Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
18-05-2024 23:39
General
-
Target
26d42a99d4751b1db23e1a4c535b2320_NeikiAnalytics.exe
-
Size
73KB
-
MD5
26d42a99d4751b1db23e1a4c535b2320
-
SHA1
0c0550612e2d5a615b6190eefae98ff7280705b1
-
SHA256
99f305e59c1c140b2f100dc8b2a632249e277fde0be1a46279bb4effd47ff24c
-
SHA512
2f921cf1b15f3d6addcadb90f4e49d54d41e623672c22fc36197939d6c0144bd589baa8feeee423613b1e2ba0f0b6ea4b150ddf7325bcc3c78b4c8a85164871c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJ+:ymb3NkkiQ3mdBjFIwsDhbN8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\26d42a99d4751b1db23e1a4c535b2320_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\26d42a99d4751b1db23e1a4c535b2320_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlfxf.exec:\fxxlfxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxlfx.exec:\fxfxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllflx.exec:\9fllflx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrflxl.exec:\9xrflxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjp.exec:\jvdjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjd.exec:\jvjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrffl.exec:\xlrrffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffrr.exec:\fflffrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhnb.exec:\hhbhnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjv.exec:\dddjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxrfr.exec:\9llxrfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbh.exec:\hhbhbh.exe17⤵
- Executes dropped EXE
-
\??\c:\5bnnhn.exec:\5bnnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\7htbht.exec:\7htbht.exe19⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe20⤵
- Executes dropped EXE
-
\??\c:\7vddp.exec:\7vddp.exe21⤵
- Executes dropped EXE
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\xxxflxl.exec:\xxxflxl.exe23⤵
- Executes dropped EXE
-
\??\c:\htnnbb.exec:\htnnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhtbt.exec:\tnhtbt.exe25⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe26⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe27⤵
- Executes dropped EXE
-
\??\c:\rxfxfrr.exec:\rxfxfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\frflxxf.exec:\frflxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\9hbntn.exec:\9hbntn.exe30⤵
- Executes dropped EXE
-
\??\c:\bbhnbn.exec:\bbhnbn.exe31⤵
- Executes dropped EXE
-
\??\c:\3bntbh.exec:\3bntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\9pdjp.exec:\9pdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe34⤵
- Executes dropped EXE
-
\??\c:\lllrflf.exec:\lllrflf.exe35⤵
- Executes dropped EXE
-
\??\c:\3lxlxxl.exec:\3lxlxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\1lllfrf.exec:\1lllfrf.exe37⤵
- Executes dropped EXE
-
\??\c:\3tnbnn.exec:\3tnbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhnhh.exec:\hbhnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbbnt.exec:\tnbbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe41⤵
- Executes dropped EXE
-
\??\c:\7rfxxxx.exec:\7rfxxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\xrffxlf.exec:\xrffxlf.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\rrrlxrf.exec:\rrrlxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnbbt.exec:\ttnbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe50⤵
- Executes dropped EXE
-
\??\c:\1jvvj.exec:\1jvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfllxlr.exec:\lfllxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrfxlr.exec:\lfrfxlr.exe53⤵
- Executes dropped EXE
-
\??\c:\7tnhnn.exec:\7tnhnn.exe54⤵
- Executes dropped EXE
-
\??\c:\htbnbb.exec:\htbnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\9jpvj.exec:\9jpvj.exe56⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe57⤵
- Executes dropped EXE
-
\??\c:\xlxxllr.exec:\xlxxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxxllf.exec:\xxxxllf.exe59⤵
- Executes dropped EXE
-
\??\c:\nbbhhb.exec:\nbbhhb.exe60⤵
- Executes dropped EXE
-
\??\c:\bnnbbt.exec:\bnnbbt.exe61⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\9vpdv.exec:\9vpdv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\xxlffxf.exec:\xxlffxf.exe65⤵
- Executes dropped EXE
-
\??\c:\7lffllf.exec:\7lffllf.exe66⤵
-
\??\c:\1lxxffr.exec:\1lxxffr.exe67⤵
-
\??\c:\7hbbnb.exec:\7hbbnb.exe68⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe69⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe70⤵
-
\??\c:\nnhtbb.exec:\nnhtbb.exe71⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe72⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe73⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe74⤵
-
\??\c:\flxrxrl.exec:\flxrxrl.exe75⤵
-
\??\c:\frxlxfx.exec:\frxlxfx.exe76⤵
-
\??\c:\lfxlxlr.exec:\lfxlxlr.exe77⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe78⤵
-
\??\c:\3btbbh.exec:\3btbbh.exe79⤵
-
\??\c:\ddppv.exec:\ddppv.exe80⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe81⤵
-
\??\c:\pjddj.exec:\pjddj.exe82⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe83⤵
-
\??\c:\frfxrxl.exec:\frfxrxl.exe84⤵
-
\??\c:\xxlxxxf.exec:\xxlxxxf.exe85⤵
-
\??\c:\fxxlxll.exec:\fxxlxll.exe86⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe87⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe88⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe89⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe90⤵
-
\??\c:\3jjdj.exec:\3jjdj.exe91⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe92⤵
-
\??\c:\3rlxrxl.exec:\3rlxrxl.exe93⤵
-
\??\c:\xrrrffl.exec:\xrrrffl.exe94⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe95⤵
-
\??\c:\5nbbnb.exec:\5nbbnb.exe96⤵
-
\??\c:\1nhbhn.exec:\1nhbhn.exe97⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe98⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe99⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe100⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe101⤵
-
\??\c:\lfxrlrf.exec:\lfxrlrf.exe102⤵
-
\??\c:\bhhhnh.exec:\bhhhnh.exe103⤵
-
\??\c:\3tntnb.exec:\3tntnb.exe104⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe105⤵
-
\??\c:\1jjvd.exec:\1jjvd.exe106⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe107⤵
-
\??\c:\ffxrfxf.exec:\ffxrfxf.exe108⤵
-
\??\c:\rfxxfxf.exec:\rfxxfxf.exe109⤵
-
\??\c:\llxfflf.exec:\llxfflf.exe110⤵
-
\??\c:\ttbnht.exec:\ttbnht.exe111⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe112⤵
-
\??\c:\pdddp.exec:\pdddp.exe113⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe114⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe115⤵
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe116⤵
-
\??\c:\rlrllfr.exec:\rlrllfr.exe117⤵
-
\??\c:\9hbnnb.exec:\9hbnnb.exe118⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe119⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe120⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe121⤵
-
\??\c:\vpddj.exec:\vpddj.exe122⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe123⤵
-
\??\c:\llflfll.exec:\llflfll.exe124⤵
-
\??\c:\3xllrlr.exec:\3xllrlr.exe125⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe126⤵
-
\??\c:\bbntht.exec:\bbntht.exe127⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe128⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe129⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe130⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe131⤵
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe132⤵
-
\??\c:\xrlrrlr.exec:\xrlrrlr.exe133⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe134⤵
-
\??\c:\nntbbh.exec:\nntbbh.exe135⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe136⤵
-
\??\c:\dppdv.exec:\dppdv.exe137⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe138⤵
-
\??\c:\xfrlrrx.exec:\xfrlrrx.exe139⤵
-
\??\c:\rfxfrlx.exec:\rfxfrlx.exe140⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe141⤵
-
\??\c:\bhhhbn.exec:\bhhhbn.exe142⤵
-
\??\c:\7hnntn.exec:\7hnntn.exe143⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe144⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe145⤵
-
\??\c:\ffxlrff.exec:\ffxlrff.exe146⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe147⤵
-
\??\c:\rllfxff.exec:\rllfxff.exe148⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe149⤵
-
\??\c:\hnhhnn.exec:\hnhhnn.exe150⤵
-
\??\c:\5thnbh.exec:\5thnbh.exe151⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe152⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe153⤵
-
\??\c:\3jddd.exec:\3jddd.exe154⤵
-
\??\c:\rflrxrx.exec:\rflrxrx.exe155⤵
-
\??\c:\frfrxrr.exec:\frfrxrr.exe156⤵
-
\??\c:\frllxfx.exec:\frllxfx.exe157⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe158⤵
-
\??\c:\htbhnh.exec:\htbhnh.exe159⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe160⤵
-
\??\c:\5vvjj.exec:\5vvjj.exe161⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe162⤵
-
\??\c:\3rllxfx.exec:\3rllxfx.exe163⤵
-
\??\c:\ffxllxx.exec:\ffxllxx.exe164⤵
-
\??\c:\rlfrrfl.exec:\rlfrrfl.exe165⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe166⤵
-
\??\c:\1tnhnn.exec:\1tnhnn.exe167⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe168⤵
-
\??\c:\dvppd.exec:\dvppd.exe169⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe170⤵
-
\??\c:\5lllrfr.exec:\5lllrfr.exe171⤵
-
\??\c:\rflfrrx.exec:\rflfrrx.exe172⤵
-
\??\c:\frxrrfr.exec:\frxrrfr.exe173⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe174⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe175⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe176⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe177⤵
-
\??\c:\rlxrrlx.exec:\rlxrrlx.exe178⤵
-
\??\c:\xlflrrf.exec:\xlflrrf.exe179⤵
-
\??\c:\nthtnb.exec:\nthtnb.exe180⤵
-
\??\c:\3dpjj.exec:\3dpjj.exe181⤵
-
\??\c:\dddpj.exec:\dddpj.exe182⤵
-
\??\c:\5lxfflr.exec:\5lxfflr.exe183⤵
-
\??\c:\xxxrlxl.exec:\xxxrlxl.exe184⤵
-
\??\c:\bhbhbn.exec:\bhbhbn.exe185⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe186⤵
-
\??\c:\lfxfxfl.exec:\lfxfxfl.exe187⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe188⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe189⤵
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe190⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe191⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe192⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe193⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe194⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe195⤵
-
\??\c:\9bhbbh.exec:\9bhbbh.exe196⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe197⤵
-
\??\c:\lrrxrrf.exec:\lrrxrrf.exe198⤵
-
\??\c:\tbbnnb.exec:\tbbnnb.exe199⤵
-
\??\c:\pjddd.exec:\pjddd.exe200⤵
-
\??\c:\rrxxlxl.exec:\rrxxlxl.exe201⤵
-
\??\c:\5xflxrr.exec:\5xflxrr.exe202⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe203⤵
-
\??\c:\pddvv.exec:\pddvv.exe204⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe205⤵
-
\??\c:\rxrfxfx.exec:\rxrfxfx.exe206⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe207⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe208⤵
-
\??\c:\bhbbth.exec:\bhbbth.exe209⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe210⤵
-
\??\c:\lflrrxx.exec:\lflrrxx.exe211⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe212⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe213⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe214⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe215⤵
-
\??\c:\bhbbhh.exec:\bhbbhh.exe216⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe217⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe218⤵
-
\??\c:\ffxfxlf.exec:\ffxfxlf.exe219⤵
-
\??\c:\hhbbth.exec:\hhbbth.exe220⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe221⤵
-
\??\c:\jddpv.exec:\jddpv.exe222⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe223⤵
-
\??\c:\btnttn.exec:\btnttn.exe224⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe225⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe226⤵
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe227⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe228⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe229⤵
-
\??\c:\7rxfllr.exec:\7rxfllr.exe230⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe231⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe232⤵
-
\??\c:\1lxlfxx.exec:\1lxlfxx.exe233⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe234⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe235⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe236⤵
-
\??\c:\nbtnth.exec:\nbtnth.exe237⤵
-
\??\c:\fxlxfrx.exec:\fxlxfrx.exe238⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe239⤵
-
\??\c:\xlllxxx.exec:\xlllxxx.exe240⤵
-
\??\c:\rxfxlff.exec:\rxfxlff.exe241⤵