Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-05-2024 22:15
General
-
Target
44153139a223464d69a2f4a23f536b50_NeikiAnalytics.exe
-
Size
75KB
-
MD5
44153139a223464d69a2f4a23f536b50
-
SHA1
f146b433e637acfc7f42979d6f049f977e3ed3d4
-
SHA256
3ee522c1ede0c41360b74f9a33e9dd829b501ab7110facdeca505d5042da787e
-
SHA512
15c603b10d1bc9f3a442d91dfaccb2208186a4726959e775ebcaee6c444b5c4df0d6857816fdeede3e083845f3a3330a9fd02fd0a1eb88ce58a4b9883ca5cab5
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8a:9hOmTsF93UYfwC6GIoutz5yLpOSD0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 57 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\44153139a223464d69a2f4a23f536b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\44153139a223464d69a2f4a23f536b50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pbdrv.exec:\pbdrv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnjvhfj.exec:\vnjvhfj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlvtll.exec:\jlvtll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jplnvvj.exec:\jplnvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nljjvlf.exec:\nljjvlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvtnxdf.exec:\jvtnxdf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnpbtn.exec:\bnnpbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxrlttx.exec:\vxrlttx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhrrxh.exec:\bhrrxh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbjtj.exec:\vbjtj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbpvv.exec:\bbpvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhpdn.exec:\nhpdn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhtt.exec:\htthhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrrjrt.exec:\hrrjrt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bndtbt.exec:\bndtbt.exe17⤵
- Executes dropped EXE
-
\??\c:\rnhxvjh.exec:\rnhxvjh.exe18⤵
- Executes dropped EXE
-
\??\c:\xdpjdhd.exec:\xdpjdhd.exe19⤵
- Executes dropped EXE
-
\??\c:\fhpprt.exec:\fhpprt.exe20⤵
- Executes dropped EXE
-
\??\c:\rfrxt.exec:\rfrxt.exe21⤵
- Executes dropped EXE
-
\??\c:\rhphp.exec:\rhphp.exe22⤵
- Executes dropped EXE
-
\??\c:\ffdrjxh.exec:\ffdrjxh.exe23⤵
- Executes dropped EXE
-
\??\c:\hbljh.exec:\hbljh.exe24⤵
- Executes dropped EXE
-
\??\c:\tdtffr.exec:\tdtffr.exe25⤵
- Executes dropped EXE
-
\??\c:\xvfrdr.exec:\xvfrdr.exe26⤵
- Executes dropped EXE
-
\??\c:\tndfr.exec:\tndfr.exe27⤵
- Executes dropped EXE
-
\??\c:\ftbpbf.exec:\ftbpbf.exe28⤵
- Executes dropped EXE
-
\??\c:\flbvxl.exec:\flbvxl.exe29⤵
- Executes dropped EXE
-
\??\c:\jhbnt.exec:\jhbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\rvlvpjv.exec:\rvlvpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\fllxrjl.exec:\fllxrjl.exe32⤵
- Executes dropped EXE
-
\??\c:\njlblv.exec:\njlblv.exe33⤵
- Executes dropped EXE
-
\??\c:\jnpdpl.exec:\jnpdpl.exe34⤵
- Executes dropped EXE
-
\??\c:\jnnbt.exec:\jnnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\rxhpddp.exec:\rxhpddp.exe36⤵
- Executes dropped EXE
-
\??\c:\fjrprvl.exec:\fjrprvl.exe37⤵
- Executes dropped EXE
-
\??\c:\rhbbxh.exec:\rhbbxh.exe38⤵
- Executes dropped EXE
-
\??\c:\njbxrj.exec:\njbxrj.exe39⤵
- Executes dropped EXE
-
\??\c:\nlxrdrr.exec:\nlxrdrr.exe40⤵
- Executes dropped EXE
-
\??\c:\xppdrrr.exec:\xppdrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\dbhtjbf.exec:\dbhtjbf.exe42⤵
- Executes dropped EXE
-
\??\c:\ldhbxd.exec:\ldhbxd.exe43⤵
- Executes dropped EXE
-
\??\c:\hdplxrr.exec:\hdplxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\drdrjtl.exec:\drdrjtl.exe45⤵
- Executes dropped EXE
-
\??\c:\bndvfrx.exec:\bndvfrx.exe46⤵
- Executes dropped EXE
-
\??\c:\ndbbx.exec:\ndbbx.exe47⤵
- Executes dropped EXE
-
\??\c:\fvxbtdd.exec:\fvxbtdd.exe48⤵
- Executes dropped EXE
-
\??\c:\hjbvnlp.exec:\hjbvnlp.exe49⤵
- Executes dropped EXE
-
\??\c:\bdnhrvb.exec:\bdnhrvb.exe50⤵
- Executes dropped EXE
-
\??\c:\flhjdv.exec:\flhjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\nfvtr.exec:\nfvtr.exe52⤵
- Executes dropped EXE
-
\??\c:\tdhvv.exec:\tdhvv.exe53⤵
- Executes dropped EXE
-
\??\c:\brrjll.exec:\brrjll.exe54⤵
- Executes dropped EXE
-
\??\c:\thrnnx.exec:\thrnnx.exe55⤵
- Executes dropped EXE
-
\??\c:\xjfxlhr.exec:\xjfxlhr.exe56⤵
- Executes dropped EXE
-
\??\c:\bxhdhpd.exec:\bxhdhpd.exe57⤵
- Executes dropped EXE
-
\??\c:\bfxhn.exec:\bfxhn.exe58⤵
- Executes dropped EXE
-
\??\c:\hnrfjdb.exec:\hnrfjdb.exe59⤵
- Executes dropped EXE
-
\??\c:\dtlxbxh.exec:\dtlxbxh.exe60⤵
- Executes dropped EXE
-
\??\c:\ljhbflj.exec:\ljhbflj.exe61⤵
- Executes dropped EXE
-
\??\c:\ndtpx.exec:\ndtpx.exe62⤵
- Executes dropped EXE
-
\??\c:\pdhvxvv.exec:\pdhvxvv.exe63⤵
- Executes dropped EXE
-
\??\c:\lnxhdjp.exec:\lnxhdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\jtfbjph.exec:\jtfbjph.exe65⤵
- Executes dropped EXE
-
\??\c:\dprjxhl.exec:\dprjxhl.exe66⤵
-
\??\c:\xhdllxn.exec:\xhdllxn.exe67⤵
-
\??\c:\xxrpjp.exec:\xxrpjp.exe68⤵
-
\??\c:\rtntt.exec:\rtntt.exe69⤵
-
\??\c:\vphvdth.exec:\vphvdth.exe70⤵
-
\??\c:\lxppr.exec:\lxppr.exe71⤵
-
\??\c:\jbjxnj.exec:\jbjxnj.exe72⤵
-
\??\c:\dflhblt.exec:\dflhblt.exe73⤵
-
\??\c:\dpvpxl.exec:\dpvpxl.exe74⤵
-
\??\c:\vhdtrhf.exec:\vhdtrhf.exe75⤵
-
\??\c:\ftdlr.exec:\ftdlr.exe76⤵
-
\??\c:\tnfjl.exec:\tnfjl.exe77⤵
-
\??\c:\pxdlx.exec:\pxdlx.exe78⤵
-
\??\c:\llbbhfn.exec:\llbbhfn.exe79⤵
-
\??\c:\pbpbbfx.exec:\pbpbbfx.exe80⤵
-
\??\c:\bbhlfnx.exec:\bbhlfnx.exe81⤵
-
\??\c:\tdlptp.exec:\tdlptp.exe82⤵
-
\??\c:\pfvrxvp.exec:\pfvrxvp.exe83⤵
-
\??\c:\vtxxnht.exec:\vtxxnht.exe84⤵
-
\??\c:\ndhrfp.exec:\ndhrfp.exe85⤵
-
\??\c:\rdblpx.exec:\rdblpx.exe86⤵
-
\??\c:\jxbbfd.exec:\jxbbfd.exe87⤵
-
\??\c:\xtjhn.exec:\xtjhn.exe88⤵
-
\??\c:\jnnfxd.exec:\jnnfxd.exe89⤵
-
\??\c:\dhhvvj.exec:\dhhvvj.exe90⤵
-
\??\c:\bnnpn.exec:\bnnpn.exe91⤵
-
\??\c:\plblljd.exec:\plblljd.exe92⤵
-
\??\c:\jfjvd.exec:\jfjvd.exe93⤵
-
\??\c:\xvpnl.exec:\xvpnl.exe94⤵
-
\??\c:\bxnnnxd.exec:\bxnnnxd.exe95⤵
-
\??\c:\frxdh.exec:\frxdh.exe96⤵
-
\??\c:\rnjlvtd.exec:\rnjlvtd.exe97⤵
-
\??\c:\ltbndhh.exec:\ltbndhh.exe98⤵
-
\??\c:\htrbx.exec:\htrbx.exe99⤵
-
\??\c:\nxjhbp.exec:\nxjhbp.exe100⤵
-
\??\c:\jftddtb.exec:\jftddtb.exe101⤵
-
\??\c:\rffrnd.exec:\rffrnd.exe102⤵
-
\??\c:\bvbvfh.exec:\bvbvfh.exe103⤵
-
\??\c:\dpndj.exec:\dpndj.exe104⤵
-
\??\c:\bbbtj.exec:\bbbtj.exe105⤵
-
\??\c:\lvnnrll.exec:\lvnnrll.exe106⤵
-
\??\c:\phvpprx.exec:\phvpprx.exe107⤵
-
\??\c:\vddfvbb.exec:\vddfvbb.exe108⤵
-
\??\c:\nnnrhf.exec:\nnnrhf.exe109⤵
-
\??\c:\hhxfl.exec:\hhxfl.exe110⤵
-
\??\c:\fhrln.exec:\fhrln.exe111⤵
-
\??\c:\xlvrv.exec:\xlvrv.exe112⤵
-
\??\c:\bblljbn.exec:\bblljbn.exe113⤵
-
\??\c:\dphrj.exec:\dphrj.exe114⤵
-
\??\c:\pttvl.exec:\pttvl.exe115⤵
-
\??\c:\vrjjdp.exec:\vrjjdp.exe116⤵
-
\??\c:\vnnjnd.exec:\vnnjnd.exe117⤵
-
\??\c:\tvvvdl.exec:\tvvvdl.exe118⤵
-
\??\c:\hdlrp.exec:\hdlrp.exe119⤵
-
\??\c:\bhphndf.exec:\bhphndf.exe120⤵
-
\??\c:\jftbln.exec:\jftbln.exe121⤵
-
\??\c:\xljbnr.exec:\xljbnr.exe122⤵
-
\??\c:\lbbpb.exec:\lbbpb.exe123⤵
-
\??\c:\nfdxp.exec:\nfdxp.exe124⤵
-
\??\c:\vlrprhl.exec:\vlrprhl.exe125⤵
-
\??\c:\ttjdpbx.exec:\ttjdpbx.exe126⤵
-
\??\c:\djfdndj.exec:\djfdndj.exe127⤵
-
\??\c:\fjnvvrp.exec:\fjnvvrp.exe128⤵
-
\??\c:\xpjxtrv.exec:\xpjxtrv.exe129⤵
-
\??\c:\bbtdr.exec:\bbtdr.exe130⤵
-
\??\c:\xltvnt.exec:\xltvnt.exe131⤵
-
\??\c:\llthpx.exec:\llthpx.exe132⤵
-
\??\c:\fvhrhb.exec:\fvhrhb.exe133⤵
-
\??\c:\jhllnr.exec:\jhllnr.exe134⤵
-
\??\c:\xlttbdj.exec:\xlttbdj.exe135⤵
-
\??\c:\dlbpddp.exec:\dlbpddp.exe136⤵
-
\??\c:\pfrdlx.exec:\pfrdlx.exe137⤵
-
\??\c:\ltxxtrn.exec:\ltxxtrn.exe138⤵
-
\??\c:\dxppfpt.exec:\dxppfpt.exe139⤵
-
\??\c:\hbnxfxr.exec:\hbnxfxr.exe140⤵
-
\??\c:\lflpxfb.exec:\lflpxfb.exe141⤵
-
\??\c:\dpbpltj.exec:\dpbpltj.exe142⤵
-
\??\c:\npvtbf.exec:\npvtbf.exe143⤵
-
\??\c:\hhxbjjt.exec:\hhxbjjt.exe144⤵
-
\??\c:\xhtbb.exec:\xhtbb.exe145⤵
-
\??\c:\nddrrrn.exec:\nddrrrn.exe146⤵
-
\??\c:\ljjvhj.exec:\ljjvhj.exe147⤵
-
\??\c:\dhtllvt.exec:\dhtllvt.exe148⤵
-
\??\c:\ddbjh.exec:\ddbjh.exe149⤵
-
\??\c:\prxnhb.exec:\prxnhb.exe150⤵
-
\??\c:\nlrpfd.exec:\nlrpfd.exe151⤵
-
\??\c:\vtvxf.exec:\vtvxf.exe152⤵
-
\??\c:\nbfnrhb.exec:\nbfnrhb.exe153⤵
-
\??\c:\ttppvp.exec:\ttppvp.exe154⤵
-
\??\c:\rnxljh.exec:\rnxljh.exe155⤵
-
\??\c:\rdrtrh.exec:\rdrtrh.exe156⤵
-
\??\c:\drftdd.exec:\drftdd.exe157⤵
-
\??\c:\rtxtpht.exec:\rtxtpht.exe158⤵
-
\??\c:\tffvjt.exec:\tffvjt.exe159⤵
-
\??\c:\tdrdnp.exec:\tdrdnp.exe160⤵
-
\??\c:\jdlpvjt.exec:\jdlpvjt.exe161⤵
-
\??\c:\nfpxbp.exec:\nfpxbp.exe162⤵
-
\??\c:\blfjlln.exec:\blfjlln.exe163⤵
-
\??\c:\xrxhd.exec:\xrxhd.exe164⤵
-
\??\c:\bjjjdd.exec:\bjjjdd.exe165⤵
-
\??\c:\dppdjt.exec:\dppdjt.exe166⤵
-
\??\c:\pllplfh.exec:\pllplfh.exe167⤵
-
\??\c:\plpdjp.exec:\plpdjp.exe168⤵
-
\??\c:\rjfxhvd.exec:\rjfxhvd.exe169⤵
-
\??\c:\vfxtp.exec:\vfxtp.exe170⤵
-
\??\c:\fvbltfb.exec:\fvbltfb.exe171⤵
-
\??\c:\fvhfvt.exec:\fvhfvt.exe172⤵
-
\??\c:\vxbbrhv.exec:\vxbbrhv.exe173⤵
-
\??\c:\xjxvbd.exec:\xjxvbd.exe174⤵
-
\??\c:\rtbnh.exec:\rtbnh.exe175⤵
-
\??\c:\ptndlf.exec:\ptndlf.exe176⤵
-
\??\c:\nvhxn.exec:\nvhxn.exe177⤵
-
\??\c:\vrnnfd.exec:\vrnnfd.exe178⤵
-
\??\c:\jndnbl.exec:\jndnbl.exe179⤵
-
\??\c:\hntbl.exec:\hntbl.exe180⤵
-
\??\c:\tlplfp.exec:\tlplfp.exe181⤵
-
\??\c:\tvvjvv.exec:\tvvjvv.exe182⤵
-
\??\c:\xrbvb.exec:\xrbvb.exe183⤵
-
\??\c:\tlxhvjt.exec:\tlxhvjt.exe184⤵
-
\??\c:\lxxtpft.exec:\lxxtpft.exe185⤵
-
\??\c:\rtvbfnp.exec:\rtvbfnp.exe186⤵
-
\??\c:\pjrxd.exec:\pjrxd.exe187⤵
-
\??\c:\blxdnxd.exec:\blxdnxd.exe188⤵
-
\??\c:\nrbjrt.exec:\nrbjrt.exe189⤵
-
\??\c:\dpjth.exec:\dpjth.exe190⤵
-
\??\c:\vpxbfn.exec:\vpxbfn.exe191⤵
-
\??\c:\phxplbj.exec:\phxplbj.exe192⤵
-
\??\c:\ntrxvnp.exec:\ntrxvnp.exe193⤵
-
\??\c:\lvxvjd.exec:\lvxvjd.exe194⤵
-
\??\c:\txndj.exec:\txndj.exe195⤵
-
\??\c:\txdnd.exec:\txdnd.exe196⤵
-
\??\c:\rrfjbbh.exec:\rrfjbbh.exe197⤵
-
\??\c:\fdlljf.exec:\fdlljf.exe198⤵
-
\??\c:\rtrjpr.exec:\rtrjpr.exe199⤵
-
\??\c:\rfltt.exec:\rfltt.exe200⤵
-
\??\c:\fpxxbh.exec:\fpxxbh.exe201⤵
-
\??\c:\bjbvh.exec:\bjbvh.exe202⤵
-
\??\c:\bfnlv.exec:\bfnlv.exe203⤵
-
\??\c:\bxrtj.exec:\bxrtj.exe204⤵
-
\??\c:\vltdppt.exec:\vltdppt.exe205⤵
-
\??\c:\rnvfhp.exec:\rnvfhp.exe206⤵
-
\??\c:\thlrfjv.exec:\thlrfjv.exe207⤵
-
\??\c:\dnrvl.exec:\dnrvl.exe208⤵
-
\??\c:\xphjxd.exec:\xphjxd.exe209⤵
-
\??\c:\dfjdr.exec:\dfjdr.exe210⤵
-
\??\c:\pjbnrxv.exec:\pjbnrxv.exe211⤵
-
\??\c:\xxpdnj.exec:\xxpdnj.exe212⤵
-
\??\c:\nbbnb.exec:\nbbnb.exe213⤵
-
\??\c:\xdlld.exec:\xdlld.exe214⤵
-
\??\c:\rjrrd.exec:\rjrrd.exe215⤵
-
\??\c:\fxxjh.exec:\fxxjh.exe216⤵
-
\??\c:\xblrbt.exec:\xblrbt.exe217⤵
-
\??\c:\jjdhjhn.exec:\jjdhjhn.exe218⤵
-
\??\c:\hlhhtl.exec:\hlhhtl.exe219⤵
-
\??\c:\rltjv.exec:\rltjv.exe220⤵
-
\??\c:\vnvrvpl.exec:\vnvrvpl.exe221⤵
-
\??\c:\rnrttn.exec:\rnrttn.exe222⤵
-
\??\c:\dxpxrnt.exec:\dxpxrnt.exe223⤵
-
\??\c:\ltfvvv.exec:\ltfvvv.exe224⤵
-
\??\c:\lbjvl.exec:\lbjvl.exe225⤵
-
\??\c:\bnnrdnp.exec:\bnnrdnp.exe226⤵
-
\??\c:\hhdhhn.exec:\hhdhhn.exe227⤵
-
\??\c:\ljxtf.exec:\ljxtf.exe228⤵
-
\??\c:\rrdphjl.exec:\rrdphjl.exe229⤵
-
\??\c:\jlhfnt.exec:\jlhfnt.exe230⤵
-
\??\c:\xvbvxt.exec:\xvbvxt.exe231⤵
-
\??\c:\lfdjfl.exec:\lfdjfl.exe232⤵
-
\??\c:\rthhd.exec:\rthhd.exe233⤵
-
\??\c:\dnplbf.exec:\dnplbf.exe234⤵
-
\??\c:\nvplfdp.exec:\nvplfdp.exe235⤵
-
\??\c:\hhdrdn.exec:\hhdrdn.exe236⤵
-
\??\c:\tvvjd.exec:\tvvjd.exe237⤵
-
\??\c:\vdphr.exec:\vdphr.exe238⤵
-
\??\c:\tddbxl.exec:\tddbxl.exe239⤵
-
\??\c:\npxpxx.exec:\npxpxx.exe240⤵
-
\??\c:\lxhthjx.exec:\lxhthjx.exe241⤵