Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
18-05-2024 16:21
General
-
Target
eb833b3481847e95f66a71155d545730_NeikiAnalytics.exe
-
Size
134KB
-
MD5
eb833b3481847e95f66a71155d545730
-
SHA1
7fc950b61b01d8eed5d35ebd033606c36de7c6a3
-
SHA256
84701badbf9a215e83e9ae4f58a57226b8fc4183c7588b0ea9f555f5fe2d8ee5
-
SHA512
b6aad174676d42da09f50aa389e591186b11396e6524a5aa78515ae19b09e5ae9c314d2f0e1796b0e7e0ad9fa4e90ded252bbdfb38f920d15081b1d566093754
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorX:n3C9BRW0j/1px+dGo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb833b3481847e95f66a71155d545730_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\eb833b3481847e95f66a71155d545730_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhh.exec:\htthhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrrx.exec:\fxrlrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllrrr.exec:\3lllrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpp.exec:\3pjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrlfl.exec:\lxrrlfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbbb.exec:\nbtbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpv.exec:\dpjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrlr.exec:\xrrrrlr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdp.exec:\jvvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\xrllrlx.exec:\xrllrlx.exe18⤵
- Executes dropped EXE
-
\??\c:\1hnhtb.exec:\1hnhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\bnhtbb.exec:\bnhtbb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxxflx.exec:\rlxxflx.exe22⤵
- Executes dropped EXE
-
\??\c:\lxlfllx.exec:\lxlfllx.exe23⤵
- Executes dropped EXE
-
\??\c:\htbhnt.exec:\htbhnt.exe24⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\9rllrrf.exec:\9rllrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\xrfflrf.exec:\xrfflrf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlllllr.exec:\rlllllr.exe28⤵
- Executes dropped EXE
-
\??\c:\7jjdd.exec:\7jjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxxfrf.exec:\rlxxfrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe31⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe34⤵
- Executes dropped EXE
-
\??\c:\lflrrrf.exec:\lflrrrf.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfllx.exec:\rllfllx.exe36⤵
- Executes dropped EXE
-
\??\c:\hhnbhn.exec:\hhnbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\bbthnn.exec:\bbthnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlfllr.exec:\xxlfllr.exe41⤵
- Executes dropped EXE
-
\??\c:\rrffrrr.exec:\rrffrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\5hbhhh.exec:\5hbhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxxlfr.exec:\rlxxlfr.exe47⤵
- Executes dropped EXE
-
\??\c:\7lxlrxl.exec:\7lxlrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\1thhnh.exec:\1thhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\3vdjv.exec:\3vdjv.exe52⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe53⤵
- Executes dropped EXE
-
\??\c:\rllrxlr.exec:\rllrxlr.exe54⤵
- Executes dropped EXE
-
\??\c:\9lxrfxf.exec:\9lxrfxf.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe58⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrxxrx.exec:\lfrxxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\fxffrrf.exec:\fxffrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\3tnnht.exec:\3tnnht.exe62⤵
- Executes dropped EXE
-
\??\c:\bnbbnn.exec:\bnbbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\3jdjd.exec:\3jdjd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxlllrx.exec:\fxlllrx.exe66⤵
-
\??\c:\xlrrxrf.exec:\xlrrxrf.exe67⤵
-
\??\c:\1ttnbb.exec:\1ttnbb.exe68⤵
-
\??\c:\5nnnnh.exec:\5nnnnh.exe69⤵
-
\??\c:\jvppp.exec:\jvppp.exe70⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe71⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe72⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe73⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe74⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe75⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe76⤵
-
\??\c:\1jdpp.exec:\1jdpp.exe77⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe78⤵
-
\??\c:\rlxflfl.exec:\rlxflfl.exe79⤵
-
\??\c:\xrxffrf.exec:\xrxffrf.exe80⤵
-
\??\c:\3htthh.exec:\3htthh.exe81⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe82⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe83⤵
-
\??\c:\pddvp.exec:\pddvp.exe84⤵
-
\??\c:\lxrxffx.exec:\lxrxffx.exe85⤵
-
\??\c:\7xlrxfx.exec:\7xlrxfx.exe86⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe87⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe88⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe89⤵
-
\??\c:\ffrlrfl.exec:\ffrlrfl.exe90⤵
-
\??\c:\xxlxflx.exec:\xxlxflx.exe91⤵
-
\??\c:\bhbbhh.exec:\bhbbhh.exe92⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe93⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe94⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe95⤵
-
\??\c:\llrxflx.exec:\llrxflx.exe96⤵
-
\??\c:\9lflxxl.exec:\9lflxxl.exe97⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe98⤵
-
\??\c:\htnhnt.exec:\htnhnt.exe99⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe100⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe101⤵
-
\??\c:\lxlllrr.exec:\lxlllrr.exe102⤵
-
\??\c:\7frxllr.exec:\7frxllr.exe103⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe104⤵
-
\??\c:\nhbhnb.exec:\nhbhnb.exe105⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe106⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe107⤵
-
\??\c:\xxlflxl.exec:\xxlflxl.exe108⤵
-
\??\c:\3nbnnn.exec:\3nbnnn.exe109⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe110⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe111⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe112⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe113⤵
-
\??\c:\1xrxflx.exec:\1xrxflx.exe114⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe115⤵
-
\??\c:\5nhthh.exec:\5nhthh.exe116⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe117⤵
-
\??\c:\3xxxrrl.exec:\3xxxrrl.exe118⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe119⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe120⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe121⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe122⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe123⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe124⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe125⤵
-
\??\c:\5bnntt.exec:\5bnntt.exe126⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe127⤵
-
\??\c:\vppdj.exec:\vppdj.exe128⤵
-
\??\c:\vpddp.exec:\vpddp.exe129⤵
-
\??\c:\xxlfrfr.exec:\xxlfrfr.exe130⤵
-
\??\c:\llxflrx.exec:\llxflrx.exe131⤵
-
\??\c:\9hnhhh.exec:\9hnhhh.exe132⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe133⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe134⤵
-
\??\c:\djpvv.exec:\djpvv.exe135⤵
-
\??\c:\xfxlrrx.exec:\xfxlrrx.exe136⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe137⤵
-
\??\c:\3djpv.exec:\3djpv.exe138⤵
-
\??\c:\pjddp.exec:\pjddp.exe139⤵
-
\??\c:\lxfffxx.exec:\lxfffxx.exe140⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe141⤵
-
\??\c:\1hthhn.exec:\1hthhn.exe142⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe143⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe144⤵
-
\??\c:\ddddp.exec:\ddddp.exe145⤵
-
\??\c:\xrlxllx.exec:\xrlxllx.exe146⤵
-
\??\c:\xxlrllx.exec:\xxlrllx.exe147⤵
-
\??\c:\7tbbhn.exec:\7tbbhn.exe148⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe149⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe150⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe151⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe152⤵
-
\??\c:\frlffll.exec:\frlffll.exe153⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe154⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe155⤵
-
\??\c:\jppdv.exec:\jppdv.exe156⤵
-
\??\c:\9jjvp.exec:\9jjvp.exe157⤵
-
\??\c:\lfrxxff.exec:\lfrxxff.exe158⤵
-
\??\c:\1flrrrr.exec:\1flrrrr.exe159⤵
-
\??\c:\tthtbn.exec:\tthtbn.exe160⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe161⤵
-
\??\c:\7ddjv.exec:\7ddjv.exe162⤵
-
\??\c:\jjppv.exec:\jjppv.exe163⤵
-
\??\c:\lfffrxf.exec:\lfffrxf.exe164⤵
-
\??\c:\rlxllrf.exec:\rlxllrf.exe165⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe166⤵
-
\??\c:\thtntn.exec:\thtntn.exe167⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe168⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe169⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe170⤵
-
\??\c:\xrfrfrx.exec:\xrfrfrx.exe171⤵
-
\??\c:\3nhhhb.exec:\3nhhhb.exe172⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe173⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe174⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe175⤵
-
\??\c:\frfxfxx.exec:\frfxfxx.exe176⤵
-
\??\c:\1lxfxfl.exec:\1lxfxfl.exe177⤵
-
\??\c:\bntttn.exec:\bntttn.exe178⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe179⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe180⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe181⤵
-
\??\c:\5lfrxxf.exec:\5lfrxxf.exe182⤵
-
\??\c:\rrlrxrf.exec:\rrlrxrf.exe183⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe184⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe185⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe186⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe187⤵
-
\??\c:\1rxfllx.exec:\1rxfllx.exe188⤵
-
\??\c:\fxrrfxf.exec:\fxrrfxf.exe189⤵
-
\??\c:\3hbntb.exec:\3hbntb.exe190⤵
-
\??\c:\5btbhh.exec:\5btbhh.exe191⤵
-
\??\c:\vppvj.exec:\vppvj.exe192⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe193⤵
-
\??\c:\llxxfrx.exec:\llxxfrx.exe194⤵
-
\??\c:\9rfflff.exec:\9rfflff.exe195⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe196⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe197⤵
-
\??\c:\1vppp.exec:\1vppp.exe198⤵
-
\??\c:\xrfxllx.exec:\xrfxllx.exe199⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe200⤵
-
\??\c:\ffxfllx.exec:\ffxfllx.exe201⤵
-
\??\c:\nntbbb.exec:\nntbbb.exe202⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe203⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe204⤵
-
\??\c:\vppdj.exec:\vppdj.exe205⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe206⤵
-
\??\c:\9ntbhh.exec:\9ntbhh.exe207⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe208⤵
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe209⤵
-
\??\c:\1lxxxxf.exec:\1lxxxxf.exe210⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe211⤵
-
\??\c:\1nbttn.exec:\1nbttn.exe212⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe213⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe214⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe215⤵
-
\??\c:\1fxflfr.exec:\1fxflfr.exe216⤵
-
\??\c:\5nbtbh.exec:\5nbtbh.exe217⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe218⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe219⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe220⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe221⤵
-
\??\c:\3xrflxf.exec:\3xrflxf.exe222⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe223⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe224⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe225⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe226⤵
-
\??\c:\fxllxrx.exec:\fxllxrx.exe227⤵
-
\??\c:\lfflllx.exec:\lfflllx.exe228⤵
-
\??\c:\5bnnth.exec:\5bnnth.exe229⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe230⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe231⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe232⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe233⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe234⤵
-
\??\c:\3bthbh.exec:\3bthbh.exe235⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe236⤵
-
\??\c:\1dppv.exec:\1dppv.exe237⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe238⤵
-
\??\c:\rlfxffr.exec:\rlfxffr.exe239⤵
-
\??\c:\fxrfffl.exec:\fxrfffl.exe240⤵
-
\??\c:\9hbhtt.exec:\9hbhtt.exe241⤵