Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
19-05-2024 22:42
General
-
Target
4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
4f5778f2e51e8200e8b6985289bf7dd0
-
SHA1
f4e7b5c0d4d1e6efb51dddb23844f575c96d800c
-
SHA256
57217b70b8f28cb03b8940935b8b208c53131a4df6166bec13d2e3f1dcdbf4b2
-
SHA512
e7b4ca7b2deb486ebd2ecbbc008b43b1bba6b294c5196ffd33d9850ec8ca9fe54d318136819bd9aaf9dba3be846953da5861f09cdd773b12f1a19333ae16de37
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBm:ymb3NkkiQ3mdBjFIVLd2hWZGreRCUlbO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddj.exec:\7vddj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrxfl.exec:\9lxrxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtbt.exec:\bnbtbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfrxf.exec:\frrfrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhh.exec:\bbhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnh.exec:\ththnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntbht.exec:\3ntbht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvv.exec:\vdjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfllrr.exec:\3xfllrr.exe17⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe18⤵
- Executes dropped EXE
-
\??\c:\nbhnnt.exec:\nbhnnt.exe19⤵
- Executes dropped EXE
-
\??\c:\5pdjv.exec:\5pdjv.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe21⤵
- Executes dropped EXE
-
\??\c:\9rlxllr.exec:\9rlxllr.exe22⤵
- Executes dropped EXE
-
\??\c:\rlflxff.exec:\rlflxff.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhbhh.exec:\nnhbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe26⤵
- Executes dropped EXE
-
\??\c:\5ppdd.exec:\5ppdd.exe27⤵
- Executes dropped EXE
-
\??\c:\lffxffl.exec:\lffxffl.exe28⤵
- Executes dropped EXE
-
\??\c:\htnthn.exec:\htnthn.exe29⤵
- Executes dropped EXE
-
\??\c:\thnbhn.exec:\thnbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\7jpvd.exec:\7jpvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrlfrx.exec:\rrrlfrx.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxxfrx.exec:\rlxxfrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbhbt.exec:\hbbhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe35⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe36⤵
- Executes dropped EXE
-
\??\c:\lfllxfx.exec:\lfllxfx.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\9xfxxxf.exec:\9xfxxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnbhh.exec:\nhnbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe41⤵
- Executes dropped EXE
-
\??\c:\lxflxfl.exec:\lxflxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\1nbtbt.exec:\1nbtbt.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\1nhnbh.exec:\1nhnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\1xxrflf.exec:\1xxrflf.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\htbhhn.exec:\htbhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe52⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe53⤵
- Executes dropped EXE
-
\??\c:\frrlllr.exec:\frrlllr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe55⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe56⤵
- Executes dropped EXE
-
\??\c:\1dpvp.exec:\1dpvp.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\1xlrrrx.exec:\1xlrrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\xrflxrl.exec:\xrflxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\ffrflrf.exec:\ffrflrf.exe61⤵
- Executes dropped EXE
-
\??\c:\thtbbh.exec:\thtbbh.exe62⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe63⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe64⤵
- Executes dropped EXE
-
\??\c:\5dpdj.exec:\5dpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\1xrrxxl.exec:\1xrrxxl.exe66⤵
-
\??\c:\3frlxxl.exec:\3frlxxl.exe67⤵
-
\??\c:\3xlrrlr.exec:\3xlrrlr.exe68⤵
-
\??\c:\tntnbh.exec:\tntnbh.exe69⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe70⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe71⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe72⤵
-
\??\c:\rlrllfl.exec:\rlrllfl.exe73⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe74⤵
-
\??\c:\tbtbbb.exec:\tbtbbb.exe75⤵
-
\??\c:\jddpd.exec:\jddpd.exe76⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe77⤵
-
\??\c:\9fxxrxf.exec:\9fxxrxf.exe78⤵
-
\??\c:\3lxfrlx.exec:\3lxfrlx.exe79⤵
-
\??\c:\5tbbnb.exec:\5tbbnb.exe80⤵
-
\??\c:\bnthnt.exec:\bnthnt.exe81⤵
-
\??\c:\dvddv.exec:\dvddv.exe82⤵
-
\??\c:\jddpj.exec:\jddpj.exe83⤵
-
\??\c:\7xlflfr.exec:\7xlflfr.exe84⤵
-
\??\c:\3xlrffr.exec:\3xlrffr.exe85⤵
-
\??\c:\1thhtt.exec:\1thhtt.exe86⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe87⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe88⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe89⤵
-
\??\c:\flllfxl.exec:\flllfxl.exe90⤵
-
\??\c:\7llxllr.exec:\7llxllr.exe91⤵
-
\??\c:\xlxflrf.exec:\xlxflrf.exe92⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe93⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe94⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe95⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe96⤵
-
\??\c:\xlrlllr.exec:\xlrlllr.exe97⤵
-
\??\c:\frfllrf.exec:\frfllrf.exe98⤵
-
\??\c:\thnntt.exec:\thnntt.exe99⤵
-
\??\c:\9htbbt.exec:\9htbbt.exe100⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe101⤵
-
\??\c:\1djvv.exec:\1djvv.exe102⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe103⤵
-
\??\c:\3lrxfrx.exec:\3lrxfrx.exe104⤵
-
\??\c:\frfffff.exec:\frfffff.exe105⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe106⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe107⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe108⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe109⤵
-
\??\c:\1flrxfx.exec:\1flrxfx.exe110⤵
-
\??\c:\rllffxf.exec:\rllffxf.exe111⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe112⤵
-
\??\c:\7hhhhn.exec:\7hhhhn.exe113⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe114⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe115⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe116⤵
-
\??\c:\9rffflr.exec:\9rffflr.exe117⤵
-
\??\c:\lfrrxlr.exec:\lfrrxlr.exe118⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe119⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe120⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe121⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe122⤵
-
\??\c:\fflrxxf.exec:\fflrxxf.exe123⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe124⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe125⤵
-
\??\c:\hhnbhh.exec:\hhnbhh.exe126⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe127⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe128⤵
-
\??\c:\rlrrflx.exec:\rlrrflx.exe129⤵
-
\??\c:\llfxrxf.exec:\llfxrxf.exe130⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe131⤵
-
\??\c:\9thhtb.exec:\9thhtb.exe132⤵
-
\??\c:\jdppv.exec:\jdppv.exe133⤵
-
\??\c:\3rflffx.exec:\3rflffx.exe134⤵
-
\??\c:\5rfxfxf.exec:\5rfxfxf.exe135⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe136⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe137⤵
-
\??\c:\hbhtbn.exec:\hbhtbn.exe138⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe139⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe140⤵
-
\??\c:\1rffxlr.exec:\1rffxlr.exe141⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe142⤵
-
\??\c:\hbnbht.exec:\hbnbht.exe143⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe144⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe145⤵
-
\??\c:\7xxlrrl.exec:\7xxlrrl.exe146⤵
-
\??\c:\rfffflr.exec:\rfffflr.exe147⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe148⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe149⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe150⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe151⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe152⤵
-
\??\c:\5flfffl.exec:\5flfffl.exe153⤵
-
\??\c:\9xrxflr.exec:\9xrxflr.exe154⤵
-
\??\c:\nhhnbt.exec:\nhhnbt.exe155⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe156⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe157⤵
-
\??\c:\dvppd.exec:\dvppd.exe158⤵
-
\??\c:\lllxrrx.exec:\lllxrrx.exe159⤵
-
\??\c:\5rllrrx.exec:\5rllrrx.exe160⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe161⤵
-
\??\c:\jvddd.exec:\jvddd.exe162⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe163⤵
-
\??\c:\xlxfrlr.exec:\xlxfrlr.exe164⤵
-
\??\c:\bbnbbb.exec:\bbnbbb.exe165⤵
-
\??\c:\1thhth.exec:\1thhth.exe166⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe167⤵
-
\??\c:\lrrxfrx.exec:\lrrxfrx.exe168⤵
-
\??\c:\9frrffl.exec:\9frrffl.exe169⤵
-
\??\c:\5nbnnn.exec:\5nbnnn.exe170⤵
-
\??\c:\9pdpd.exec:\9pdpd.exe171⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe172⤵
-
\??\c:\9lfllrf.exec:\9lfllrf.exe173⤵
-
\??\c:\1hbnbh.exec:\1hbnbh.exe174⤵
-
\??\c:\7thntn.exec:\7thntn.exe175⤵
-
\??\c:\5pppd.exec:\5pppd.exe176⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe177⤵
-
\??\c:\lfflrfr.exec:\lfflrfr.exe178⤵
-
\??\c:\5hbtbn.exec:\5hbtbn.exe179⤵
-
\??\c:\9nhthn.exec:\9nhthn.exe180⤵
-
\??\c:\dvddv.exec:\dvddv.exe181⤵
-
\??\c:\pddvp.exec:\pddvp.exe182⤵
-
\??\c:\frlrllr.exec:\frlrllr.exe183⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe184⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe185⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe186⤵
-
\??\c:\fllxxrf.exec:\fllxxrf.exe187⤵
-
\??\c:\5xrlrrf.exec:\5xrlrrf.exe188⤵
-
\??\c:\1bnnbt.exec:\1bnnbt.exe189⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe190⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe191⤵
-
\??\c:\vjppp.exec:\vjppp.exe192⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe193⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe194⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe195⤵
-
\??\c:\7xlrxxx.exec:\7xlrxxx.exe196⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe197⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe198⤵
-
\??\c:\lfxrllr.exec:\lfxrllr.exe199⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe200⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe201⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe202⤵
-
\??\c:\9vvjp.exec:\9vvjp.exe203⤵
-
\??\c:\xfxlrfr.exec:\xfxlrfr.exe204⤵
-
\??\c:\xxxfrfl.exec:\xxxfrfl.exe205⤵
-
\??\c:\hhhhnh.exec:\hhhhnh.exe206⤵
-
\??\c:\pdppj.exec:\pdppj.exe207⤵
-
\??\c:\5pddv.exec:\5pddv.exe208⤵
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe209⤵
-
\??\c:\rrlrfxl.exec:\rrlrfxl.exe210⤵
-
\??\c:\hbnttn.exec:\hbnttn.exe211⤵
-
\??\c:\thtbnb.exec:\thtbnb.exe212⤵
-
\??\c:\pjppp.exec:\pjppp.exe213⤵
-
\??\c:\lfxlflx.exec:\lfxlflx.exe214⤵
-
\??\c:\rrlxflr.exec:\rrlxflr.exe215⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe216⤵
-
\??\c:\nhtbnh.exec:\nhtbnh.exe217⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe218⤵
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe219⤵
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe220⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe221⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe222⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe223⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe224⤵
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe225⤵
-
\??\c:\ffrxrfx.exec:\ffrxrfx.exe226⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe227⤵
-
\??\c:\jdppv.exec:\jdppv.exe228⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe229⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe230⤵
-
\??\c:\lxxfrrf.exec:\lxxfrrf.exe231⤵
-
\??\c:\hhtthb.exec:\hhtthb.exe232⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe233⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe234⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe235⤵
-
\??\c:\flfxrff.exec:\flfxrff.exe236⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe237⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe238⤵
-
\??\c:\dpppv.exec:\dpppv.exe239⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe240⤵
-
\??\c:\llrflfx.exec:\llrflfx.exe241⤵