Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18-05-2024 22:36
General
-
Target
156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe
-
Size
306KB
-
MD5
156affeb13b6923dec4d6efeede62e40
-
SHA1
44830f69ea974a16757cc1f9345b070dce35a977
-
SHA256
a0d919c02abc9022a99a3cd3e2df5823eaea0c3e501728d97438953efaf4928e
-
SHA512
24082e38c5c3ea77d8bbe12cbcc7837192cefbfaba028597d0cfd0a8a419974841aeaa7fbb10899278428822e60db43e128acbde6df10fb579ecc9e699ea9343
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvwNW:n3C9uDVOXLmHBKWyn+PgvuW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttht.exec:\bhttht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthn.exec:\hbbthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxl.exec:\xxllxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrxl.exec:\rrxrrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxfr.exec:\llflxfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnbh.exec:\ntbnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfrf.exec:\rlflfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjd.exec:\3jdjd.exe17⤵
- Executes dropped EXE
-
\??\c:\xrfflrf.exec:\xrfflrf.exe18⤵
- Executes dropped EXE
-
\??\c:\ffxlxfl.exec:\ffxlxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe20⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\ffflllx.exec:\ffflllx.exe22⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\bnbhnb.exec:\bnbhnb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\llrllxl.exec:\llrllxl.exe28⤵
- Executes dropped EXE
-
\??\c:\tbtbtb.exec:\tbtbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrxfff.exec:\xrrxfff.exe30⤵
- Executes dropped EXE
-
\??\c:\tbnbnn.exec:\tbnbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe32⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xfxrxrl.exec:\xfxrxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\btnhth.exec:\btnhth.exe35⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\rllxflf.exec:\rllxflf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbhhn.exec:\tnbhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\1hnnhh.exec:\1hnnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\3frrxxx.exec:\3frrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\nbtbbb.exec:\nbtbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnthh.exec:\ttnthh.exe45⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xxlxlrl.exec:\xxlxlrl.exe48⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\3hhtbn.exec:\3hhtbn.exe50⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\llflxlf.exec:\llflxlf.exe53⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\1dvdj.exec:\1dvdj.exe55⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxlxffl.exec:\rxlxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\fxllxxl.exec:\fxllxxl.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe61⤵
- Executes dropped EXE
-
\??\c:\1xxrxrf.exec:\1xxrxrf.exe62⤵
- Executes dropped EXE
-
\??\c:\rrlxfrr.exec:\rrlxfrr.exe63⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe64⤵
- Executes dropped EXE
-
\??\c:\1vjvd.exec:\1vjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe66⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe67⤵
-
\??\c:\rrfrffl.exec:\rrfrffl.exe68⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe69⤵
-
\??\c:\1tnhht.exec:\1tnhht.exe70⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe71⤵
-
\??\c:\fxflrrr.exec:\fxflrrr.exe72⤵
-
\??\c:\1rlrffr.exec:\1rlrffr.exe73⤵
-
\??\c:\7tthht.exec:\7tthht.exe74⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe75⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe76⤵
-
\??\c:\frlfflf.exec:\frlfflf.exe77⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe78⤵
-
\??\c:\nbtntb.exec:\nbtntb.exe79⤵
-
\??\c:\1pppj.exec:\1pppj.exe80⤵
-
\??\c:\dvddj.exec:\dvddj.exe81⤵
-
\??\c:\lfflrxl.exec:\lfflrxl.exe82⤵
-
\??\c:\nthntn.exec:\nthntn.exe83⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe84⤵
-
\??\c:\1djpv.exec:\1djpv.exe85⤵
-
\??\c:\fxrfrxl.exec:\fxrfrxl.exe86⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe87⤵
-
\??\c:\9bntht.exec:\9bntht.exe88⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe89⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe90⤵
-
\??\c:\fxlxllf.exec:\fxlxllf.exe91⤵
-
\??\c:\llfxfrl.exec:\llfxfrl.exe92⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe93⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe94⤵
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe95⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe96⤵
-
\??\c:\tbnttn.exec:\tbnttn.exe97⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe98⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe99⤵
-
\??\c:\xlfxxrx.exec:\xlfxxrx.exe100⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe101⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe102⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe103⤵
-
\??\c:\rrlffll.exec:\rrlffll.exe104⤵
-
\??\c:\fflrxxf.exec:\fflrxxf.exe105⤵
-
\??\c:\3bbtbh.exec:\3bbtbh.exe106⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe107⤵
-
\??\c:\jjddv.exec:\jjddv.exe108⤵
-
\??\c:\7xlrrlr.exec:\7xlrrlr.exe109⤵
-
\??\c:\llffrxl.exec:\llffrxl.exe110⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe111⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe112⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe113⤵
-
\??\c:\xxxxfrf.exec:\xxxxfrf.exe114⤵
-
\??\c:\7nbhnn.exec:\7nbhnn.exe115⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe116⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe117⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe118⤵
-
\??\c:\7llrxlx.exec:\7llrxlx.exe119⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe120⤵
-
\??\c:\hbbhbt.exec:\hbbhbt.exe121⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe122⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe123⤵
-
\??\c:\1lxxffr.exec:\1lxxffr.exe124⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe125⤵
-
\??\c:\bbhbhn.exec:\bbhbhn.exe126⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe127⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe128⤵
-
\??\c:\lfrlfrx.exec:\lfrlfrx.exe129⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe130⤵
-
\??\c:\hbthth.exec:\hbthth.exe131⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe132⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe133⤵
-
\??\c:\xxlllxf.exec:\xxlllxf.exe134⤵
-
\??\c:\lrlrrlr.exec:\lrlrrlr.exe135⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe136⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe137⤵
-
\??\c:\dpddj.exec:\dpddj.exe138⤵
-
\??\c:\rlrfxxl.exec:\rlrfxxl.exe139⤵
-
\??\c:\7rlrxxl.exec:\7rlrxxl.exe140⤵
-
\??\c:\5hthnb.exec:\5hthnb.exe141⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe142⤵
-
\??\c:\3dppv.exec:\3dppv.exe143⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe144⤵
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe145⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe146⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe147⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe148⤵
-
\??\c:\ffxrxlr.exec:\ffxrxlr.exe149⤵
-
\??\c:\rlllllr.exec:\rlllllr.exe150⤵
-
\??\c:\3ttnnb.exec:\3ttnnb.exe151⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe152⤵
-
\??\c:\pjppp.exec:\pjppp.exe153⤵
-
\??\c:\rrfllxl.exec:\rrfllxl.exe154⤵
-
\??\c:\xxrxllx.exec:\xxrxllx.exe155⤵
-
\??\c:\7ttbnt.exec:\7ttbnt.exe156⤵
-
\??\c:\pjppp.exec:\pjppp.exe157⤵
-
\??\c:\rrlrlxl.exec:\rrlrlxl.exe158⤵
-
\??\c:\5htbhn.exec:\5htbhn.exe159⤵
-
\??\c:\djjjv.exec:\djjjv.exe160⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe161⤵
-
\??\c:\3lflrrf.exec:\3lflrrf.exe162⤵
-
\??\c:\htnnbh.exec:\htnnbh.exe163⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe164⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe165⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe166⤵
-
\??\c:\7rffxfr.exec:\7rffxfr.exe167⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe168⤵
-
\??\c:\7hnhnn.exec:\7hnhnn.exe169⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe170⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe171⤵
-
\??\c:\9xfflrf.exec:\9xfflrf.exe172⤵
-
\??\c:\thttnn.exec:\thttnn.exe173⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe174⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe175⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe176⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe177⤵
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe178⤵
-
\??\c:\3bthnb.exec:\3bthnb.exe179⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe180⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe181⤵
-
\??\c:\xrxfxxl.exec:\xrxfxxl.exe182⤵
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe183⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe184⤵
-
\??\c:\5pvdj.exec:\5pvdj.exe185⤵
-
\??\c:\djjvd.exec:\djjvd.exe186⤵
-
\??\c:\9xxxlfr.exec:\9xxxlfr.exe187⤵
-
\??\c:\lflxfrr.exec:\lflxfrr.exe188⤵
-
\??\c:\bhtbtt.exec:\bhtbtt.exe189⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe190⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe191⤵
-
\??\c:\ffxrlrf.exec:\ffxrlrf.exe192⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe193⤵
-
\??\c:\tbtttb.exec:\tbtttb.exe194⤵
-
\??\c:\1pddj.exec:\1pddj.exe195⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe196⤵
-
\??\c:\frllxlr.exec:\frllxlr.exe197⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe198⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe199⤵
-
\??\c:\pjppv.exec:\pjppv.exe200⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe201⤵
-
\??\c:\fxxfxxl.exec:\fxxfxxl.exe202⤵
-
\??\c:\fxxlfrl.exec:\fxxlfrl.exe203⤵
-
\??\c:\hnnnnb.exec:\hnnnnb.exe204⤵
-
\??\c:\vppdp.exec:\vppdp.exe205⤵
-
\??\c:\9pdvd.exec:\9pdvd.exe206⤵
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe207⤵
-
\??\c:\3rlflrf.exec:\3rlflrf.exe208⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe209⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe210⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe211⤵
-
\??\c:\rlllfxl.exec:\rlllfxl.exe212⤵
-
\??\c:\fxrlrfr.exec:\fxrlrfr.exe213⤵
-
\??\c:\5nnthh.exec:\5nnthh.exe214⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe215⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe216⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe217⤵
-
\??\c:\fxxlrrx.exec:\fxxlrrx.exe218⤵
-
\??\c:\5rflrfl.exec:\5rflrfl.exe219⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe220⤵
-
\??\c:\vpddv.exec:\vpddv.exe221⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe222⤵
-
\??\c:\rxrxxlf.exec:\rxrxxlf.exe223⤵
-
\??\c:\lrfffxl.exec:\lrfffxl.exe224⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe225⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe226⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe227⤵
-
\??\c:\fxlxfxf.exec:\fxlxfxf.exe228⤵
-
\??\c:\3lrxflr.exec:\3lrxflr.exe229⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe230⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe231⤵
-
\??\c:\5vvjp.exec:\5vvjp.exe232⤵
-
\??\c:\rlxlxxf.exec:\rlxlxxf.exe233⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe234⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe235⤵
-
\??\c:\7vjpp.exec:\7vjpp.exe236⤵
-
\??\c:\5pjpd.exec:\5pjpd.exe237⤵
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe238⤵
-
\??\c:\xlfffxx.exec:\xlfffxx.exe239⤵
-
\??\c:\hhbhbt.exec:\hhbhbt.exe240⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe241⤵