Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 18:22
General
-
Target
2963ed62e8506848012aeca7bbb9b4b0_NeikiAnalytics.exe
-
Size
244KB
-
MD5
2963ed62e8506848012aeca7bbb9b4b0
-
SHA1
336f5346d76edbae51577b72b11386348335328d
-
SHA256
bc671f9b02fc13da178dda77874e283d4804c0380a733d4ed984c8c6a970a98c
-
SHA512
a405ff885a9ed5a27c299a787713c9156f043af57381a78eadff29f8c088ec9d78d5aca4e433eea631b9204bb256835132dad76be4e9b0eb71f3de2082a8ca62
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFRX:n3C9uD6AUDCa4NYmRX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2963ed62e8506848012aeca7bbb9b4b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2963ed62e8506848012aeca7bbb9b4b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fflfrx.exec:\7fflfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbntt.exec:\hhbntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxfxx.exec:\frfxfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhntt.exec:\3hhntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrxr.exec:\lllxrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlrx.exec:\rlfxlrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpd.exec:\jjvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpd.exec:\ddjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbth.exec:\bbhbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxrr.exec:\rxllxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbb.exec:\bbhbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbhn.exec:\ttnbhn.exe17⤵
- Executes dropped EXE
-
\??\c:\tththh.exec:\tththh.exe18⤵
- Executes dropped EXE
-
\??\c:\5vjpj.exec:\5vjpj.exe19⤵
- Executes dropped EXE
-
\??\c:\nnbbht.exec:\nnbbht.exe20⤵
- Executes dropped EXE
-
\??\c:\bthbbn.exec:\bthbbn.exe21⤵
- Executes dropped EXE
-
\??\c:\xrffrrf.exec:\xrffrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\7bthnn.exec:\7bthnn.exe23⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe24⤵
- Executes dropped EXE
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\9pdjp.exec:\9pdjp.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbtht.exec:\hhbtht.exe28⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe29⤵
- Executes dropped EXE
-
\??\c:\1xxlxlf.exec:\1xxlxlf.exe30⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfrlrl.exec:\rlfrlrl.exe32⤵
- Executes dropped EXE
-
\??\c:\9hnbtt.exec:\9hnbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe34⤵
- Executes dropped EXE
-
\??\c:\llxxfxr.exec:\llxxfxr.exe35⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1pjpj.exec:\1pjpj.exe38⤵
- Executes dropped EXE
-
\??\c:\9xxlxrl.exec:\9xxlxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\lllrxfr.exec:\lllrxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\hnnbbh.exec:\hnnbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe42⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\7ttbhn.exec:\7ttbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnbht.exec:\bbnbht.exe46⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\lxrfflx.exec:\lxrfflx.exe48⤵
- Executes dropped EXE
-
\??\c:\tbtbbb.exec:\tbtbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbntt.exec:\nnbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xxrlfrx.exec:\xxrlfrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\3nnbnb.exec:\3nnbnb.exe54⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe55⤵
- Executes dropped EXE
-
\??\c:\flffrrl.exec:\flffrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\frlrxrf.exec:\frlrxrf.exe57⤵
- Executes dropped EXE
-
\??\c:\hhnthn.exec:\hhnthn.exe58⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\lllxlll.exec:\lllxlll.exe61⤵
- Executes dropped EXE
-
\??\c:\lflxxff.exec:\lflxxff.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe63⤵
- Executes dropped EXE
-
\??\c:\3jdjp.exec:\3jdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\3vvdj.exec:\3vvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\5rflxxf.exec:\5rflxxf.exe66⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe67⤵
-
\??\c:\7btbtn.exec:\7btbtn.exe68⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe69⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe70⤵
-
\??\c:\xlfffxl.exec:\xlfffxl.exe71⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe72⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe73⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe74⤵
-
\??\c:\fxflffr.exec:\fxflffr.exe75⤵
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe76⤵
-
\??\c:\3tttnt.exec:\3tttnt.exe77⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe78⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe79⤵
-
\??\c:\lfxxxfr.exec:\lfxxxfr.exe80⤵
-
\??\c:\xxlfxll.exec:\xxlfxll.exe81⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe82⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe83⤵
-
\??\c:\dppdj.exec:\dppdj.exe84⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe85⤵
-
\??\c:\3xflrrf.exec:\3xflrrf.exe86⤵
-
\??\c:\rxlffll.exec:\rxlffll.exe87⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe88⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe89⤵
-
\??\c:\fxrflrl.exec:\fxrflrl.exe90⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe91⤵
-
\??\c:\bhntnb.exec:\bhntnb.exe92⤵
-
\??\c:\pddpd.exec:\pddpd.exe93⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe94⤵
-
\??\c:\3xlrlrl.exec:\3xlrlrl.exe95⤵
-
\??\c:\rrxfrxf.exec:\rrxfrxf.exe96⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe97⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe98⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe99⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe100⤵
-
\??\c:\fxflflf.exec:\fxflflf.exe101⤵
-
\??\c:\9nhnhn.exec:\9nhnhn.exe102⤵
-
\??\c:\djvpj.exec:\djvpj.exe103⤵
-
\??\c:\5ddvd.exec:\5ddvd.exe104⤵
-
\??\c:\llxfrlx.exec:\llxfrlx.exe105⤵
-
\??\c:\3hhtbb.exec:\3hhtbb.exe106⤵
-
\??\c:\bbnhhb.exec:\bbnhhb.exe107⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe108⤵
-
\??\c:\rrflxrf.exec:\rrflxrf.exe109⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe110⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe111⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe112⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe113⤵
-
\??\c:\5lfxllr.exec:\5lfxllr.exe114⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe115⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe116⤵
-
\??\c:\bbbnnb.exec:\bbbnnb.exe117⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe118⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe119⤵
-
\??\c:\5rflfrf.exec:\5rflfrf.exe120⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe121⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe122⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe123⤵
-
\??\c:\3frxrfr.exec:\3frxrfr.exe124⤵
-
\??\c:\xrflxlf.exec:\xrflxlf.exe125⤵
-
\??\c:\7nbhhn.exec:\7nbhhn.exe126⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe127⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe128⤵
-
\??\c:\xrflrrl.exec:\xrflrrl.exe129⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe130⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe131⤵
-
\??\c:\nnbnth.exec:\nnbnth.exe132⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe133⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe134⤵
-
\??\c:\xxlrfrf.exec:\xxlrfrf.exe135⤵
-
\??\c:\nnhnnt.exec:\nnhnnt.exe136⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe137⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe138⤵
-
\??\c:\1rllfxf.exec:\1rllfxf.exe139⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe140⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe141⤵
-
\??\c:\llflflf.exec:\llflflf.exe142⤵
-
\??\c:\lxrrffr.exec:\lxrrffr.exe143⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe144⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe145⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe146⤵
-
\??\c:\lffrxfx.exec:\lffrxfx.exe147⤵
-
\??\c:\3rflllr.exec:\3rflllr.exe148⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe149⤵
-
\??\c:\hnhtnt.exec:\hnhtnt.exe150⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe151⤵
-
\??\c:\frlffrx.exec:\frlffrx.exe152⤵
-
\??\c:\thnbht.exec:\thnbht.exe153⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe154⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe155⤵
-
\??\c:\rrfrffx.exec:\rrfrffx.exe156⤵
-
\??\c:\ffxlxrx.exec:\ffxlxrx.exe157⤵
-
\??\c:\5tbhbh.exec:\5tbhbh.exe158⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe159⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe160⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe161⤵
-
\??\c:\fxrrllx.exec:\fxrrllx.exe162⤵
-
\??\c:\5nhbnb.exec:\5nhbnb.exe163⤵
-
\??\c:\hntnnb.exec:\hntnnb.exe164⤵
-
\??\c:\jddpd.exec:\jddpd.exe165⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe166⤵
-
\??\c:\flflxff.exec:\flflxff.exe167⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe168⤵
-
\??\c:\hbbhth.exec:\hbbhth.exe169⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe170⤵
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe171⤵
-
\??\c:\3nthth.exec:\3nthth.exe172⤵
-
\??\c:\9tbhtn.exec:\9tbhtn.exe173⤵
-
\??\c:\9vpjj.exec:\9vpjj.exe174⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe175⤵
-
\??\c:\5nhhbh.exec:\5nhhbh.exe176⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe177⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe178⤵
-
\??\c:\xxfxxll.exec:\xxfxxll.exe179⤵
-
\??\c:\7frxlxx.exec:\7frxlxx.exe180⤵
-
\??\c:\3xflxlr.exec:\3xflxlr.exe181⤵
-
\??\c:\7nnhtb.exec:\7nnhtb.exe182⤵
-
\??\c:\jddjp.exec:\jddjp.exe183⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe184⤵
-
\??\c:\7xllrll.exec:\7xllrll.exe185⤵
-
\??\c:\5hnbhh.exec:\5hnbhh.exe186⤵
-
\??\c:\9jvdv.exec:\9jvdv.exe187⤵
-
\??\c:\ppppv.exec:\ppppv.exe188⤵
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe189⤵
-
\??\c:\btnbnb.exec:\btnbnb.exe190⤵
-
\??\c:\1hhtbh.exec:\1hhtbh.exe191⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe192⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe193⤵
-
\??\c:\rllfflx.exec:\rllfflx.exe194⤵
-
\??\c:\5hhtht.exec:\5hhtht.exe195⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe196⤵
-
\??\c:\djjdp.exec:\djjdp.exe197⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe198⤵
-
\??\c:\1llxrxl.exec:\1llxrxl.exe199⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe200⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe201⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe202⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe203⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe204⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe205⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe206⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe207⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe208⤵
-
\??\c:\flxlrxx.exec:\flxlrxx.exe209⤵
-
\??\c:\xrxllrf.exec:\xrxllrf.exe210⤵
-
\??\c:\hhbhnh.exec:\hhbhnh.exe211⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe212⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe213⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe214⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe215⤵
-
\??\c:\djpdp.exec:\djpdp.exe216⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe217⤵
-
\??\c:\7fxfxfr.exec:\7fxfxfr.exe218⤵
-
\??\c:\7nhthn.exec:\7nhthn.exe219⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe220⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe221⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe222⤵
-
\??\c:\ffxxflr.exec:\ffxxflr.exe223⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe224⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe225⤵
-
\??\c:\rrfxflr.exec:\rrfxflr.exe226⤵
-
\??\c:\7flxrfr.exec:\7flxrfr.exe227⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe228⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe229⤵
-
\??\c:\xlxlfrl.exec:\xlxlfrl.exe230⤵
-
\??\c:\ffrlxfl.exec:\ffrlxfl.exe231⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe232⤵
-
\??\c:\bbtnnb.exec:\bbtnnb.exe233⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe234⤵
-
\??\c:\xxrxxfx.exec:\xxrxxfx.exe235⤵
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe236⤵
-
\??\c:\7ttnbb.exec:\7ttnbb.exe237⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe238⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe239⤵
-
\??\c:\ffxlfxr.exec:\ffxlfxr.exe240⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe241⤵