Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
05-06-2024 04:09
General
-
Target
37553cd5bd6107bf33b294c859d04bf0_NeikiAnalytics.exe
-
Size
484KB
-
MD5
37553cd5bd6107bf33b294c859d04bf0
-
SHA1
b03e5709d344052c8696a3417a761c2dc349e749
-
SHA256
2ebb86bb941631d5f0ca2bb6f6be97b1075daf14ce111c80843060027c6579e9
-
SHA512
eab318b13d2b8144edb7dcf027b602edaf1af2453611db28a2f1c02896890b3da8adad27e3de9ab833600939663d36fd0206e4908488e39457bcb8f1bf0e6745
-
SSDEEP
12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nA:Cu49lmPh2kkkkK4kXkkkkkkkkW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 64 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37553cd5bd6107bf33b294c859d04bf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\37553cd5bd6107bf33b294c859d04bf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbthbh.exec:\tbthbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpjj.exec:\9dpjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpj.exec:\vddpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnthb.exec:\hhnthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfxxr.exec:\lfrfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxrfrl.exec:\9fxrfrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbt.exec:\bbtnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddv.exec:\vdddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxxxr.exec:\flfxxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrff.exec:\fxfxrff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtbt.exec:\ntbtbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbn.exec:\hbhhbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tntbb.exec:\5tntbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlffx.exec:\xrxlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttb.exec:\tnbttb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbth.exec:\hthbth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe23⤵
- Executes dropped EXE
-
\??\c:\rfllfll.exec:\rfllfll.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrrfll.exec:\xfrrfll.exe25⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe26⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe27⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\flxflxf.exec:\flxflxf.exe29⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe31⤵
- Executes dropped EXE
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe32⤵
- Executes dropped EXE
-
\??\c:\7bhhbh.exec:\7bhhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe36⤵
- Executes dropped EXE
-
\??\c:\7nnnnt.exec:\7nnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe38⤵
- Executes dropped EXE
-
\??\c:\3lxxxxr.exec:\3lxxxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe42⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe44⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe45⤵
- Executes dropped EXE
-
\??\c:\fffxxlx.exec:\fffxxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxxfff.exec:\rlxxfff.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrlffx.exec:\lfrlffx.exe51⤵
- Executes dropped EXE
-
\??\c:\5tnhtt.exec:\5tnhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe53⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe54⤵
- Executes dropped EXE
-
\??\c:\lflfllr.exec:\lflfllr.exe55⤵
- Executes dropped EXE
-
\??\c:\7bbhbh.exec:\7bbhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\rfrrllf.exec:\rfrrllf.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxrxrf.exec:\rrxrxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\flrxxxx.exec:\flrxxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\flxrlff.exec:\flxrlff.exe63⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe65⤵
- Executes dropped EXE
-
\??\c:\rrxxflx.exec:\rrxxflx.exe66⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe67⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe68⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe69⤵
-
\??\c:\rxrrxxx.exec:\rxrrxxx.exe70⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe71⤵
-
\??\c:\nnthnt.exec:\nnthnt.exe72⤵
-
\??\c:\jpddd.exec:\jpddd.exe73⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe74⤵
-
\??\c:\tbntbb.exec:\tbntbb.exe75⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe76⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe77⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe78⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe79⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe80⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe81⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe82⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe83⤵
-
\??\c:\9xlxrfl.exec:\9xlxrfl.exe84⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe85⤵
-
\??\c:\5djvv.exec:\5djvv.exe86⤵
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe87⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe88⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe89⤵
-
\??\c:\rfxrrxf.exec:\rfxrrxf.exe90⤵
-
\??\c:\xlllrxr.exec:\xlllrxr.exe91⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe92⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe93⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe94⤵
-
\??\c:\3thhhh.exec:\3thhhh.exe95⤵
-
\??\c:\7vddj.exec:\7vddj.exe96⤵
-
\??\c:\rllrlfl.exec:\rllrlfl.exe97⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe98⤵
-
\??\c:\vpppj.exec:\vpppj.exe99⤵
-
\??\c:\flrxxfl.exec:\flrxxfl.exe100⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe101⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe102⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe103⤵
-
\??\c:\lrxxxrr.exec:\lrxxxrr.exe104⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe105⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe106⤵
-
\??\c:\hntntb.exec:\hntntb.exe107⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe108⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe109⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe110⤵
-
\??\c:\5nttnt.exec:\5nttnt.exe111⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe112⤵
-
\??\c:\3rllfff.exec:\3rllfff.exe113⤵
-
\??\c:\btttnn.exec:\btttnn.exe114⤵
-
\??\c:\djddv.exec:\djddv.exe115⤵
-
\??\c:\rrfxrll.exec:\rrfxrll.exe116⤵
-
\??\c:\hhtnhn.exec:\hhtnhn.exe117⤵
-
\??\c:\vppvj.exec:\vppvj.exe118⤵
-
\??\c:\lxxxrll.exec:\lxxxrll.exe119⤵
-
\??\c:\lrfffrr.exec:\lrfffrr.exe120⤵
-
\??\c:\3bnnnb.exec:\3bnnnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-