Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 19:36
General
-
Target
3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe
-
Size
118KB
-
MD5
3a18372857c57e4b21fd07438f106a80
-
SHA1
6f4f1dcf85f19a440ab59255c7b458e0091236c9
-
SHA256
8df7874c5d2b927771b9d0761b160fa20b8f5c200b2a63e426be494cf622f57c
-
SHA512
253b73d8030492cbdbe4f0989d300dbd8937dc7aad06b0c8b0331f980fc0002acb0600b2fa10a0c52aa4a5ff271b3aa08171f545a40430366152df99e438ca86
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8sI:ymb3NkkiQ3mdBjFomR7UsyJC+n0GsgcX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrxl.exec:\rrffrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjpv.exec:\7pjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhnt.exec:\7hbhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppd.exec:\vvppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxlxr.exec:\llrxlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhth.exec:\btbhth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjv.exec:\pppjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfrflf.exec:\5lfrflf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbb.exec:\bhbnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppvd.exec:\7ppvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxlx.exec:\llfrxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbn.exec:\tnhnbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvjp.exec:\1jvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrxxl.exec:\1frrxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe18⤵
- Executes dropped EXE
-
\??\c:\ttbntb.exec:\ttbntb.exe19⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe20⤵
- Executes dropped EXE
-
\??\c:\9xrrllx.exec:\9xrrllx.exe21⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe22⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe23⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe24⤵
- Executes dropped EXE
-
\??\c:\frlrffl.exec:\frlrffl.exe25⤵
- Executes dropped EXE
-
\??\c:\5nntht.exec:\5nntht.exe26⤵
- Executes dropped EXE
-
\??\c:\3vpdj.exec:\3vpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxxflx.exec:\rlxxflx.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrflfr.exec:\xxrflfr.exe29⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\1dvvv.exec:\1dvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\llxrxxl.exec:\llxrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\nnbhbh.exec:\nnbhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe34⤵
- Executes dropped EXE
-
\??\c:\pvjvv.exec:\pvjvv.exe35⤵
- Executes dropped EXE
-
\??\c:\ffxxllr.exec:\ffxxllr.exe36⤵
- Executes dropped EXE
-
\??\c:\9hhbhh.exec:\9hhbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe41⤵
- Executes dropped EXE
-
\??\c:\5lxlrrf.exec:\5lxlrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe43⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe44⤵
- Executes dropped EXE
-
\??\c:\1vddd.exec:\1vddd.exe45⤵
- Executes dropped EXE
-
\??\c:\5frrxxl.exec:\5frrxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\9rrfflx.exec:\9rrfflx.exe47⤵
- Executes dropped EXE
-
\??\c:\thbhhh.exec:\thbhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\7rfrflx.exec:\7rfrflx.exe51⤵
- Executes dropped EXE
-
\??\c:\lffrxxl.exec:\lffrxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\9hbhth.exec:\9hbhth.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\5fxrxxl.exec:\5fxrxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrxxfr.exec:\xxrxxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\btnnbh.exec:\btnnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\3nnnbn.exec:\3nnnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrfxf.exec:\rlrrfxf.exe61⤵
- Executes dropped EXE
-
\??\c:\5rrxxxl.exec:\5rrxxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\9hntbn.exec:\9hntbn.exe63⤵
- Executes dropped EXE
-
\??\c:\5nbhhh.exec:\5nbhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe65⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe66⤵
-
\??\c:\5rfflrl.exec:\5rfflrl.exe67⤵
-
\??\c:\1llrxfl.exec:\1llrxfl.exe68⤵
-
\??\c:\1thhnt.exec:\1thhnt.exe69⤵
-
\??\c:\5htttn.exec:\5htttn.exe70⤵
-
\??\c:\pvppd.exec:\pvppd.exe71⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe72⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe73⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe74⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe75⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe76⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe77⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe78⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe79⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe80⤵
-
\??\c:\htthhb.exec:\htthhb.exe81⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe82⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe83⤵
-
\??\c:\3lfrxxl.exec:\3lfrxxl.exe84⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe85⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe86⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe87⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe88⤵
-
\??\c:\ffrflfr.exec:\ffrflfr.exe89⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe90⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe91⤵
-
\??\c:\1jddj.exec:\1jddj.exe92⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe93⤵
-
\??\c:\lllrrlr.exec:\lllrrlr.exe94⤵
-
\??\c:\ffllxfl.exec:\ffllxfl.exe95⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe96⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe97⤵
-
\??\c:\dppvj.exec:\dppvj.exe98⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe99⤵
-
\??\c:\ffxffrf.exec:\ffxffrf.exe100⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe101⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe102⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe103⤵
-
\??\c:\3jjpv.exec:\3jjpv.exe104⤵
-
\??\c:\rrrflfr.exec:\rrrflfr.exe105⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe106⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe107⤵
-
\??\c:\7ddjp.exec:\7ddjp.exe108⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe109⤵
-
\??\c:\1fxfrxf.exec:\1fxfrxf.exe110⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe111⤵
-
\??\c:\9hbbnt.exec:\9hbbnt.exe112⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe113⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe114⤵
-
\??\c:\rfxfffx.exec:\rfxfffx.exe115⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe116⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe117⤵
-
\??\c:\7jppd.exec:\7jppd.exe118⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe119⤵
-
\??\c:\xrllxlx.exec:\xrllxlx.exe120⤵
-
\??\c:\rrflrlx.exec:\rrflrlx.exe121⤵
-
\??\c:\9ntnhh.exec:\9ntnhh.exe122⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe123⤵
-
\??\c:\5jpjv.exec:\5jpjv.exe124⤵
-
\??\c:\rfxfrxf.exec:\rfxfrxf.exe125⤵
-
\??\c:\frffrxl.exec:\frffrxl.exe126⤵
-
\??\c:\7nhhnn.exec:\7nhhnn.exe127⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe128⤵
-
\??\c:\llrrxfl.exec:\llrrxfl.exe129⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe130⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe131⤵
-
\??\c:\3vvdv.exec:\3vvdv.exe132⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe133⤵
-
\??\c:\7xxxffr.exec:\7xxxffr.exe134⤵
-
\??\c:\5hbbnb.exec:\5hbbnb.exe135⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe136⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe137⤵
-
\??\c:\djdvj.exec:\djdvj.exe138⤵
-
\??\c:\xxrxffl.exec:\xxrxffl.exe139⤵
-
\??\c:\7xrfrrf.exec:\7xrfrrf.exe140⤵
-
\??\c:\bhtbhh.exec:\bhtbhh.exe141⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe142⤵
-
\??\c:\lxrfrxx.exec:\lxrfrxx.exe143⤵
-
\??\c:\lxlrfrf.exec:\lxlrfrf.exe144⤵
-
\??\c:\bbnbtn.exec:\bbnbtn.exe145⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe146⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe147⤵
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe148⤵
-
\??\c:\ffxflll.exec:\ffxflll.exe149⤵
-
\??\c:\btntnn.exec:\btntnn.exe150⤵
-
\??\c:\nnhbhh.exec:\nnhbhh.exe151⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe152⤵
-
\??\c:\fflxffr.exec:\fflxffr.exe153⤵
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe154⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe155⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe156⤵
-
\??\c:\jdppd.exec:\jdppd.exe157⤵
-
\??\c:\fxrllfr.exec:\fxrllfr.exe158⤵
-
\??\c:\llfrlrf.exec:\llfrlrf.exe159⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe160⤵
-
\??\c:\3jpvd.exec:\3jpvd.exe161⤵
-
\??\c:\xxrfrlx.exec:\xxrfrlx.exe162⤵
-
\??\c:\3ffxlrl.exec:\3ffxlrl.exe163⤵
-
\??\c:\nhhhnb.exec:\nhhhnb.exe164⤵
-
\??\c:\1jjvp.exec:\1jjvp.exe165⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe166⤵
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe167⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe168⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe169⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe170⤵
-
\??\c:\ffrxffr.exec:\ffrxffr.exe171⤵
-
\??\c:\7nbnbb.exec:\7nbnbb.exe172⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe173⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe174⤵
-
\??\c:\llxfllf.exec:\llxfllf.exe175⤵
-
\??\c:\xxlrxll.exec:\xxlrxll.exe176⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe177⤵
-
\??\c:\vjddp.exec:\vjddp.exe178⤵
-
\??\c:\ppppd.exec:\ppppd.exe179⤵
-
\??\c:\rxxxfrf.exec:\rxxxfrf.exe180⤵
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe181⤵
-
\??\c:\hhtnth.exec:\hhtnth.exe182⤵
-
\??\c:\1pdjv.exec:\1pdjv.exe183⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe184⤵
-
\??\c:\flxxflr.exec:\flxxflr.exe185⤵
-
\??\c:\9hbhth.exec:\9hbhth.exe186⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe187⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe188⤵
-
\??\c:\ppddd.exec:\ppddd.exe189⤵
-
\??\c:\llxlxxf.exec:\llxlxxf.exe190⤵
-
\??\c:\9hbhbb.exec:\9hbhbb.exe191⤵
-
\??\c:\7thtbh.exec:\7thtbh.exe192⤵
-
\??\c:\vppvp.exec:\vppvp.exe193⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe194⤵
-
\??\c:\lllrflx.exec:\lllrflx.exe195⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe196⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe197⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe198⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe199⤵
-
\??\c:\3flllrx.exec:\3flllrx.exe200⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe201⤵
-
\??\c:\bbttht.exec:\bbttht.exe202⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe203⤵
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe204⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe205⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe206⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe207⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe208⤵
-
\??\c:\3xrlfxl.exec:\3xrlfxl.exe209⤵
-
\??\c:\hhhhnt.exec:\hhhhnt.exe210⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe211⤵
-
\??\c:\3vppv.exec:\3vppv.exe212⤵
-
\??\c:\xlxflxl.exec:\xlxflxl.exe213⤵
-
\??\c:\ffxrlxl.exec:\ffxrlxl.exe214⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe215⤵
-
\??\c:\djpdp.exec:\djpdp.exe216⤵
-
\??\c:\9dvvd.exec:\9dvvd.exe217⤵
-
\??\c:\3xrflrl.exec:\3xrflrl.exe218⤵
-
\??\c:\1xlrrfr.exec:\1xlrrfr.exe219⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe220⤵
-
\??\c:\dvppv.exec:\dvppv.exe221⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe222⤵
-
\??\c:\9xlxrxr.exec:\9xlxrxr.exe223⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe224⤵
-
\??\c:\ttthnn.exec:\ttthnn.exe225⤵
-
\??\c:\thttnn.exec:\thttnn.exe226⤵
-
\??\c:\jpddd.exec:\jpddd.exe227⤵
-
\??\c:\xxlxrxr.exec:\xxlxrxr.exe228⤵
-
\??\c:\3llfrfr.exec:\3llfrfr.exe229⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe230⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe231⤵
-
\??\c:\dvppv.exec:\dvppv.exe232⤵
-
\??\c:\1rrrxfr.exec:\1rrrxfr.exe233⤵
-
\??\c:\fffxlxx.exec:\fffxlxx.exe234⤵
-
\??\c:\5nntht.exec:\5nntht.exe235⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe236⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe237⤵
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe238⤵
-
\??\c:\xxxrfrf.exec:\xxxrfrf.exe239⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe240⤵
-
\??\c:\3hbtnb.exec:\3hbtnb.exe241⤵