Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 22:36
General
-
Target
4dce753c3bc37944bbdff043a611e6e0_NeikiAnalytics.exe
-
Size
719KB
-
MD5
4dce753c3bc37944bbdff043a611e6e0
-
SHA1
40ac0011da0d99d6c4aa57ae1f09cda34cefab06
-
SHA256
a0cea831f8dd38b76db6cdee84d54aaf35470f6bdc782b55f968d1bb0519a476
-
SHA512
bb55956c51636fc12a05714a5162734a284800d3f930850cb35b9a8e12dda85e66634b894caed39211681c0432e77782b64407c92a9f0eaeeb0ed7d2f092c606
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL5oeEF5rna9sUxg7udOxPJVSjYg8lcmJ1MZxEkTs2:SgD4bhoqLDqYLS7w4C
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4dce753c3bc37944bbdff043a611e6e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4dce753c3bc37944bbdff043a611e6e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7thnbh.exec:\7thnbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbtb.exec:\tttbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflfff.exec:\rrflfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhbh.exec:\hbbhbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxff.exec:\xxxlxff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhntn.exec:\7nhntn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnt.exec:\nnnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxfxr.exec:\fxrxfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtb.exec:\nhbbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbb.exec:\tthnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjv.exec:\vjdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\3tntbh.exec:\3tntbh.exe18⤵
- Executes dropped EXE
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\btthbn.exec:\btthbn.exe20⤵
- Executes dropped EXE
-
\??\c:\rrlxffl.exec:\rrlxffl.exe21⤵
- Executes dropped EXE
-
\??\c:\bthnth.exec:\bthnth.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlflfrf.exec:\rlflfrf.exe25⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe26⤵
- Executes dropped EXE
-
\??\c:\9dvvv.exec:\9dvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\ffxlflx.exec:\ffxlflx.exe31⤵
- Executes dropped EXE
-
\??\c:\3dvjv.exec:\3dvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe33⤵
- Executes dropped EXE
-
\??\c:\frlfrxx.exec:\frlfrxx.exe34⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe35⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\lflrfxx.exec:\lflrfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\btnbtb.exec:\btnbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrxfxx.exec:\lrrxfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhbnb.exec:\tnhbnb.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe43⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\9rrrlrx.exec:\9rrrlrx.exe45⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe46⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe47⤵
- Executes dropped EXE
-
\??\c:\llrffff.exec:\llrffff.exe48⤵
- Executes dropped EXE
-
\??\c:\9bttnt.exec:\9bttnt.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe51⤵
- Executes dropped EXE
-
\??\c:\bbnbtb.exec:\bbnbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\7pppj.exec:\7pppj.exe53⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe54⤵
- Executes dropped EXE
-
\??\c:\frlrxrl.exec:\frlrxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\bthnhh.exec:\bthnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\9jjpd.exec:\9jjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\bttbbn.exec:\bttbbn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe60⤵
- Executes dropped EXE
-
\??\c:\llxlxfx.exec:\llxlxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe62⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\lxlrflx.exec:\lxlrflx.exe64⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe66⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe67⤵
-
\??\c:\frlrrlx.exec:\frlrrlx.exe68⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe69⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe70⤵
-
\??\c:\lrfrrll.exec:\lrfrrll.exe71⤵
-
\??\c:\hhntnb.exec:\hhntnb.exe72⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe73⤵
-
\??\c:\rlrlfrx.exec:\rlrlfrx.exe74⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe75⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe76⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe77⤵
-
\??\c:\fxxlfrf.exec:\fxxlfrf.exe78⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe79⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe80⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe81⤵
-
\??\c:\5nhtbt.exec:\5nhtbt.exe82⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe83⤵
-
\??\c:\1xxfrxl.exec:\1xxfrxl.exe84⤵
-
\??\c:\nnthht.exec:\nnthht.exe85⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe86⤵
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe87⤵
-
\??\c:\ffrxfxl.exec:\ffrxfxl.exe88⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe89⤵
-
\??\c:\3xrxxxr.exec:\3xrxxxr.exe90⤵
-
\??\c:\fxlxfrr.exec:\fxlxfrr.exe91⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe92⤵
-
\??\c:\vppvv.exec:\vppvv.exe93⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe94⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe95⤵
-
\??\c:\btnbbt.exec:\btnbbt.exe96⤵
-
\??\c:\jddjd.exec:\jddjd.exe97⤵
-
\??\c:\xrfffxx.exec:\xrfffxx.exe98⤵
-
\??\c:\hhhttb.exec:\hhhttb.exe99⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe100⤵
-
\??\c:\xrllxfx.exec:\xrllxfx.exe101⤵
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe102⤵
-
\??\c:\7bthth.exec:\7bthth.exe103⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe104⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe105⤵
-
\??\c:\7tntth.exec:\7tntth.exe106⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe107⤵
-
\??\c:\rlrlrll.exec:\rlrlrll.exe108⤵
-
\??\c:\btbtbn.exec:\btbtbn.exe109⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe110⤵
-
\??\c:\rrflflx.exec:\rrflflx.exe111⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe112⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe113⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe114⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe115⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe116⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe117⤵
-
\??\c:\lflfrxr.exec:\lflfrxr.exe118⤵
-
\??\c:\tnhnnh.exec:\tnhnnh.exe119⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe120⤵
-
\??\c:\lflxrrf.exec:\lflxrrf.exe121⤵
-
\??\c:\9xflxrr.exec:\9xflxrr.exe122⤵
-
\??\c:\7btbnb.exec:\7btbnb.exe123⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe124⤵
-
\??\c:\rlxxxfr.exec:\rlxxxfr.exe125⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe126⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe127⤵
-
\??\c:\pppvd.exec:\pppvd.exe128⤵
-
\??\c:\xrrxfff.exec:\xrrxfff.exe129⤵
-
\??\c:\nnhnnt.exec:\nnhnnt.exe130⤵
-
\??\c:\dvddj.exec:\dvddj.exe131⤵
-
\??\c:\xlxlffx.exec:\xlxlffx.exe132⤵
-
\??\c:\9hhnth.exec:\9hhnth.exe133⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe134⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe135⤵
-
\??\c:\9frxxlr.exec:\9frxxlr.exe136⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe137⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe138⤵
-
\??\c:\llrfffx.exec:\llrfffx.exe139⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe140⤵
-
\??\c:\ddddd.exec:\ddddd.exe141⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe142⤵
-
\??\c:\frrfffr.exec:\frrfffr.exe143⤵
-
\??\c:\hbthbn.exec:\hbthbn.exe144⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe145⤵
-
\??\c:\frrxlrx.exec:\frrxlrx.exe146⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe147⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe148⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe149⤵
-
\??\c:\rfrrrfr.exec:\rfrrrfr.exe150⤵
-
\??\c:\htnbnt.exec:\htnbnt.exe151⤵
-
\??\c:\1dpvv.exec:\1dpvv.exe152⤵
-
\??\c:\llrxrfr.exec:\llrxrfr.exe153⤵
-
\??\c:\ttnbbh.exec:\ttnbbh.exe154⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe155⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe156⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe157⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe158⤵
-
\??\c:\fffllxl.exec:\fffllxl.exe159⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe160⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe161⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe162⤵
-
\??\c:\ffflxll.exec:\ffflxll.exe163⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe164⤵
-
\??\c:\pjppd.exec:\pjppd.exe165⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe166⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe167⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe168⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe169⤵
-
\??\c:\fxxxflx.exec:\fxxxflx.exe170⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe171⤵
-
\??\c:\jpppj.exec:\jpppj.exe172⤵
-
\??\c:\rlffrfx.exec:\rlffrfx.exe173⤵
-
\??\c:\7ttbnb.exec:\7ttbnb.exe174⤵
-
\??\c:\dddpj.exec:\dddpj.exe175⤵
-
\??\c:\lfflrxx.exec:\lfflrxx.exe176⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe177⤵
-
\??\c:\bthttt.exec:\bthttt.exe178⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe179⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe180⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe181⤵
-
\??\c:\nnbhnn.exec:\nnbhnn.exe182⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe183⤵
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe184⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe185⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe186⤵
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe187⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe188⤵
-
\??\c:\9nhhnt.exec:\9nhhnt.exe189⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe190⤵
-
\??\c:\5rxxrll.exec:\5rxxrll.exe191⤵
-
\??\c:\ttbthn.exec:\ttbthn.exe192⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe193⤵
-
\??\c:\xflrlxr.exec:\xflrlxr.exe194⤵
-
\??\c:\1httnt.exec:\1httnt.exe195⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe196⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe197⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe198⤵
-
\??\c:\htnhth.exec:\htnhth.exe199⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe200⤵
-
\??\c:\fffrfrl.exec:\fffrfrl.exe201⤵
-
\??\c:\nnnbtn.exec:\nnnbtn.exe202⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe203⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe204⤵
-
\??\c:\rxffxlx.exec:\rxffxlx.exe205⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe206⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe207⤵
-
\??\c:\llxrrfl.exec:\llxrrfl.exe208⤵
-
\??\c:\1tthht.exec:\1tthht.exe209⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe210⤵
-
\??\c:\7llrlxl.exec:\7llrlxl.exe211⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe212⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe213⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe214⤵
-
\??\c:\lrrllxr.exec:\lrrllxr.exe215⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe216⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe217⤵
-
\??\c:\dpddv.exec:\dpddv.exe218⤵
-
\??\c:\lrlffxr.exec:\lrlffxr.exe219⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe220⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe221⤵
-
\??\c:\fxxllxf.exec:\fxxllxf.exe222⤵
-
\??\c:\5nntnh.exec:\5nntnh.exe223⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe224⤵
-
\??\c:\fllxxll.exec:\fllxxll.exe225⤵
-
\??\c:\nnhbbn.exec:\nnhbbn.exe226⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe227⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe228⤵
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe229⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe230⤵
-
\??\c:\1vppp.exec:\1vppp.exe231⤵
-
\??\c:\xfxlrfl.exec:\xfxlrfl.exe232⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe233⤵
-
\??\c:\bthntb.exec:\bthntb.exe234⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe235⤵
-
\??\c:\rlxxlfr.exec:\rlxxlfr.exe236⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe237⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe238⤵
-
\??\c:\djpdv.exec:\djpdv.exe239⤵
-
\??\c:\5rlrfrf.exec:\5rlrfrf.exe240⤵
-
\??\c:\1ntbnn.exec:\1ntbnn.exe241⤵