Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
27-05-2024 17:20
General
-
Target
026c5e6f0683035be42b5923f1e4be60_NeikiAnalytics.exe
-
Size
226KB
-
MD5
026c5e6f0683035be42b5923f1e4be60
-
SHA1
75a18599ef998c02bb9356cedfb9fcfd058bfacb
-
SHA256
7842f3d53f3dacafc3dd61faa5cb477dd922475c8d94dddbd70f8067e9205fac
-
SHA512
dca0cad0378c5b9adb39a260aa17af6c4aa485b671df864405754366df3f910224f235dba97d5328d820efd846263dee9696f1ae63fb5da421e654c142aface6
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzl+Sl:T4wFHoS3dJS4ZzeFaKHpCcV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\026c5e6f0683035be42b5923f1e4be60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\026c5e6f0683035be42b5923f1e4be60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnt.exec:\hbbhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrxf.exec:\rrflrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbntb.exec:\hbbntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvdj.exec:\3dvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrlffr.exec:\9xrlffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtb.exec:\btnhtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvd.exec:\5vvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrlrf.exec:\frlrlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvv.exec:\dvjvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrl.exec:\rlxflrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhtn.exec:\htbhtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnt.exec:\bbnbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjp.exec:\7dpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfflrx.exec:\3rfflrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtb.exec:\tnbhtb.exe17⤵
- Executes dropped EXE
-
\??\c:\flfrrfr.exec:\flfrrfr.exe18⤵
- Executes dropped EXE
-
\??\c:\9llrrlx.exec:\9llrrlx.exe19⤵
- Executes dropped EXE
-
\??\c:\1thtbb.exec:\1thtbb.exe20⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe21⤵
- Executes dropped EXE
-
\??\c:\rxxxrxf.exec:\rxxxrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe25⤵
- Executes dropped EXE
-
\??\c:\bbtnhh.exec:\bbtnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\ttbhbh.exec:\ttbhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\bttntn.exec:\bttntn.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxxlff.exec:\lfxxlff.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe31⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe32⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe33⤵
- Executes dropped EXE
-
\??\c:\1lrrrrr.exec:\1lrrrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe35⤵
- Executes dropped EXE
-
\??\c:\3vjjj.exec:\3vjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe37⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe38⤵
- Executes dropped EXE
-
\??\c:\5vppp.exec:\5vppp.exe39⤵
- Executes dropped EXE
-
\??\c:\xlxrrfr.exec:\xlxrrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\5nbhnn.exec:\5nbhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\3ppjp.exec:\3ppjp.exe42⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe43⤵
- Executes dropped EXE
-
\??\c:\fxllrxl.exec:\fxllrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe45⤵
- Executes dropped EXE
-
\??\c:\nhtbnb.exec:\nhtbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfflrxl.exec:\lfflrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\llflrrx.exec:\llflrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\1thnbn.exec:\1thnbn.exe50⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\rxfrrfl.exec:\rxfrrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe54⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe55⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe56⤵
- Executes dropped EXE
-
\??\c:\rlflrfl.exec:\rlflrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\5tntbb.exec:\5tntbb.exe58⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe59⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\3pvpv.exec:\3pvpv.exe61⤵
- Executes dropped EXE
-
\??\c:\rllxlrx.exec:\rllxlrx.exe62⤵
- Executes dropped EXE
-
\??\c:\nnhnht.exec:\nnhnht.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe64⤵
- Executes dropped EXE
-
\??\c:\7ppvd.exec:\7ppvd.exe65⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe66⤵
- Executes dropped EXE
-
\??\c:\xlrxxlx.exec:\xlrxxlx.exe67⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe68⤵
-
\??\c:\pjddd.exec:\pjddd.exe69⤵
-
\??\c:\dvppd.exec:\dvppd.exe70⤵
-
\??\c:\xrfllfl.exec:\xrfllfl.exe71⤵
-
\??\c:\1ttnbn.exec:\1ttnbn.exe72⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe73⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe74⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe75⤵
-
\??\c:\7lrxffr.exec:\7lrxffr.exe76⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe77⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe78⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe79⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe80⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe81⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe82⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe83⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe84⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe85⤵
-
\??\c:\xrllxfl.exec:\xrllxfl.exe86⤵
-
\??\c:\bbthth.exec:\bbthth.exe87⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe88⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe89⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe90⤵
-
\??\c:\5lxrxfl.exec:\5lxrxfl.exe91⤵
-
\??\c:\thnntb.exec:\thnntb.exe92⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe93⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe94⤵
-
\??\c:\lfxrflr.exec:\lfxrflr.exe95⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe96⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe97⤵
-
\??\c:\dpddp.exec:\dpddp.exe98⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe99⤵
-
\??\c:\9xrxxxl.exec:\9xrxxxl.exe100⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe101⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe102⤵
-
\??\c:\djpjj.exec:\djpjj.exe103⤵
-
\??\c:\9jjvd.exec:\9jjvd.exe104⤵
-
\??\c:\fflrrxr.exec:\fflrrxr.exe105⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe106⤵
-
\??\c:\1hbnhn.exec:\1hbnhn.exe107⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe108⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe109⤵
-
\??\c:\fxxfrfl.exec:\fxxfrfl.exe110⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe111⤵
-
\??\c:\7bttbh.exec:\7bttbh.exe112⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe113⤵
-
\??\c:\5rrxrxf.exec:\5rrxrxf.exe114⤵
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe115⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe116⤵
-
\??\c:\7nnhnh.exec:\7nnhnh.exe117⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe118⤵
-
\??\c:\9jjpj.exec:\9jjpj.exe119⤵
-
\??\c:\7xxxxfl.exec:\7xxxxfl.exe120⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe121⤵
-
\??\c:\7bttbh.exec:\7bttbh.exe122⤵
-
\??\c:\ppddv.exec:\ppddv.exe123⤵
-
\??\c:\1lxlxfx.exec:\1lxlxfx.exe124⤵
-
\??\c:\rlfrrfr.exec:\rlfrrfr.exe125⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe126⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe127⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe128⤵
-
\??\c:\rfxlxxf.exec:\rfxlxxf.exe129⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe130⤵
-
\??\c:\7bthhh.exec:\7bthhh.exe131⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe132⤵
-
\??\c:\5dpvv.exec:\5dpvv.exe133⤵
-
\??\c:\9fxxxxl.exec:\9fxxxxl.exe134⤵
-
\??\c:\rlrfrrr.exec:\rlrfrrr.exe135⤵
-
\??\c:\bhnntb.exec:\bhnntb.exe136⤵
-
\??\c:\7pvpv.exec:\7pvpv.exe137⤵
-
\??\c:\5vppp.exec:\5vppp.exe138⤵
-
\??\c:\rlllxfr.exec:\rlllxfr.exe139⤵
-
\??\c:\lxflxrr.exec:\lxflxrr.exe140⤵
-
\??\c:\nbhhbn.exec:\nbhhbn.exe141⤵
-
\??\c:\bnbhhb.exec:\bnbhhb.exe142⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe143⤵
-
\??\c:\7xrfflr.exec:\7xrfflr.exe144⤵
-
\??\c:\3xfflrx.exec:\3xfflrx.exe145⤵
-
\??\c:\5nnbnt.exec:\5nnbnt.exe146⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe147⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe148⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe149⤵
-
\??\c:\3xfffrx.exec:\3xfffrx.exe150⤵
-
\??\c:\9bntht.exec:\9bntht.exe151⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe152⤵
-
\??\c:\pddvd.exec:\pddvd.exe153⤵
-
\??\c:\7xllffr.exec:\7xllffr.exe154⤵
-
\??\c:\nbbntt.exec:\nbbntt.exe155⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe156⤵
-
\??\c:\vpddd.exec:\vpddd.exe157⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe158⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe159⤵
-
\??\c:\5pjjj.exec:\5pjjj.exe160⤵
-
\??\c:\jvddd.exec:\jvddd.exe161⤵
-
\??\c:\7frflrf.exec:\7frflrf.exe162⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe163⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe164⤵
-
\??\c:\3dvjj.exec:\3dvjj.exe165⤵
-
\??\c:\lfrlxfx.exec:\lfrlxfx.exe166⤵
-
\??\c:\5xlfffl.exec:\5xlfffl.exe167⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe168⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe169⤵
-
\??\c:\5vvdd.exec:\5vvdd.exe170⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe171⤵
-
\??\c:\lxllllr.exec:\lxllllr.exe172⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe173⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe174⤵
-
\??\c:\djdpv.exec:\djdpv.exe175⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe176⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe177⤵
-
\??\c:\3xfffxl.exec:\3xfffxl.exe178⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe179⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe180⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe181⤵
-
\??\c:\1fxfrlx.exec:\1fxfrlx.exe182⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe183⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe184⤵
-
\??\c:\bntnbt.exec:\bntnbt.exe185⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe186⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe187⤵
-
\??\c:\3frxllf.exec:\3frxllf.exe188⤵
-
\??\c:\lfxrrlr.exec:\lfxrrlr.exe189⤵
-
\??\c:\3tnntb.exec:\3tnntb.exe190⤵
-
\??\c:\5nbbnn.exec:\5nbbnn.exe191⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe192⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe193⤵
-
\??\c:\9fxxxrr.exec:\9fxxxrr.exe194⤵
-
\??\c:\3btbnh.exec:\3btbnh.exe195⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe196⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe197⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe198⤵
-
\??\c:\rfxfffl.exec:\rfxfffl.exe199⤵
-
\??\c:\rxlflll.exec:\rxlflll.exe200⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe201⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe202⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe203⤵
-
\??\c:\vpddj.exec:\vpddj.exe204⤵
-
\??\c:\fxxrfxl.exec:\fxxrfxl.exe205⤵
-
\??\c:\7hhntb.exec:\7hhntb.exe206⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe207⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe208⤵
-
\??\c:\1dvvd.exec:\1dvvd.exe209⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe210⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe211⤵
-
\??\c:\tbnbhn.exec:\tbnbhn.exe212⤵
-
\??\c:\5ppdp.exec:\5ppdp.exe213⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe214⤵
-
\??\c:\rlffffr.exec:\rlffffr.exe215⤵
-
\??\c:\7xllllf.exec:\7xllllf.exe216⤵
-
\??\c:\1bhhnt.exec:\1bhhnt.exe217⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe218⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe219⤵
-
\??\c:\7rfxxfx.exec:\7rfxxfx.exe220⤵
-
\??\c:\xxlfxlx.exec:\xxlfxlx.exe221⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe222⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe223⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe224⤵
-
\??\c:\vppvj.exec:\vppvj.exe225⤵
-
\??\c:\lflfffr.exec:\lflfffr.exe226⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe227⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe228⤵
-
\??\c:\bnbntn.exec:\bnbntn.exe229⤵
-
\??\c:\pjddj.exec:\pjddj.exe230⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe231⤵
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe232⤵
-
\??\c:\nbtnth.exec:\nbtnth.exe233⤵
-
\??\c:\5bnbbb.exec:\5bnbbb.exe234⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe235⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe236⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe237⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe238⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe239⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe240⤵