Analysis
-
max time kernel
47s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
18-05-2024 20:28
General
-
Target
472af602d931481ceca262d84d4c3610_NeikiAnalytics.exe
-
Size
66KB
-
MD5
472af602d931481ceca262d84d4c3610
-
SHA1
37bde34c39af7c0f436e59c3c6953408c9688af5
-
SHA256
5cbe46049fb7d70918fa26d200510da339fc2023784b7086a69f012609b204b7
-
SHA512
14c1159e4e8bf2e49da58aff7d67157fb126bbaea0fe4fa373262b5e1680f01546102b678fd4e4ae1154948e2e2ac4c3a833697120ef3b7c6ac93677b7185c2f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZl:ymb3NkkiQ3mdBjF0yUmH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\472af602d931481ceca262d84d4c3610_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\472af602d931481ceca262d84d4c3610_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvd.exec:\1pdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjv.exec:\jvdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjvj.exec:\9vjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlrf.exec:\llfrlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbh.exec:\bthnbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhtt.exec:\thbhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpvd.exec:\9dpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflx.exec:\xrlrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlfr.exec:\lfrxlfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdjv.exec:\3jdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxxff.exec:\lfrxxff.exe18⤵
- Executes dropped EXE
-
\??\c:\7xlxrxl.exec:\7xlxrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe20⤵
- Executes dropped EXE
-
\??\c:\3nbhbb.exec:\3nbhbb.exe21⤵
- Executes dropped EXE
-
\??\c:\bbtbhh.exec:\bbtbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe25⤵
- Executes dropped EXE
-
\??\c:\1ffrxlx.exec:\1ffrxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\7rrxrxf.exec:\7rrxrxf.exe27⤵
- Executes dropped EXE
-
\??\c:\nnnnbh.exec:\nnnnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\hbthnb.exec:\hbthnb.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe31⤵
- Executes dropped EXE
-
\??\c:\lfllxrf.exec:\lfllxrf.exe32⤵
- Executes dropped EXE
-
\??\c:\rlflrrr.exec:\rlflrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\ffrlrxl.exec:\ffrlrxl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbhnb.exec:\tnbhnb.exe35⤵
- Executes dropped EXE
-
\??\c:\5hbhhn.exec:\5hbhhn.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhhtb.exec:\hhhhtb.exe37⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe39⤵
- Executes dropped EXE
-
\??\c:\9ppdd.exec:\9ppdd.exe40⤵
- Executes dropped EXE
-
\??\c:\9fxfffr.exec:\9fxfffr.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfrxrf.exec:\rlfrxrf.exe43⤵
- Executes dropped EXE
-
\??\c:\7hbnbt.exec:\7hbnbt.exe44⤵
- Executes dropped EXE
-
\??\c:\htnthh.exec:\htnthh.exe45⤵
- Executes dropped EXE
-
\??\c:\hhhnbh.exec:\hhhnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\vjdjd.exec:\vjdjd.exe47⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe48⤵
- Executes dropped EXE
-
\??\c:\rflrffl.exec:\rflrffl.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe50⤵
- Executes dropped EXE
-
\??\c:\9xflxfr.exec:\9xflxfr.exe51⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe52⤵
- Executes dropped EXE
-
\??\c:\3htbbn.exec:\3htbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe54⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe55⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe57⤵
- Executes dropped EXE
-
\??\c:\9xrxffl.exec:\9xrxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\llxrlrx.exec:\llxrlrx.exe59⤵
- Executes dropped EXE
-
\??\c:\xrffxfr.exec:\xrffxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\hnthtt.exec:\hnthtt.exe61⤵
- Executes dropped EXE
-
\??\c:\1hhnhn.exec:\1hhnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\5tnhnt.exec:\5tnhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe64⤵
- Executes dropped EXE
-
\??\c:\1dvvj.exec:\1dvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\llllxxl.exec:\llllxxl.exe66⤵
-
\??\c:\7llrffr.exec:\7llrffr.exe67⤵
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe68⤵
-
\??\c:\nnbnth.exec:\nnbnth.exe69⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe70⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe71⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe72⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe73⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe74⤵
-
\??\c:\xrrlxxl.exec:\xrrlxxl.exe75⤵
-
\??\c:\ffrfffr.exec:\ffrfffr.exe76⤵
-
\??\c:\7rrlxrx.exec:\7rrlxrx.exe77⤵
-
\??\c:\ththtt.exec:\ththtt.exe78⤵
-
\??\c:\nbnhbn.exec:\nbnhbn.exe79⤵
-
\??\c:\htbthn.exec:\htbthn.exe80⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe81⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe82⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe83⤵
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe84⤵
-
\??\c:\5frrlll.exec:\5frrlll.exe85⤵
-
\??\c:\fxlrffx.exec:\fxlrffx.exe86⤵
-
\??\c:\tbnnht.exec:\tbnnht.exe87⤵
-
\??\c:\9hthnt.exec:\9hthnt.exe88⤵
-
\??\c:\bbnbnb.exec:\bbnbnb.exe89⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe90⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe91⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe92⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe93⤵
-
\??\c:\5xrxlrf.exec:\5xrxlrf.exe94⤵
-
\??\c:\lflxllr.exec:\lflxllr.exe95⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe96⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe97⤵
-
\??\c:\nnbhtn.exec:\nnbhtn.exe98⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe99⤵
-
\??\c:\btntbh.exec:\btntbh.exe100⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe101⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe102⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe103⤵
-
\??\c:\9xlfllr.exec:\9xlfllr.exe104⤵
-
\??\c:\rlxrflx.exec:\rlxrflx.exe105⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe106⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe107⤵
-
\??\c:\3hbhtb.exec:\3hbhtb.exe108⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe109⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe110⤵
-
\??\c:\9jvjj.exec:\9jvjj.exe111⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe112⤵
-
\??\c:\7frrrxl.exec:\7frrrxl.exe113⤵
-
\??\c:\pppvp.exec:\pppvp.exe114⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe115⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe116⤵
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe117⤵
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe118⤵
-
\??\c:\5rlfllr.exec:\5rlfllr.exe119⤵
-
\??\c:\tbtthb.exec:\tbtthb.exe120⤵
-
\??\c:\7nnnnt.exec:\7nnnnt.exe121⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe122⤵
-
\??\c:\5nnttb.exec:\5nnttb.exe123⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe124⤵
-
\??\c:\vppjj.exec:\vppjj.exe125⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe126⤵
-
\??\c:\lxfflrf.exec:\lxfflrf.exe127⤵
-
\??\c:\lrxxfxf.exec:\lrxxfxf.exe128⤵
-
\??\c:\xxfllfl.exec:\xxfllfl.exe129⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe130⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe131⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe132⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe133⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe134⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe135⤵
-
\??\c:\jdddv.exec:\jdddv.exe136⤵
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe137⤵
-
\??\c:\9xffrrr.exec:\9xffrrr.exe138⤵
-
\??\c:\fxxlrxr.exec:\fxxlrxr.exe139⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe140⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe141⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe142⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe143⤵
-
\??\c:\vpddp.exec:\vpddp.exe144⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe145⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe146⤵
-
\??\c:\ffxlfll.exec:\ffxlfll.exe147⤵
-
\??\c:\xxlxflr.exec:\xxlxflr.exe148⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe149⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe150⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe151⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe152⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe153⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe154⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe155⤵
-
\??\c:\9xxlxfl.exec:\9xxlxfl.exe156⤵
-
\??\c:\llrfrrr.exec:\llrfrrr.exe157⤵
-
\??\c:\rlxxflx.exec:\rlxxflx.exe158⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe159⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe160⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe161⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe162⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe163⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe164⤵
-
\??\c:\xxfllfx.exec:\xxfllfx.exe165⤵
-
\??\c:\rxrrlxl.exec:\rxrrlxl.exe166⤵
-
\??\c:\xxfxlff.exec:\xxfxlff.exe167⤵
-
\??\c:\tntnbn.exec:\tntnbn.exe168⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe169⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe170⤵
-
\??\c:\pddpv.exec:\pddpv.exe171⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe172⤵
-
\??\c:\lxrlfrx.exec:\lxrlfrx.exe173⤵
-
\??\c:\7fxlxfl.exec:\7fxlxfl.exe174⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe175⤵
-
\??\c:\1hbnnt.exec:\1hbnnt.exe176⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe177⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe178⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe179⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe180⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe181⤵
-
\??\c:\3xlxrxl.exec:\3xlxrxl.exe182⤵
-
\??\c:\rfrfffr.exec:\rfrfffr.exe183⤵
-
\??\c:\1thnbn.exec:\1thnbn.exe184⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe185⤵
-
\??\c:\9nhbbb.exec:\9nhbbb.exe186⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe187⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe188⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe189⤵
-
\??\c:\5llxlll.exec:\5llxlll.exe190⤵
-
\??\c:\xxlrflx.exec:\xxlrflx.exe191⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe192⤵
-
\??\c:\5hthhh.exec:\5hthhh.exe193⤵
-
\??\c:\1tnbbt.exec:\1tnbbt.exe194⤵
-
\??\c:\1tnthn.exec:\1tnthn.exe195⤵
-
\??\c:\5pddv.exec:\5pddv.exe196⤵
-
\??\c:\dpppv.exec:\dpppv.exe197⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe198⤵
-
\??\c:\frxrxxx.exec:\frxrxxx.exe199⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe200⤵
-
\??\c:\lxrxlrl.exec:\lxrxlrl.exe201⤵
-
\??\c:\xlxfrxr.exec:\xlxfrxr.exe202⤵
-
\??\c:\bttnbt.exec:\bttnbt.exe203⤵
-
\??\c:\nhbhnh.exec:\nhbhnh.exe204⤵
-
\??\c:\nbhtth.exec:\nbhtth.exe205⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe206⤵
-
\??\c:\djvpj.exec:\djvpj.exe207⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe208⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe209⤵
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe210⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe211⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe212⤵
-
\??\c:\nttbhn.exec:\nttbhn.exe213⤵
-
\??\c:\bthnth.exec:\bthnth.exe214⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe215⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe216⤵
-
\??\c:\5pddj.exec:\5pddj.exe217⤵
-
\??\c:\ppppd.exec:\ppppd.exe218⤵
-
\??\c:\xxlrlrr.exec:\xxlrlrr.exe219⤵
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe220⤵
-
\??\c:\xrffxrf.exec:\xrffxrf.exe221⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe222⤵
-
\??\c:\3hbthh.exec:\3hbthh.exe223⤵
-
\??\c:\7bthbn.exec:\7bthbn.exe224⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe225⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe226⤵
-
\??\c:\jddvv.exec:\jddvv.exe227⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe228⤵
-
\??\c:\1rlxrfl.exec:\1rlxrfl.exe229⤵
-
\??\c:\fxlrlrf.exec:\fxlrlrf.exe230⤵
-
\??\c:\1xrflxf.exec:\1xrflxf.exe231⤵
-
\??\c:\7rffrxl.exec:\7rffrxl.exe232⤵
-
\??\c:\1htnnt.exec:\1htnnt.exe233⤵
-
\??\c:\1nhnbh.exec:\1nhnbh.exe234⤵
-
\??\c:\htnnth.exec:\htnnth.exe235⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe236⤵
-
\??\c:\3ppdj.exec:\3ppdj.exe237⤵
-
\??\c:\vvppd.exec:\vvppd.exe238⤵
-
\??\c:\frlfxxx.exec:\frlfxxx.exe239⤵
-
\??\c:\lllxrxx.exec:\lllxrxx.exe240⤵
-
\??\c:\xxxrxrf.exec:\xxxrxrf.exe241⤵