Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 20:35
General
-
Target
495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
495c5b8b6d1b573bc8cdf74f17ae82a0
-
SHA1
8322373ae9dc803737ada8dcbbe1d3568b9f683a
-
SHA256
c15805e19e0066fc492373afb73d5fe3cd3907117924eaf249641b213d6a87ec
-
SHA512
746b788c1a4158bb55654ad993123c783e5335fb8d01cc3231753f5fc8ddc01f77115ae84c77bc87aa3e477eec73e9dcdb15d0358436856e598c8f83c2ccff7f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSLCBCO+HlMO7s0yLH:ymb3NkkiQ3mdBjFIwLMoHW8yLH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrflx.exec:\xrlrflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrffr.exec:\xrrrffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnhn.exec:\hnhnhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdj.exec:\9dvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhnbn.exec:\7nhnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhhn.exec:\tnbhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlxff.exec:\1fxlxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thnbh.exec:\1thnbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpdp.exec:\3vpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflxxf.exec:\7lflxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthn.exec:\hhbthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdj.exec:\vjpdj.exe17⤵
- Executes dropped EXE
-
\??\c:\3xxfxfl.exec:\3xxfxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\rxflffx.exec:\rxflffx.exe19⤵
- Executes dropped EXE
-
\??\c:\bbntnn.exec:\bbntnn.exe20⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe21⤵
- Executes dropped EXE
-
\??\c:\3rflrrr.exec:\3rflrrr.exe22⤵
- Executes dropped EXE
-
\??\c:\frrlrrr.exec:\frrlrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe24⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe25⤵
- Executes dropped EXE
-
\??\c:\9vdpv.exec:\9vdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\3htbtn.exec:\3htbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe30⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe31⤵
- Executes dropped EXE
-
\??\c:\1vppd.exec:\1vppd.exe32⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrfrfx.exec:\fxrfrfx.exe34⤵
- Executes dropped EXE
-
\??\c:\xllfrrx.exec:\xllfrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\1tnntb.exec:\1tnntb.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhhhb.exec:\nhhhhb.exe37⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\frfrlxf.exec:\frfrlxf.exe40⤵
- Executes dropped EXE
-
\??\c:\hnhhnn.exec:\hnhhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\hbthht.exec:\hbthht.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxllfl.exec:\rrxllfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe47⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe48⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe49⤵
- Executes dropped EXE
-
\??\c:\fxffxfl.exec:\fxffxfl.exe50⤵
- Executes dropped EXE
-
\??\c:\llllflf.exec:\llllflf.exe51⤵
- Executes dropped EXE
-
\??\c:\ttnbnb.exec:\ttnbnb.exe52⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe53⤵
- Executes dropped EXE
-
\??\c:\3dvpv.exec:\3dvpv.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrrflx.exec:\xxrrflx.exe55⤵
- Executes dropped EXE
-
\??\c:\flxxlrf.exec:\flxxlrf.exe56⤵
- Executes dropped EXE
-
\??\c:\tnthbh.exec:\tnthbh.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnbnb.exec:\nhnbnb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\9fxlxxl.exec:\9fxlxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\fllflrx.exec:\fllflrx.exe61⤵
- Executes dropped EXE
-
\??\c:\5nhhtt.exec:\5nhhtt.exe62⤵
- Executes dropped EXE
-
\??\c:\hhthth.exec:\hhthth.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe64⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe65⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe66⤵
-
\??\c:\7rlrxfx.exec:\7rlrxfx.exe67⤵
-
\??\c:\lrflxfl.exec:\lrflxfl.exe68⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe69⤵
-
\??\c:\htnntb.exec:\htnntb.exe70⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe71⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe72⤵
-
\??\c:\xrrfrxf.exec:\xrrfrxf.exe73⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe74⤵
-
\??\c:\nthnbb.exec:\nthnbb.exe75⤵
-
\??\c:\jdddj.exec:\jdddj.exe76⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe77⤵
-
\??\c:\1xxfrxf.exec:\1xxfrxf.exe78⤵
-
\??\c:\xxrxflr.exec:\xxrxflr.exe79⤵
-
\??\c:\ttbhnt.exec:\ttbhnt.exe80⤵
-
\??\c:\hhnthb.exec:\hhnthb.exe81⤵
-
\??\c:\1vpdd.exec:\1vpdd.exe82⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe83⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe84⤵
-
\??\c:\lxrxlrf.exec:\lxrxlrf.exe85⤵
-
\??\c:\5btnbh.exec:\5btnbh.exe86⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe87⤵
-
\??\c:\1vpvv.exec:\1vpvv.exe88⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe89⤵
-
\??\c:\xxllllx.exec:\xxllllx.exe90⤵
-
\??\c:\1rlxlxf.exec:\1rlxlxf.exe91⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe92⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe93⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe94⤵
-
\??\c:\9ppjj.exec:\9ppjj.exe95⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe96⤵
-
\??\c:\frfflrx.exec:\frfflrx.exe97⤵
-
\??\c:\3fxllrx.exec:\3fxllrx.exe98⤵
-
\??\c:\bbbnnt.exec:\bbbnnt.exe99⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe100⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe101⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe102⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe103⤵
-
\??\c:\xfrxllr.exec:\xfrxllr.exe104⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe105⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe106⤵
-
\??\c:\hnhnhb.exec:\hnhnhb.exe107⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe108⤵
-
\??\c:\jdddj.exec:\jdddj.exe109⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe110⤵
-
\??\c:\llflrxl.exec:\llflrxl.exe111⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe112⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe113⤵
-
\??\c:\rlfrlrx.exec:\rlfrlrx.exe114⤵
-
\??\c:\fxflffr.exec:\fxflffr.exe115⤵
-
\??\c:\tthtnb.exec:\tthtnb.exe116⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe117⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe118⤵
-
\??\c:\vppdj.exec:\vppdj.exe119⤵
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe120⤵
-
\??\c:\9xlxrxf.exec:\9xlxrxf.exe121⤵
-
\??\c:\bttnnb.exec:\bttnnb.exe122⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe123⤵
-
\??\c:\nhtntb.exec:\nhtntb.exe124⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe125⤵
-
\??\c:\rfxfffx.exec:\rfxfffx.exe126⤵
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe127⤵
-
\??\c:\rlrfxlr.exec:\rlrfxlr.exe128⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe129⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe130⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe131⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe132⤵
-
\??\c:\flflxfl.exec:\flflxfl.exe133⤵
-
\??\c:\3xrfxfl.exec:\3xrfxfl.exe134⤵
-
\??\c:\btntbh.exec:\btntbh.exe135⤵
-
\??\c:\1bnthb.exec:\1bnthb.exe136⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe137⤵
-
\??\c:\jjddp.exec:\jjddp.exe138⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe139⤵
-
\??\c:\lfxxlxf.exec:\lfxxlxf.exe140⤵
-
\??\c:\fxfxrfl.exec:\fxfxrfl.exe141⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe142⤵
-
\??\c:\1nbhhn.exec:\1nbhhn.exe143⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe144⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe145⤵
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe146⤵
-
\??\c:\lflfxfr.exec:\lflfxfr.exe147⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe148⤵
-
\??\c:\nthnbt.exec:\nthnbt.exe149⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe150⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe151⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe152⤵
-
\??\c:\rxfrrfx.exec:\rxfrrfx.exe153⤵
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe154⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe155⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe156⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe157⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe158⤵
-
\??\c:\1xrfflr.exec:\1xrfflr.exe159⤵
-
\??\c:\rlrrllx.exec:\rlrrllx.exe160⤵
-
\??\c:\hhhtbb.exec:\hhhtbb.exe161⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe162⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe163⤵
-
\??\c:\1pddp.exec:\1pddp.exe164⤵
-
\??\c:\7ddjv.exec:\7ddjv.exe165⤵
-
\??\c:\frxfrrf.exec:\frxfrrf.exe166⤵
-
\??\c:\tthtbn.exec:\tthtbn.exe167⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe168⤵
-
\??\c:\jjppp.exec:\jjppp.exe169⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe170⤵
-
\??\c:\rllrllx.exec:\rllrllx.exe171⤵
-
\??\c:\5frfrfl.exec:\5frfrfl.exe172⤵
-
\??\c:\rrllxxf.exec:\rrllxxf.exe173⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe174⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe175⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe176⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe177⤵
-
\??\c:\7fxlflx.exec:\7fxlflx.exe178⤵
-
\??\c:\3xllxfl.exec:\3xllxfl.exe179⤵
-
\??\c:\nhhnht.exec:\nhhnht.exe180⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe181⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe182⤵
-
\??\c:\rrlrrrx.exec:\rrlrrrx.exe183⤵
-
\??\c:\lxrlrll.exec:\lxrlrll.exe184⤵
-
\??\c:\llffxfl.exec:\llffxfl.exe185⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe186⤵
-
\??\c:\7thnhn.exec:\7thnhn.exe187⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe188⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe189⤵
-
\??\c:\xxrxrrx.exec:\xxrxrrx.exe190⤵
-
\??\c:\9btthh.exec:\9btthh.exe191⤵
-
\??\c:\7bthtb.exec:\7bthtb.exe192⤵
-
\??\c:\jddjd.exec:\jddjd.exe193⤵
-
\??\c:\5dpdd.exec:\5dpdd.exe194⤵
-
\??\c:\xrrfflr.exec:\xrrfflr.exe195⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe196⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe197⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe198⤵
-
\??\c:\1thtbb.exec:\1thtbb.exe199⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe200⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe201⤵
-
\??\c:\fxlrflr.exec:\fxlrflr.exe202⤵
-
\??\c:\9bthtb.exec:\9bthtb.exe203⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe204⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe205⤵
-
\??\c:\1lfxxrx.exec:\1lfxxrx.exe206⤵
-
\??\c:\lxrrffl.exec:\lxrrffl.exe207⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe208⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe209⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe210⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe211⤵
-
\??\c:\3fflxfl.exec:\3fflxfl.exe212⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe213⤵
-
\??\c:\rlrxxxl.exec:\rlrxxxl.exe214⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe215⤵
-
\??\c:\vpppd.exec:\vpppd.exe216⤵
-
\??\c:\jddjj.exec:\jddjj.exe217⤵
-
\??\c:\fxlxfrf.exec:\fxlxfrf.exe218⤵
-
\??\c:\rfrxllf.exec:\rfrxllf.exe219⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe220⤵
-
\??\c:\9htthn.exec:\9htthn.exe221⤵
-
\??\c:\7pddp.exec:\7pddp.exe222⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe223⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe224⤵
-
\??\c:\rllfrfl.exec:\rllfrfl.exe225⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe226⤵
-
\??\c:\nnthbn.exec:\nnthbn.exe227⤵
-
\??\c:\htntbb.exec:\htntbb.exe228⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe229⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe230⤵
-
\??\c:\9xrfxxl.exec:\9xrfxxl.exe231⤵
-
\??\c:\5xrlrxr.exec:\5xrlrxr.exe232⤵
-
\??\c:\7tbhbn.exec:\7tbhbn.exe233⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe234⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe235⤵
-
\??\c:\fllllfr.exec:\fllllfr.exe236⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe237⤵
-
\??\c:\nbbnbn.exec:\nbbnbn.exe238⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe239⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe240⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe241⤵