Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 23:34
General
-
Target
5e5fa6abb78b337db014c67da8007de0_NeikiAnalytics.exe
-
Size
74KB
-
MD5
5e5fa6abb78b337db014c67da8007de0
-
SHA1
68301dca22e9872c85d616a1a1ed0f172d952974
-
SHA256
0e3f42e05bc777b2cab3d1fa3e69979d290b05c6644aff549276e991bfe8df3f
-
SHA512
548a68fdf1994dada640e75fd0fe6c373f9328eba14dc777fb882cf09c72af65979bc5e1306252db61ad976c57c00a34e8f0175e379a6eba55795496fdc72005
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK2:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e5fa6abb78b337db014c67da8007de0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e5fa6abb78b337db014c67da8007de0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbttb.exec:\1nbttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnbh.exec:\1hbnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpj.exec:\jjjpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flrlrl.exec:\1flrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrxf.exec:\lxlfrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntntn.exec:\hntntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbnb.exec:\5hhbnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjp.exec:\pjvjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdp.exec:\vdjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bttbh.exec:\7bttbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrrf.exec:\ffrlrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrfrx.exec:\3lfrfrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnnhn.exec:\1tnnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe20⤵
- Executes dropped EXE
-
\??\c:\llflffl.exec:\llflffl.exe21⤵
- Executes dropped EXE
-
\??\c:\7thntt.exec:\7thntt.exe22⤵
- Executes dropped EXE
-
\??\c:\5pjdj.exec:\5pjdj.exe23⤵
- Executes dropped EXE
-
\??\c:\rflfffl.exec:\rflfffl.exe24⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe27⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\fflrlfr.exec:\fflrlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe32⤵
- Executes dropped EXE
-
\??\c:\thhbth.exec:\thhbth.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe34⤵
- Executes dropped EXE
-
\??\c:\5pdjv.exec:\5pdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lfxflrx.exec:\lfxflrx.exe36⤵
- Executes dropped EXE
-
\??\c:\xxlxlfx.exec:\xxlxlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\nhtbht.exec:\nhtbht.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\5xxflrx.exec:\5xxflrx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlxfll.exec:\fxlxfll.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhhtt.exec:\bbhhtt.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\1djvj.exec:\1djvj.exe47⤵
- Executes dropped EXE
-
\??\c:\3vjdd.exec:\3vjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\rlflrxf.exec:\rlflrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\tntbnt.exec:\tntbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe51⤵
- Executes dropped EXE
-
\??\c:\djdpv.exec:\djdpv.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrfrfr.exec:\rrrfrfr.exe53⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbhhn.exec:\nhbhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhtn.exec:\nnhhtn.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe57⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe58⤵
- Executes dropped EXE
-
\??\c:\1rlxlrf.exec:\1rlxlrf.exe59⤵
- Executes dropped EXE
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe60⤵
- Executes dropped EXE
-
\??\c:\nhtbht.exec:\nhtbht.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe63⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe65⤵
- Executes dropped EXE
-
\??\c:\3rfxllf.exec:\3rfxllf.exe66⤵
-
\??\c:\nbthhn.exec:\nbthhn.exe67⤵
-
\??\c:\9tbhbb.exec:\9tbhbb.exe68⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe69⤵
-
\??\c:\vpddp.exec:\vpddp.exe70⤵
-
\??\c:\7xlfffr.exec:\7xlfffr.exe71⤵
-
\??\c:\1xrxflr.exec:\1xrxflr.exe72⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe73⤵
-
\??\c:\tttntb.exec:\tttntb.exe74⤵
-
\??\c:\9djpv.exec:\9djpv.exe75⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe76⤵
-
\??\c:\fxrrxrf.exec:\fxrrxrf.exe77⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe78⤵
-
\??\c:\3ttbnt.exec:\3ttbnt.exe79⤵
-
\??\c:\9hhntb.exec:\9hhntb.exe80⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe81⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe82⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe83⤵
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe84⤵
-
\??\c:\7lfrffr.exec:\7lfrffr.exe85⤵
-
\??\c:\7nbhbb.exec:\7nbhbb.exe86⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe87⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe88⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe89⤵
-
\??\c:\1vdpv.exec:\1vdpv.exe90⤵
-
\??\c:\lxrrflf.exec:\lxrrflf.exe91⤵
-
\??\c:\xlffrxf.exec:\xlffrxf.exe92⤵
-
\??\c:\thtthh.exec:\thtthh.exe93⤵
-
\??\c:\9nhntb.exec:\9nhntb.exe94⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe95⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe96⤵
-
\??\c:\lxxrllx.exec:\lxxrllx.exe97⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe98⤵
-
\??\c:\xxfxxlf.exec:\xxfxxlf.exe99⤵
-
\??\c:\1thbtb.exec:\1thbtb.exe100⤵
-
\??\c:\3nhntb.exec:\3nhntb.exe101⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe102⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe103⤵
-
\??\c:\7rlxrxf.exec:\7rlxrxf.exe104⤵
-
\??\c:\9fflrxf.exec:\9fflrxf.exe105⤵
-
\??\c:\bbthhb.exec:\bbthhb.exe106⤵
-
\??\c:\nbnthb.exec:\nbnthb.exe107⤵
-
\??\c:\5jddj.exec:\5jddj.exe108⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe109⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe110⤵
-
\??\c:\3ffrxfl.exec:\3ffrxfl.exe111⤵
-
\??\c:\lrlflfl.exec:\lrlflfl.exe112⤵
-
\??\c:\htntth.exec:\htntth.exe113⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe114⤵
-
\??\c:\9pddj.exec:\9pddj.exe115⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe116⤵
-
\??\c:\7lxlrrl.exec:\7lxlrrl.exe117⤵
-
\??\c:\lfxfflr.exec:\lfxfflr.exe118⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe119⤵
-
\??\c:\5hhthn.exec:\5hhthn.exe120⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe121⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe122⤵
-
\??\c:\lrxxxfr.exec:\lrxxxfr.exe123⤵
-
\??\c:\9nnnnt.exec:\9nnnnt.exe124⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe125⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe126⤵
-
\??\c:\vppdj.exec:\vppdj.exe127⤵
-
\??\c:\xrlrfll.exec:\xrlrfll.exe128⤵
-
\??\c:\lxlrxlr.exec:\lxlrxlr.exe129⤵
-
\??\c:\ffllrrf.exec:\ffllrrf.exe130⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe131⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe132⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe133⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe134⤵
-
\??\c:\9lffrrx.exec:\9lffrrx.exe135⤵
-
\??\c:\xlfrrxf.exec:\xlfrrxf.exe136⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe137⤵
-
\??\c:\nttbtn.exec:\nttbtn.exe138⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe139⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe140⤵
-
\??\c:\xrffxfx.exec:\xrffxfx.exe141⤵
-
\??\c:\lllxrfx.exec:\lllxrfx.exe142⤵
-
\??\c:\rlrflrf.exec:\rlrflrf.exe143⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe144⤵
-
\??\c:\nnhttt.exec:\nnhttt.exe145⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe146⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe147⤵
-
\??\c:\fxrfllr.exec:\fxrfllr.exe148⤵
-
\??\c:\rlffrxf.exec:\rlffrxf.exe149⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe150⤵
-
\??\c:\7htbtt.exec:\7htbtt.exe151⤵
-
\??\c:\nhnhnb.exec:\nhnhnb.exe152⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe153⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe154⤵
-
\??\c:\7fxflll.exec:\7fxflll.exe155⤵
-
\??\c:\5lflxxf.exec:\5lflxxf.exe156⤵
-
\??\c:\lfxffff.exec:\lfxffff.exe157⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe158⤵
-
\??\c:\3thhnh.exec:\3thhnh.exe159⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe160⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe161⤵
-
\??\c:\3rlxffr.exec:\3rlxffr.exe162⤵
-
\??\c:\1fxxflr.exec:\1fxxflr.exe163⤵
-
\??\c:\1lrxllx.exec:\1lrxllx.exe164⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe165⤵
-
\??\c:\nbnnbt.exec:\nbnnbt.exe166⤵
-
\??\c:\pppvv.exec:\pppvv.exe167⤵
-
\??\c:\7pvvj.exec:\7pvvj.exe168⤵
-
\??\c:\rfllllx.exec:\rfllllx.exe169⤵
-
\??\c:\1xrxrrx.exec:\1xrxrrx.exe170⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe171⤵
-
\??\c:\dvppj.exec:\dvppj.exe172⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe173⤵
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe174⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe175⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe176⤵
-
\??\c:\jdddj.exec:\jdddj.exe177⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe178⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe179⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe180⤵
-
\??\c:\7btthh.exec:\7btthh.exe181⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe182⤵
-
\??\c:\3tthnt.exec:\3tthnt.exe183⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe184⤵
-
\??\c:\rlffflx.exec:\rlffflx.exe185⤵
-
\??\c:\xxrfxfr.exec:\xxrfxfr.exe186⤵
-
\??\c:\3hbbhn.exec:\3hbbhn.exe187⤵
-
\??\c:\nbtnnt.exec:\nbtnnt.exe188⤵
-
\??\c:\thttbh.exec:\thttbh.exe189⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe190⤵
-
\??\c:\rlxlrxl.exec:\rlxlrxl.exe191⤵
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe192⤵
-
\??\c:\nnhnnb.exec:\nnhnnb.exe193⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe194⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe195⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe196⤵
-
\??\c:\llrrllx.exec:\llrrllx.exe197⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe198⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe199⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe200⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe201⤵
-
\??\c:\1jppv.exec:\1jppv.exe202⤵
-
\??\c:\rrrffxf.exec:\rrrffxf.exe203⤵
-
\??\c:\nhbbhb.exec:\nhbbhb.exe204⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe205⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe206⤵
-
\??\c:\jdppd.exec:\jdppd.exe207⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe208⤵
-
\??\c:\rflrfrx.exec:\rflrfrx.exe209⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe210⤵
-
\??\c:\nnbnhb.exec:\nnbnhb.exe211⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe212⤵
-
\??\c:\llrlrxf.exec:\llrlrxf.exe213⤵
-
\??\c:\tbttbb.exec:\tbttbb.exe214⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe215⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe216⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe217⤵
-
\??\c:\xrfflxx.exec:\xrfflxx.exe218⤵
-
\??\c:\7lfxfff.exec:\7lfxfff.exe219⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe220⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe221⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe222⤵
-
\??\c:\rlxfxxf.exec:\rlxfxxf.exe223⤵
-
\??\c:\3xrxffl.exec:\3xrxffl.exe224⤵
-
\??\c:\bbhthh.exec:\bbhthh.exe225⤵
-
\??\c:\3nnthb.exec:\3nnthb.exe226⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe227⤵
-
\??\c:\ffrlllx.exec:\ffrlllx.exe228⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe229⤵
-
\??\c:\1nbbhn.exec:\1nbbhn.exe230⤵
-
\??\c:\pppdp.exec:\pppdp.exe231⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe232⤵
-
\??\c:\lrfxxrx.exec:\lrfxxrx.exe233⤵
-
\??\c:\ffrflrf.exec:\ffrflrf.exe234⤵
-
\??\c:\ffffxfr.exec:\ffffxfr.exe235⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe236⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe237⤵
-
\??\c:\pjppj.exec:\pjppj.exe238⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe239⤵
-
\??\c:\rlffrlr.exec:\rlffrlr.exe240⤵
-
\??\c:\tnbnbn.exec:\tnbnbn.exe241⤵