Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
18-05-2024 17:16
General
-
Target
194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe
-
Size
244KB
-
MD5
194b2a684f3f440fcb70ebb8db52ca40
-
SHA1
09b152d2400d251b64e87b468e4d4bcfe7412a54
-
SHA256
bd9dc7b03ffe1e75895f5e7c8d345a9834f3daa8a87f5d0043b7cd0008afa03b
-
SHA512
8343b3c0285fb49467dccc2dc43e0fce13a1b0f3453cb6b295f736761634354e285fe32d7f624c178448754643fd055a09600fae5bad5918300ab40ce2cbee15
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFR2:n3C9uD6AUDCa4NYmR2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnt.exec:\nhnbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdp.exec:\5dpdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlxl.exec:\llfrlxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrrf.exec:\rlffrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbh.exec:\nhntbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvdj.exec:\7pvdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflrl.exec:\fxlflrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddp.exec:\1pddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxllr.exec:\xrxxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tntbb.exec:\7tntbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxflx.exec:\lfrxflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhntb.exec:\5nhntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbb.exec:\bhntbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjp.exec:\1pdjp.exe17⤵
- Executes dropped EXE
-
\??\c:\fxllxlx.exec:\fxllxlx.exe18⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe19⤵
- Executes dropped EXE
-
\??\c:\ntnhnh.exec:\ntnhnh.exe20⤵
- Executes dropped EXE
-
\??\c:\5jpvv.exec:\5jpvv.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\9rlrfll.exec:\9rlrfll.exe23⤵
- Executes dropped EXE
-
\??\c:\7vppp.exec:\7vppp.exe24⤵
- Executes dropped EXE
-
\??\c:\llflxxl.exec:\llflxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe27⤵
- Executes dropped EXE
-
\??\c:\7djvd.exec:\7djvd.exe28⤵
- Executes dropped EXE
-
\??\c:\9xflxxx.exec:\9xflxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\5tbhnh.exec:\5tbhnh.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\9rxrrrr.exec:\9rxrrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe35⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\xxxlrxr.exec:\xxxlrxr.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxflll.exec:\rlxflll.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\frxrffl.exec:\frxrffl.exe43⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\5vdvj.exec:\5vdvj.exe46⤵
- Executes dropped EXE
-
\??\c:\rrlrflr.exec:\rrlrflr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\bntntn.exec:\bntntn.exe49⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\rflfxfl.exec:\rflfxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\1bnthn.exec:\1bnthn.exe53⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe54⤵
- Executes dropped EXE
-
\??\c:\7dpjj.exec:\7dpjj.exe55⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe56⤵
- Executes dropped EXE
-
\??\c:\rrlxlrx.exec:\rrlxlrx.exe57⤵
- Executes dropped EXE
-
\??\c:\5fxfxfl.exec:\5fxfxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\nnnhbh.exec:\nnnhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\5ntbhn.exec:\5ntbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\5xlrflx.exec:\5xlrflx.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxfxxl.exec:\fxxfxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\tbthth.exec:\tbthth.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe66⤵
-
\??\c:\1vjpd.exec:\1vjpd.exe67⤵
-
\??\c:\7xrxllx.exec:\7xrxllx.exe68⤵
-
\??\c:\fxflrxl.exec:\fxflrxl.exe69⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe70⤵
-
\??\c:\bbthth.exec:\bbthth.exe71⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe72⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe73⤵
-
\??\c:\lllxlrx.exec:\lllxlrx.exe74⤵
-
\??\c:\nnntbn.exec:\nnntbn.exe75⤵
-
\??\c:\7hhbhh.exec:\7hhbhh.exe76⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe77⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe78⤵
-
\??\c:\3xrlrrx.exec:\3xrlrrx.exe79⤵
-
\??\c:\lrfrffr.exec:\lrfrffr.exe80⤵
-
\??\c:\7hhtbh.exec:\7hhtbh.exe81⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe82⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe83⤵
-
\??\c:\fxrrlrf.exec:\fxrrlrf.exe84⤵
-
\??\c:\9bhtbh.exec:\9bhtbh.exe85⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe86⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe87⤵
-
\??\c:\dddvd.exec:\dddvd.exe88⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe89⤵
-
\??\c:\llflrlx.exec:\llflrlx.exe90⤵
-
\??\c:\ffflflf.exec:\ffflflf.exe91⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe92⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe93⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe94⤵
-
\??\c:\3rxfllf.exec:\3rxfllf.exe95⤵
-
\??\c:\xrflffr.exec:\xrflffr.exe96⤵
-
\??\c:\hbnttn.exec:\hbnttn.exe97⤵
-
\??\c:\7ntnnn.exec:\7ntnnn.exe98⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe99⤵
-
\??\c:\vvppd.exec:\vvppd.exe100⤵
-
\??\c:\rlfrlrl.exec:\rlfrlrl.exe101⤵
-
\??\c:\frxxfff.exec:\frxxfff.exe102⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe103⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe104⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe105⤵
-
\??\c:\fxrxrrx.exec:\fxrxrrx.exe106⤵
-
\??\c:\rlxlxlr.exec:\rlxlxlr.exe107⤵
-
\??\c:\tttttb.exec:\tttttb.exe108⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe109⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe110⤵
-
\??\c:\3frffff.exec:\3frffff.exe111⤵
-
\??\c:\rfxxlfl.exec:\rfxxlfl.exe112⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe113⤵
-
\??\c:\5thntb.exec:\5thntb.exe114⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe115⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe116⤵
-
\??\c:\9lrfxxf.exec:\9lrfxxf.exe117⤵
-
\??\c:\5xrflrx.exec:\5xrflrx.exe118⤵
-
\??\c:\9thbhb.exec:\9thbhb.exe119⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe120⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe121⤵
-
\??\c:\9lffflr.exec:\9lffflr.exe122⤵
-
\??\c:\3lrxxxf.exec:\3lrxxxf.exe123⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe124⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe125⤵
-
\??\c:\jddjv.exec:\jddjv.exe126⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe127⤵
-
\??\c:\9fxflrx.exec:\9fxflrx.exe128⤵
-
\??\c:\7fflrlx.exec:\7fflrlx.exe129⤵
-
\??\c:\9htbbn.exec:\9htbbn.exe130⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe131⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe132⤵
-
\??\c:\3vvpv.exec:\3vvpv.exe133⤵
-
\??\c:\xrxfrrf.exec:\xrxfrrf.exe134⤵
-
\??\c:\rxfxxrf.exec:\rxfxxrf.exe135⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe136⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe137⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe138⤵
-
\??\c:\djjdd.exec:\djjdd.exe139⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe140⤵
-
\??\c:\hthnbt.exec:\hthnbt.exe141⤵
-
\??\c:\hnbhhh.exec:\hnbhhh.exe142⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe143⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe144⤵
-
\??\c:\9frlllx.exec:\9frlllx.exe145⤵
-
\??\c:\lfrrflf.exec:\lfrrflf.exe146⤵
-
\??\c:\tnhnbt.exec:\tnhnbt.exe147⤵
-
\??\c:\tnthth.exec:\tnthth.exe148⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe149⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe150⤵
-
\??\c:\rlrxxxx.exec:\rlrxxxx.exe151⤵
-
\??\c:\xxfrlrx.exec:\xxfrlrx.exe152⤵
-
\??\c:\5bhhhb.exec:\5bhhhb.exe153⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe154⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe155⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe156⤵
-
\??\c:\xrxxrxf.exec:\xrxxrxf.exe157⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe158⤵
-
\??\c:\3bnttn.exec:\3bnttn.exe159⤵
-
\??\c:\vpddj.exec:\vpddj.exe160⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe161⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe162⤵
-
\??\c:\3fllrll.exec:\3fllrll.exe163⤵
-
\??\c:\thhhnn.exec:\thhhnn.exe164⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe165⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe166⤵
-
\??\c:\1fxrxxr.exec:\1fxrxxr.exe167⤵
-
\??\c:\7rlrxlx.exec:\7rlrxlx.exe168⤵
-
\??\c:\thttbt.exec:\thttbt.exe169⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe170⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe171⤵
-
\??\c:\dppvv.exec:\dppvv.exe172⤵
-
\??\c:\fxrxxxf.exec:\fxrxxxf.exe173⤵
-
\??\c:\llxfllx.exec:\llxfllx.exe174⤵
-
\??\c:\ttbhnt.exec:\ttbhnt.exe175⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe176⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe177⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe178⤵
-
\??\c:\fxrfrlr.exec:\fxrfrlr.exe179⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe180⤵
-
\??\c:\9hbhhb.exec:\9hbhhb.exe181⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe182⤵
-
\??\c:\frxxlrx.exec:\frxxlrx.exe183⤵
-
\??\c:\fxlrfll.exec:\fxlrfll.exe184⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe185⤵
-
\??\c:\1hhbbh.exec:\1hhbbh.exe186⤵
-
\??\c:\5vjjp.exec:\5vjjp.exe187⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe188⤵
-
\??\c:\1rxrxrx.exec:\1rxrxrx.exe189⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe190⤵
-
\??\c:\httnhh.exec:\httnhh.exe191⤵
-
\??\c:\9ppdv.exec:\9ppdv.exe192⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe193⤵
-
\??\c:\lxlxxfr.exec:\lxlxxfr.exe194⤵
-
\??\c:\lflfffl.exec:\lflfffl.exe195⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe196⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe197⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe198⤵
-
\??\c:\xrfxlxx.exec:\xrfxlxx.exe199⤵
-
\??\c:\fxlxrfr.exec:\fxlxrfr.exe200⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe201⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe202⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe203⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe204⤵
-
\??\c:\lflrrxf.exec:\lflrrxf.exe205⤵
-
\??\c:\lxfllff.exec:\lxfllff.exe206⤵
-
\??\c:\nbnbbh.exec:\nbnbbh.exe207⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe208⤵
-
\??\c:\vppdv.exec:\vppdv.exe209⤵
-
\??\c:\xlrlfll.exec:\xlrlfll.exe210⤵
-
\??\c:\frrffff.exec:\frrffff.exe211⤵
-
\??\c:\9nbhtn.exec:\9nbhtn.exe212⤵
-
\??\c:\1nnhhb.exec:\1nnhhb.exe213⤵
-
\??\c:\dppjp.exec:\dppjp.exe214⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe215⤵
-
\??\c:\1xlfrrf.exec:\1xlfrrf.exe216⤵
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe217⤵
-
\??\c:\htnthn.exec:\htnthn.exe218⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe219⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe220⤵
-
\??\c:\flxffff.exec:\flxffff.exe221⤵
-
\??\c:\xrrfffl.exec:\xrrfffl.exe222⤵
-
\??\c:\9ntbnb.exec:\9ntbnb.exe223⤵
-
\??\c:\9bhntt.exec:\9bhntt.exe224⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe225⤵
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe226⤵
-
\??\c:\lxxxffl.exec:\lxxxffl.exe227⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe228⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe229⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe230⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe231⤵
-
\??\c:\llflllx.exec:\llflllx.exe232⤵
-
\??\c:\llxxlrf.exec:\llxxlrf.exe233⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe234⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe235⤵
-
\??\c:\jpppp.exec:\jpppp.exe236⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe237⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe238⤵
-
\??\c:\httbtb.exec:\httbtb.exe239⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe240⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe241⤵