Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 18:11
General
-
Target
26d3ca5b922cb72bf00be62db283ccf0_NeikiAnalytics.exe
-
Size
246KB
-
MD5
26d3ca5b922cb72bf00be62db283ccf0
-
SHA1
0def954ff0c0cd3d66b4e9718905aa8d4a46650a
-
SHA256
a82bd72c892db8132aac4f4d9c31976a001bf1921ed573cdb2641f6211fa15aa
-
SHA512
a584c52306cd2c4a2dcf594d405454766985e96400408df61f60fee647e16993120710523bfd1f4be5c68aa8efb4008aa886ba96aa040d90aa3341f9dc076ac2
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR1G:n3C9BRo7MlrWKo+lxtvGt1G
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\26d3ca5b922cb72bf00be62db283ccf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\26d3ca5b922cb72bf00be62db283ccf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjjp.exec:\9vjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlrlr.exec:\xlxlrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbt.exec:\hbnnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdd.exec:\vpvdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxlrrf.exec:\3xxlrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpdj.exec:\1vpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhntt.exec:\nhhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppvd.exec:\7ppvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjd.exec:\pjdjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthbh.exec:\nhthbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhb.exec:\tnbbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe17⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe18⤵
- Executes dropped EXE
-
\??\c:\3xlfrxf.exec:\3xlfrxf.exe19⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe20⤵
- Executes dropped EXE
-
\??\c:\lflxrfr.exec:\lflxrfr.exe21⤵
- Executes dropped EXE
-
\??\c:\bbhtnb.exec:\bbhtnb.exe22⤵
- Executes dropped EXE
-
\??\c:\5nbtbb.exec:\5nbtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe24⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\nnnntb.exec:\nnnntb.exe26⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe27⤵
- Executes dropped EXE
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\7hbhht.exec:\7hbhht.exe29⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe30⤵
- Executes dropped EXE
-
\??\c:\rlllrrf.exec:\rlllrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\rlflflf.exec:\rlflflf.exe32⤵
- Executes dropped EXE
-
\??\c:\9bbbtb.exec:\9bbbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\3ddjp.exec:\3ddjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrfxfll.exec:\xrfxfll.exe36⤵
- Executes dropped EXE
-
\??\c:\rrffrxr.exec:\rrffrxr.exe37⤵
- Executes dropped EXE
-
\??\c:\9thttb.exec:\9thttb.exe38⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\ffflffr.exec:\ffflffr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlrffx.exec:\fxlrffx.exe42⤵
- Executes dropped EXE
-
\??\c:\7hbbht.exec:\7hbbht.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbnbn.exec:\hbbnbn.exe44⤵
- Executes dropped EXE
-
\??\c:\5vpdj.exec:\5vpdj.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xrffffr.exec:\xrffffr.exe47⤵
- Executes dropped EXE
-
\??\c:\bbthbh.exec:\bbthbh.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe51⤵
- Executes dropped EXE
-
\??\c:\lxxfxlr.exec:\lxxfxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\ntbntt.exec:\ntbntt.exe53⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe54⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe56⤵
- Executes dropped EXE
-
\??\c:\1lfrrrx.exec:\1lfrrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe58⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe59⤵
- Executes dropped EXE
-
\??\c:\3pdjv.exec:\3pdjv.exe60⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe61⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe62⤵
- Executes dropped EXE
-
\??\c:\9xxxlrr.exec:\9xxxlrr.exe63⤵
- Executes dropped EXE
-
\??\c:\5hhnbn.exec:\5hhnbn.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe66⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe67⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe68⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe69⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe70⤵
-
\??\c:\9dpdp.exec:\9dpdp.exe71⤵
-
\??\c:\rllrflf.exec:\rllrflf.exe72⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe73⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe74⤵
-
\??\c:\dvppd.exec:\dvppd.exe75⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe76⤵
-
\??\c:\frflrrf.exec:\frflrrf.exe77⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe78⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe79⤵
-
\??\c:\3pjpj.exec:\3pjpj.exe80⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe81⤵
-
\??\c:\rrlxfrf.exec:\rrlxfrf.exe82⤵
-
\??\c:\7nnnht.exec:\7nnnht.exe83⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe84⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe85⤵
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe86⤵
-
\??\c:\1rffllf.exec:\1rffllf.exe87⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe88⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe89⤵
-
\??\c:\7lrxxxl.exec:\7lrxxxl.exe90⤵
-
\??\c:\xxxxlrl.exec:\xxxxlrl.exe91⤵
-
\??\c:\btntbb.exec:\btntbb.exe92⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe93⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe94⤵
-
\??\c:\xxfrxlr.exec:\xxfrxlr.exe95⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe96⤵
-
\??\c:\hbnbbn.exec:\hbnbbn.exe97⤵
-
\??\c:\9hbnbt.exec:\9hbnbt.exe98⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe99⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe100⤵
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe101⤵
-
\??\c:\hhbtnb.exec:\hhbtnb.exe102⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe103⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe104⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe105⤵
-
\??\c:\lflllrx.exec:\lflllrx.exe106⤵
-
\??\c:\fflflxl.exec:\fflflxl.exe107⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe108⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe109⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe110⤵
-
\??\c:\7xflxlx.exec:\7xflxlx.exe111⤵
-
\??\c:\9llrllf.exec:\9llrllf.exe112⤵
-
\??\c:\9hbhhn.exec:\9hbhhn.exe113⤵
-
\??\c:\1bhbnb.exec:\1bhbnb.exe114⤵
-
\??\c:\1ddjj.exec:\1ddjj.exe115⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe116⤵
-
\??\c:\5xxflrx.exec:\5xxflrx.exe117⤵
-
\??\c:\1fxlxxf.exec:\1fxlxxf.exe118⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe119⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe120⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe121⤵
-
\??\c:\lfrfxxx.exec:\lfrfxxx.exe122⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe123⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe124⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe125⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe126⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe127⤵
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe128⤵
-
\??\c:\bhthhn.exec:\bhthhn.exe129⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe130⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe131⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe132⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe133⤵
-
\??\c:\5ffrrfr.exec:\5ffrrfr.exe134⤵
-
\??\c:\bbhhtb.exec:\bbhhtb.exe135⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe136⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe137⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe138⤵
-
\??\c:\lllrllx.exec:\lllrllx.exe139⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe140⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe141⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe142⤵
-
\??\c:\3rlxlxl.exec:\3rlxlxl.exe143⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe144⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe145⤵
-
\??\c:\9bbntb.exec:\9bbntb.exe146⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe147⤵
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe148⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe149⤵
-
\??\c:\tnhthb.exec:\tnhthb.exe150⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe151⤵
-
\??\c:\7dvjp.exec:\7dvjp.exe152⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe153⤵
-
\??\c:\xrrxfrl.exec:\xrrxfrl.exe154⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe155⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe156⤵
-
\??\c:\vpddp.exec:\vpddp.exe157⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe158⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe159⤵
-
\??\c:\lfxxrxl.exec:\lfxxrxl.exe160⤵
-
\??\c:\bthntb.exec:\bthntb.exe161⤵
-
\??\c:\7tntbn.exec:\7tntbn.exe162⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe163⤵
-
\??\c:\lrllrll.exec:\lrllrll.exe164⤵
-
\??\c:\7xlrxlr.exec:\7xlrxlr.exe165⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe166⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe167⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe168⤵
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe169⤵
-
\??\c:\9bbthn.exec:\9bbthn.exe170⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe171⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe172⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe173⤵
-
\??\c:\3rxffrf.exec:\3rxffrf.exe174⤵
-
\??\c:\llflflr.exec:\llflflr.exe175⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe176⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe177⤵
-
\??\c:\1djvd.exec:\1djvd.exe178⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe179⤵
-
\??\c:\rlxflrr.exec:\rlxflrr.exe180⤵
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe181⤵
-
\??\c:\1thtbh.exec:\1thtbh.exe182⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe183⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe184⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe185⤵
-
\??\c:\lffrfrl.exec:\lffrfrl.exe186⤵
-
\??\c:\bbhtth.exec:\bbhtth.exe187⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe188⤵
-
\??\c:\dpddj.exec:\dpddj.exe189⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe190⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe191⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe192⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe193⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe194⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe195⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe196⤵
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe197⤵
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe198⤵
-
\??\c:\thtttt.exec:\thtttt.exe199⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe200⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe201⤵
-
\??\c:\fffrrff.exec:\fffrrff.exe202⤵
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe203⤵
-
\??\c:\3btbht.exec:\3btbht.exe204⤵
-
\??\c:\jpppd.exec:\jpppd.exe205⤵
-
\??\c:\jdppd.exec:\jdppd.exe206⤵
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe207⤵
-
\??\c:\lllfrrf.exec:\lllfrrf.exe208⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe209⤵
-
\??\c:\htnnbn.exec:\htnnbn.exe210⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe211⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe212⤵
-
\??\c:\xrrrxlr.exec:\xrrrxlr.exe213⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe214⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe215⤵
-
\??\c:\1nhtbh.exec:\1nhtbh.exe216⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe217⤵
-
\??\c:\7xfrlrl.exec:\7xfrlrl.exe218⤵
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe219⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe220⤵
-
\??\c:\jddpd.exec:\jddpd.exe221⤵
-
\??\c:\9vjvd.exec:\9vjvd.exe222⤵
-
\??\c:\rrffflx.exec:\rrffflx.exe223⤵
-
\??\c:\lfrxrff.exec:\lfrxrff.exe224⤵
-
\??\c:\7hbhth.exec:\7hbhth.exe225⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe226⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe227⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe228⤵
-
\??\c:\xxlrfll.exec:\xxlrfll.exe229⤵
-
\??\c:\tbbhbt.exec:\tbbhbt.exe230⤵
-
\??\c:\9hnbht.exec:\9hnbht.exe231⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe232⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe233⤵
-
\??\c:\llffrrr.exec:\llffrrr.exe234⤵
-
\??\c:\btntbh.exec:\btntbh.exe235⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe236⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe237⤵
-
\??\c:\pjddp.exec:\pjddp.exe238⤵
-
\??\c:\1fxflxr.exec:\1fxflxr.exe239⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe240⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe241⤵