Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
27-05-2024 14:55
General
-
Target
fc0abb8d5f0ca4a79e5fdf3e244ae2f0_NeikiAnalytics.exe
-
Size
338KB
-
MD5
fc0abb8d5f0ca4a79e5fdf3e244ae2f0
-
SHA1
84d3cbe440fba5d67f7cf6c074126130fa6bf9a4
-
SHA256
446a4c3e66060482bed2f056c181a68733451b8f6e5be908054d33f7e62ccf20
-
SHA512
01b6cadfe4e55a1fd9dc24e98a6cdd5305df46f6a70dbdd8b72dfa6dae77759185f1b78b1b8fa9f214e2605efd69816f13e91853e6e9a0614fe712cf71d2c56b
-
SSDEEP
6144:Kcm4FmowdHoSKAszBd+aQz0192lTk1ycUkpCnAUo0Leu2tZGnOiQ3jiDQIZbdVnR:U4wFHoSK1zBjA892lY196AUo0LX2tZqD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc0abb8d5f0ca4a79e5fdf3e244ae2f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fc0abb8d5f0ca4a79e5fdf3e244ae2f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbthh.exec:\tbbthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrrrxx.exec:\9rrrrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbt.exec:\tnhtbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpd.exec:\ddjpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlff.exec:\fxxrlff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhhh.exec:\bthhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvv.exec:\vvpvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppdp.exec:\3ppdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfllr.exec:\3llfllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntn.exec:\hbtntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlfr.exec:\rflxlfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flfxxr.exec:\9flfxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhhh.exec:\9nnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jppj.exec:\1jppj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrr.exec:\frxrrrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnh.exec:\hhtnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhtn.exec:\bhbhtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlxxr.exec:\9frlxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxfxff.exec:\ffxfxff.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe26⤵
- Executes dropped EXE
-
\??\c:\frrxrrx.exec:\frrxrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\9ttnbb.exec:\9ttnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\5rxrlrr.exec:\5rxrlrr.exe30⤵
- Executes dropped EXE
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe31⤵
- Executes dropped EXE
-
\??\c:\hhttnh.exec:\hhttnh.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\htnbnh.exec:\htnbnh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe36⤵
- Executes dropped EXE
-
\??\c:\7ddpd.exec:\7ddpd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xllxlxr.exec:\xllxlxr.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe42⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\1jjjv.exec:\1jjjv.exe44⤵
- Executes dropped EXE
-
\??\c:\ffffllr.exec:\ffffllr.exe45⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\5hnhnn.exec:\5hnhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\9vdpj.exec:\9vdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\rfffxxx.exec:\rfffxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrxffl.exec:\xrrxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\fxllffr.exec:\fxllffr.exe56⤵
- Executes dropped EXE
-
\??\c:\thhbtb.exec:\thhbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\7hnhtn.exec:\7hnhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\9rxrxrx.exec:\9rxrxrx.exe61⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\btthnt.exec:\btthnt.exe63⤵
- Executes dropped EXE
-
\??\c:\1jdvp.exec:\1jdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\frrllll.exec:\frrllll.exe66⤵
-
\??\c:\3btnhn.exec:\3btnhn.exe67⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe68⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe69⤵
-
\??\c:\dddpd.exec:\dddpd.exe70⤵
-
\??\c:\lflxrlr.exec:\lflxrlr.exe71⤵
-
\??\c:\fffrlxl.exec:\fffrlxl.exe72⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe73⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe74⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe75⤵
-
\??\c:\lffrlfr.exec:\lffrlfr.exe76⤵
-
\??\c:\lrxxlfr.exec:\lrxxlfr.exe77⤵
-
\??\c:\7hnntb.exec:\7hnntb.exe78⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe79⤵
-
\??\c:\djpjd.exec:\djpjd.exe80⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe81⤵
-
\??\c:\lflxxrx.exec:\lflxxrx.exe82⤵
-
\??\c:\7flxlfr.exec:\7flxlfr.exe83⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe84⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe85⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe86⤵
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe87⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe88⤵
-
\??\c:\3pddd.exec:\3pddd.exe89⤵
-
\??\c:\1lllflr.exec:\1lllflr.exe90⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe91⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe92⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe93⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe94⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe95⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe96⤵
-
\??\c:\lrlffxx.exec:\lrlffxx.exe97⤵
-
\??\c:\5hnhbb.exec:\5hnhbb.exe98⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe99⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe100⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe101⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe102⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe103⤵
-
\??\c:\rllfxff.exec:\rllfxff.exe104⤵
-
\??\c:\rxrlffr.exec:\rxrlffr.exe105⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe106⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe107⤵
-
\??\c:\xxxffll.exec:\xxxffll.exe108⤵
-
\??\c:\1xlfllf.exec:\1xlfllf.exe109⤵
-
\??\c:\thnhht.exec:\thnhht.exe110⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe111⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe112⤵
-
\??\c:\7nnhnh.exec:\7nnhnh.exe113⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe114⤵
-
\??\c:\rxxrfrl.exec:\rxxrfrl.exe115⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe116⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe117⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe118⤵
-
\??\c:\3lrlllf.exec:\3lrlllf.exe119⤵
-
\??\c:\5tbtnt.exec:\5tbtnt.exe120⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-