Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 17:37
General
-
Target
1e76bdd34c2c5cdb856f553a5e94ab20_NeikiAnalytics.exe
-
Size
73KB
-
MD5
1e76bdd34c2c5cdb856f553a5e94ab20
-
SHA1
430da44c0565658f5afc6925e5ad5ba17a82af54
-
SHA256
facc18ccdbdb9f07703e246b04f55320d53caa593132bde21758d3c0b6da330d
-
SHA512
2f23036eab7b9948517fa080f0ec5f29d908ae58d0f48c7e8ffebc1511438a18fe7d7da5c1fb79a36d329b53461d45ce7927e3423f5c0fb59e30151ebe9c7eff
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJI:ymb3NkkiQ3mdBjFIwsDhbNG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e76bdd34c2c5cdb856f553a5e94ab20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1e76bdd34c2c5cdb856f553a5e94ab20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtt.exec:\btbhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdpv.exec:\7pdpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfllrf.exec:\9lfllrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbbt.exec:\htnbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdd.exec:\3djdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfxxlx.exec:\1rfxxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvd.exec:\djvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxflfr.exec:\frxflfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbnn.exec:\bnhbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtn.exec:\tnbhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfrxll.exec:\5rfrxll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfrrfx.exec:\1rfrrfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhhn.exec:\bnbhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe17⤵
- Executes dropped EXE
-
\??\c:\lxllrrx.exec:\lxllrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\ffrxxfl.exec:\ffrxxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\thnbbb.exec:\thnbbb.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbttb.exec:\tnbttb.exe21⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\5xrrrrl.exec:\5xrrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\9lffrrx.exec:\9lffrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\hbnhnt.exec:\hbnhnt.exe26⤵
- Executes dropped EXE
-
\??\c:\3jvpd.exec:\3jvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\5lrxlrx.exec:\5lrxlrx.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrlllr.exec:\xlrlllr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhnbn.exec:\nnhnbn.exe30⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\xrflrll.exec:\xrflrll.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhhbh.exec:\bbhhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\5bntbt.exec:\5bntbt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe38⤵
- Executes dropped EXE
-
\??\c:\9htbht.exec:\9htbht.exe39⤵
- Executes dropped EXE
-
\??\c:\htbtbt.exec:\htbtbt.exe40⤵
- Executes dropped EXE
-
\??\c:\3djjd.exec:\3djjd.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxlxlx.exec:\fxxlxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbhtn.exec:\bnbhtn.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe47⤵
- Executes dropped EXE
-
\??\c:\9llxllr.exec:\9llxllr.exe48⤵
- Executes dropped EXE
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\5jvjj.exec:\5jvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe55⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe56⤵
- Executes dropped EXE
-
\??\c:\7ntttb.exec:\7ntttb.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxxxxx.exec:\rfxxxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlxxfl.exec:\rrlxxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbnbn.exec:\tnbnbn.exe62⤵
- Executes dropped EXE
-
\??\c:\3thntn.exec:\3thntn.exe63⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe64⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe65⤵
- Executes dropped EXE
-
\??\c:\1lllfll.exec:\1lllfll.exe66⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe67⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe68⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe69⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe70⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe71⤵
-
\??\c:\xxlxrfl.exec:\xxlxrfl.exe72⤵
-
\??\c:\bntbhb.exec:\bntbhb.exe73⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe74⤵
-
\??\c:\dvppp.exec:\dvppp.exe75⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe76⤵
-
\??\c:\xlllllr.exec:\xlllllr.exe77⤵
-
\??\c:\bntbht.exec:\bntbht.exe78⤵
-
\??\c:\3tbbhn.exec:\3tbbhn.exe79⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe80⤵
-
\??\c:\dpddd.exec:\dpddd.exe81⤵
-
\??\c:\1rfrrrr.exec:\1rfrrrr.exe82⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe83⤵
-
\??\c:\fxxxffl.exec:\fxxxffl.exe84⤵
-
\??\c:\nbnbnt.exec:\nbnbnt.exe85⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe86⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe87⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe88⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe89⤵
-
\??\c:\1lrxllx.exec:\1lrxllx.exe90⤵
-
\??\c:\7ttbnn.exec:\7ttbnn.exe91⤵
-
\??\c:\tbbntt.exec:\tbbntt.exe92⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe93⤵
-
\??\c:\frxflrf.exec:\frxflrf.exe94⤵
-
\??\c:\1httbb.exec:\1httbb.exe95⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe96⤵
-
\??\c:\rflfflr.exec:\rflfflr.exe97⤵
-
\??\c:\xlrflrf.exec:\xlrflrf.exe98⤵
-
\??\c:\bbbbbt.exec:\bbbbbt.exe99⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe100⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe101⤵
-
\??\c:\3jpdj.exec:\3jpdj.exe102⤵
-
\??\c:\xrfrrxf.exec:\xrfrrxf.exe103⤵
-
\??\c:\xllrfxr.exec:\xllrfxr.exe104⤵
-
\??\c:\9rxfrfl.exec:\9rxfrfl.exe105⤵
-
\??\c:\1hhtnh.exec:\1hhtnh.exe106⤵
-
\??\c:\vdppp.exec:\vdppp.exe107⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe108⤵
-
\??\c:\xxflfll.exec:\xxflfll.exe109⤵
-
\??\c:\fffrfff.exec:\fffrfff.exe110⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe111⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe112⤵
-
\??\c:\htbttb.exec:\htbttb.exe113⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe114⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe115⤵
-
\??\c:\5rfxrll.exec:\5rfxrll.exe116⤵
-
\??\c:\3flllrf.exec:\3flllrf.exe117⤵
-
\??\c:\tnnthb.exec:\tnnthb.exe118⤵
-
\??\c:\btttbb.exec:\btttbb.exe119⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe120⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe121⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe122⤵
-
\??\c:\1frxxxx.exec:\1frxxxx.exe123⤵
-
\??\c:\lffrlxf.exec:\lffrlxf.exe124⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe125⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe126⤵
-
\??\c:\djpjj.exec:\djpjj.exe127⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe128⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe129⤵
-
\??\c:\xrxfxfl.exec:\xrxfxfl.exe130⤵
-
\??\c:\tbtbth.exec:\tbtbth.exe131⤵
-
\??\c:\tthnnt.exec:\tthnnt.exe132⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe133⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe134⤵
-
\??\c:\rfxlflr.exec:\rfxlflr.exe135⤵
-
\??\c:\7lffrlr.exec:\7lffrlr.exe136⤵
-
\??\c:\1nbnbh.exec:\1nbnbh.exe137⤵
-
\??\c:\5nbbhh.exec:\5nbbhh.exe138⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe139⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe140⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe141⤵
-
\??\c:\9rfrrxl.exec:\9rfrrxl.exe142⤵
-
\??\c:\frrfrrx.exec:\frrfrrx.exe143⤵
-
\??\c:\thtttn.exec:\thtttn.exe144⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe145⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe146⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe147⤵
-
\??\c:\frrflxf.exec:\frrflxf.exe148⤵
-
\??\c:\3lflxlx.exec:\3lflxlx.exe149⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe150⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe151⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe152⤵
-
\??\c:\3pppp.exec:\3pppp.exe153⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe154⤵
-
\??\c:\lfllflr.exec:\lfllflr.exe155⤵
-
\??\c:\7rrlxxl.exec:\7rrlxxl.exe156⤵
-
\??\c:\3hhnhn.exec:\3hhnhn.exe157⤵
-
\??\c:\1hbtbb.exec:\1hbtbb.exe158⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe159⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe160⤵
-
\??\c:\1djdj.exec:\1djdj.exe161⤵
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe162⤵
-
\??\c:\9lxfflr.exec:\9lxfflr.exe163⤵
-
\??\c:\nthbbn.exec:\nthbbn.exe164⤵
-
\??\c:\hhbhht.exec:\hhbhht.exe165⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe166⤵
-
\??\c:\dpddd.exec:\dpddd.exe167⤵
-
\??\c:\fflrrfl.exec:\fflrrfl.exe168⤵
-
\??\c:\rxllrxr.exec:\rxllrxr.exe169⤵
-
\??\c:\bbthth.exec:\bbthth.exe170⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe171⤵
-
\??\c:\9dddd.exec:\9dddd.exe172⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe173⤵
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe174⤵
-
\??\c:\rflxfff.exec:\rflxfff.exe175⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe176⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe177⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe178⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe179⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe180⤵
-
\??\c:\fxllrff.exec:\fxllrff.exe181⤵
-
\??\c:\frrrfll.exec:\frrrfll.exe182⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe183⤵
-
\??\c:\5hthnt.exec:\5hthnt.exe184⤵
-
\??\c:\pdppp.exec:\pdppp.exe185⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe186⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe187⤵
-
\??\c:\frffllr.exec:\frffllr.exe188⤵
-
\??\c:\5frllfl.exec:\5frllfl.exe189⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe190⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe191⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe192⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe193⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe194⤵
-
\??\c:\flrrxxf.exec:\flrrxxf.exe195⤵
-
\??\c:\rlxflfl.exec:\rlxflfl.exe196⤵
-
\??\c:\1lxxrxx.exec:\1lxxrxx.exe197⤵
-
\??\c:\5hhhnt.exec:\5hhhnt.exe198⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe199⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe200⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe201⤵
-
\??\c:\5rfflrx.exec:\5rfflrx.exe202⤵
-
\??\c:\lfrlrxx.exec:\lfrlrxx.exe203⤵
-
\??\c:\5nbnnh.exec:\5nbnnh.exe204⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe205⤵
-
\??\c:\lfrrxfr.exec:\lfrrxfr.exe206⤵
-
\??\c:\9hthht.exec:\9hthht.exe207⤵
-
\??\c:\7htnhn.exec:\7htnhn.exe208⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe209⤵
-
\??\c:\djvdd.exec:\djvdd.exe210⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe211⤵
-
\??\c:\5lflrxx.exec:\5lflrxx.exe212⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe213⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe214⤵
-
\??\c:\btthht.exec:\btthht.exe215⤵
-
\??\c:\vddvd.exec:\vddvd.exe216⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe217⤵
-
\??\c:\lfrxlxl.exec:\lfrxlxl.exe218⤵
-
\??\c:\xlrrrlr.exec:\xlrrrlr.exe219⤵
-
\??\c:\frxxlfr.exec:\frxxlfr.exe220⤵
-
\??\c:\3htnbt.exec:\3htnbt.exe221⤵
-
\??\c:\nthnht.exec:\nthnht.exe222⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe223⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe224⤵
-
\??\c:\xllfllr.exec:\xllfllr.exe225⤵
-
\??\c:\flrlrrl.exec:\flrlrrl.exe226⤵
-
\??\c:\bntntn.exec:\bntntn.exe227⤵
-
\??\c:\3nttbh.exec:\3nttbh.exe228⤵
-
\??\c:\pdppd.exec:\pdppd.exe229⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe230⤵
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe231⤵
-
\??\c:\frrrxxr.exec:\frrrxxr.exe232⤵
-
\??\c:\frfffff.exec:\frfffff.exe233⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe234⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe235⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe236⤵
-
\??\c:\xffxxlr.exec:\xffxxlr.exe237⤵
-
\??\c:\rlrrrlr.exec:\rlrrrlr.exe238⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe239⤵
-
\??\c:\7hhtbb.exec:\7hhtbb.exe240⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe241⤵