Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 22:38
General
-
Target
4e5a49801cf539f7df4c6fdd9eb61850_NeikiAnalytics.exe
-
Size
62KB
-
MD5
4e5a49801cf539f7df4c6fdd9eb61850
-
SHA1
4c47557cee8cdadc0d0ca9e9a47d75a143af9f09
-
SHA256
85224e31fa9674d53de097876403302979c89a64e30e2100affd7434a3e34fe5
-
SHA512
3ff9372972dc0d0f78c2fef9c34e3422d35b726bffb965f068988e2c680fab36ec729ff7d24380402c822e521a9dc6148b1f622a96376730509776e95c74cb91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDISoFGDn:ymb3NkkiQ3mdBjFIkr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e5a49801cf539f7df4c6fdd9eb61850_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4e5a49801cf539f7df4c6fdd9eb61850_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdp.exec:\9dvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppp.exec:\vpppp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlxfrf.exec:\7xlxfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhh.exec:\hthhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhhh.exec:\bnbhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpvp.exec:\7jpvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxl.exec:\rflfxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxffxf.exec:\1lxffxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbb.exec:\btntbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntbbb.exec:\5ntbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlrrxx.exec:\1xlrrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxlrrr.exec:\1fxlrrr.exe17⤵
- Executes dropped EXE
-
\??\c:\3nhntt.exec:\3nhntt.exe18⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe20⤵
- Executes dropped EXE
-
\??\c:\3vpjj.exec:\3vpjj.exe21⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe23⤵
- Executes dropped EXE
-
\??\c:\flrlrfx.exec:\flrlrfx.exe24⤵
- Executes dropped EXE
-
\??\c:\bnntbb.exec:\bnntbb.exe25⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\1hhntt.exec:\1hhntt.exe27⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe28⤵
- Executes dropped EXE
-
\??\c:\1vvvd.exec:\1vvvd.exe29⤵
- Executes dropped EXE
-
\??\c:\lxrxflr.exec:\lxrxflr.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrllrx.exec:\lxrllrx.exe31⤵
- Executes dropped EXE
-
\??\c:\5thnbn.exec:\5thnbn.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhntt.exec:\tbhntt.exe33⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe34⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\1jddj.exec:\1jddj.exe36⤵
- Executes dropped EXE
-
\??\c:\fxlfffr.exec:\fxlfffr.exe37⤵
- Executes dropped EXE
-
\??\c:\9frrlrr.exec:\9frrlrr.exe38⤵
- Executes dropped EXE
-
\??\c:\3bnbht.exec:\3bnbht.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe40⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlfxlf.exec:\xrlfxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\btbhhb.exec:\btbhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\frffxxf.exec:\frffxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\xflxxff.exec:\xflxxff.exe46⤵
- Executes dropped EXE
-
\??\c:\bhnntt.exec:\bhnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe49⤵
- Executes dropped EXE
-
\??\c:\7thnnn.exec:\7thnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe51⤵
- Executes dropped EXE
-
\??\c:\9pddd.exec:\9pddd.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlfrff.exec:\fxlfrff.exe53⤵
- Executes dropped EXE
-
\??\c:\7flffff.exec:\7flffff.exe54⤵
- Executes dropped EXE
-
\??\c:\btbntt.exec:\btbntt.exe55⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe56⤵
- Executes dropped EXE
-
\??\c:\7vjdj.exec:\7vjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\xxlfxxf.exec:\xxlfxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbtbn.exec:\tnbtbn.exe60⤵
- Executes dropped EXE
-
\??\c:\btbntb.exec:\btbntb.exe61⤵
- Executes dropped EXE
-
\??\c:\7jdpp.exec:\7jdpp.exe62⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrfll.exec:\lfrrfll.exe64⤵
- Executes dropped EXE
-
\??\c:\3xrxlrr.exec:\3xrxlrr.exe65⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe66⤵
-
\??\c:\bhtnnb.exec:\bhtnnb.exe67⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe68⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe69⤵
-
\??\c:\7frllff.exec:\7frllff.exe70⤵
-
\??\c:\rflllff.exec:\rflllff.exe71⤵
-
\??\c:\1nhtbh.exec:\1nhtbh.exe72⤵
-
\??\c:\5tbhnn.exec:\5tbhnn.exe73⤵
-
\??\c:\pdppj.exec:\pdppj.exe74⤵
-
\??\c:\pjddd.exec:\pjddd.exe75⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe76⤵
-
\??\c:\1rxxrrx.exec:\1rxxrrx.exe77⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe78⤵
-
\??\c:\5tnthn.exec:\5tnthn.exe79⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe80⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe81⤵
-
\??\c:\dpddv.exec:\dpddv.exe82⤵
-
\??\c:\frxxrrx.exec:\frxxrrx.exe83⤵
-
\??\c:\fxflrxx.exec:\fxflrxx.exe84⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe85⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe86⤵
-
\??\c:\jjddp.exec:\jjddp.exe87⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe88⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe89⤵
-
\??\c:\frrfllx.exec:\frrfllx.exe90⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe91⤵
-
\??\c:\bthttb.exec:\bthttb.exe92⤵
-
\??\c:\7jvdj.exec:\7jvdj.exe93⤵
-
\??\c:\7djvv.exec:\7djvv.exe94⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe95⤵
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe96⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe97⤵
-
\??\c:\1bbbtn.exec:\1bbbtn.exe98⤵
-
\??\c:\nbhnth.exec:\nbhnth.exe99⤵
-
\??\c:\jvddd.exec:\jvddd.exe100⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe101⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe102⤵
-
\??\c:\rxrflxr.exec:\rxrflxr.exe103⤵
-
\??\c:\3nntbb.exec:\3nntbb.exe104⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe105⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe106⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe107⤵
-
\??\c:\frxxfxx.exec:\frxxfxx.exe108⤵
-
\??\c:\fxxflff.exec:\fxxflff.exe109⤵
-
\??\c:\5nhtbh.exec:\5nhtbh.exe110⤵
-
\??\c:\nbhbht.exec:\nbhbht.exe111⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe112⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe113⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe114⤵
-
\??\c:\rrxxrxl.exec:\rrxxrxl.exe115⤵
-
\??\c:\5lxrrll.exec:\5lxrrll.exe116⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe117⤵
-
\??\c:\bntntb.exec:\bntntb.exe118⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe119⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe120⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe121⤵
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe122⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe123⤵
-
\??\c:\7nhnnb.exec:\7nhnnb.exe124⤵
-
\??\c:\bhhnth.exec:\bhhnth.exe125⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe126⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe127⤵
-
\??\c:\lflrffl.exec:\lflrffl.exe128⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe129⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe130⤵
-
\??\c:\7hbbhh.exec:\7hbbhh.exe131⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe132⤵
-
\??\c:\3dvpp.exec:\3dvpp.exe133⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe134⤵
-
\??\c:\rfrffxf.exec:\rfrffxf.exe135⤵
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe136⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe137⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe138⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe139⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe140⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe141⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe142⤵
-
\??\c:\xxfrflx.exec:\xxfrflx.exe143⤵
-
\??\c:\3hntbt.exec:\3hntbt.exe144⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe145⤵
-
\??\c:\3djjv.exec:\3djjv.exe146⤵
-
\??\c:\9djdj.exec:\9djdj.exe147⤵
-
\??\c:\5jpdd.exec:\5jpdd.exe148⤵
-
\??\c:\rlflxxx.exec:\rlflxxx.exe149⤵
-
\??\c:\rrfrfxf.exec:\rrfrfxf.exe150⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe151⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe152⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe153⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe154⤵
-
\??\c:\frxxxrr.exec:\frxxxrr.exe155⤵
-
\??\c:\9rflllr.exec:\9rflllr.exe156⤵
-
\??\c:\btntnn.exec:\btntnn.exe157⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe158⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe159⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe160⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe161⤵
-
\??\c:\5rfrxfl.exec:\5rfrxfl.exe162⤵
-
\??\c:\rlrrxxr.exec:\rlrrxxr.exe163⤵
-
\??\c:\frfrxlr.exec:\frfrxlr.exe164⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe165⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe166⤵
-
\??\c:\5jppv.exec:\5jppv.exe167⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe168⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe169⤵
-
\??\c:\frrrxxx.exec:\frrrxxx.exe170⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe171⤵
-
\??\c:\3hntbh.exec:\3hntbh.exe172⤵
-
\??\c:\btbnbn.exec:\btbnbn.exe173⤵
-
\??\c:\7thntt.exec:\7thntt.exe174⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe175⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe176⤵
-
\??\c:\xrffflx.exec:\xrffflx.exe177⤵
-
\??\c:\lxfxfll.exec:\lxfxfll.exe178⤵
-
\??\c:\lxxllrr.exec:\lxxllrr.exe179⤵
-
\??\c:\9nthnb.exec:\9nthnb.exe180⤵
-
\??\c:\btntbh.exec:\btntbh.exe181⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe182⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe183⤵
-
\??\c:\xlflrxl.exec:\xlflrxl.exe184⤵
-
\??\c:\rffxfxr.exec:\rffxfxr.exe185⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe186⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe187⤵
-
\??\c:\vjddj.exec:\vjddj.exe188⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe189⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe190⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe191⤵
-
\??\c:\xrllxlf.exec:\xrllxlf.exe192⤵
-
\??\c:\3tthhh.exec:\3tthhh.exe193⤵
-
\??\c:\tthhth.exec:\tthhth.exe194⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe195⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe196⤵
-
\??\c:\djjvj.exec:\djjvj.exe197⤵
-
\??\c:\rflfffl.exec:\rflfffl.exe198⤵
-
\??\c:\rllxfxl.exec:\rllxfxl.exe199⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe200⤵
-
\??\c:\nnnnnb.exec:\nnnnnb.exe201⤵
-
\??\c:\5nbhnn.exec:\5nbhnn.exe202⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe203⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe204⤵
-
\??\c:\fxxrflf.exec:\fxxrflf.exe205⤵
-
\??\c:\1frlxxl.exec:\1frlxxl.exe206⤵
-
\??\c:\7rfrrfr.exec:\7rfrrfr.exe207⤵
-
\??\c:\httttn.exec:\httttn.exe208⤵
-
\??\c:\3bnttb.exec:\3bnttb.exe209⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe210⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe211⤵
-
\??\c:\jdppj.exec:\jdppj.exe212⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe213⤵
-
\??\c:\rfxrrrf.exec:\rfxrrrf.exe214⤵
-
\??\c:\3nbhnn.exec:\3nbhnn.exe215⤵
-
\??\c:\5tnthb.exec:\5tnthb.exe216⤵
-
\??\c:\5pjvv.exec:\5pjvv.exe217⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe218⤵
-
\??\c:\fxfflrf.exec:\fxfflrf.exe219⤵
-
\??\c:\rlflrxf.exec:\rlflrxf.exe220⤵
-
\??\c:\lxrxflr.exec:\lxrxflr.exe221⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe222⤵
-
\??\c:\bbntnt.exec:\bbntnt.exe223⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe224⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe225⤵
-
\??\c:\5frrrxx.exec:\5frrrxx.exe226⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe227⤵
-
\??\c:\nththn.exec:\nththn.exe228⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe229⤵
-
\??\c:\frrxxlf.exec:\frrxxlf.exe230⤵
-
\??\c:\7nnnhn.exec:\7nnnhn.exe231⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe232⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe233⤵
-
\??\c:\frlxrrx.exec:\frlxrrx.exe234⤵
-
\??\c:\9flxllx.exec:\9flxllx.exe235⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe236⤵
-
\??\c:\1nbhnb.exec:\1nbhnb.exe237⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe238⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe239⤵
-
\??\c:\3vppv.exec:\3vppv.exe240⤵
-
\??\c:\rlllrrf.exec:\rlllrrf.exe241⤵