Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
26-05-2024 12:18
General
-
Target
f9199c7c90e9b6309abebd8742250840_NeikiAnalytics.exe
-
Size
464KB
-
MD5
f9199c7c90e9b6309abebd8742250840
-
SHA1
c17f194f213dcc3a1fed14d7c4be3d20bf71dd6a
-
SHA256
0e15d9018745b1791f1b2f84446bcc62e656ffcf6aa0aa9c620575c0c26f1cd0
-
SHA512
a13074e7850a492c54b43db4384d47c17e88fa11938916a68c538e2a0f3f6e097896a00930c3553ccea6ce53ecb2f8a9584f466ba86f6b2c20b38dd59863d89d
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1VQ:VeR0oykayRFp3lztP+OKaf1VQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9199c7c90e9b6309abebd8742250840_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f9199c7c90e9b6309abebd8742250840_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxllr.exec:\rfrxllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthhb.exec:\5bthhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfllr.exec:\xlxfllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nttbb.exec:\5nttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxxlx.exec:\7llxxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflxx.exec:\llrflxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrr.exec:\lffxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe18⤵
- Executes dropped EXE
-
\??\c:\hbnhtt.exec:\hbnhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe20⤵
- Executes dropped EXE
-
\??\c:\7bhnnb.exec:\7bhnnb.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjdj.exec:\ppjdj.exe22⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\9hbbth.exec:\9hbbth.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\rrfrrrl.exec:\rrfrrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\vdpdv.exec:\vdpdv.exe29⤵
- Executes dropped EXE
-
\??\c:\7lflrrf.exec:\7lflrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxfxlf.exec:\rlxfxlf.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\llffrrl.exec:\llffrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe35⤵
- Executes dropped EXE
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrllllx.exec:\xrllllx.exe40⤵
- Executes dropped EXE
-
\??\c:\rxxlffx.exec:\rxxlffx.exe41⤵
- Executes dropped EXE
-
\??\c:\5hnnth.exec:\5hnnth.exe42⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\9xrlffr.exec:\9xrlffr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbthbn.exec:\hbthbn.exe45⤵
- Executes dropped EXE
-
\??\c:\7nbntb.exec:\7nbntb.exe46⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxxflr.exec:\rlxxflr.exe48⤵
- Executes dropped EXE
-
\??\c:\1tnhtb.exec:\1tnhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\1nhntn.exec:\1nhntn.exe50⤵
- Executes dropped EXE
-
\??\c:\5pjpv.exec:\5pjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\rrllflx.exec:\rrllflx.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\1ntnnn.exec:\1ntnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\9vppd.exec:\9vppd.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\5tnbbt.exec:\5tnbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnbnb.exec:\tnnbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe66⤵
-
\??\c:\5btbhn.exec:\5btbhn.exe67⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe68⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe69⤵
-
\??\c:\lffrrxr.exec:\lffrrxr.exe70⤵
-
\??\c:\7ththn.exec:\7ththn.exe71⤵
-
\??\c:\9nhhtb.exec:\9nhhtb.exe72⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe73⤵
-
\??\c:\9xxlrlx.exec:\9xxlrlx.exe74⤵
-
\??\c:\7xfflrx.exec:\7xfflrx.exe75⤵
-
\??\c:\7hnntt.exec:\7hnntt.exe76⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe77⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe78⤵
-
\??\c:\rlflfxr.exec:\rlflfxr.exe79⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe80⤵
-
\??\c:\httbtt.exec:\httbtt.exe81⤵
-
\??\c:\1jddj.exec:\1jddj.exe82⤵
-
\??\c:\fxlxflr.exec:\fxlxflr.exe83⤵
-
\??\c:\ffxxrrf.exec:\ffxxrrf.exe84⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe85⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe86⤵
-
\??\c:\3llxrxf.exec:\3llxrxf.exe87⤵
-
\??\c:\1frrxxf.exec:\1frrxxf.exe88⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe89⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe90⤵
-
\??\c:\vpddj.exec:\vpddj.exe91⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe92⤵
-
\??\c:\1hbbbb.exec:\1hbbbb.exe93⤵
-
\??\c:\7tnbnh.exec:\7tnbnh.exe94⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe95⤵
-
\??\c:\3flfxxf.exec:\3flfxxf.exe96⤵
-
\??\c:\7rrrllx.exec:\7rrrllx.exe97⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe98⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe99⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe100⤵
-
\??\c:\xxffrrx.exec:\xxffrrx.exe101⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe102⤵
-
\??\c:\btnthb.exec:\btnthb.exe103⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe104⤵
-
\??\c:\lrrrxxf.exec:\lrrrxxf.exe105⤵
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe106⤵
-
\??\c:\bhtnbn.exec:\bhtnbn.exe107⤵
-
\??\c:\5jvjv.exec:\5jvjv.exe108⤵
-
\??\c:\7jddj.exec:\7jddj.exe109⤵
-
\??\c:\xxrxxfl.exec:\xxrxxfl.exe110⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe111⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe112⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe113⤵
-
\??\c:\5lffrrf.exec:\5lffrrf.exe114⤵
-
\??\c:\3lflffr.exec:\3lflffr.exe115⤵
-
\??\c:\7bbnnn.exec:\7bbnnn.exe116⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe117⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe118⤵
-
\??\c:\rfrxllr.exec:\rfrxllr.exe119⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe120⤵
-
\??\c:\vppvv.exec:\vppvv.exe121⤵
-
\??\c:\lfrrrfr.exec:\lfrrrfr.exe122⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe123⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe124⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe125⤵
-
\??\c:\5rfffxf.exec:\5rfffxf.exe126⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe127⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe128⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe129⤵
-
\??\c:\djdpj.exec:\djdpj.exe130⤵
-
\??\c:\5lxrxfr.exec:\5lxrxfr.exe131⤵
-
\??\c:\3tbhhh.exec:\3tbhhh.exe132⤵
-
\??\c:\bnbntt.exec:\bnbntt.exe133⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe134⤵
-
\??\c:\rfxrxxr.exec:\rfxrxxr.exe135⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe136⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe137⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe138⤵
-
\??\c:\xlrrxff.exec:\xlrrxff.exe139⤵
-
\??\c:\9rrrllr.exec:\9rrrllr.exe140⤵
-
\??\c:\thnttb.exec:\thnttb.exe141⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe142⤵
-
\??\c:\rfxflrx.exec:\rfxflrx.exe143⤵
-
\??\c:\xrlflrf.exec:\xrlflrf.exe144⤵
-
\??\c:\5bnhnh.exec:\5bnhnh.exe145⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe146⤵
-
\??\c:\pvppv.exec:\pvppv.exe147⤵
-
\??\c:\xxxrfxf.exec:\xxxrfxf.exe148⤵
-
\??\c:\llxfffr.exec:\llxfffr.exe149⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe150⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe151⤵
-
\??\c:\fxllxfl.exec:\fxllxfl.exe152⤵
-
\??\c:\9flflrx.exec:\9flflrx.exe153⤵
-
\??\c:\nbnbnt.exec:\nbnbnt.exe154⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe155⤵
-
\??\c:\1dppv.exec:\1dppv.exe156⤵
-
\??\c:\rxfxlrl.exec:\rxfxlrl.exe157⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe158⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe159⤵
-
\??\c:\9ddpv.exec:\9ddpv.exe160⤵
-
\??\c:\xxxrflf.exec:\xxxrflf.exe161⤵
-
\??\c:\rrrrlfr.exec:\rrrrlfr.exe162⤵
-
\??\c:\tbhnhn.exec:\tbhnhn.exe163⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe164⤵
-
\??\c:\xrrrfrf.exec:\xrrrfrf.exe165⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe166⤵
-
\??\c:\1thbbt.exec:\1thbbt.exe167⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe168⤵
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe169⤵
-
\??\c:\1rlxllx.exec:\1rlxllx.exe170⤵
-
\??\c:\9bhtnt.exec:\9bhtnt.exe171⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe172⤵
-
\??\c:\5vppv.exec:\5vppv.exe173⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe174⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe175⤵
-
\??\c:\1nhhnt.exec:\1nhhnt.exe176⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe177⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe178⤵
-
\??\c:\9xffrxr.exec:\9xffrxr.exe179⤵
-
\??\c:\btnntb.exec:\btnntb.exe180⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe181⤵
-
\??\c:\lfxxflx.exec:\lfxxflx.exe182⤵
-
\??\c:\rlxlflr.exec:\rlxlflr.exe183⤵
-
\??\c:\3nnbnt.exec:\3nnbnt.exe184⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe185⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe186⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe187⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe188⤵
-
\??\c:\htnhnb.exec:\htnhnb.exe189⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe190⤵
-
\??\c:\rfrxxlr.exec:\rfrxxlr.exe191⤵
-
\??\c:\5nhntb.exec:\5nhntb.exe192⤵
-
\??\c:\tbttbh.exec:\tbttbh.exe193⤵
-
\??\c:\vddpd.exec:\vddpd.exe194⤵
-
\??\c:\rllrflx.exec:\rllrflx.exe195⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe196⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe197⤵
-
\??\c:\pvppv.exec:\pvppv.exe198⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe199⤵
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe200⤵
-
\??\c:\3bttbh.exec:\3bttbh.exe201⤵
-
\??\c:\bttthh.exec:\bttthh.exe202⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe203⤵
-
\??\c:\xlfflxl.exec:\xlfflxl.exe204⤵
-
\??\c:\xlfllfr.exec:\xlfllfr.exe205⤵
-
\??\c:\nttnbh.exec:\nttnbh.exe206⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe207⤵
-
\??\c:\5rlfflr.exec:\5rlfflr.exe208⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe209⤵
-
\??\c:\7nhhtb.exec:\7nhhtb.exe210⤵
-
\??\c:\7dddd.exec:\7dddd.exe211⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe212⤵
-
\??\c:\lfflfrl.exec:\lfflfrl.exe213⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe214⤵
-
\??\c:\9htntt.exec:\9htntt.exe215⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe216⤵
-
\??\c:\frrxflx.exec:\frrxflx.exe217⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe218⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe219⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe220⤵
-
\??\c:\3pvvd.exec:\3pvvd.exe221⤵
-
\??\c:\7ffrxlf.exec:\7ffrxlf.exe222⤵
-
\??\c:\3tnthn.exec:\3tnthn.exe223⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe224⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe225⤵
-
\??\c:\5fxxflr.exec:\5fxxflr.exe226⤵
-
\??\c:\7htnhn.exec:\7htnhn.exe227⤵
-
\??\c:\hbhbnt.exec:\hbhbnt.exe228⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe229⤵
-
\??\c:\rrrrxlr.exec:\rrrrxlr.exe230⤵
-
\??\c:\fxrfllf.exec:\fxrfllf.exe231⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe232⤵
-
\??\c:\5hhhnt.exec:\5hhhnt.exe233⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe234⤵
-
\??\c:\3xlflrr.exec:\3xlflrr.exe235⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe236⤵
-
\??\c:\tbtbtt.exec:\tbtbtt.exe237⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe238⤵
-
\??\c:\fxrxxxl.exec:\fxrxxxl.exe239⤵
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe240⤵