Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
18-05-2024 19:03
General
-
Target
32dd3716420b5e067b8bb89183e865d0_NeikiAnalytics.exe
-
Size
72KB
-
MD5
32dd3716420b5e067b8bb89183e865d0
-
SHA1
4374ee0dda13302183ddd17829f6a60f3d3560ea
-
SHA256
0c1612e63eae0bc875c848cb622676327f8d24563ecb18baec074a7bb264c993
-
SHA512
2f9e17bfb498df35093bdad3a134b67d1238dd4db633773d4187e1d8c4fd3e8fd5251011a918c0a89b0ae5a5a0ab7dd4c18a97159f7a0ade6d41c5c285bdc7a6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7GToUVlQ:ymb3NkkiQ3mdBjFIW0U3Q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32dd3716420b5e067b8bb89183e865d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\32dd3716420b5e067b8bb89183e865d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbh.exec:\bthtbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhnn.exec:\tbnhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fllrxl.exec:\5fllrxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttt.exec:\hntttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjv.exec:\jvpjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvd.exec:\pddvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnt.exec:\hbhhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnthh.exec:\htnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjdj.exec:\1vjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvp.exec:\pjpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthh.exec:\thtthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvj.exec:\vppvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvd.exec:\ppjvd.exe17⤵
- Executes dropped EXE
-
\??\c:\5xxlxlx.exec:\5xxlxlx.exe18⤵
- Executes dropped EXE
-
\??\c:\hnnthn.exec:\hnnthn.exe19⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe21⤵
- Executes dropped EXE
-
\??\c:\llfrxfl.exec:\llfrxfl.exe22⤵
- Executes dropped EXE
-
\??\c:\lxrrflr.exec:\lxrrflr.exe23⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe25⤵
- Executes dropped EXE
-
\??\c:\9xrrffx.exec:\9xrrffx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnttbh.exec:\bnttbh.exe27⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe28⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxxlll.exec:\fxxxlll.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe31⤵
- Executes dropped EXE
-
\??\c:\nnbbtt.exec:\nnbbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe33⤵
- Executes dropped EXE
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\frlflfr.exec:\frlflfr.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe36⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxxffl.exec:\lrxxffl.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxrllr.exec:\lfxrllr.exe40⤵
- Executes dropped EXE
-
\??\c:\tthnbb.exec:\tthnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\9dvjj.exec:\9dvjj.exe43⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe44⤵
- Executes dropped EXE
-
\??\c:\llxlxlx.exec:\llxlxlx.exe45⤵
- Executes dropped EXE
-
\??\c:\xlxrxfl.exec:\xlxrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\7btbnn.exec:\7btbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe49⤵
- Executes dropped EXE
-
\??\c:\5jjdp.exec:\5jjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\xlfxfrf.exec:\xlfxfrf.exe51⤵
- Executes dropped EXE
-
\??\c:\1lrxlrf.exec:\1lrxlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\nntnnb.exec:\nntnnb.exe54⤵
- Executes dropped EXE
-
\??\c:\3pjpd.exec:\3pjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxrllx.exec:\ffxrllx.exe57⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe58⤵
- Executes dropped EXE
-
\??\c:\hhbbnb.exec:\hhbbnb.exe59⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\xfxxlfl.exec:\xfxxlfl.exe62⤵
- Executes dropped EXE
-
\??\c:\lflxlxl.exec:\lflxlxl.exe63⤵
- Executes dropped EXE
-
\??\c:\1tnbnt.exec:\1tnbnt.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnbhb.exec:\hbnbhb.exe65⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe66⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe67⤵
-
\??\c:\rrrlxll.exec:\rrrlxll.exe68⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe69⤵
-
\??\c:\hthbht.exec:\hthbht.exe70⤵
-
\??\c:\dddpd.exec:\dddpd.exe71⤵
-
\??\c:\5vjpp.exec:\5vjpp.exe72⤵
-
\??\c:\lfxlxlf.exec:\lfxlxlf.exe73⤵
-
\??\c:\ntnhnn.exec:\ntnhnn.exe74⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe75⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe76⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe77⤵
-
\??\c:\llfrflf.exec:\llfrflf.exe78⤵
-
\??\c:\nntthh.exec:\nntthh.exe79⤵
-
\??\c:\bnhbnt.exec:\bnhbnt.exe80⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe81⤵
-
\??\c:\3pdpv.exec:\3pdpv.exe82⤵
-
\??\c:\llfrxxr.exec:\llfrxxr.exe83⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe84⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe85⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe86⤵
-
\??\c:\3vvdd.exec:\3vvdd.exe87⤵
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe88⤵
-
\??\c:\rlflffl.exec:\rlflffl.exe89⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe90⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe91⤵
-
\??\c:\pdddd.exec:\pdddd.exe92⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe93⤵
-
\??\c:\fxrxflf.exec:\fxrxflf.exe94⤵
-
\??\c:\1fxlrxl.exec:\1fxlrxl.exe95⤵
-
\??\c:\htthht.exec:\htthht.exe96⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe97⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe98⤵
-
\??\c:\fffflfr.exec:\fffflfr.exe99⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe100⤵
-
\??\c:\3nhnbh.exec:\3nhnbh.exe101⤵
-
\??\c:\bthtbn.exec:\bthtbn.exe102⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe103⤵
-
\??\c:\xxxrxll.exec:\xxxrxll.exe104⤵
-
\??\c:\rlflflf.exec:\rlflflf.exe105⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe106⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe107⤵
-
\??\c:\7vppp.exec:\7vppp.exe108⤵
-
\??\c:\jvppv.exec:\jvppv.exe109⤵
-
\??\c:\fxxfrff.exec:\fxxfrff.exe110⤵
-
\??\c:\nnnbhb.exec:\nnnbhb.exe111⤵
-
\??\c:\thbnbb.exec:\thbnbb.exe112⤵
-
\??\c:\jjddv.exec:\jjddv.exe113⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe114⤵
-
\??\c:\llfrlfl.exec:\llfrlfl.exe115⤵
-
\??\c:\rrlffxf.exec:\rrlffxf.exe116⤵
-
\??\c:\3tnbtn.exec:\3tnbtn.exe117⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe118⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe119⤵
-
\??\c:\1ffrffl.exec:\1ffrffl.exe120⤵
-
\??\c:\7fxfllf.exec:\7fxfllf.exe121⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe122⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe123⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe124⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe125⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe126⤵
-
\??\c:\nhbbnb.exec:\nhbbnb.exe127⤵
-
\??\c:\hnnnnb.exec:\hnnnnb.exe128⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe129⤵
-
\??\c:\7xflffl.exec:\7xflffl.exe130⤵
-
\??\c:\xxlxrxf.exec:\xxlxrxf.exe131⤵
-
\??\c:\bbhbtb.exec:\bbhbtb.exe132⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe133⤵
-
\??\c:\vppdp.exec:\vppdp.exe134⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe135⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe136⤵
-
\??\c:\rfffrxx.exec:\rfffrxx.exe137⤵
-
\??\c:\hhntnh.exec:\hhntnh.exe138⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe139⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe140⤵
-
\??\c:\dvppd.exec:\dvppd.exe141⤵
-
\??\c:\1frxlfl.exec:\1frxlfl.exe142⤵
-
\??\c:\rrllflx.exec:\rrllflx.exe143⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe144⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe145⤵
-
\??\c:\vpddp.exec:\vpddp.exe146⤵
-
\??\c:\9lflllx.exec:\9lflllx.exe147⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe148⤵
-
\??\c:\9hbbhh.exec:\9hbbhh.exe149⤵
-
\??\c:\3hnbtb.exec:\3hnbtb.exe150⤵
-
\??\c:\pvppv.exec:\pvppv.exe151⤵
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe152⤵
-
\??\c:\xxfrlrl.exec:\xxfrlrl.exe153⤵
-
\??\c:\nthbth.exec:\nthbth.exe154⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe155⤵
-
\??\c:\dddvv.exec:\dddvv.exe156⤵
-
\??\c:\lrrllfx.exec:\lrrllfx.exe157⤵
-
\??\c:\xxxxrfl.exec:\xxxxrfl.exe158⤵
-
\??\c:\tthntt.exec:\tthntt.exe159⤵
-
\??\c:\1vppd.exec:\1vppd.exe160⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe161⤵
-
\??\c:\fffxflx.exec:\fffxflx.exe162⤵
-
\??\c:\tthntb.exec:\tthntb.exe163⤵
-
\??\c:\7jjjp.exec:\7jjjp.exe164⤵
-
\??\c:\dddpv.exec:\dddpv.exe165⤵
-
\??\c:\rlrxfll.exec:\rlrxfll.exe166⤵
-
\??\c:\btbnbn.exec:\btbnbn.exe167⤵
-
\??\c:\bntnth.exec:\bntnth.exe168⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe169⤵
-
\??\c:\vvddd.exec:\vvddd.exe170⤵
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe171⤵
-
\??\c:\3nbhbt.exec:\3nbhbt.exe172⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe173⤵
-
\??\c:\hbhbtb.exec:\hbhbtb.exe174⤵
-
\??\c:\djvdp.exec:\djvdp.exe175⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe176⤵
-
\??\c:\ffrlxff.exec:\ffrlxff.exe177⤵
-
\??\c:\ffrfrrr.exec:\ffrfrrr.exe178⤵
-
\??\c:\nbthhh.exec:\nbthhh.exe179⤵
-
\??\c:\xlfrfll.exec:\xlfrfll.exe180⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe181⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe182⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe183⤵
-
\??\c:\xxxfllx.exec:\xxxfllx.exe184⤵
-
\??\c:\thtbbn.exec:\thtbbn.exe185⤵
-
\??\c:\vppvj.exec:\vppvj.exe186⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe187⤵
-
\??\c:\llxfrxr.exec:\llxfrxr.exe188⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe189⤵
-
\??\c:\hbbhbn.exec:\hbbhbn.exe190⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe191⤵
-
\??\c:\7lxxlxr.exec:\7lxxlxr.exe192⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe193⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe194⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe195⤵
-
\??\c:\vvppv.exec:\vvppv.exe196⤵
-
\??\c:\7xxlllr.exec:\7xxlllr.exe197⤵
-
\??\c:\bbhhnb.exec:\bbhhnb.exe198⤵
-
\??\c:\pjppp.exec:\pjppp.exe199⤵
-
\??\c:\ddddp.exec:\ddddp.exe200⤵
-
\??\c:\lflrxfl.exec:\lflrxfl.exe201⤵
-
\??\c:\xrfflfr.exec:\xrfflfr.exe202⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe203⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe204⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe205⤵
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe206⤵
-
\??\c:\7xrrxxx.exec:\7xrrxxx.exe207⤵
-
\??\c:\htnnhn.exec:\htnnhn.exe208⤵
-
\??\c:\htnthh.exec:\htnthh.exe209⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe210⤵
-
\??\c:\jdppd.exec:\jdppd.exe211⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe212⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe213⤵
-
\??\c:\thtntn.exec:\thtntn.exe214⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe215⤵
-
\??\c:\llxxrll.exec:\llxxrll.exe216⤵
-
\??\c:\xrxllrx.exec:\xrxllrx.exe217⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe218⤵
-
\??\c:\7vjvj.exec:\7vjvj.exe219⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe220⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe221⤵
-
\??\c:\3bbtnb.exec:\3bbtnb.exe222⤵
-
\??\c:\3vddj.exec:\3vddj.exe223⤵
-
\??\c:\vppvj.exec:\vppvj.exe224⤵
-
\??\c:\llfllrx.exec:\llfllrx.exe225⤵
-
\??\c:\rfxxrxf.exec:\rfxxrxf.exe226⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe227⤵
-
\??\c:\pppvd.exec:\pppvd.exe228⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe229⤵
-
\??\c:\xrrxrxf.exec:\xrrxrxf.exe230⤵
-
\??\c:\lflfxfr.exec:\lflfxfr.exe231⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe232⤵
-
\??\c:\7ppdv.exec:\7ppdv.exe233⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe234⤵
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe235⤵
-
\??\c:\llrxlrf.exec:\llrxlrf.exe236⤵
-
\??\c:\httnbh.exec:\httnbh.exe237⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe238⤵
-
\??\c:\dvppj.exec:\dvppj.exe239⤵
-
\??\c:\fllxxxl.exec:\fllxxxl.exe240⤵
-
\??\c:\llrxxfr.exec:\llrxxfr.exe241⤵