Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
18-05-2024 17:42
General
-
Target
1f90e1ef7c3edcb1d265cff7bad29450_NeikiAnalytics.exe
-
Size
361KB
-
MD5
1f90e1ef7c3edcb1d265cff7bad29450
-
SHA1
88c1a1b14fe6afd34dac05349844b42beb0f58b1
-
SHA256
f4d64914326bc7951b179c515497186a6f9136e21eb4597918dcabe896b7db5d
-
SHA512
07cd2636d3a7107d9e6eb3c19bb3b0be76b1cea4f3557855548aeedfb1e44fb08c2259d830d3d6c9291106cec3b92d44a346be73d555d23ee5df0d9ceae49319
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7O/:n3C9uYA71kSMu08px7g
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f90e1ef7c3edcb1d265cff7bad29450_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1f90e1ef7c3edcb1d265cff7bad29450_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thttnh.exec:\thttnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbtt.exec:\3hhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrffl.exec:\fxlrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbt.exec:\thtbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjp.exec:\vjvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfffl.exec:\xrxfffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhb.exec:\nbhbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfllr.exec:\frrfllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbnh.exec:\hbnbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxflr.exec:\fxrxflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvd.exec:\7pdvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlfff.exec:\7lrlfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttn.exec:\btbttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttbt.exec:\hnttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\frffrxl.exec:\frffrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\nbnntb.exec:\nbnntb.exe19⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe20⤵
- Executes dropped EXE
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\3hbhnb.exec:\3hbhnb.exe22⤵
- Executes dropped EXE
-
\??\c:\7jvjp.exec:\7jvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\lfrxlrl.exec:\lfrxlrl.exe24⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5vdjj.exec:\5vdjj.exe26⤵
- Executes dropped EXE
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe30⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe31⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\7thttt.exec:\7thttt.exe33⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxfxrl.exec:\ffxfxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\xllrxrf.exec:\xllrxrf.exe36⤵
- Executes dropped EXE
-
\??\c:\3thhbb.exec:\3thhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\9jvpp.exec:\9jvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\7xllflr.exec:\7xllflr.exe40⤵
- Executes dropped EXE
-
\??\c:\3bbbbh.exec:\3bbbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe42⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe43⤵
- Executes dropped EXE
-
\??\c:\3rfflfr.exec:\3rfflfr.exe44⤵
- Executes dropped EXE
-
\??\c:\lffxxrf.exec:\lffxxrf.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhtnn.exec:\bhhtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlllrr.exec:\fxlllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxllll.exec:\lrxllll.exe50⤵
- Executes dropped EXE
-
\??\c:\3bbtbb.exec:\3bbtbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\5xffrrr.exec:\5xffrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrrffl.exec:\rfrrffl.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe56⤵
- Executes dropped EXE
-
\??\c:\7pppd.exec:\7pppd.exe57⤵
- Executes dropped EXE
-
\??\c:\7vdpj.exec:\7vdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxllllf.exec:\lxllllf.exe59⤵
- Executes dropped EXE
-
\??\c:\rflllxx.exec:\rflllxx.exe60⤵
- Executes dropped EXE
-
\??\c:\hntnnb.exec:\hntnnb.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe63⤵
- Executes dropped EXE
-
\??\c:\7xlffff.exec:\7xlffff.exe64⤵
- Executes dropped EXE
-
\??\c:\9fxxxxf.exec:\9fxxxxf.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbbhh.exec:\tbbbhh.exe66⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe67⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe68⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe69⤵
-
\??\c:\9frlrrr.exec:\9frlrrr.exe70⤵
-
\??\c:\hthbhn.exec:\hthbhn.exe71⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe72⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe73⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe74⤵
-
\??\c:\rlrrflr.exec:\rlrrflr.exe75⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe76⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe77⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe78⤵
-
\??\c:\jvddd.exec:\jvddd.exe79⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe80⤵
-
\??\c:\7ffxrlr.exec:\7ffxrlr.exe81⤵
-
\??\c:\thnttt.exec:\thnttt.exe82⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe83⤵
-
\??\c:\djjjp.exec:\djjjp.exe84⤵
-
\??\c:\1frrrxf.exec:\1frrrxf.exe85⤵
-
\??\c:\5xffffl.exec:\5xffffl.exe86⤵
-
\??\c:\nhnthb.exec:\nhnthb.exe87⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe88⤵
-
\??\c:\vpddd.exec:\vpddd.exe89⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe90⤵
-
\??\c:\lfllfrx.exec:\lfllfrx.exe91⤵
-
\??\c:\xfrrfxf.exec:\xfrrfxf.exe92⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe93⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe94⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe95⤵
-
\??\c:\3frxrfl.exec:\3frxrfl.exe96⤵
-
\??\c:\flxrrlr.exec:\flxrrlr.exe97⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe98⤵
-
\??\c:\7bhnnh.exec:\7bhnnh.exe99⤵
-
\??\c:\9djdp.exec:\9djdp.exe100⤵
-
\??\c:\1lxxxxx.exec:\1lxxxxx.exe101⤵
-
\??\c:\rlffrxr.exec:\rlffrxr.exe102⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe103⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe104⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe105⤵
-
\??\c:\frfllff.exec:\frfllff.exe106⤵
-
\??\c:\ffxxffr.exec:\ffxxffr.exe107⤵
-
\??\c:\htttbb.exec:\htttbb.exe108⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe109⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe110⤵
-
\??\c:\xrrrfxf.exec:\xrrrfxf.exe111⤵
-
\??\c:\frflllr.exec:\frflllr.exe112⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe113⤵
-
\??\c:\5ntttb.exec:\5ntttb.exe114⤵
-
\??\c:\ppddj.exec:\ppddj.exe115⤵
-
\??\c:\9lrlrxf.exec:\9lrlrxf.exe116⤵
-
\??\c:\frffrll.exec:\frffrll.exe117⤵
-
\??\c:\7hnnht.exec:\7hnnht.exe118⤵
-
\??\c:\3hnhhb.exec:\3hnhhb.exe119⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe120⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe121⤵
-
\??\c:\rxllrrr.exec:\rxllrrr.exe122⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe123⤵
-
\??\c:\bththn.exec:\bththn.exe124⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe125⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe126⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe127⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe128⤵
-
\??\c:\5hnhnh.exec:\5hnhnh.exe129⤵
-
\??\c:\thhnnh.exec:\thhnnh.exe130⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe131⤵
-
\??\c:\1ffxxxf.exec:\1ffxxxf.exe132⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe133⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe134⤵
-
\??\c:\5ttnnh.exec:\5ttnnh.exe135⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe136⤵
-
\??\c:\xxxxrfr.exec:\xxxxrfr.exe137⤵
-
\??\c:\xllrxfl.exec:\xllrxfl.exe138⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe139⤵
-
\??\c:\hnbhhb.exec:\hnbhhb.exe140⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe141⤵
-
\??\c:\9ffxrfr.exec:\9ffxrfr.exe142⤵
-
\??\c:\7xrfxxl.exec:\7xrfxxl.exe143⤵
-
\??\c:\1btnhn.exec:\1btnhn.exe144⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe145⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe146⤵
-
\??\c:\xrxfrfl.exec:\xrxfrfl.exe147⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe148⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe149⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe150⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe151⤵
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe152⤵
-
\??\c:\frxxlxf.exec:\frxxlxf.exe153⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe154⤵
-
\??\c:\jdppv.exec:\jdppv.exe155⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe156⤵
-
\??\c:\flfxflx.exec:\flfxflx.exe157⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe158⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe159⤵
-
\??\c:\lxffffl.exec:\lxffffl.exe160⤵
-
\??\c:\htnntt.exec:\htnntt.exe161⤵
-
\??\c:\jddjj.exec:\jddjj.exe162⤵
-
\??\c:\rrfflxl.exec:\rrfflxl.exe163⤵
-
\??\c:\frfxffr.exec:\frfxffr.exe164⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe165⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe166⤵
-
\??\c:\dppvj.exec:\dppvj.exe167⤵
-
\??\c:\rfxfrxf.exec:\rfxfrxf.exe168⤵
-
\??\c:\rfrflrf.exec:\rfrflrf.exe169⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe170⤵
-
\??\c:\pjddj.exec:\pjddj.exe171⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe172⤵
-
\??\c:\1xxxflr.exec:\1xxxflr.exe173⤵
-
\??\c:\rlxflxf.exec:\rlxflxf.exe174⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe175⤵
-
\??\c:\1jvdv.exec:\1jvdv.exe176⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe177⤵
-
\??\c:\llllxxr.exec:\llllxxr.exe178⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe179⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe180⤵
-
\??\c:\1vdjp.exec:\1vdjp.exe181⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe182⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe183⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe184⤵
-
\??\c:\thhbth.exec:\thhbth.exe185⤵
-
\??\c:\vvddj.exec:\vvddj.exe186⤵
-
\??\c:\xrflfrl.exec:\xrflfrl.exe187⤵
-
\??\c:\rllrxrf.exec:\rllrxrf.exe188⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe189⤵
-
\??\c:\5pddj.exec:\5pddj.exe190⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe191⤵
-
\??\c:\ffrrflx.exec:\ffrrflx.exe192⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe193⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe194⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe195⤵
-
\??\c:\jdppv.exec:\jdppv.exe196⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe197⤵
-
\??\c:\rrlrffx.exec:\rrlrffx.exe198⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe199⤵
-
\??\c:\tnthnn.exec:\tnthnn.exe200⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe201⤵
-
\??\c:\lflrrxx.exec:\lflrrxx.exe202⤵
-
\??\c:\fxrxffl.exec:\fxrxffl.exe203⤵
-
\??\c:\bnbhnh.exec:\bnbhnh.exe204⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe205⤵
-
\??\c:\vpddd.exec:\vpddd.exe206⤵
-
\??\c:\rffxxff.exec:\rffxxff.exe207⤵
-
\??\c:\hthnnn.exec:\hthnnn.exe208⤵
-
\??\c:\9bnttb.exec:\9bnttb.exe209⤵
-
\??\c:\dpppj.exec:\dpppj.exe210⤵
-
\??\c:\lffrlff.exec:\lffrlff.exe211⤵
-
\??\c:\llxlxfr.exec:\llxlxfr.exe212⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe213⤵
-
\??\c:\hbthth.exec:\hbthth.exe214⤵
-
\??\c:\vvppv.exec:\vvppv.exe215⤵
-
\??\c:\flxrxrx.exec:\flxrxrx.exe216⤵
-
\??\c:\lxffllr.exec:\lxffllr.exe217⤵
-
\??\c:\5bhnnh.exec:\5bhnnh.exe218⤵
-
\??\c:\hnbnhn.exec:\hnbnhn.exe219⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe220⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe221⤵
-
\??\c:\lflrxxx.exec:\lflrxxx.exe222⤵
-
\??\c:\hthntt.exec:\hthntt.exe223⤵
-
\??\c:\1djpd.exec:\1djpd.exe224⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe225⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe226⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe227⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe228⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe229⤵
-
\??\c:\7pjvv.exec:\7pjvv.exe230⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe231⤵
-
\??\c:\hbnhnt.exec:\hbnhnt.exe232⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe233⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe234⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe235⤵
-
\??\c:\frlrxxf.exec:\frlrxxf.exe236⤵
-
\??\c:\5hnbbt.exec:\5hnbbt.exe237⤵
-
\??\c:\ppddv.exec:\ppddv.exe238⤵
-
\??\c:\jvddv.exec:\jvddv.exe239⤵
-
\??\c:\xlrrxxr.exec:\xlrrxxr.exe240⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe241⤵