Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:48
Behavioral task
behavioral1
Sample
7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe
-
Size
464KB
-
MD5
7bb17cabea901dbb0ab4785784d6ef60
-
SHA1
affed099124edf1874b2ff9f6790f3a06d0bea2c
-
SHA256
1aa76144adcdaf4cb115c59953a01b36bd05e547da523b733c91bb9c29edd947
-
SHA512
1d391bc543bb3e29091d308ee31e5a960243fe851ae21dac4ff1be3fb63dd78e75f3b394b943e3eec280adc17f2aaafe404de8e80736a4ba06709cbab25dca42
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1VS:VeR0oykayRFp3lztP+OKaf1VS
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1480-8-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1632-6-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4852-19-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4316-26-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/60-30-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/220-37-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1280-40-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3220-45-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5076-55-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4412-69-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2480-68-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4468-79-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2020-96-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1736-110-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3948-124-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1240-137-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1560-144-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2212-149-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1452-156-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1800-162-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2488-164-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/228-174-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3672-181-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4408-193-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5032-203-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4200-214-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1132-218-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/64-229-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3404-233-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4196-238-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4544-247-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/888-257-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2388-277-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2640-290-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1036-294-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3948-301-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1200-314-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4984-332-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4912-336-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1252-341-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2980-348-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1752-355-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3984-364-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3220-391-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3116-414-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4612-420-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/636-440-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3652-445-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1452-472-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3124-506-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5016-513-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3832-523-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2224-540-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3632-553-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4328-628-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5016-643-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5076-649-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3128-686-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1960-696-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2072-700-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4928-799-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4540-842-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/868-868-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2028-934-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/memory/1632-0-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x0007000000023278-3.dat family_berbew behavioral2/memory/1480-8-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00080000000233b6-10.dat family_berbew behavioral2/memory/4852-13-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/1632-6-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233ba-14.dat family_berbew behavioral2/memory/4316-20-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4852-19-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233bb-23.dat family_berbew behavioral2/memory/4316-26-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233bc-29.dat family_berbew behavioral2/memory/60-30-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/220-32-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233bd-35.dat family_berbew behavioral2/memory/220-37-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/1280-40-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233be-42.dat family_berbew behavioral2/memory/3220-45-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233bf-48.dat family_berbew behavioral2/files/0x00070000000233c0-53.dat family_berbew behavioral2/memory/5076-55-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233c2-59.dat family_berbew behavioral2/files/0x00070000000233c3-64.dat family_berbew behavioral2/files/0x00070000000233c4-71.dat family_berbew behavioral2/memory/4412-69-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/2480-68-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00080000000233b7-77.dat family_berbew behavioral2/memory/4468-79-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233c5-84.dat family_berbew behavioral2/files/0x00070000000233c6-88.dat family_berbew behavioral2/memory/1096-90-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233c8-93.dat family_berbew behavioral2/memory/2020-96-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233c9-99.dat family_berbew behavioral2/memory/1736-110-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233cb-111.dat family_berbew behavioral2/files/0x00070000000233cc-116.dat family_berbew behavioral2/files/0x00070000000233cd-121.dat family_berbew behavioral2/files/0x00070000000233ce-127.dat family_berbew behavioral2/memory/3948-124-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233ca-106.dat family_berbew behavioral2/files/0x00070000000233cf-131.dat family_berbew behavioral2/files/0x00070000000233d0-138.dat family_berbew behavioral2/memory/1240-137-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/1560-144-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d1-145.dat family_berbew behavioral2/memory/2212-149-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d2-150.dat family_berbew behavioral2/memory/1452-156-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d3-157.dat family_berbew behavioral2/memory/1800-162-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d4-161.dat family_berbew behavioral2/memory/2488-164-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d5-168.dat family_berbew behavioral2/files/0x00070000000233d6-172.dat family_berbew behavioral2/memory/228-174-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d7-178.dat family_berbew behavioral2/memory/3672-181-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/files/0x00070000000233d8-184.dat family_berbew behavioral2/memory/4408-193-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/5032-203-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/4200-214-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew behavioral2/memory/1132-218-0x0000000000400000-0x000000000043A000-memory.dmp family_berbew -
Executes dropped EXE 64 IoCs
pid Process 1480 rlfxrrl.exe 4852 bhnbtn.exe 4316 xlrrlfx.exe 60 1thtnn.exe 220 vppjj.exe 1280 ddvdv.exe 3220 xlrllll.exe 5076 xrllrll.exe 4536 tbnhbb.exe 4412 7flfxxl.exe 2480 nnbtth.exe 4484 3vdjv.exe 4468 lrrllrx.exe 3980 llllxxf.exe 1096 bttnnt.exe 2020 lffxrrl.exe 3748 btbnnb.exe 1736 xrxxfff.exe 1080 7nhhbh.exe 836 djddj.exe 3948 3flfxxl.exe 4480 bhnttb.exe 1240 5rxrlll.exe 1560 tbtnnh.exe 2212 dpvpp.exe 1452 frxxrll.exe 1800 jpjjd.exe 2488 httnhb.exe 228 ffffxrf.exe 2672 1jdpv.exe 3672 xrxrllf.exe 316 5jpjd.exe 4408 dpjdp.exe 5036 bttnhh.exe 640 vpppd.exe 5032 rlffllf.exe 1828 tnbnnh.exe 3444 9pjdd.exe 4644 3lrlffr.exe 4200 bbbnbt.exe 1132 vvpjj.exe 2344 rrffxxx.exe 64 7hnnnt.exe 3404 vjjdj.exe 2384 rlxxlrr.exe 4196 jvpjv.exe 3388 ppjdv.exe 4544 tthhnb.exe 2164 djppp.exe 4792 3lrlllr.exe 1616 hnnhtt.exe 888 rrxrxxf.exe 2816 xxfxxff.exe 4568 httbbt.exe 2772 pdvvp.exe 4748 lxlfxxr.exe 4416 hnbttt.exe 2388 jjppj.exe 920 fxllllf.exe 1960 1lrrlll.exe 2056 tnttnt.exe 2640 jvdpp.exe 1036 xflffxr.exe 3948 tntnnt.exe -
resource yara_rule behavioral2/memory/1632-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023278-3.dat upx behavioral2/memory/1480-8-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00080000000233b6-10.dat upx behavioral2/memory/4852-13-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1632-6-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233ba-14.dat upx behavioral2/memory/4316-20-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4852-19-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233bb-23.dat upx behavioral2/memory/4316-26-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233bc-29.dat upx behavioral2/memory/60-30-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/220-32-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233bd-35.dat upx behavioral2/memory/220-37-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1280-40-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233be-42.dat upx behavioral2/memory/3220-45-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233bf-48.dat upx behavioral2/files/0x00070000000233c0-53.dat upx behavioral2/memory/5076-55-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233c2-59.dat upx behavioral2/files/0x00070000000233c3-64.dat upx behavioral2/files/0x00070000000233c4-71.dat upx behavioral2/memory/4412-69-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2480-68-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00080000000233b7-77.dat upx behavioral2/memory/4468-79-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233c5-84.dat upx behavioral2/files/0x00070000000233c6-88.dat upx behavioral2/memory/1096-90-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233c8-93.dat upx behavioral2/memory/2020-96-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233c9-99.dat upx behavioral2/memory/1736-110-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233cb-111.dat upx behavioral2/files/0x00070000000233cc-116.dat upx behavioral2/files/0x00070000000233cd-121.dat upx behavioral2/files/0x00070000000233ce-127.dat upx behavioral2/memory/3948-124-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233ca-106.dat upx behavioral2/files/0x00070000000233cf-131.dat upx behavioral2/files/0x00070000000233d0-138.dat upx behavioral2/memory/1240-137-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1560-144-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d1-145.dat upx behavioral2/memory/2212-149-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d2-150.dat upx behavioral2/memory/1452-156-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d3-157.dat upx behavioral2/memory/1800-162-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d4-161.dat upx behavioral2/memory/2488-164-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d5-168.dat upx behavioral2/files/0x00070000000233d6-172.dat upx behavioral2/memory/228-174-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d7-178.dat upx behavioral2/memory/3672-181-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x00070000000233d8-184.dat upx behavioral2/memory/4408-193-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/5032-203-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4200-214-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1132-218-0x0000000000400000-0x000000000043A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 1480 1632 7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe 82 PID 1632 wrote to memory of 1480 1632 7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe 82 PID 1632 wrote to memory of 1480 1632 7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe 82 PID 1480 wrote to memory of 4852 1480 rlfxrrl.exe 83 PID 1480 wrote to memory of 4852 1480 rlfxrrl.exe 83 PID 1480 wrote to memory of 4852 1480 rlfxrrl.exe 83 PID 4852 wrote to memory of 4316 4852 bhnbtn.exe 84 PID 4852 wrote to memory of 4316 4852 bhnbtn.exe 84 PID 4852 wrote to memory of 4316 4852 bhnbtn.exe 84 PID 4316 wrote to memory of 60 4316 xlrrlfx.exe 85 PID 4316 wrote to memory of 60 4316 xlrrlfx.exe 85 PID 4316 wrote to memory of 60 4316 xlrrlfx.exe 85 PID 60 wrote to memory of 220 60 1thtnn.exe 86 PID 60 wrote to memory of 220 60 1thtnn.exe 86 PID 60 wrote to memory of 220 60 1thtnn.exe 86 PID 220 wrote to memory of 1280 220 vppjj.exe 87 PID 220 wrote to memory of 1280 220 vppjj.exe 87 PID 220 wrote to memory of 1280 220 vppjj.exe 87 PID 1280 wrote to memory of 3220 1280 ddvdv.exe 88 PID 1280 wrote to memory of 3220 1280 ddvdv.exe 88 PID 1280 wrote to memory of 3220 1280 ddvdv.exe 88 PID 3220 wrote to memory of 5076 3220 xlrllll.exe 89 PID 3220 wrote to memory of 5076 3220 xlrllll.exe 89 PID 3220 wrote to memory of 5076 3220 xlrllll.exe 89 PID 5076 wrote to memory of 4536 5076 xrllrll.exe 90 PID 5076 wrote to memory of 4536 5076 xrllrll.exe 90 PID 5076 wrote to memory of 4536 5076 xrllrll.exe 90 PID 4536 wrote to memory of 4412 4536 tbnhbb.exe 91 PID 4536 wrote to memory of 4412 4536 tbnhbb.exe 91 PID 4536 wrote to memory of 4412 4536 tbnhbb.exe 91 PID 4412 wrote to memory of 2480 4412 7flfxxl.exe 92 PID 4412 wrote to memory of 2480 4412 7flfxxl.exe 92 PID 4412 wrote to memory of 2480 4412 7flfxxl.exe 92 PID 2480 wrote to memory of 4484 2480 nnbtth.exe 93 PID 2480 wrote to memory of 4484 2480 nnbtth.exe 93 PID 2480 wrote to memory of 4484 2480 nnbtth.exe 93 PID 4484 wrote to memory of 4468 4484 3vdjv.exe 95 PID 4484 wrote to memory of 4468 4484 3vdjv.exe 95 PID 4484 wrote to memory of 4468 4484 3vdjv.exe 95 PID 4468 wrote to memory of 3980 4468 lrrllrx.exe 96 PID 4468 wrote to memory of 3980 4468 lrrllrx.exe 96 PID 4468 wrote to memory of 3980 4468 lrrllrx.exe 96 PID 3980 wrote to memory of 1096 3980 llllxxf.exe 97 PID 3980 wrote to memory of 1096 3980 llllxxf.exe 97 PID 3980 wrote to memory of 1096 3980 llllxxf.exe 97 PID 1096 wrote to memory of 2020 1096 bttnnt.exe 98 PID 1096 wrote to memory of 2020 1096 bttnnt.exe 98 PID 1096 wrote to memory of 2020 1096 bttnnt.exe 98 PID 2020 wrote to memory of 3748 2020 lffxrrl.exe 99 PID 2020 wrote to memory of 3748 2020 lffxrrl.exe 99 PID 2020 wrote to memory of 3748 2020 lffxrrl.exe 99 PID 3748 wrote to memory of 1736 3748 btbnnb.exe 100 PID 3748 wrote to memory of 1736 3748 btbnnb.exe 100 PID 3748 wrote to memory of 1736 3748 btbnnb.exe 100 PID 1736 wrote to memory of 1080 1736 xrxxfff.exe 101 PID 1736 wrote to memory of 1080 1736 xrxxfff.exe 101 PID 1736 wrote to memory of 1080 1736 xrxxfff.exe 101 PID 1080 wrote to memory of 836 1080 7nhhbh.exe 102 PID 1080 wrote to memory of 836 1080 7nhhbh.exe 102 PID 1080 wrote to memory of 836 1080 7nhhbh.exe 102 PID 836 wrote to memory of 3948 836 djddj.exe 103 PID 836 wrote to memory of 3948 836 djddj.exe 103 PID 836 wrote to memory of 3948 836 djddj.exe 103 PID 3948 wrote to memory of 4480 3948 3flfxxl.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bb17cabea901dbb0ab4785784d6ef60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\rlfxrrl.exec:\rlfxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480 -
\??\c:\bhnbtn.exec:\bhnbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4852 -
\??\c:\xlrrlfx.exec:\xlrrlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4316 -
\??\c:\1thtnn.exec:\1thtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:60 -
\??\c:\vppjj.exec:\vppjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:220 -
\??\c:\ddvdv.exec:\ddvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1280 -
\??\c:\xlrllll.exec:\xlrllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3220 -
\??\c:\xrllrll.exec:\xrllrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5076 -
\??\c:\tbnhbb.exec:\tbnhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4536 -
\??\c:\7flfxxl.exec:\7flfxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4412 -
\??\c:\nnbtth.exec:\nnbtth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\3vdjv.exec:\3vdjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4484 -
\??\c:\lrrllrx.exec:\lrrllrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\llllxxf.exec:\llllxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3980 -
\??\c:\bttnnt.exec:\bttnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1096 -
\??\c:\lffxrrl.exec:\lffxrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2020 -
\??\c:\btbnnb.exec:\btbnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3748 -
\??\c:\xrxxfff.exec:\xrxxfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1736 -
\??\c:\7nhhbh.exec:\7nhhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1080 -
\??\c:\djddj.exec:\djddj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\3flfxxl.exec:\3flfxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3948 -
\??\c:\bhnttb.exec:\bhnttb.exe23⤵
- Executes dropped EXE
PID:4480 -
\??\c:\5rxrlll.exec:\5rxrlll.exe24⤵
- Executes dropped EXE
PID:1240 -
\??\c:\tbtnnh.exec:\tbtnnh.exe25⤵
- Executes dropped EXE
PID:1560 -
\??\c:\dpvpp.exec:\dpvpp.exe26⤵
- Executes dropped EXE
PID:2212 -
\??\c:\frxxrll.exec:\frxxrll.exe27⤵
- Executes dropped EXE
PID:1452 -
\??\c:\jpjjd.exec:\jpjjd.exe28⤵
- Executes dropped EXE
PID:1800 -
\??\c:\httnhb.exec:\httnhb.exe29⤵
- Executes dropped EXE
PID:2488 -
\??\c:\ffffxrf.exec:\ffffxrf.exe30⤵
- Executes dropped EXE
PID:228 -
\??\c:\1jdpv.exec:\1jdpv.exe31⤵
- Executes dropped EXE
PID:2672 -
\??\c:\xrxrllf.exec:\xrxrllf.exe32⤵
- Executes dropped EXE
PID:3672 -
\??\c:\5jpjd.exec:\5jpjd.exe33⤵
- Executes dropped EXE
PID:316 -
\??\c:\dpjdp.exec:\dpjdp.exe34⤵
- Executes dropped EXE
PID:4408 -
\??\c:\bttnhh.exec:\bttnhh.exe35⤵
- Executes dropped EXE
PID:5036 -
\??\c:\vpppd.exec:\vpppd.exe36⤵
- Executes dropped EXE
PID:640 -
\??\c:\rlffllf.exec:\rlffllf.exe37⤵
- Executes dropped EXE
PID:5032 -
\??\c:\tnbnnh.exec:\tnbnnh.exe38⤵
- Executes dropped EXE
PID:1828 -
\??\c:\bhnhhb.exec:\bhnhhb.exe39⤵PID:1948
-
\??\c:\9pjdd.exec:\9pjdd.exe40⤵
- Executes dropped EXE
PID:3444 -
\??\c:\3lrlffr.exec:\3lrlffr.exe41⤵
- Executes dropped EXE
PID:4644 -
\??\c:\bbbnbt.exec:\bbbnbt.exe42⤵
- Executes dropped EXE
PID:4200 -
\??\c:\vvpjj.exec:\vvpjj.exe43⤵
- Executes dropped EXE
PID:1132 -
\??\c:\rrffxxx.exec:\rrffxxx.exe44⤵
- Executes dropped EXE
PID:2344 -
\??\c:\7hnnnt.exec:\7hnnnt.exe45⤵
- Executes dropped EXE
PID:64 -
\??\c:\vjjdj.exec:\vjjdj.exe46⤵
- Executes dropped EXE
PID:3404 -
\??\c:\rlxxlrr.exec:\rlxxlrr.exe47⤵
- Executes dropped EXE
PID:2384 -
\??\c:\jvpjv.exec:\jvpjv.exe48⤵
- Executes dropped EXE
PID:4196 -
\??\c:\ppjdv.exec:\ppjdv.exe49⤵
- Executes dropped EXE
PID:3388 -
\??\c:\tthhnb.exec:\tthhnb.exe50⤵
- Executes dropped EXE
PID:4544 -
\??\c:\djppp.exec:\djppp.exe51⤵
- Executes dropped EXE
PID:2164 -
\??\c:\3lrlllr.exec:\3lrlllr.exe52⤵
- Executes dropped EXE
PID:4792 -
\??\c:\hnnhtt.exec:\hnnhtt.exe53⤵
- Executes dropped EXE
PID:1616 -
\??\c:\rrxrxxf.exec:\rrxrxxf.exe54⤵
- Executes dropped EXE
PID:888 -
\??\c:\xxfxxff.exec:\xxfxxff.exe55⤵
- Executes dropped EXE
PID:2816 -
\??\c:\httbbt.exec:\httbbt.exe56⤵
- Executes dropped EXE
PID:4568 -
\??\c:\pdvvp.exec:\pdvvp.exe57⤵
- Executes dropped EXE
PID:2772 -
\??\c:\lxlfxxr.exec:\lxlfxxr.exe58⤵
- Executes dropped EXE
PID:4748 -
\??\c:\hnbttt.exec:\hnbttt.exe59⤵
- Executes dropped EXE
PID:4416 -
\??\c:\jjppj.exec:\jjppj.exe60⤵
- Executes dropped EXE
PID:2388 -
\??\c:\fxllllf.exec:\fxllllf.exe61⤵
- Executes dropped EXE
PID:920 -
\??\c:\1lrrlll.exec:\1lrrlll.exe62⤵
- Executes dropped EXE
PID:1960 -
\??\c:\tnttnt.exec:\tnttnt.exe63⤵
- Executes dropped EXE
PID:2056 -
\??\c:\jvdpp.exec:\jvdpp.exe64⤵
- Executes dropped EXE
PID:2640 -
\??\c:\xflffxr.exec:\xflffxr.exe65⤵
- Executes dropped EXE
PID:1036 -
\??\c:\tntnnt.exec:\tntnnt.exe66⤵
- Executes dropped EXE
PID:3948 -
\??\c:\vdpdv.exec:\vdpdv.exe67⤵PID:3660
-
\??\c:\rflfxrl.exec:\rflfxrl.exe68⤵PID:4372
-
\??\c:\flflfxr.exec:\flflfxr.exe69⤵PID:4480
-
\??\c:\hhhhhh.exec:\hhhhhh.exe70⤵PID:1200
-
\??\c:\7ppjd.exec:\7ppjd.exe71⤵PID:1440
-
\??\c:\lxxrlll.exec:\lxxrlll.exe72⤵PID:1560
-
\??\c:\3rxxxxl.exec:\3rxxxxl.exe73⤵PID:3344
-
\??\c:\bnhbtt.exec:\bnhbtt.exe74⤵PID:1920
-
\??\c:\jvdvv.exec:\jvdvv.exe75⤵PID:4984
-
\??\c:\lxlfxll.exec:\lxlfxll.exe76⤵PID:4912
-
\??\c:\hhhhhn.exec:\hhhhhn.exe77⤵PID:1252
-
\??\c:\vjpjd.exec:\vjpjd.exe78⤵PID:2672
-
\??\c:\xrxfxxx.exec:\xrxfxxx.exe79⤵PID:2980
-
\??\c:\nbhhhn.exec:\nbhhhn.exe80⤵PID:936
-
\??\c:\nbhhbh.exec:\nbhhbh.exe81⤵PID:1752
-
\??\c:\dvpdd.exec:\dvpdd.exe82⤵PID:4336
-
\??\c:\3rrlrrr.exec:\3rrlrrr.exe83⤵PID:1864
-
\??\c:\hbbbtn.exec:\hbbbtn.exe84⤵PID:3984
-
\??\c:\pppjv.exec:\pppjv.exe85⤵PID:1836
-
\??\c:\pjppj.exec:\pjppj.exe86⤵PID:4848
-
\??\c:\lfllxfx.exec:\lfllxfx.exe87⤵PID:1340
-
\??\c:\bnbttt.exec:\bnbttt.exe88⤵PID:2896
-
\??\c:\nbnhhb.exec:\nbnhhb.exe89⤵PID:64
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe90⤵PID:3404
-
\??\c:\rxrfxrr.exec:\rxrfxrr.exe91⤵PID:2616
-
\??\c:\tbnhbt.exec:\tbnhbt.exe92⤵PID:3220
-
\??\c:\pdpvp.exec:\pdpvp.exe93⤵PID:3388
-
\??\c:\9ffxxrl.exec:\9ffxxrl.exe94⤵PID:404
-
\??\c:\1hhbbb.exec:\1hhbbb.exe95⤵PID:4412
-
\??\c:\pvdpj.exec:\pvdpj.exe96⤵PID:2664
-
\??\c:\dvpjd.exec:\dvpjd.exe97⤵PID:4700
-
\??\c:\rrxxffr.exec:\rrxxffr.exe98⤵PID:4564
-
\??\c:\9bbttn.exec:\9bbttn.exe99⤵PID:2816
-
\??\c:\dvvpj.exec:\dvvpj.exe100⤵PID:3116
-
\??\c:\lrfrlrf.exec:\lrfrlrf.exe101⤵PID:2068
-
\??\c:\xxlrllf.exec:\xxlrllf.exe102⤵PID:4612
-
\??\c:\tbhhtt.exec:\tbhhtt.exe103⤵PID:4416
-
\??\c:\pdpjv.exec:\pdpjv.exe104⤵PID:2388
-
\??\c:\5ffrlrr.exec:\5ffrlrr.exe105⤵PID:920
-
\??\c:\hbhbbb.exec:\hbhbbb.exe106⤵PID:4248
-
\??\c:\3hhhbt.exec:\3hhhbt.exe107⤵PID:1588
-
\??\c:\jdjdv.exec:\jdjdv.exe108⤵PID:636
-
\??\c:\fxffxxx.exec:\fxffxxx.exe109⤵PID:3652
-
\??\c:\nbtnhb.exec:\nbtnhb.exe110⤵PID:3948
-
\??\c:\dpdvp.exec:\dpdvp.exe111⤵PID:1624
-
\??\c:\jvvpp.exec:\jvvpp.exe112⤵PID:4056
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe113⤵PID:3208
-
\??\c:\hbbttn.exec:\hbbttn.exe114⤵PID:3800
-
\??\c:\pdppp.exec:\pdppp.exe115⤵PID:3188
-
\??\c:\llrxxxx.exec:\llrxxxx.exe116⤵PID:1004
-
\??\c:\bnbtbh.exec:\bnbtbh.exe117⤵PID:1452
-
\??\c:\bbtthh.exec:\bbtthh.exe118⤵PID:1920
-
\??\c:\rlfxfll.exec:\rlfxfll.exe119⤵PID:3228
-
\??\c:\hbbnnn.exec:\hbbnnn.exe120⤵PID:4116
-
\??\c:\btnnnn.exec:\btnnnn.exe121⤵PID:3556
-
\??\c:\7jvdj.exec:\7jvdj.exe122⤵PID:996
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-