Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
26-05-2024 17:54
General
-
Target
1a5b21e0e0271c3a1f63c5234395fcf0_NeikiAnalytics.exe
-
Size
192KB
-
MD5
1a5b21e0e0271c3a1f63c5234395fcf0
-
SHA1
f37fbbacbf931f335f6bfbe5233546ee6bcae76a
-
SHA256
3957371af7b8d003c018b1a7d71df6f2ad86175d0b363395a136e27465fe80f2
-
SHA512
2313f84727884a7f7b06ac835c30d1d6c1835e55118ac5a8d4674b0cd753a20ac4be58f9b05bed4c85aebd772a7cf70b407b62009fa012fad2a5f63b8e843f37
-
SSDEEP
3072:FhOmTsF93UYfwC6GIoutrVCfMoh52waAyiJ8mqtbfUVKty16hDsI/tSaF:Fcm4FmowdHoS8fMoSVAHubPtyYxfPF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a5b21e0e0271c3a1f63c5234395fcf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1a5b21e0e0271c3a1f63c5234395fcf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddp.exec:\1pddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlllll.exec:\lrlllll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnh.exec:\btbtnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhht.exec:\hhnhht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvd.exec:\ppvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthttb.exec:\nthttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnb.exec:\nttnnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpvp.exec:\3dpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffffx.exec:\flffffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbb.exec:\htbtbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxrl.exec:\frrfxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbn.exec:\tbhhbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxrxr.exec:\flxxrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtb.exec:\bbbbtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbtb.exec:\bnbbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvj.exec:\1pvvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlllll.exec:\rrlllll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtnn.exec:\nbhtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe24⤵
- Executes dropped EXE
-
\??\c:\9nhbhn.exec:\9nhbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\rxrflrx.exec:\rxrflrx.exe26⤵
- Executes dropped EXE
-
\??\c:\lllllll.exec:\lllllll.exe27⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\9lrrrxx.exec:\9lrrrxx.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\fllllll.exec:\fllllll.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\hbtbth.exec:\hbtbth.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe39⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe40⤵
- Executes dropped EXE
-
\??\c:\xffxrrl.exec:\xffxrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\fffrrfx.exec:\fffrrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\7nbtnn.exec:\7nbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\9pvvj.exec:\9pvvj.exe49⤵
- Executes dropped EXE
-
\??\c:\fxxrxxx.exec:\fxxrxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\5jdvp.exec:\5jdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\3fllrrf.exec:\3fllrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe54⤵
- Executes dropped EXE
-
\??\c:\1pvdd.exec:\1pvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\lflrfll.exec:\lflrfll.exe57⤵
- Executes dropped EXE
-
\??\c:\xflrxxx.exec:\xflrxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\btnhbh.exec:\btnhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe60⤵
- Executes dropped EXE
-
\??\c:\9ddvv.exec:\9ddvv.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlfxff.exec:\lxlfxff.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlrlxx.exec:\fxlrlxx.exe66⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe67⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe68⤵
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe69⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe70⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe71⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe72⤵
-
\??\c:\dvppd.exec:\dvppd.exe73⤵
-
\??\c:\flllrrx.exec:\flllrrx.exe74⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe75⤵
-
\??\c:\pddjv.exec:\pddjv.exe76⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe77⤵
-
\??\c:\7flfffx.exec:\7flfffx.exe78⤵
-
\??\c:\9bhnth.exec:\9bhnth.exe79⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe80⤵
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe81⤵
-
\??\c:\lrlxxrr.exec:\lrlxxrr.exe82⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe83⤵
-
\??\c:\dpppj.exec:\dpppj.exe84⤵
-
\??\c:\ddppv.exec:\ddppv.exe85⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe86⤵
-
\??\c:\5ntnhn.exec:\5ntnhn.exe87⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe88⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe89⤵
-
\??\c:\fxffrff.exec:\fxffrff.exe90⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe91⤵
-
\??\c:\7hntht.exec:\7hntht.exe92⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe93⤵
-
\??\c:\fxxrrxx.exec:\fxxrrxx.exe94⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe95⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe96⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe97⤵
-
\??\c:\rxffflr.exec:\rxffflr.exe98⤵
-
\??\c:\1tnhhh.exec:\1tnhhh.exe99⤵
-
\??\c:\hhtnnb.exec:\hhtnnb.exe100⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe101⤵
-
\??\c:\1rxxxxx.exec:\1rxxxxx.exe102⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe103⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe104⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe105⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe106⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe107⤵
-
\??\c:\1xxxxff.exec:\1xxxxff.exe108⤵
-
\??\c:\9bbtnn.exec:\9bbtnn.exe109⤵
-
\??\c:\3bbbtb.exec:\3bbbtb.exe110⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe111⤵
-
\??\c:\frrrrrl.exec:\frrrrrl.exe112⤵
-
\??\c:\flxxxxx.exec:\flxxxxx.exe113⤵
-
\??\c:\ntnhnh.exec:\ntnhnh.exe114⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe115⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe116⤵
-
\??\c:\7xlfxxr.exec:\7xlfxxr.exe117⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe118⤵
-
\??\c:\vjppp.exec:\vjppp.exe119⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe120⤵
-
\??\c:\9rrlfxr.exec:\9rrlfxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-