Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-06-2024 04:57
General
-
Target
2fa6fa1228e96b55b3ad77a8c627b850_NeikiAnalytics.exe
-
Size
487KB
-
MD5
2fa6fa1228e96b55b3ad77a8c627b850
-
SHA1
08a12fcd0d22ba7f243d387029d64f1ef06b3c23
-
SHA256
ae81795b2be121ba562b640838cd646bc366d21410a73c662163a261c97dcd6d
-
SHA512
dbd23abf81e652a75972faa628745632ade5821a59eba7a71f9af1ba204651b01c292812d18c814888225b2476cb0683f4869d2323de8db91161a162ba6c2f8b
-
SSDEEP
6144:mcm7ImGddXv/VWrXD486jCpoAhlq1mEjBqLyOSlhNFF23yL:I7TcfNWj168w1VjsyvhNFF2iL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2fa6fa1228e96b55b3ad77a8c627b850_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2fa6fa1228e96b55b3ad77a8c627b850_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbnn.exec:\1hbbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxllx.exec:\xxxxllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btttt.exec:\5btttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxlxf.exec:\fxlxlxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthtb.exec:\bnthtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvv.exec:\3jdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbtbb.exec:\5bbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppv.exec:\jvppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnhh.exec:\bthnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvj.exec:\ppjvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhthn.exec:\hnhthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntnh.exec:\1tntnh.exe17⤵
- Executes dropped EXE
-
\??\c:\3xlxxxl.exec:\3xlxxxl.exe18⤵
- Executes dropped EXE
-
\??\c:\rfffrxl.exec:\rfffrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe20⤵
- Executes dropped EXE
-
\??\c:\xxxxllx.exec:\xxxxllx.exe21⤵
- Executes dropped EXE
-
\??\c:\9lffrrf.exec:\9lffrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\5bhbhh.exec:\5bhbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe25⤵
- Executes dropped EXE
-
\??\c:\thbhhn.exec:\thbhhn.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\ffflrfr.exec:\ffflrfr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbtbhh.exec:\nbtbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe30⤵
- Executes dropped EXE
-
\??\c:\5pjpv.exec:\5pjpv.exe31⤵
- Executes dropped EXE
-
\??\c:\3ttntt.exec:\3ttntt.exe32⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe33⤵
- Executes dropped EXE
-
\??\c:\lflxlrf.exec:\lflxlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\7tnhhn.exec:\7tnhhn.exe35⤵
- Executes dropped EXE
-
\??\c:\ntntnn.exec:\ntntnn.exe36⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe37⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\xrfflrx.exec:\xrfflrx.exe39⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe40⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe41⤵
- Executes dropped EXE
-
\??\c:\3rfflxl.exec:\3rfflxl.exe42⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxlrflr.exec:\xxlrflr.exe46⤵
- Executes dropped EXE
-
\??\c:\hthnbt.exec:\hthnbt.exe47⤵
- Executes dropped EXE
-
\??\c:\7hhhtt.exec:\7hhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\3pjdp.exec:\3pjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\1rlrflx.exec:\1rlrflx.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlrffl.exec:\xrlrffl.exe51⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe53⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxrflr.exec:\lfxrflr.exe55⤵
- Executes dropped EXE
-
\??\c:\ttbthb.exec:\ttbthb.exe56⤵
- Executes dropped EXE
-
\??\c:\thbbnn.exec:\thbbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe58⤵
- Executes dropped EXE
-
\??\c:\jpdjv.exec:\jpdjv.exe59⤵
- Executes dropped EXE
-
\??\c:\3lxxxfl.exec:\3lxxxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\tbbbnt.exec:\tbbbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\tbtthn.exec:\tbtthn.exe62⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxlrrf.exec:\rlxlrrf.exe64⤵
- Executes dropped EXE
-
\??\c:\9xllxxl.exec:\9xllxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe66⤵
-
\??\c:\1pppd.exec:\1pppd.exe67⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe68⤵
-
\??\c:\fffxrff.exec:\fffxrff.exe69⤵
-
\??\c:\hhhtnh.exec:\hhhtnh.exe70⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe71⤵
-
\??\c:\dvppd.exec:\dvppd.exe72⤵
-
\??\c:\rrfllfr.exec:\rrfllfr.exe73⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe74⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe75⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe76⤵
-
\??\c:\djjpd.exec:\djjpd.exe77⤵
-
\??\c:\3frrlxf.exec:\3frrlxf.exe78⤵
-
\??\c:\3bnnbb.exec:\3bnnbb.exe79⤵
-
\??\c:\tttbhb.exec:\tttbhb.exe80⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe81⤵
-
\??\c:\xxrxffr.exec:\xxrxffr.exe82⤵
-
\??\c:\fllxfrf.exec:\fllxfrf.exe83⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe84⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe85⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe86⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe87⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe88⤵
-
\??\c:\3hhnhn.exec:\3hhnhn.exe89⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe90⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe91⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe92⤵
-
\??\c:\9fxfllx.exec:\9fxfllx.exe93⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe94⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe95⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe96⤵
-
\??\c:\lfxffxl.exec:\lfxffxl.exe97⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe98⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe99⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe100⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe101⤵
-
\??\c:\jjddp.exec:\jjddp.exe102⤵
-
\??\c:\llxlxxl.exec:\llxlxxl.exe103⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe104⤵
-
\??\c:\5tnbbb.exec:\5tnbbb.exe105⤵
-
\??\c:\jjddp.exec:\jjddp.exe106⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe107⤵
-
\??\c:\5xxfxfr.exec:\5xxfxfr.exe108⤵
-
\??\c:\hhbhth.exec:\hhbhth.exe109⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe110⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe111⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe112⤵
-
\??\c:\rlflrrl.exec:\rlflrrl.exe113⤵
-
\??\c:\bnbtbh.exec:\bnbtbh.exe114⤵
-
\??\c:\btntnt.exec:\btntnt.exe115⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe116⤵
-
\??\c:\xxxffrr.exec:\xxxffrr.exe117⤵
-
\??\c:\thhtbh.exec:\thhtbh.exe118⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe119⤵
-
\??\c:\frfflfr.exec:\frfflfr.exe120⤵
-
\??\c:\3nhhnh.exec:\3nhhnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-