Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 22:22
General
-
Target
4a91aab8b6c98959eb5665cfc530cac0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
4a91aab8b6c98959eb5665cfc530cac0
-
SHA1
b54642b5f5b2d504a53144c6fcd29d811faf659c
-
SHA256
96c6983c0798505f329be9d4d49e301e834aa4aa8f7a7878737733311843e416
-
SHA512
b04e2b52b903e60b17e19f14d0697bdd3e570d98d1a845617bfbcc68b7b4e90d50fb7c3ebc991b0b1b20b26c8adbc6c8fb8555e5416ecf686041776320f04f57
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8H:9hOmTsF93UYfwC6GIoutz5yLpOSDl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a91aab8b6c98959eb5665cfc530cac0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a91aab8b6c98959eb5665cfc530cac0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjj.exec:\vpjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrrr.exec:\llxrrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbt.exec:\bntnbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdj.exec:\dvvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllrx.exec:\xrrllrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrxf.exec:\xrffrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhtn.exec:\bnbhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntht.exec:\bbntht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddj.exec:\3jddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrxrr.exec:\xlxrxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrx.exec:\rlxflrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlxxfl.exec:\5rlxxfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnttn.exec:\nbnttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttntb.exec:\9ttntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppd.exec:\9pppd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrrllx.exec:\lfrrllx.exe18⤵
- Executes dropped EXE
-
\??\c:\5fxrxxx.exec:\5fxrxxx.exe19⤵
- Executes dropped EXE
-
\??\c:\thnntt.exec:\thnntt.exe20⤵
- Executes dropped EXE
-
\??\c:\ttbnnt.exec:\ttbnnt.exe21⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe23⤵
- Executes dropped EXE
-
\??\c:\rlflrrx.exec:\rlflrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\1rlxxrx.exec:\1rlxxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\3hbbhh.exec:\3hbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\hbtnth.exec:\hbtnth.exe27⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe28⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe29⤵
- Executes dropped EXE
-
\??\c:\5xllxfl.exec:\5xllxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrxfrr.exec:\fxrxfrr.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe32⤵
- Executes dropped EXE
-
\??\c:\5ntbhh.exec:\5ntbhh.exe33⤵
- Executes dropped EXE
-
\??\c:\9dpdp.exec:\9dpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\9flrflr.exec:\9flrflr.exe36⤵
- Executes dropped EXE
-
\??\c:\frxlrxl.exec:\frxlrxl.exe37⤵
- Executes dropped EXE
-
\??\c:\9nhbtn.exec:\9nhbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\1hntnn.exec:\1hntnn.exe39⤵
- Executes dropped EXE
-
\??\c:\9vpdj.exec:\9vpdj.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe41⤵
- Executes dropped EXE
-
\??\c:\5pdpp.exec:\5pdpp.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrxllf.exec:\lfrxllf.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfxxrl.exec:\fxfxxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\bbhnnn.exec:\bbhnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\1thhhb.exec:\1thhhb.exe46⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe48⤵
- Executes dropped EXE
-
\??\c:\xrffffl.exec:\xrffffl.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxffll.exec:\lrxffll.exe50⤵
- Executes dropped EXE
-
\??\c:\1bnntb.exec:\1bnntb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrxflx.exec:\lrrxflx.exe53⤵
- Executes dropped EXE
-
\??\c:\flrllxx.exec:\flrllxx.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe55⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe56⤵
- Executes dropped EXE
-
\??\c:\lxllllx.exec:\lxllllx.exe57⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\lllfxff.exec:\lllfxff.exe59⤵
- Executes dropped EXE
-
\??\c:\1bnbnh.exec:\1bnbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rrlxrfl.exec:\rrlxrfl.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrxfff.exec:\xrrxfff.exe63⤵
- Executes dropped EXE
-
\??\c:\hhntnt.exec:\hhntnt.exe64⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe66⤵
-
\??\c:\jdppv.exec:\jdppv.exe67⤵
-
\??\c:\frxffxx.exec:\frxffxx.exe68⤵
-
\??\c:\rfrxxfl.exec:\rfrxxfl.exe69⤵
-
\??\c:\ddppp.exec:\ddppp.exe70⤵
-
\??\c:\ffrfrfl.exec:\ffrfrfl.exe71⤵
-
\??\c:\xlxxxlx.exec:\xlxxxlx.exe72⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe73⤵
-
\??\c:\5hnttt.exec:\5hnttt.exe74⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe75⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe76⤵
-
\??\c:\rfrrlff.exec:\rfrrlff.exe77⤵
-
\??\c:\xfrrxxf.exec:\xfrrxxf.exe78⤵
-
\??\c:\7nhttb.exec:\7nhttb.exe79⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe80⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe81⤵
-
\??\c:\xrfrllr.exec:\xrfrllr.exe82⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe83⤵
-
\??\c:\9tbnhn.exec:\9tbnhn.exe84⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe85⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe86⤵
-
\??\c:\3djpp.exec:\3djpp.exe87⤵
-
\??\c:\lxfxxrx.exec:\lxfxxrx.exe88⤵
-
\??\c:\3xrxrxr.exec:\3xrxrxr.exe89⤵
-
\??\c:\1hhtnh.exec:\1hhtnh.exe90⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe91⤵
-
\??\c:\7djjv.exec:\7djjv.exe92⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe93⤵
-
\??\c:\3xxrxrx.exec:\3xxrxrx.exe94⤵
-
\??\c:\ffllrrr.exec:\ffllrrr.exe95⤵
-
\??\c:\1fflrrf.exec:\1fflrrf.exe96⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe97⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe98⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe99⤵
-
\??\c:\jjddj.exec:\jjddj.exe100⤵
-
\??\c:\frfxflr.exec:\frfxflr.exe101⤵
-
\??\c:\lxlllfl.exec:\lxlllfl.exe102⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe103⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe104⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe105⤵
-
\??\c:\vpddj.exec:\vpddj.exe106⤵
-
\??\c:\1fxrrlr.exec:\1fxrrlr.exe107⤵
-
\??\c:\lxfllll.exec:\lxfllll.exe108⤵
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe109⤵
-
\??\c:\7hthhh.exec:\7hthhh.exe110⤵
-
\??\c:\hbhtnt.exec:\hbhtnt.exe111⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe112⤵
-
\??\c:\dvddv.exec:\dvddv.exe113⤵
-
\??\c:\3lrfxxx.exec:\3lrfxxx.exe114⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe115⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe116⤵
-
\??\c:\thbntt.exec:\thbntt.exe117⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe118⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe119⤵
-
\??\c:\xlrrlfl.exec:\xlrrlfl.exe120⤵
-
\??\c:\rxlrlll.exec:\rxlrlll.exe121⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe122⤵
-
\??\c:\bthntt.exec:\bthntt.exe123⤵
-
\??\c:\nbtttn.exec:\nbtttn.exe124⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe125⤵
-
\??\c:\jvppp.exec:\jvppp.exe126⤵
-
\??\c:\fxfrrrx.exec:\fxfrrrx.exe127⤵
-
\??\c:\1ffflfr.exec:\1ffflfr.exe128⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe129⤵
-
\??\c:\7djjj.exec:\7djjj.exe130⤵
-
\??\c:\9jvjv.exec:\9jvjv.exe131⤵
-
\??\c:\rlfllrx.exec:\rlfllrx.exe132⤵
-
\??\c:\rxxrxrr.exec:\rxxrxrr.exe133⤵
-
\??\c:\5xlrrrx.exec:\5xlrrrx.exe134⤵
-
\??\c:\9bhttt.exec:\9bhttt.exe135⤵
-
\??\c:\9ntbnn.exec:\9ntbnn.exe136⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe137⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe138⤵
-
\??\c:\1lffffl.exec:\1lffffl.exe139⤵
-
\??\c:\fxrlxxf.exec:\fxrlxxf.exe140⤵
-
\??\c:\hntntt.exec:\hntntt.exe141⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe142⤵
-
\??\c:\vjppp.exec:\vjppp.exe143⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe144⤵
-
\??\c:\rrxlxfx.exec:\rrxlxfx.exe145⤵
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe146⤵
-
\??\c:\3nhnbh.exec:\3nhnbh.exe147⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe148⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe149⤵
-
\??\c:\9pppp.exec:\9pppp.exe150⤵
-
\??\c:\9ffrlxl.exec:\9ffrlxl.exe151⤵
-
\??\c:\5frrlrx.exec:\5frrlrx.exe152⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe153⤵
-
\??\c:\thttbt.exec:\thttbt.exe154⤵
-
\??\c:\pjppd.exec:\pjppd.exe155⤵
-
\??\c:\jdppj.exec:\jdppj.exe156⤵
-
\??\c:\3rxxxlr.exec:\3rxxxlr.exe157⤵
-
\??\c:\llllxrl.exec:\llllxrl.exe158⤵
-
\??\c:\9thbnh.exec:\9thbnh.exe159⤵
-
\??\c:\3thntb.exec:\3thntb.exe160⤵
-
\??\c:\5jjvd.exec:\5jjvd.exe161⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe162⤵
-
\??\c:\fxlxffr.exec:\fxlxffr.exe163⤵
-
\??\c:\xxrrfll.exec:\xxrrfll.exe164⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe165⤵
-
\??\c:\9ttbnt.exec:\9ttbnt.exe166⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe167⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe168⤵
-
\??\c:\frfxllr.exec:\frfxllr.exe169⤵
-
\??\c:\7lffxlf.exec:\7lffxlf.exe170⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe171⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe172⤵
-
\??\c:\hhnhnt.exec:\hhnhnt.exe173⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe174⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe175⤵
-
\??\c:\ppddv.exec:\ppddv.exe176⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe177⤵
-
\??\c:\1rflllr.exec:\1rflllr.exe178⤵
-
\??\c:\lxxfrlf.exec:\lxxfrlf.exe179⤵
-
\??\c:\thnbhh.exec:\thnbhh.exe180⤵
-
\??\c:\1tntth.exec:\1tntth.exe181⤵
-
\??\c:\3hbbhh.exec:\3hbbhh.exe182⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe183⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe184⤵
-
\??\c:\7vvdp.exec:\7vvdp.exe185⤵
-
\??\c:\xxxxxlx.exec:\xxxxxlx.exe186⤵
-
\??\c:\rllllrx.exec:\rllllrx.exe187⤵
-
\??\c:\1flrxxl.exec:\1flrxxl.exe188⤵
-
\??\c:\tthnbt.exec:\tthnbt.exe189⤵
-
\??\c:\tntthh.exec:\tntthh.exe190⤵
-
\??\c:\1bttnn.exec:\1bttnn.exe191⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe192⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe193⤵
-
\??\c:\3rxlxxl.exec:\3rxlxxl.exe194⤵
-
\??\c:\lxllrrf.exec:\lxllrrf.exe195⤵
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe196⤵
-
\??\c:\thttbn.exec:\thttbn.exe197⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe198⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe199⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe200⤵
-
\??\c:\jdppd.exec:\jdppd.exe201⤵
-
\??\c:\lfrrflr.exec:\lfrrflr.exe202⤵
-
\??\c:\7lxlrrx.exec:\7lxlrrx.exe203⤵
-
\??\c:\9htbbb.exec:\9htbbb.exe204⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe205⤵
-
\??\c:\hhtnth.exec:\hhtnth.exe206⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe207⤵
-
\??\c:\xfxrrll.exec:\xfxrrll.exe208⤵
-
\??\c:\fxflrrr.exec:\fxflrrr.exe209⤵
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe210⤵
-
\??\c:\bntttt.exec:\bntttt.exe211⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe212⤵
-
\??\c:\htbbhb.exec:\htbbhb.exe213⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe214⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe215⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe216⤵
-
\??\c:\xlxffxf.exec:\xlxffxf.exe217⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe218⤵
-
\??\c:\thnntb.exec:\thnntb.exe219⤵
-
\??\c:\5hbtbb.exec:\5hbtbb.exe220⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe221⤵
-
\??\c:\pjddj.exec:\pjddj.exe222⤵
-
\??\c:\5frrlfl.exec:\5frrlfl.exe223⤵
-
\??\c:\lxxxxff.exec:\lxxxxff.exe224⤵
-
\??\c:\3lrllfl.exec:\3lrllfl.exe225⤵
-
\??\c:\httttt.exec:\httttt.exe226⤵
-
\??\c:\tnbnnh.exec:\tnbnnh.exe227⤵
-
\??\c:\tbnthb.exec:\tbnthb.exe228⤵
-
\??\c:\pdppp.exec:\pdppp.exe229⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe230⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe231⤵
-
\??\c:\rffrrlr.exec:\rffrrlr.exe232⤵
-
\??\c:\lxxxxxf.exec:\lxxxxxf.exe233⤵
-
\??\c:\5frlfxx.exec:\5frlfxx.exe234⤵
-
\??\c:\ttthtb.exec:\ttthtb.exe235⤵
-
\??\c:\bthttb.exec:\bthttb.exe236⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe237⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe238⤵
-
\??\c:\9pddv.exec:\9pddv.exe239⤵
-
\??\c:\lflxrxf.exec:\lflxrxf.exe240⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe241⤵