Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 23:32
General
-
Target
24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe
-
Size
68KB
-
MD5
24ac2341375c9550d2984281bcf9b990
-
SHA1
0e668d664789425b19ca905fe6032c55649938c2
-
SHA256
f94084549bd8f903a0a2f65cd9b20dfcf6d7cf0b2a611a37e721d16aae58d912
-
SHA512
f502e52e898f1d4086892c0b73d120f579eacef148a086f1d43ed72f5680708b033bb2ebe63c182b88ad616384807d9a9e120232c088c191d2b833ab81eec3e5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89r:ymb3NkkiQ3mdBjFIvl358nLA89r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxfflr.exec:\3fxfflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbt.exec:\hhttbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhtt.exec:\tbhhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbb.exec:\bbnnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llrfff.exec:\1llrfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhb.exec:\hhbbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjpj.exec:\5jjpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrrf.exec:\xlrrrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhh.exec:\bhtnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpv.exec:\ddjpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrffr.exec:\xxlrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe17⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe18⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe19⤵
- Executes dropped EXE
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe20⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe21⤵
- Executes dropped EXE
-
\??\c:\9vjjp.exec:\9vjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe23⤵
- Executes dropped EXE
-
\??\c:\3rlxxfr.exec:\3rlxxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\frlfrfr.exec:\frlfrfr.exe28⤵
- Executes dropped EXE
-
\??\c:\3hnbnn.exec:\3hnbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\7djdv.exec:\7djdv.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrflxf.exec:\lfrflxf.exe31⤵
- Executes dropped EXE
-
\??\c:\7rfrffx.exec:\7rfrffx.exe32⤵
- Executes dropped EXE
-
\??\c:\9bntbh.exec:\9bntbh.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\7dvdj.exec:\7dvdj.exe35⤵
-
\??\c:\1xrxxxl.exec:\1xrxxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\7hbnhn.exec:\7hbnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\tttntb.exec:\tttntb.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe40⤵
- Executes dropped EXE
-
\??\c:\lflrxxl.exec:\lflrxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\7frxxfl.exec:\7frxxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\bhbhbn.exec:\bhbhbn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\7jdpd.exec:\7jdpd.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\llxlxlx.exec:\llxlxlx.exe48⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rrllflr.exec:\rrllflr.exe53⤵
- Executes dropped EXE
-
\??\c:\3lrrxxf.exec:\3lrrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnhbn.exec:\ttnhbn.exe55⤵
- Executes dropped EXE
-
\??\c:\thhhhb.exec:\thhhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\xfrflll.exec:\xfrflll.exe59⤵
- Executes dropped EXE
-
\??\c:\llrxflr.exec:\llrxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe63⤵
- Executes dropped EXE
-
\??\c:\flrfrxl.exec:\flrfrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\nnnbnt.exec:\nnnbnt.exe66⤵
- Executes dropped EXE
-
\??\c:\bbhtnn.exec:\bbhtnn.exe67⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe68⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe69⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe70⤵
-
\??\c:\xfxrffr.exec:\xfxrffr.exe71⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe72⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe73⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe74⤵
-
\??\c:\ffrfxxl.exec:\ffrfxxl.exe75⤵
-
\??\c:\rrlxrrx.exec:\rrlxrrx.exe76⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe77⤵
-
\??\c:\bbhbhb.exec:\bbhbhb.exe78⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe79⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe80⤵
-
\??\c:\lrxlrlx.exec:\lrxlrlx.exe81⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe82⤵
-
\??\c:\bnntbb.exec:\bnntbb.exe83⤵
-
\??\c:\3dppv.exec:\3dppv.exe84⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe85⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe86⤵
-
\??\c:\btnthn.exec:\btnthn.exe87⤵
-
\??\c:\nhbnnh.exec:\nhbnnh.exe88⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe89⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe90⤵
-
\??\c:\rfflxfr.exec:\rfflxfr.exe91⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe92⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe93⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe94⤵
-
\??\c:\djdpp.exec:\djdpp.exe95⤵
-
\??\c:\frllflx.exec:\frllflx.exe96⤵
-
\??\c:\1frfrfr.exec:\1frfrfr.exe97⤵
-
\??\c:\7nthbh.exec:\7nthbh.exe98⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe99⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe100⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe101⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe102⤵
-
\??\c:\9htbtn.exec:\9htbtn.exe103⤵
-
\??\c:\hntbbn.exec:\hntbbn.exe104⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe105⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe106⤵
-
\??\c:\ffflfrf.exec:\ffflfrf.exe107⤵
-
\??\c:\5btbnt.exec:\5btbnt.exe108⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe109⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe110⤵
-
\??\c:\ffrxxfl.exec:\ffrxxfl.exe111⤵
-
\??\c:\frlfflr.exec:\frlfflr.exe112⤵
-
\??\c:\1htbhh.exec:\1htbhh.exe113⤵
-
\??\c:\tntthh.exec:\tntthh.exe114⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe115⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe116⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe117⤵
-
\??\c:\rxlflfr.exec:\rxlflfr.exe118⤵
-
\??\c:\llrflrx.exec:\llrflrx.exe119⤵
-
\??\c:\btttnn.exec:\btttnn.exe120⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe121⤵
-
\??\c:\djpjp.exec:\djpjp.exe122⤵
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe123⤵
-
\??\c:\3lxfrrr.exec:\3lxfrrr.exe124⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe125⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe126⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe127⤵
-
\??\c:\5jvjd.exec:\5jvjd.exe128⤵
-
\??\c:\7xllrxl.exec:\7xllrxl.exe129⤵
-
\??\c:\rrlflrx.exec:\rrlflrx.exe130⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe131⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe132⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe133⤵
-
\??\c:\5vdjd.exec:\5vdjd.exe134⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe135⤵
-
\??\c:\fflllxf.exec:\fflllxf.exe136⤵
-
\??\c:\5tnnbh.exec:\5tnnbh.exe137⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe138⤵
-
\??\c:\rlfffrf.exec:\rlfffrf.exe139⤵
-
\??\c:\xlllxxl.exec:\xlllxxl.exe140⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe141⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe142⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe143⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe144⤵
-
\??\c:\lrlxxfr.exec:\lrlxxfr.exe145⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe146⤵
-
\??\c:\7jvdj.exec:\7jvdj.exe147⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe148⤵
-
\??\c:\1fflfll.exec:\1fflfll.exe149⤵
-
\??\c:\rfrxffx.exec:\rfrxffx.exe150⤵
-
\??\c:\5bnnnn.exec:\5bnnnn.exe151⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe152⤵
-
\??\c:\djvvv.exec:\djvvv.exe153⤵
-
\??\c:\llxrxxf.exec:\llxrxxf.exe154⤵
-
\??\c:\9ffrflf.exec:\9ffrflf.exe155⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe156⤵
-
\??\c:\vddjd.exec:\vddjd.exe157⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe158⤵
-
\??\c:\flfrflx.exec:\flfrflx.exe159⤵
-
\??\c:\xlxfrfr.exec:\xlxfrfr.exe160⤵
-
\??\c:\hnnhth.exec:\hnnhth.exe161⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe162⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe163⤵
-
\??\c:\dpppv.exec:\dpppv.exe164⤵
-
\??\c:\ffxxrff.exec:\ffxxrff.exe165⤵
-
\??\c:\rfxlrfl.exec:\rfxlrfl.exe166⤵
-
\??\c:\ntttbb.exec:\ntttbb.exe167⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe168⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe169⤵
-
\??\c:\9jvjp.exec:\9jvjp.exe170⤵
-
\??\c:\ffrfflx.exec:\ffrfflx.exe171⤵
-
\??\c:\lrfxffr.exec:\lrfxffr.exe172⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe173⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe174⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe175⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe176⤵
-
\??\c:\rlxrfrf.exec:\rlxrfrf.exe177⤵
-
\??\c:\xrxlflf.exec:\xrxlflf.exe178⤵
-
\??\c:\7nnhnb.exec:\7nnhnb.exe179⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe180⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe181⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe182⤵
-
\??\c:\xrrlrxx.exec:\xrrlrxx.exe183⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe184⤵
-
\??\c:\1pppv.exec:\1pppv.exe185⤵
-
\??\c:\9frlrxl.exec:\9frlrxl.exe186⤵
-
\??\c:\tnnbnt.exec:\tnnbnt.exe187⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe188⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe189⤵
-
\??\c:\djdjj.exec:\djdjj.exe190⤵
-
\??\c:\5fxlxlx.exec:\5fxlxlx.exe191⤵
-
\??\c:\bbntnb.exec:\bbntnb.exe192⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe193⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe194⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe195⤵
-
\??\c:\rrrlrfr.exec:\rrrlrfr.exe196⤵
-
\??\c:\3flxffl.exec:\3flxffl.exe197⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe198⤵
-
\??\c:\djjpd.exec:\djjpd.exe199⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe200⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe201⤵
-
\??\c:\3frfrxr.exec:\3frfrxr.exe202⤵
-
\??\c:\bnhnnb.exec:\bnhnnb.exe203⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe204⤵
-
\??\c:\5ppvp.exec:\5ppvp.exe205⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe206⤵
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe207⤵
-
\??\c:\xxlrlxl.exec:\xxlrlxl.exe208⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe209⤵
-
\??\c:\httthn.exec:\httthn.exe210⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe211⤵
-
\??\c:\xrfrflx.exec:\xrfrflx.exe212⤵
-
\??\c:\fxfflfx.exec:\fxfflfx.exe213⤵
-
\??\c:\nhhhbn.exec:\nhhhbn.exe214⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe215⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe216⤵
-
\??\c:\lllfrff.exec:\lllfrff.exe217⤵
-
\??\c:\rxxffrf.exec:\rxxffrf.exe218⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe219⤵
-
\??\c:\9hntbh.exec:\9hntbh.exe220⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe221⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe222⤵
-
\??\c:\rrxlxlf.exec:\rrxlxlf.exe223⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe224⤵
-
\??\c:\7nbhth.exec:\7nbhth.exe225⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe226⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe227⤵
-
\??\c:\rfrfllr.exec:\rfrfllr.exe228⤵
-
\??\c:\3lrllrr.exec:\3lrllrr.exe229⤵
-
\??\c:\9tnnnt.exec:\9tnnnt.exe230⤵
-
\??\c:\9nbtnt.exec:\9nbtnt.exe231⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe232⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe233⤵
-
\??\c:\lfffrrx.exec:\lfffrrx.exe234⤵
-
\??\c:\llxxllr.exec:\llxxllr.exe235⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe236⤵
-
\??\c:\djvpv.exec:\djvpv.exe237⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe238⤵
-
\??\c:\5lllflr.exec:\5lllflr.exe239⤵
-
\??\c:\rrfrlrf.exec:\rrfrlrf.exe240⤵
-
\??\c:\nhbntn.exec:\nhbntn.exe241⤵