe33⤵
- Executes dropped EXE
-
\??\c:\1vvdj.exec:\1vvdj.exe34⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe37⤵
- Executes dropped EXE
-
\??\c:\5vppp.exec:\5vppp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlxllr.exec:\lxlxllr.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrffxl.exec:\fxrffxl.exe40⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\rxrrlrl.exec:\rxrrlrl.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\3nhbbt.exec:\3nhbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\lffrrrl.exec:\lffrrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\1nbnnb.exec:\1nbnnb.exe48⤵
- Executes dropped EXE
-
\??\c:\hhhnnt.exec:\hhhnnt.exe49⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe50⤵
- Executes dropped EXE
-
\??\c:\frllrrl.exec:\frllrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe53⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxxxlr.exec:\lfxxxlr.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhnbb.exec:\bnhnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pddpp.exec:\pddpp.exe57⤵
- Executes dropped EXE
-
\??\c:\lllrxlf.exec:\lllrxlf.exe58⤵
- Executes dropped EXE
-
\??\c:\3lxrrrx.exec:\3lxrrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtbbh.exec:\bbtbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\frlrrlr.exec:\frlrrlr.exe62⤵
- Executes dropped EXE
-
\??\c:\xlffrxx.exec:\xlffrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\frllxxf.exec:\frllxxf.exe66⤵
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe67⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe68⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe69⤵
-
\??\c:\5fflffl.exec:\5fflffl.exe70⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe71⤵
-
\??\c:\ntnbth.exec:\ntnbth.exe72⤵
-
\??\c:\djvdd.exec:\djvdd.exe73⤵
-
\??\c:\rlflllr.exec:\rlflllr.exe74⤵
-
\??\c:\9nhnbb.exec:\9nhnbb.exe75⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe76⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe77⤵
-
\??\c:\rfxrxxf.exec:\rfxrxxf.exe78⤵
-
\??\c:\1lllrrr.exec:\1lllrrr.exe79⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe80⤵
-
\??\c:\1rlxxfl.exec:\1rlxxfl.exe81⤵
-
\??\c:\lfrlrxl.exec:\lfrlrxl.exe82⤵
-
\??\c:\3tbthb.exec:\3tbthb.exe83⤵
-
\??\c:\djvvj.exec:\djvvj.exe84⤵
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe85⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe86⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe87⤵
-
\??\c:\pjddj.exec:\pjddj.exe88⤵
-
\??\c:\7jddp.exec:\7jddp.exe89⤵
-
\??\c:\llflllr.exec:\llflllr.exe90⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe91⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe92⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe93⤵
-
\??\c:\lfrrrlx.exec:\lfrrrlx.exe94⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe95⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe96⤵
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe97⤵
-
\??\c:\xxlxlxr.exec:\xxlxlxr.exe98⤵
-
\??\c:\bnthhb.exec:\bnthhb.exe99⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe100⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe101⤵
-
\??\c:\5rllxlr.exec:\5rllxlr.exe102⤵
-
\??\c:\ttbtbn.exec:\ttbtbn.exe103⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe104⤵
-
\??\c:\1rfllxx.exec:\1rfllxx.exe105⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe106⤵
-
\??\c:\7nbhhh.exec:\7nbhhh.exe107⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe108⤵
-
\??\c:\fxrxrxr.exec:\fxrxrxr.exe109⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe110⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe111⤵
-
\??\c:\ffrrlll.exec:\ffrrlll.exe112⤵
-
\??\c:\7rlfllr.exec:\7rlfllr.exe113⤵
-
\??\c:\nnbhth.exec:\nnbhth.exe114⤵
-
\??\c:\dvppp.exec:\dvppp.exe115⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe116⤵
-
\??\c:\xlllrrx.exec:\xlllrrx.exe117⤵
-
\??\c:\dpddv.exec:\dpddv.exe118⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe119⤵
-
\??\c:\xxxlxrf.exec:\xxxlxrf.exe120⤵
-
\??\c:\htnbhh.exec:\htnbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-