Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28/05/2024, 22:22
General
-
Target
0f4515cf3ade269e6ad0d81a0ee990f0_NeikiAnalytics.exe
-
Size
173KB
-
MD5
0f4515cf3ade269e6ad0d81a0ee990f0
-
SHA1
5d8135c2abe989f50ee4cf2f706842a52f5886f3
-
SHA256
aae802b6232494f8ace0bb982dfc16844fd4cf1c414f9e4a28751e8b87dc4b54
-
SHA512
95a125c9eb3f7c279afc7b648282073103e7062461a9869611a57837aa401af7fc1b8199768d6f277484eed938dcef2ae644cd5621024baa215872ce53fe4def
-
SSDEEP
3072:ehOmTsF93UYfwC6GIout1sWRkVap3daVszyKd+XqQz0esujClt+zZ4dMovmW1q7M:ecm4FmowdHoSKWqoFdAszBd+aQz0IClL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Malware Dropper & Backdoor - Berbew 34 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f4515cf3ade269e6ad0d81a0ee990f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f4515cf3ade269e6ad0d81a0ee990f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxlff.exec:\rrxxlff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlxxrf.exec:\7rlxxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbt.exec:\hbbnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpp.exec:\ppdpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxrlr.exec:\1xrxrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djvj.exec:\5djvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffllr.exec:\rfffllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnbt.exec:\bhtnbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbn.exec:\hbbnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnt.exec:\hbtnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddj.exec:\ddddj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lllrrf.exec:\7lllrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhht.exec:\1hbhht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpp.exec:\jpjpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xllfxf.exec:\1xllfxf.exe17⤵
- Executes dropped EXE
-
\??\c:\nnntht.exec:\nnntht.exe18⤵
- Executes dropped EXE
-
\??\c:\bnhttb.exec:\bnhttb.exe19⤵
- Executes dropped EXE
-
\??\c:\tthtbh.exec:\tthtbh.exe20⤵
- Executes dropped EXE
-
\??\c:\7fxrxxf.exec:\7fxrxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\5nbnbn.exec:\5nbnbn.exe22⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe23⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe25⤵
- Executes dropped EXE
-
\??\c:\frllrrr.exec:\frllrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe27⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe28⤵
- Executes dropped EXE
-
\??\c:\lfflrfl.exec:\lfflrfl.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhthh.exec:\nbhthh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe31⤵
- Executes dropped EXE
-
\??\c:\3fxlflx.exec:\3fxlflx.exe32⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe33⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rlllrlx.exec:\rlllrlx.exe35⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe36⤵
- Executes dropped EXE
-
\??\c:\1dddd.exec:\1dddd.exe37⤵
- Executes dropped EXE
-
\??\c:\9frfrff.exec:\9frfrff.exe38⤵
- Executes dropped EXE
-
\??\c:\9bbhtn.exec:\9bbhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe40⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrflfll.exec:\xrflfll.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnthb.exec:\nhnthb.exe43⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\lflxlrf.exec:\lflxlrf.exe45⤵
- Executes dropped EXE
-
\??\c:\llxlrfr.exec:\llxlrfr.exe46⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe47⤵
- Executes dropped EXE
-
\??\c:\llrrflf.exec:\llrrflf.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxlrxx.exec:\rrxlrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlxfrf.exec:\xxlxfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrxlfr.exec:\fxrxlfr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe55⤵
- Executes dropped EXE
-
\??\c:\7vvjj.exec:\7vvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\llxrlrf.exec:\llxrlrf.exe57⤵
- Executes dropped EXE
-
\??\c:\5tntnn.exec:\5tntnn.exe58⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe59⤵
- Executes dropped EXE
-
\??\c:\rfrlxrr.exec:\rfrlxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\3vvjj.exec:\3vvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\lxllrlx.exec:\lxllrlx.exe64⤵
- Executes dropped EXE
-
\??\c:\btttbn.exec:\btttbn.exe65⤵
- Executes dropped EXE
-
\??\c:\3hbbnn.exec:\3hbbnn.exe66⤵
-
\??\c:\dvppp.exec:\dvppp.exe67⤵
-
\??\c:\xlfllrl.exec:\xlfllrl.exe68⤵
-
\??\c:\3bntnn.exec:\3bntnn.exe69⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe70⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe71⤵
-
\??\c:\lfxlflf.exec:\lfxlflf.exe72⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe73⤵
-
\??\c:\3htbnn.exec:\3htbnn.exe74⤵
-
\??\c:\rxfxxrl.exec:\rxfxxrl.exe75⤵
-
\??\c:\ffxfxlx.exec:\ffxfxlx.exe76⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe77⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe78⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe79⤵
-
\??\c:\fxxlxlf.exec:\fxxlxlf.exe80⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe81⤵
-
\??\c:\tbhtht.exec:\tbhtht.exe82⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe83⤵
-
\??\c:\frxxlrl.exec:\frxxlrl.exe84⤵
-
\??\c:\3nthbn.exec:\3nthbn.exe85⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe86⤵
-
\??\c:\vvddj.exec:\vvddj.exe87⤵
-
\??\c:\xxrrllx.exec:\xxrrllx.exe88⤵
-
\??\c:\9xxflfr.exec:\9xxflfr.exe89⤵
-
\??\c:\tntthh.exec:\tntthh.exe90⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe91⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe92⤵
-
\??\c:\9xrrxfl.exec:\9xrrxfl.exe93⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe94⤵
-
\??\c:\nnhhbn.exec:\nnhhbn.exe95⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe96⤵
-
\??\c:\ffrfrlr.exec:\ffrfrlr.exe97⤵
-
\??\c:\xxrfrff.exec:\xxrfrff.exe98⤵
-
\??\c:\5hbhbb.exec:\5hbhbb.exe99⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe100⤵
-
\??\c:\vppdv.exec:\vppdv.exe101⤵
-
\??\c:\fffrflf.exec:\fffrflf.exe102⤵
-
\??\c:\thbthh.exec:\thbthh.exe103⤵
-
\??\c:\jddjd.exec:\jddjd.exe104⤵
-
\??\c:\xxxfxfx.exec:\xxxfxfx.exe105⤵
-
\??\c:\lllllxl.exec:\lllllxl.exe106⤵
-
\??\c:\ttnhbn.exec:\ttnhbn.exe107⤵
-
\??\c:\pppdp.exec:\pppdp.exe108⤵
-
\??\c:\fxrrlxx.exec:\fxrrlxx.exe109⤵
-
\??\c:\frlrfxr.exec:\frlrfxr.exe110⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe111⤵
-
\??\c:\jdppd.exec:\jdppd.exe112⤵
-
\??\c:\xxrfxlf.exec:\xxrfxlf.exe113⤵
-
\??\c:\llrllrf.exec:\llrllrf.exe114⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe115⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe116⤵
-
\??\c:\lfllxfr.exec:\lfllxfr.exe117⤵
-
\??\c:\3lflrxr.exec:\3lflrxr.exe118⤵
-
\??\c:\nthnhn.exec:\nthnhn.exe119⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe120⤵
-
\??\c:\lllrllf.exec:\lllrllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-