Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27-05-2024 22:55
General
-
Target
24184fbe84a49c31bca442e24e193730_NeikiAnalytics.exe
-
Size
441KB
-
MD5
24184fbe84a49c31bca442e24e193730
-
SHA1
d46cdeca238bebf93288f12de2c036a3ed80984d
-
SHA256
348db13714932ecffda8039d11264d7c0ac29d2c25db1500355509e55605229c
-
SHA512
209f25facff9842fa62041e98332416a43013f22c709e470b82d38b7eef1f7269a8072a05a5e93afc1f4accc4856229e7b03a0b0964b1a97edbee3ae62bee00a
-
SSDEEP
12288:w4wFHoS9KxbNnidEhjEJd1kNpeUgI95yRoZHVaoJMOxFXnRV4PiGO0hUmH0:kKxbNndhjEJd1kNpeUgI95yRoZHgoJMa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24184fbe84a49c31bca442e24e193730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24184fbe84a49c31bca442e24e193730_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rdfhrp.exec:\rdfhrp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjfnbn.exec:\bjfnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhvjr.exec:\rhvjr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jtxrfj.exec:\jtxrfj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dljvf.exec:\dljvf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pprllb.exec:\pprllb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvnvjb.exec:\vvnvjb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hptbj.exec:\hptbj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npdfn.exec:\npdfn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvpnhpj.exec:\xvpnhpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnvfhb.exec:\lnvfhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftjdx.exec:\ftjdx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bdrvrrp.exec:\bdrvrrp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dblxjl.exec:\dblxjl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trjnjd.exec:\trjnjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbp.exec:\hbhbp.exe17⤵
- Executes dropped EXE
-
\??\c:\hbrtdl.exec:\hbrtdl.exe18⤵
- Executes dropped EXE
-
\??\c:\lltddv.exec:\lltddv.exe19⤵
- Executes dropped EXE
-
\??\c:\jrdvnr.exec:\jrdvnr.exe20⤵
- Executes dropped EXE
-
\??\c:\vvprjrl.exec:\vvprjrl.exe21⤵
- Executes dropped EXE
-
\??\c:\bhxtj.exec:\bhxtj.exe22⤵
- Executes dropped EXE
-
\??\c:\ffrdhvj.exec:\ffrdhvj.exe23⤵
- Executes dropped EXE
-
\??\c:\pxjjb.exec:\pxjjb.exe24⤵
- Executes dropped EXE
-
\??\c:\hvtlf.exec:\hvtlf.exe25⤵
- Executes dropped EXE
-
\??\c:\vjnbv.exec:\vjnbv.exe26⤵
- Executes dropped EXE
-
\??\c:\jbrpn.exec:\jbrpn.exe27⤵
- Executes dropped EXE
-
\??\c:\ddtpnfn.exec:\ddtpnfn.exe28⤵
- Executes dropped EXE
-
\??\c:\bnvnpvb.exec:\bnvnpvb.exe29⤵
- Executes dropped EXE
-
\??\c:\xdjvl.exec:\xdjvl.exe30⤵
- Executes dropped EXE
-
\??\c:\xxnht.exec:\xxnht.exe31⤵
- Executes dropped EXE
-
\??\c:\pdjvfj.exec:\pdjvfj.exe32⤵
- Executes dropped EXE
-
\??\c:\dplnxn.exec:\dplnxn.exe33⤵
- Executes dropped EXE
-
\??\c:\btppv.exec:\btppv.exe34⤵
- Executes dropped EXE
-
\??\c:\frtpnpj.exec:\frtpnpj.exe35⤵
- Executes dropped EXE
-
\??\c:\plvtdb.exec:\plvtdb.exe36⤵
- Executes dropped EXE
-
\??\c:\llnrd.exec:\llnrd.exe37⤵
- Executes dropped EXE
-
\??\c:\hpxfh.exec:\hpxfh.exe38⤵
- Executes dropped EXE
-
\??\c:\pdvdlv.exec:\pdvdlv.exe39⤵
- Executes dropped EXE
-
\??\c:\hlrrxdt.exec:\hlrrxdt.exe40⤵
- Executes dropped EXE
-
\??\c:\nxrlvd.exec:\nxrlvd.exe41⤵
- Executes dropped EXE
-
\??\c:\nbdxvfj.exec:\nbdxvfj.exe42⤵
- Executes dropped EXE
-
\??\c:\fdlvpt.exec:\fdlvpt.exe43⤵
- Executes dropped EXE
-
\??\c:\vrxfr.exec:\vrxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\bhjpnx.exec:\bhjpnx.exe45⤵
- Executes dropped EXE
-
\??\c:\jrdll.exec:\jrdll.exe46⤵
- Executes dropped EXE
-
\??\c:\fppllh.exec:\fppllh.exe47⤵
- Executes dropped EXE
-
\??\c:\tpxhffh.exec:\tpxhffh.exe48⤵
- Executes dropped EXE
-
\??\c:\xbbhbrj.exec:\xbbhbrj.exe49⤵
- Executes dropped EXE
-
\??\c:\bjfrtfn.exec:\bjfrtfn.exe50⤵
- Executes dropped EXE
-
\??\c:\hrbtpfd.exec:\hrbtpfd.exe51⤵
- Executes dropped EXE
-
\??\c:\vjvvr.exec:\vjvvr.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrxhph.exec:\lfrxhph.exe53⤵
- Executes dropped EXE
-
\??\c:\dtfdbf.exec:\dtfdbf.exe54⤵
- Executes dropped EXE
-
\??\c:\fjrrdh.exec:\fjrrdh.exe55⤵
- Executes dropped EXE
-
\??\c:\vpttv.exec:\vpttv.exe56⤵
- Executes dropped EXE
-
\??\c:\nrnlrd.exec:\nrnlrd.exe57⤵
- Executes dropped EXE
-
\??\c:\jjdft.exec:\jjdft.exe58⤵
- Executes dropped EXE
-
\??\c:\nflrx.exec:\nflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\tvprj.exec:\tvprj.exe60⤵
- Executes dropped EXE
-
\??\c:\phnnb.exec:\phnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\phbvj.exec:\phbvj.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlfrbj.exec:\xxlfrbj.exe63⤵
- Executes dropped EXE
-
\??\c:\vtnrn.exec:\vtnrn.exe64⤵
- Executes dropped EXE
-
\??\c:\rbprth.exec:\rbprth.exe65⤵
- Executes dropped EXE
-
\??\c:\xjvpt.exec:\xjvpt.exe66⤵
-
\??\c:\pvhfhp.exec:\pvhfhp.exe67⤵
-
\??\c:\rhvllr.exec:\rhvllr.exe68⤵
-
\??\c:\xnnvfd.exec:\xnnvfd.exe69⤵
-
\??\c:\hhnjvnb.exec:\hhnjvnb.exe70⤵
-
\??\c:\flvjrx.exec:\flvjrx.exe71⤵
-
\??\c:\fbfxx.exec:\fbfxx.exe72⤵
-
\??\c:\pdhfpn.exec:\pdhfpn.exe73⤵
-
\??\c:\ndbjxn.exec:\ndbjxn.exe74⤵
-
\??\c:\hfhfp.exec:\hfhfp.exe75⤵
-
\??\c:\hpjhxr.exec:\hpjhxr.exe76⤵
-
\??\c:\fhtlxrj.exec:\fhtlxrj.exe77⤵
-
\??\c:\nnflx.exec:\nnflx.exe78⤵
-
\??\c:\bhfvdth.exec:\bhfvdth.exe79⤵
-
\??\c:\drllfxt.exec:\drllfxt.exe80⤵
-
\??\c:\bhtnttl.exec:\bhtnttl.exe81⤵
-
\??\c:\bprltvb.exec:\bprltvb.exe82⤵
-
\??\c:\vrhvxv.exec:\vrhvxv.exe83⤵
-
\??\c:\njlnfh.exec:\njlnfh.exe84⤵
-
\??\c:\lrrvxn.exec:\lrrvxn.exe85⤵
-
\??\c:\phrxvn.exec:\phrxvn.exe86⤵
-
\??\c:\tfphv.exec:\tfphv.exe87⤵
-
\??\c:\lfpjt.exec:\lfpjt.exe88⤵
-
\??\c:\rxhrbjx.exec:\rxhrbjx.exe89⤵
-
\??\c:\rhffhbh.exec:\rhffhbh.exe90⤵
-
\??\c:\blrjn.exec:\blrjn.exe91⤵
-
\??\c:\bjnpbfh.exec:\bjnpbfh.exe92⤵
-
\??\c:\thxbh.exec:\thxbh.exe93⤵
-
\??\c:\pdvxdt.exec:\pdvxdt.exe94⤵
-
\??\c:\bthxpl.exec:\bthxpl.exe95⤵
-
\??\c:\vjtjjnx.exec:\vjtjjnx.exe96⤵
-
\??\c:\ndjvh.exec:\ndjvh.exe97⤵
-
\??\c:\bjvjnhr.exec:\bjvjnhr.exe98⤵
-
\??\c:\xxbxjpd.exec:\xxbxjpd.exe99⤵
-
\??\c:\ddltp.exec:\ddltp.exe100⤵
-
\??\c:\hlvjnjv.exec:\hlvjnjv.exe101⤵
-
\??\c:\hhppjdj.exec:\hhppjdj.exe102⤵
-
\??\c:\dfblf.exec:\dfblf.exe103⤵
-
\??\c:\vjtpvvb.exec:\vjtpvvb.exe104⤵
-
\??\c:\jjpnnlv.exec:\jjpnnlv.exe105⤵
-
\??\c:\ltrdx.exec:\ltrdx.exe106⤵
-
\??\c:\tdvbdl.exec:\tdvbdl.exe107⤵
-
\??\c:\lvpdjb.exec:\lvpdjb.exe108⤵
-
\??\c:\bnntjrr.exec:\bnntjrr.exe109⤵
-
\??\c:\jxnxv.exec:\jxnxv.exe110⤵
-
\??\c:\hhxbn.exec:\hhxbn.exe111⤵
-
\??\c:\bbrfxfx.exec:\bbrfxfx.exe112⤵
-
\??\c:\jnfhbv.exec:\jnfhbv.exe113⤵
-
\??\c:\nnxxf.exec:\nnxxf.exe114⤵
-
\??\c:\fnvfjfv.exec:\fnvfjfv.exe115⤵
-
\??\c:\xldbb.exec:\xldbb.exe116⤵
-
\??\c:\fbrnpf.exec:\fbrnpf.exe117⤵
-
\??\c:\jvxdhdf.exec:\jvxdhdf.exe118⤵
-
\??\c:\tfrnf.exec:\tfrnf.exe119⤵
-
\??\c:\tlnjdrn.exec:\tlnjdrn.exe120⤵
-
\??\c:\vfvjrj.exec:\vfvjrj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-