Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
18-05-2024 21:05
General
-
Target
0144fbb3787a900075c43da2a614e190_NeikiAnalytics.exe
-
Size
433KB
-
MD5
0144fbb3787a900075c43da2a614e190
-
SHA1
d4b16d04391b689163b7e4e216a8223cc0a2eb10
-
SHA256
49d7bad3a89d7c306bb0b5fbff09aebf9e026be4bea40db0c45cbb8cf34503ea
-
SHA512
570c0aec46372e6ea2695d21b791633f2cf0c427e2a1ee778502fbe7526460b4617489294fcd5f1a02540f522303313399eaae3f6797b644295a7166891c40aa
-
SSDEEP
12288:n3C9uMPh2kkkkK4kXkkkkkkkkl888888888888888888nf:ShPh2kkkkK4kXkkkkkkkkZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0144fbb3787a900075c43da2a614e190_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0144fbb3787a900075c43da2a614e190_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpv.exec:\jvvpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfffx.exec:\rflfffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnttn.exec:\btnttn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnh.exec:\hhtbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbb.exec:\bthnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrfxfx.exec:\rlrfxfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhbh.exec:\hbbhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbn.exec:\btntbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhtb.exec:\hhbhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrflx.exec:\lrfrflx.exe17⤵
- Executes dropped EXE
-
\??\c:\1nbbnt.exec:\1nbbnt.exe18⤵
- Executes dropped EXE
-
\??\c:\9fllflf.exec:\9fllflf.exe19⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe20⤵
- Executes dropped EXE
-
\??\c:\lrxfxrr.exec:\lrxfxrr.exe21⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe22⤵
- Executes dropped EXE
-
\??\c:\1rlrxfr.exec:\1rlrxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe24⤵
- Executes dropped EXE
-
\??\c:\xrfxlff.exec:\xrfxlff.exe25⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrfrr.exec:\rlrrfrr.exe27⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxllxfr.exec:\xxllxfr.exe29⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe31⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\bbtthh.exec:\bbtthh.exe34⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\tbbnth.exec:\tbbnth.exe37⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrxlxr.exec:\rlrxlxr.exe40⤵
- Executes dropped EXE
-
\??\c:\tttbnt.exec:\tttbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrxflf.exec:\fxrxflf.exe43⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe44⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xxlrfff.exec:\xxlrfff.exe46⤵
- Executes dropped EXE
-
\??\c:\7ffxlrf.exec:\7ffxlrf.exe47⤵
- Executes dropped EXE
-
\??\c:\1btbnt.exec:\1btbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrxrxr.exec:\rlrxrxr.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlrfll.exec:\xrlrfll.exe51⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe52⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe53⤵
- Executes dropped EXE
-
\??\c:\3lfrlll.exec:\3lfrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxflrf.exec:\ffxflrf.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\3hthnn.exec:\3hthnn.exe59⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrlxrf.exec:\fxrlxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\9nnttb.exec:\9nnttb.exe62⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe64⤵
- Executes dropped EXE
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe65⤵
- Executes dropped EXE
-
\??\c:\7tnnhn.exec:\7tnnhn.exe66⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe67⤵
-
\??\c:\xxxrflx.exec:\xxxrflx.exe68⤵
-
\??\c:\7xrfflf.exec:\7xrfflf.exe69⤵
-
\??\c:\hntnbn.exec:\hntnbn.exe70⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe71⤵
-
\??\c:\7rffxfr.exec:\7rffxfr.exe72⤵
-
\??\c:\hbnbnb.exec:\hbnbnb.exe73⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe74⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe75⤵
-
\??\c:\3xllrrx.exec:\3xllrrx.exe76⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe77⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe78⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe79⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe80⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe81⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe82⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe83⤵
-
\??\c:\1rllrrr.exec:\1rllrrr.exe84⤵
-
\??\c:\hhntht.exec:\hhntht.exe85⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe86⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe87⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe88⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe89⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe90⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe91⤵
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe92⤵
-
\??\c:\htnnhn.exec:\htnnhn.exe93⤵
-
\??\c:\9pjvd.exec:\9pjvd.exe94⤵
-
\??\c:\5xrxxfl.exec:\5xrxxfl.exe95⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe96⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe97⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe98⤵
-
\??\c:\xlxfllx.exec:\xlxfllx.exe99⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe100⤵
-
\??\c:\7hthbb.exec:\7hthbb.exe101⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe102⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe103⤵
-
\??\c:\1fxfllf.exec:\1fxfllf.exe104⤵
-
\??\c:\hbtnnb.exec:\hbtnnb.exe105⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe106⤵
-
\??\c:\5thtbh.exec:\5thtbh.exe107⤵
-
\??\c:\dvppd.exec:\dvppd.exe108⤵
-
\??\c:\3djdd.exec:\3djdd.exe109⤵
-
\??\c:\flrrrfx.exec:\flrrrfx.exe110⤵
-
\??\c:\1bntnn.exec:\1bntnn.exe111⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe112⤵
-
\??\c:\9pdpp.exec:\9pdpp.exe113⤵
-
\??\c:\1fffxll.exec:\1fffxll.exe114⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe115⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe116⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe117⤵
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe118⤵
-
\??\c:\3bbnbh.exec:\3bbnbh.exe119⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe120⤵
-
\??\c:\fllxrlf.exec:\fllxrlf.exe121⤵
-
\??\c:\fffrxfl.exec:\fffrxfl.exe122⤵
-
\??\c:\hbthth.exec:\hbthth.exe123⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe124⤵
-
\??\c:\5llxxfr.exec:\5llxxfr.exe125⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe126⤵
-
\??\c:\5tntbn.exec:\5tntbn.exe127⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe128⤵
-
\??\c:\1rlrrxr.exec:\1rlrrxr.exe129⤵
-
\??\c:\xlrllxx.exec:\xlrllxx.exe130⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe131⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe132⤵
-
\??\c:\llffllf.exec:\llffllf.exe133⤵
-
\??\c:\9xxfxlf.exec:\9xxfxlf.exe134⤵
-
\??\c:\nhhtth.exec:\nhhtth.exe135⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe136⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe137⤵
-
\??\c:\xxlflrf.exec:\xxlflrf.exe138⤵
-
\??\c:\hhtbht.exec:\hhtbht.exe139⤵
-
\??\c:\5bbhhn.exec:\5bbhhn.exe140⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe141⤵
-
\??\c:\llllrfx.exec:\llllrfx.exe142⤵
-
\??\c:\nhnhht.exec:\nhnhht.exe143⤵
-
\??\c:\tnnhht.exec:\tnnhht.exe144⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe145⤵
-
\??\c:\7lrxxxl.exec:\7lrxxxl.exe146⤵
-
\??\c:\fllxrlr.exec:\fllxrlr.exe147⤵
-
\??\c:\bhbttb.exec:\bhbttb.exe148⤵
-
\??\c:\djpdv.exec:\djpdv.exe149⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe150⤵
-
\??\c:\xfflrfr.exec:\xfflrfr.exe151⤵
-
\??\c:\hhbthn.exec:\hhbthn.exe152⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe153⤵
-
\??\c:\rfffrxl.exec:\rfffrxl.exe154⤵
-
\??\c:\xrxfllr.exec:\xrxfllr.exe155⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe156⤵
-
\??\c:\djjvd.exec:\djjvd.exe157⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe158⤵
-
\??\c:\xrllrxr.exec:\xrllrxr.exe159⤵
-
\??\c:\7bnnhn.exec:\7bnnhn.exe160⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe161⤵
-
\??\c:\9vpdj.exec:\9vpdj.exe162⤵
-
\??\c:\1rflxfx.exec:\1rflxfx.exe163⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe164⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe165⤵
-
\??\c:\djdvp.exec:\djdvp.exe166⤵
-
\??\c:\lffrrxr.exec:\lffrrxr.exe167⤵
-
\??\c:\tbhbth.exec:\tbhbth.exe168⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe169⤵
-
\??\c:\1vpvp.exec:\1vpvp.exe170⤵
-
\??\c:\ffxlrxr.exec:\ffxlrxr.exe171⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe172⤵
-
\??\c:\jdddv.exec:\jdddv.exe173⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe174⤵
-
\??\c:\flllffx.exec:\flllffx.exe175⤵
-
\??\c:\7hhhbh.exec:\7hhhbh.exe176⤵
-
\??\c:\5jddj.exec:\5jddj.exe177⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe178⤵
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe179⤵
-
\??\c:\3hbhnn.exec:\3hbhnn.exe180⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe181⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe182⤵
-
\??\c:\9lxflxl.exec:\9lxflxl.exe183⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe184⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe185⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe186⤵
-
\??\c:\1xrxlxr.exec:\1xrxlxr.exe187⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe188⤵
-
\??\c:\vppvj.exec:\vppvj.exe189⤵
-
\??\c:\lxllrrf.exec:\lxllrrf.exe190⤵
-
\??\c:\3rxfxlr.exec:\3rxfxlr.exe191⤵
-
\??\c:\bthntn.exec:\bthntn.exe192⤵
-
\??\c:\dppdd.exec:\dppdd.exe193⤵
-
\??\c:\9rfrrrf.exec:\9rfrrrf.exe194⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe195⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe196⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe197⤵
-
\??\c:\rrrlrxx.exec:\rrrlrxx.exe198⤵
-
\??\c:\flflxfx.exec:\flflxfx.exe199⤵
-
\??\c:\7ttbtb.exec:\7ttbtb.exe200⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe201⤵
-
\??\c:\llrxlxr.exec:\llrxlxr.exe202⤵
-
\??\c:\frlxrfx.exec:\frlxrfx.exe203⤵
-
\??\c:\bntnht.exec:\bntnht.exe204⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe205⤵
-
\??\c:\5lfflfr.exec:\5lfflfr.exe206⤵
-
\??\c:\7lrllfl.exec:\7lrllfl.exe207⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe208⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe209⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe210⤵
-
\??\c:\5xrfxlr.exec:\5xrfxlr.exe211⤵
-
\??\c:\hhnnth.exec:\hhnnth.exe212⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe213⤵
-
\??\c:\pvdjp.exec:\pvdjp.exe214⤵
-
\??\c:\fxfrflr.exec:\fxfrflr.exe215⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe216⤵
-
\??\c:\9ntbbh.exec:\9ntbbh.exe217⤵
-
\??\c:\djvjd.exec:\djvjd.exe218⤵
-
\??\c:\lxxfflr.exec:\lxxfflr.exe219⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe220⤵
-
\??\c:\vjddp.exec:\vjddp.exe221⤵
-
\??\c:\vddvj.exec:\vddvj.exe222⤵
-
\??\c:\flrfxxf.exec:\flrfxxf.exe223⤵
-
\??\c:\nnntth.exec:\nnntth.exe224⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe225⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe226⤵
-
\??\c:\lxxlrxl.exec:\lxxlrxl.exe227⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe228⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe229⤵
-
\??\c:\rxrlrll.exec:\rxrlrll.exe230⤵
-
\??\c:\flfrfrl.exec:\flfrfrl.exe231⤵
-
\??\c:\bttbnb.exec:\bttbnb.exe232⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe233⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe234⤵
-
\??\c:\lffrxfl.exec:\lffrxfl.exe235⤵
-
\??\c:\tbbnnb.exec:\tbbnnb.exe236⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe237⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe238⤵
-
\??\c:\5lflrrf.exec:\5lflrrf.exe239⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe240⤵
-
\??\c:\hnnthb.exec:\hnnthb.exe241⤵