Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
18-05-2024 19:42
General
-
Target
3b77d5e7c7a53fa6483990d1ff5b5fe0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
3b77d5e7c7a53fa6483990d1ff5b5fe0
-
SHA1
d907ff036204cceda2cf715fbeac9dd292cf6d83
-
SHA256
f8a695be1b4265999812e5998eb3be0216df18428af46f4473c4972f439c2ed3
-
SHA512
ea23f6849655529184e90fafdf5ee32eb985e8a61368fe384d6b59c922f5971ff21f99572bb4c0d985dd4563a43d4df382f24cbb463edd4c49859daffb14c7ea
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfMu+:ymb3NkkiQ3mdBjFI4V4u+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3b77d5e7c7a53fa6483990d1ff5b5fe0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3b77d5e7c7a53fa6483990d1ff5b5fe0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffrffr.exec:\1ffrffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhtht.exec:\7hhtht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbn.exec:\nhbnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxffl.exec:\xrxxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnh.exec:\bthhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpv.exec:\vjdpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbht.exec:\nhbbht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxffxf.exec:\9fxffxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxfrx.exec:\xxlxfrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpd.exec:\7djpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe17⤵
- Executes dropped EXE
-
\??\c:\5bhthb.exec:\5bhthb.exe18⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe19⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe20⤵
- Executes dropped EXE
-
\??\c:\fxfrfxr.exec:\fxfrfxr.exe21⤵
- Executes dropped EXE
-
\??\c:\xxrrfxl.exec:\xxrrfxl.exe22⤵
- Executes dropped EXE
-
\??\c:\3bbnnt.exec:\3bbnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\hnthtb.exec:\hnthtb.exe24⤵
- Executes dropped EXE
-
\??\c:\3jjdv.exec:\3jjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\9xfrrlf.exec:\9xfrrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrrrfr.exec:\xlrrrfr.exe27⤵
- Executes dropped EXE
-
\??\c:\nntnnt.exec:\nntnnt.exe28⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe29⤵
- Executes dropped EXE
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\flxffrx.exec:\flxffrx.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbhth.exec:\hhbhth.exe36⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe38⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\5fxlffx.exec:\5fxlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe41⤵
- Executes dropped EXE
-
\??\c:\hhbhnb.exec:\hhbhnb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe43⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxxllx.exec:\rlxxllx.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrlrxl.exec:\xxrlrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\bnbtnt.exec:\bnbtnt.exe47⤵
- Executes dropped EXE
-
\??\c:\hhhtbb.exec:\hhhtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\5pjpd.exec:\5pjpd.exe49⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\xrxlfrx.exec:\xrxlfrx.exe51⤵
- Executes dropped EXE
-
\??\c:\fffflrf.exec:\fffflrf.exe52⤵
- Executes dropped EXE
-
\??\c:\1tntnt.exec:\1tntnt.exe53⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe54⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxllxf.exec:\lfxllxf.exe56⤵
- Executes dropped EXE
-
\??\c:\llfxflx.exec:\llfxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\9hbntb.exec:\9hbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\7thnnt.exec:\7thnnt.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe60⤵
- Executes dropped EXE
-
\??\c:\7pjpp.exec:\7pjpp.exe61⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\rrfrxfx.exec:\rrfrxfx.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\5bbhbn.exec:\5bbhbn.exe66⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe67⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe68⤵
-
\??\c:\xfrflxr.exec:\xfrflxr.exe69⤵
-
\??\c:\rlflrfr.exec:\rlflrfr.exe70⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe71⤵
-
\??\c:\djjvv.exec:\djjvv.exe72⤵
-
\??\c:\9jjvv.exec:\9jjvv.exe73⤵
-
\??\c:\lxllflr.exec:\lxllflr.exe74⤵
-
\??\c:\ffxxfrx.exec:\ffxxfrx.exe75⤵
-
\??\c:\nnbhbn.exec:\nnbhbn.exe76⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe77⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe78⤵
-
\??\c:\jvppj.exec:\jvppj.exe79⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe80⤵
-
\??\c:\9rlxrxl.exec:\9rlxrxl.exe81⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe82⤵
-
\??\c:\1bthhh.exec:\1bthhh.exe83⤵
-
\??\c:\5dppv.exec:\5dppv.exe84⤵
-
\??\c:\5lflfxr.exec:\5lflfxr.exe85⤵
-
\??\c:\3fxxxxf.exec:\3fxxxxf.exe86⤵
-
\??\c:\nnthbh.exec:\nnthbh.exe87⤵
-
\??\c:\thbbbh.exec:\thbbbh.exe88⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe89⤵
-
\??\c:\vddvp.exec:\vddvp.exe90⤵
-
\??\c:\9lxrxlx.exec:\9lxrxlx.exe91⤵
-
\??\c:\1xrrrrr.exec:\1xrrrrr.exe92⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe93⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe94⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe95⤵
-
\??\c:\jddjp.exec:\jddjp.exe96⤵
-
\??\c:\xrrlxlr.exec:\xrrlxlr.exe97⤵
-
\??\c:\rxrrlfr.exec:\rxrrlfr.exe98⤵
-
\??\c:\9hbhtb.exec:\9hbhtb.exe99⤵
-
\??\c:\bbthnb.exec:\bbthnb.exe100⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe101⤵
-
\??\c:\5lrxlxl.exec:\5lrxlxl.exe102⤵
-
\??\c:\lrlxxll.exec:\lrlxxll.exe103⤵
-
\??\c:\rfxxfff.exec:\rfxxfff.exe104⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe105⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe106⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe107⤵
-
\??\c:\ffxxxxl.exec:\ffxxxxl.exe108⤵
-
\??\c:\3rxfrff.exec:\3rxfrff.exe109⤵
-
\??\c:\hbntht.exec:\hbntht.exe110⤵
-
\??\c:\hhhtth.exec:\hhhtth.exe111⤵
-
\??\c:\vpddp.exec:\vpddp.exe112⤵
-
\??\c:\pjddv.exec:\pjddv.exe113⤵
-
\??\c:\7llllrr.exec:\7llllrr.exe114⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe115⤵
-
\??\c:\bbtnht.exec:\bbtnht.exe116⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe117⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe118⤵
-
\??\c:\jpddp.exec:\jpddp.exe119⤵
-
\??\c:\3lfrflr.exec:\3lfrflr.exe120⤵
-
\??\c:\xxlxllr.exec:\xxlxllr.exe121⤵
-
\??\c:\3bntnn.exec:\3bntnn.exe122⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe123⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe124⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe125⤵
-
\??\c:\3lffllx.exec:\3lffllx.exe126⤵
-
\??\c:\3xxlxfl.exec:\3xxlxfl.exe127⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe128⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe129⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe130⤵
-
\??\c:\3dddj.exec:\3dddj.exe131⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe132⤵
-
\??\c:\9xlxrfx.exec:\9xlxrfx.exe133⤵
-
\??\c:\btntbh.exec:\btntbh.exe134⤵
-
\??\c:\7nhntt.exec:\7nhntt.exe135⤵
-
\??\c:\dvppv.exec:\dvppv.exe136⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe137⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe138⤵
-
\??\c:\xrfrrxl.exec:\xrfrrxl.exe139⤵
-
\??\c:\3lfrfxx.exec:\3lfrfxx.exe140⤵
-
\??\c:\btthnt.exec:\btthnt.exe141⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe142⤵
-
\??\c:\vpddj.exec:\vpddj.exe143⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe144⤵
-
\??\c:\9xlxflr.exec:\9xlxflr.exe145⤵
-
\??\c:\3rlxfxf.exec:\3rlxfxf.exe146⤵
-
\??\c:\9bnbtb.exec:\9bnbtb.exe147⤵
-
\??\c:\tthntb.exec:\tthntb.exe148⤵
-
\??\c:\jppvj.exec:\jppvj.exe149⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe150⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe151⤵
-
\??\c:\lxlrfff.exec:\lxlrfff.exe152⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe153⤵
-
\??\c:\1tthbn.exec:\1tthbn.exe154⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe155⤵
-
\??\c:\ddppv.exec:\ddppv.exe156⤵
-
\??\c:\rrlfflx.exec:\rrlfflx.exe157⤵
-
\??\c:\bhhhnn.exec:\bhhhnn.exe158⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe159⤵
-
\??\c:\pjddd.exec:\pjddd.exe160⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe161⤵
-
\??\c:\5rflfxf.exec:\5rflfxf.exe162⤵
-
\??\c:\xxlxllf.exec:\xxlxllf.exe163⤵
-
\??\c:\nbnthb.exec:\nbnthb.exe164⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe165⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe166⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe167⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe168⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe169⤵
-
\??\c:\lxffrrr.exec:\lxffrrr.exe170⤵
-
\??\c:\3nhnhh.exec:\3nhnhh.exe171⤵
-
\??\c:\1nbnth.exec:\1nbnth.exe172⤵
-
\??\c:\vpddp.exec:\vpddp.exe173⤵
-
\??\c:\3jddj.exec:\3jddj.exe174⤵
-
\??\c:\rllrfxf.exec:\rllrfxf.exe175⤵
-
\??\c:\5lllxfl.exec:\5lllxfl.exe176⤵
-
\??\c:\xxfxrll.exec:\xxfxrll.exe177⤵
-
\??\c:\1tnthn.exec:\1tnthn.exe178⤵
-
\??\c:\3htnbb.exec:\3htnbb.exe179⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe180⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe181⤵
-
\??\c:\jdppp.exec:\jdppp.exe182⤵
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe183⤵
-
\??\c:\3xrxlrl.exec:\3xrxlrl.exe184⤵
-
\??\c:\3nnnbb.exec:\3nnnbb.exe185⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe186⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe187⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe188⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe189⤵
-
\??\c:\lflrxxf.exec:\lflrxxf.exe190⤵
-
\??\c:\lrrxxlf.exec:\lrrxxlf.exe191⤵
-
\??\c:\5nhnnn.exec:\5nhnnn.exe192⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe193⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe194⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe195⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe196⤵
-
\??\c:\xllxrrr.exec:\xllxrrr.exe197⤵
-
\??\c:\frllfff.exec:\frllfff.exe198⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe199⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe200⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe201⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe202⤵
-
\??\c:\rrlrllx.exec:\rrlrllx.exe203⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe204⤵
-
\??\c:\7bnnbh.exec:\7bnnbh.exe205⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe206⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe207⤵
-
\??\c:\1xxrxff.exec:\1xxrxff.exe208⤵
-
\??\c:\htbttt.exec:\htbttt.exe209⤵
-
\??\c:\1jpvv.exec:\1jpvv.exe210⤵
-
\??\c:\vddvd.exec:\vddvd.exe211⤵
-
\??\c:\xrfrlrf.exec:\xrfrlrf.exe212⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe213⤵
-
\??\c:\9nnhnb.exec:\9nnhnb.exe214⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe215⤵
-
\??\c:\9vddp.exec:\9vddp.exe216⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe217⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe218⤵
-
\??\c:\xrffrff.exec:\xrffrff.exe219⤵
-
\??\c:\3ffxfxl.exec:\3ffxfxl.exe220⤵
-
\??\c:\7tbbhh.exec:\7tbbhh.exe221⤵
-
\??\c:\vpddj.exec:\vpddj.exe222⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe223⤵
-
\??\c:\1fflxxl.exec:\1fflxxl.exe224⤵
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe225⤵
-
\??\c:\tbhntb.exec:\tbhntb.exe226⤵
-
\??\c:\9nhnbh.exec:\9nhnbh.exe227⤵
-
\??\c:\djdpj.exec:\djdpj.exe228⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe229⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe230⤵
-
\??\c:\7rllxrf.exec:\7rllxrf.exe231⤵
-
\??\c:\9rrxlll.exec:\9rrxlll.exe232⤵
-
\??\c:\7tbntt.exec:\7tbntt.exe233⤵
-
\??\c:\7tbntt.exec:\7tbntt.exe234⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe235⤵
-
\??\c:\3pdvj.exec:\3pdvj.exe236⤵
-
\??\c:\ffrlfrl.exec:\ffrlfrl.exe237⤵
-
\??\c:\bththn.exec:\bththn.exe238⤵
-
\??\c:\9tbtnh.exec:\9tbtnh.exe239⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe240⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe241⤵