Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-05-2024 19:34
General
-
Target
f4d04404ded651cda9dcc5ba42a1d150_NeikiAnalytics.exe
-
Size
253KB
-
MD5
f4d04404ded651cda9dcc5ba42a1d150
-
SHA1
e509b5aec318a2d0b8dc6aabcde5784ba44e315b
-
SHA256
399dc491d2a951480ed0bac618c7922fc4430b162fc288000df974f71c9887b9
-
SHA512
d051106ae534134524285a1b8842c9e2b90c3a199f2587b690dc7e1289463ccb0323954cab1a983789cdc091fe40d960c4690167db13c8c57ec29e776320d2bd
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLpcgDE4JBuItR8pTsgZ9WT4iaz+THkm:ccm4FmowdHoSi9EIBftapTs4WZazeE1Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 58 IoCs
-
Malware Dropper & Backdoor - Berbew 35 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f4d04404ded651cda9dcc5ba42a1d150_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f4d04404ded651cda9dcc5ba42a1d150_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bxfjbbv.exec:\bxfjbbv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rnxxr.exec:\rnxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrvr.exec:\xrrvr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thlxhft.exec:\thlxhft.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvbbv.exec:\lvbbv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pttnrn.exec:\pttnrn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxjhlp.exec:\jxjhlp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lvhbd.exec:\lvhbd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blhbbbr.exec:\blhbbbr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxjjr.exec:\jxjjr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hblphjx.exec:\hblphjx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbpvv.exec:\vbpvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtjlvlh.exec:\vtjlvlh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prjvr.exec:\prjvr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxjlld.exec:\dxjlld.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptjvhh.exec:\ptjvhh.exe17⤵
- Executes dropped EXE
-
\??\c:\htljvnn.exec:\htljvnn.exe18⤵
- Executes dropped EXE
-
\??\c:\rjbvnbf.exec:\rjbvnbf.exe19⤵
- Executes dropped EXE
-
\??\c:\lldrbf.exec:\lldrbf.exe20⤵
- Executes dropped EXE
-
\??\c:\vfrblb.exec:\vfrblb.exe21⤵
- Executes dropped EXE
-
\??\c:\pfjnt.exec:\pfjnt.exe22⤵
- Executes dropped EXE
-
\??\c:\xhfhd.exec:\xhfhd.exe23⤵
- Executes dropped EXE
-
\??\c:\flxppj.exec:\flxppj.exe24⤵
- Executes dropped EXE
-
\??\c:\hfrjb.exec:\hfrjb.exe25⤵
- Executes dropped EXE
-
\??\c:\vxdtrj.exec:\vxdtrj.exe26⤵
- Executes dropped EXE
-
\??\c:\pprfrfx.exec:\pprfrfx.exe27⤵
- Executes dropped EXE
-
\??\c:\xpljb.exec:\xpljb.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnlp.exec:\nnnlp.exe29⤵
- Executes dropped EXE
-
\??\c:\btfhhbp.exec:\btfhhbp.exe30⤵
- Executes dropped EXE
-
\??\c:\tttxp.exec:\tttxp.exe31⤵
- Executes dropped EXE
-
\??\c:\hnhjlbd.exec:\hnhjlbd.exe32⤵
- Executes dropped EXE
-
\??\c:\tprthpt.exec:\tprthpt.exe33⤵
- Executes dropped EXE
-
\??\c:\tlhtvvh.exec:\tlhtvvh.exe34⤵
- Executes dropped EXE
-
\??\c:\njrvbbv.exec:\njrvbbv.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvlptp.exec:\jvvlptp.exe36⤵
- Executes dropped EXE
-
\??\c:\nlxlp.exec:\nlxlp.exe37⤵
- Executes dropped EXE
-
\??\c:\frrvttn.exec:\frrvttn.exe38⤵
- Executes dropped EXE
-
\??\c:\vvdllj.exec:\vvdllj.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbbvnb.exec:\hhbbvnb.exe40⤵
- Executes dropped EXE
-
\??\c:\xdjbr.exec:\xdjbr.exe41⤵
- Executes dropped EXE
-
\??\c:\nrnflbd.exec:\nrnflbd.exe42⤵
- Executes dropped EXE
-
\??\c:\lpjtx.exec:\lpjtx.exe43⤵
- Executes dropped EXE
-
\??\c:\pxnpv.exec:\pxnpv.exe44⤵
- Executes dropped EXE
-
\??\c:\vbdrx.exec:\vbdrx.exe45⤵
- Executes dropped EXE
-
\??\c:\phdfpft.exec:\phdfpft.exe46⤵
- Executes dropped EXE
-
\??\c:\vtntbt.exec:\vtntbt.exe47⤵
- Executes dropped EXE
-
\??\c:\nxvrr.exec:\nxvrr.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnjvr.exec:\hbnjvr.exe49⤵
- Executes dropped EXE
-
\??\c:\fbfnp.exec:\fbfnp.exe50⤵
- Executes dropped EXE
-
\??\c:\nrdndh.exec:\nrdndh.exe51⤵
- Executes dropped EXE
-
\??\c:\frjjjr.exec:\frjjjr.exe52⤵
- Executes dropped EXE
-
\??\c:\thxndjv.exec:\thxndjv.exe53⤵
- Executes dropped EXE
-
\??\c:\bvljvx.exec:\bvljvx.exe54⤵
- Executes dropped EXE
-
\??\c:\nvrxjd.exec:\nvrxjd.exe55⤵
- Executes dropped EXE
-
\??\c:\lvvphv.exec:\lvvphv.exe56⤵
- Executes dropped EXE
-
\??\c:\vrxjv.exec:\vrxjv.exe57⤵
- Executes dropped EXE
-
\??\c:\xfxrvh.exec:\xfxrvh.exe58⤵
- Executes dropped EXE
-
\??\c:\ftrbjbv.exec:\ftrbjbv.exe59⤵
- Executes dropped EXE
-
\??\c:\pppbpf.exec:\pppbpf.exe60⤵
- Executes dropped EXE
-
\??\c:\lptrnlv.exec:\lptrnlv.exe61⤵
- Executes dropped EXE
-
\??\c:\pbhlv.exec:\pbhlv.exe62⤵
- Executes dropped EXE
-
\??\c:\bldxb.exec:\bldxb.exe63⤵
- Executes dropped EXE
-
\??\c:\hvvfnfh.exec:\hvvfnfh.exe64⤵
- Executes dropped EXE
-
\??\c:\lvrpdrx.exec:\lvrpdrx.exe65⤵
- Executes dropped EXE
-
\??\c:\rtrff.exec:\rtrff.exe66⤵
-
\??\c:\nnnnh.exec:\nnnnh.exe67⤵
-
\??\c:\pvdfdt.exec:\pvdfdt.exe68⤵
-
\??\c:\vbdfnr.exec:\vbdfnr.exe69⤵
-
\??\c:\nvpjp.exec:\nvpjp.exe70⤵
-
\??\c:\jlvtxtl.exec:\jlvtxtl.exe71⤵
-
\??\c:\hbxvv.exec:\hbxvv.exe72⤵
-
\??\c:\fjrnj.exec:\fjrnj.exe73⤵
-
\??\c:\tpjxv.exec:\tpjxv.exe74⤵
-
\??\c:\thntvxx.exec:\thntvxx.exe75⤵
-
\??\c:\ffvvht.exec:\ffvvht.exe76⤵
-
\??\c:\vrtfrfh.exec:\vrtfrfh.exe77⤵
-
\??\c:\hppvbxl.exec:\hppvbxl.exe78⤵
-
\??\c:\hdxtnh.exec:\hdxtnh.exe79⤵
-
\??\c:\fjtplh.exec:\fjtplh.exe80⤵
-
\??\c:\lbhvxtd.exec:\lbhvxtd.exe81⤵
-
\??\c:\tfprvpb.exec:\tfprvpb.exe82⤵
-
\??\c:\hxjll.exec:\hxjll.exe83⤵
-
\??\c:\vpjrlnf.exec:\vpjrlnf.exe84⤵
-
\??\c:\rvnfnj.exec:\rvnfnj.exe85⤵
-
\??\c:\rbfttxj.exec:\rbfttxj.exe86⤵
-
\??\c:\fjvlxf.exec:\fjvlxf.exe87⤵
-
\??\c:\xnbnrnb.exec:\xnbnrnb.exe88⤵
-
\??\c:\pvfvrpl.exec:\pvfvrpl.exe89⤵
-
\??\c:\fnpjvrx.exec:\fnpjvrx.exe90⤵
-
\??\c:\bnljthd.exec:\bnljthd.exe91⤵
-
\??\c:\hprlnlr.exec:\hprlnlr.exe92⤵
-
\??\c:\lhtnb.exec:\lhtnb.exe93⤵
-
\??\c:\pjntxb.exec:\pjntxb.exe94⤵
-
\??\c:\bvljxld.exec:\bvljxld.exe95⤵
-
\??\c:\tvnfhb.exec:\tvnfhb.exe96⤵
-
\??\c:\rnjrrr.exec:\rnjrrr.exe97⤵
-
\??\c:\nfhffvj.exec:\nfhffvj.exe98⤵
-
\??\c:\fxrxjp.exec:\fxrxjp.exe99⤵
-
\??\c:\xhdtt.exec:\xhdtt.exe100⤵
-
\??\c:\ftvbplr.exec:\ftvbplr.exe101⤵
-
\??\c:\nltrpn.exec:\nltrpn.exe102⤵
-
\??\c:\jdlptpp.exec:\jdlptpp.exe103⤵
-
\??\c:\rvfbn.exec:\rvfbn.exe104⤵
-
\??\c:\fflnnxp.exec:\fflnnxp.exe105⤵
-
\??\c:\pjhrtn.exec:\pjhrtn.exe106⤵
-
\??\c:\vrvfxdp.exec:\vrvfxdp.exe107⤵
-
\??\c:\rnpbhhj.exec:\rnpbhhj.exe108⤵
-
\??\c:\lxjdfj.exec:\lxjdfj.exe109⤵
-
\??\c:\pvrjp.exec:\pvrjp.exe110⤵
-
\??\c:\tljltdh.exec:\tljltdh.exe111⤵
-
\??\c:\fhdxnf.exec:\fhdxnf.exe112⤵
-
\??\c:\lpxbrj.exec:\lpxbrj.exe113⤵
-
\??\c:\dbdpbpt.exec:\dbdpbpt.exe114⤵
-
\??\c:\pbrdrx.exec:\pbrdrx.exe115⤵
-
\??\c:\ldthp.exec:\ldthp.exe116⤵
-
\??\c:\rfntjt.exec:\rfntjt.exe117⤵
-
\??\c:\bpjflxt.exec:\bpjflxt.exe118⤵
-
\??\c:\bfxbb.exec:\bfxbb.exe119⤵
-
\??\c:\rnprtrt.exec:\rnprtrt.exe120⤵
-
\??\c:\hbfvfjt.exec:\hbfvfjt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-