Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-06-2024 21:06
General
-
Target
0318417706053ef922735e72173eff80_NeikiAnalytics.exe
-
Size
313KB
-
MD5
0318417706053ef922735e72173eff80
-
SHA1
7b3fbfdfb5e9abb26201e5729064d2e047cb693e
-
SHA256
2533c02a1150c86916fa9eebdbeca0b2109b58fc9c29ad8c74f3a12f37965bd8
-
SHA512
59470003bb370ece49581b34935fdb6ddfeaba677a056de29e841a13051251408b53796b029b7604ed90c157b8e67baef0a2745179b9b61d27c96e1dbdfba2ea
-
SSDEEP
6144:/cm4FmowdHoSyZuo3F2Y9iE9MAkOCOu0EajNVBZr6y2Wff:N4wFHoSMu49P9mif
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0318417706053ef922735e72173eff80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0318417706053ef922735e72173eff80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\00408.exec:\00408.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxxfr.exec:\llrxxfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080022.exec:\080022.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvd.exec:\vvjvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080240.exec:\080240.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xflfrf.exec:\7xflfrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48264.exec:\48264.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxflx.exec:\lxrxflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\602866.exec:\602866.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hthnn.exec:\1hthnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26402.exec:\26402.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6080806.exec:\6080806.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\882800.exec:\882800.exe17⤵
- Executes dropped EXE
-
\??\c:\m6086.exec:\m6086.exe18⤵
- Executes dropped EXE
-
\??\c:\lflflff.exec:\lflflff.exe19⤵
- Executes dropped EXE
-
\??\c:\604266.exec:\604266.exe20⤵
- Executes dropped EXE
-
\??\c:\3jdpv.exec:\3jdpv.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhhtb.exec:\nnhhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\9bhttb.exec:\9bhttb.exe23⤵
- Executes dropped EXE
-
\??\c:\1vpdp.exec:\1vpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\04802.exec:\04802.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\66428.exec:\66428.exe27⤵
- Executes dropped EXE
-
\??\c:\i622280.exec:\i622280.exe28⤵
- Executes dropped EXE
-
\??\c:\g8624.exec:\g8624.exe29⤵
- Executes dropped EXE
-
\??\c:\5nhhhn.exec:\5nhhhn.exe30⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe31⤵
- Executes dropped EXE
-
\??\c:\60846.exec:\60846.exe32⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\c422446.exec:\c422446.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\e48466.exec:\e48466.exe37⤵
- Executes dropped EXE
-
\??\c:\88482.exec:\88482.exe38⤵
- Executes dropped EXE
-
\??\c:\o602402.exec:\o602402.exe39⤵
- Executes dropped EXE
-
\??\c:\4240608.exec:\4240608.exe40⤵
- Executes dropped EXE
-
\??\c:\084800.exec:\084800.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhnbt.exec:\nnhnbt.exe42⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\m0846.exec:\m0846.exe44⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe45⤵
- Executes dropped EXE
-
\??\c:\nbnntn.exec:\nbnntn.exe46⤵
- Executes dropped EXE
-
\??\c:\22266.exec:\22266.exe47⤵
- Executes dropped EXE
-
\??\c:\ntttbt.exec:\ntttbt.exe48⤵
- Executes dropped EXE
-
\??\c:\82624.exec:\82624.exe49⤵
- Executes dropped EXE
-
\??\c:\3djpd.exec:\3djpd.exe50⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrlrfl.exec:\ffrlrfl.exe52⤵
- Executes dropped EXE
-
\??\c:\a2488.exec:\a2488.exe53⤵
- Executes dropped EXE
-
\??\c:\042840.exec:\042840.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe56⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe57⤵
- Executes dropped EXE
-
\??\c:\rffflrl.exec:\rffflrl.exe58⤵
- Executes dropped EXE
-
\??\c:\602486.exec:\602486.exe59⤵
- Executes dropped EXE
-
\??\c:\lxlrflx.exec:\lxlrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\2022028.exec:\2022028.exe61⤵
- Executes dropped EXE
-
\??\c:\826800.exec:\826800.exe62⤵
- Executes dropped EXE
-
\??\c:\5pdpd.exec:\5pdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\1nbtht.exec:\1nbtht.exe64⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\nthbht.exec:\nthbht.exe66⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe67⤵
-
\??\c:\08006.exec:\08006.exe68⤵
-
\??\c:\1lflxxl.exec:\1lflxxl.exe69⤵
-
\??\c:\g0880.exec:\g0880.exe70⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe71⤵
-
\??\c:\420206.exec:\420206.exe72⤵
-
\??\c:\424688.exec:\424688.exe73⤵
-
\??\c:\4262228.exec:\4262228.exe74⤵
-
\??\c:\8862288.exec:\8862288.exe75⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe76⤵
-
\??\c:\480648.exec:\480648.exe77⤵
-
\??\c:\7nbntn.exec:\7nbntn.exe78⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe79⤵
-
\??\c:\i248284.exec:\i248284.exe80⤵
-
\??\c:\824406.exec:\824406.exe81⤵
-
\??\c:\2066262.exec:\2066262.exe82⤵
-
\??\c:\482862.exec:\482862.exe83⤵
-
\??\c:\7xlrffl.exec:\7xlrffl.exe84⤵
-
\??\c:\428000.exec:\428000.exe85⤵
-
\??\c:\46464.exec:\46464.exe86⤵
-
\??\c:\xlxflfr.exec:\xlxflfr.exe87⤵
-
\??\c:\u048062.exec:\u048062.exe88⤵
-
\??\c:\dvppv.exec:\dvppv.exe89⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe90⤵
-
\??\c:\8284068.exec:\8284068.exe91⤵
-
\??\c:\44288.exec:\44288.exe92⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe93⤵
-
\??\c:\c044066.exec:\c044066.exe94⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe95⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe96⤵
-
\??\c:\486888.exec:\486888.exe97⤵
-
\??\c:\e46242.exec:\e46242.exe98⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe99⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe100⤵
-
\??\c:\608466.exec:\608466.exe101⤵
-
\??\c:\480284.exec:\480284.exe102⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe103⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe104⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe105⤵
-
\??\c:\9nbnth.exec:\9nbnth.exe106⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe107⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe108⤵
-
\??\c:\rffxxfx.exec:\rffxxfx.exe109⤵
-
\??\c:\646622.exec:\646622.exe110⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe111⤵
-
\??\c:\e24066.exec:\e24066.exe112⤵
-
\??\c:\486464.exec:\486464.exe113⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe114⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe115⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe116⤵
-
\??\c:\q86028.exec:\q86028.exe117⤵
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe118⤵
-
\??\c:\2608464.exec:\2608464.exe119⤵
-
\??\c:\82020.exec:\82020.exe120⤵
-
\??\c:\642688.exec:\642688.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-