Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 23:42
General
-
Target
603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe
-
Size
92KB
-
MD5
603f335e2861ba28c89f52716a701860
-
SHA1
c030eafbfd7d4ab95d34e13179040177e839fa47
-
SHA256
c05639d826765df8c4406c8f6969a9d8038dec6157a238934212b96486419263
-
SHA512
4e02916811e5899cb23eccb3e3b57c4972d8c88eb724312b634d5c9717808a241b99cbb4dd0c1729cf9aaba44e940e942f079706e7ca1026e0266b8445f8172a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21w:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlxffx.exec:\9xlxffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttb.exec:\thnttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdpv.exec:\9jdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlxr.exec:\rxxrlxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhtbh.exec:\3hhtbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxffl.exec:\lxlxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdp.exec:\5vjdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrfx.exec:\xfllrfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththh.exec:\bththh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjpp.exec:\1vjpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrfffr.exec:\3xrfffr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhtht.exec:\5bhtht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llrrrx.exec:\9llrrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbn.exec:\bbthbn.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe18⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe19⤵
- Executes dropped EXE
-
\??\c:\lrxfrrx.exec:\lrxfrrx.exe20⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe21⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrffrfl.exec:\xrffrfl.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrlxfl.exec:\rrrlxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\nnthht.exec:\nnthht.exe25⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\7nhhnt.exec:\7nhhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe31⤵
- Executes dropped EXE
-
\??\c:\3rlxlrr.exec:\3rlxlrr.exe32⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\fllfxrl.exec:\fllfxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhnnn.exec:\nbhnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe38⤵
- Executes dropped EXE
-
\??\c:\lrfrxrx.exec:\lrfrxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhhth.exec:\tnhhth.exe40⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe41⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrlflfr.exec:\rrlflfr.exe43⤵
- Executes dropped EXE
-
\??\c:\llxxflx.exec:\llxxflx.exe44⤵
- Executes dropped EXE
-
\??\c:\7thnbh.exec:\7thnbh.exe45⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe46⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe47⤵
- Executes dropped EXE
-
\??\c:\7fxrxll.exec:\7fxrxll.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\ttthtb.exec:\ttthtb.exe50⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe51⤵
- Executes dropped EXE
-
\??\c:\llxflxr.exec:\llxflxr.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrxfxf.exec:\lrrxfxf.exe53⤵
- Executes dropped EXE
-
\??\c:\nnbbbn.exec:\nnbbbn.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnbnn.exec:\nnnbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffxxrfr.exec:\ffxxrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\fllxlrx.exec:\fllxlrx.exe58⤵
- Executes dropped EXE
-
\??\c:\hthttn.exec:\hthttn.exe59⤵
- Executes dropped EXE
-
\??\c:\1bhthn.exec:\1bhthn.exe60⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe61⤵
- Executes dropped EXE
-
\??\c:\llxxrxl.exec:\llxxrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\5rrfflf.exec:\5rrfflf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe64⤵
- Executes dropped EXE
-
\??\c:\3bbhhh.exec:\3bbhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\jpdjv.exec:\jpdjv.exe66⤵
-
\??\c:\llffrrf.exec:\llffrrf.exe67⤵
-
\??\c:\7xfrlff.exec:\7xfrlff.exe68⤵
-
\??\c:\tthtnb.exec:\tthtnb.exe69⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe70⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe71⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe72⤵
-
\??\c:\lllxrff.exec:\lllxrff.exe73⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe74⤵
-
\??\c:\bhbbhh.exec:\bhbbhh.exe75⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe76⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe77⤵
-
\??\c:\flrxrlr.exec:\flrxrlr.exe78⤵
-
\??\c:\5nthtb.exec:\5nthtb.exe79⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe80⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe81⤵
-
\??\c:\djjpj.exec:\djjpj.exe82⤵
-
\??\c:\7xxxffr.exec:\7xxxffr.exe83⤵
-
\??\c:\lrxxxlf.exec:\lrxxxlf.exe84⤵
-
\??\c:\7httbn.exec:\7httbn.exe85⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe86⤵
-
\??\c:\dvddj.exec:\dvddj.exe87⤵
-
\??\c:\jjddp.exec:\jjddp.exe88⤵
-
\??\c:\fffxflr.exec:\fffxflr.exe89⤵
-
\??\c:\lrxxxfx.exec:\lrxxxfx.exe90⤵
-
\??\c:\tthbnt.exec:\tthbnt.exe91⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe92⤵
-
\??\c:\7dvjp.exec:\7dvjp.exe93⤵
-
\??\c:\1rlxrrl.exec:\1rlxrrl.exe94⤵
-
\??\c:\llxlrfx.exec:\llxlrfx.exe95⤵
-
\??\c:\hnnbbb.exec:\hnnbbb.exe96⤵
-
\??\c:\bnttht.exec:\bnttht.exe97⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe98⤵
-
\??\c:\xxflrrf.exec:\xxflrrf.exe99⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe100⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe101⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe102⤵
-
\??\c:\3rlrxlf.exec:\3rlrxlf.exe103⤵
-
\??\c:\rrlrfff.exec:\rrlrfff.exe104⤵
-
\??\c:\7bthtb.exec:\7bthtb.exe105⤵
-
\??\c:\htbntn.exec:\htbntn.exe106⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe107⤵
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe108⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe109⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe110⤵
-
\??\c:\bbtntn.exec:\bbtntn.exe111⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe112⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe113⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe114⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe115⤵
-
\??\c:\nnnbbn.exec:\nnnbbn.exe116⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe117⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe118⤵
-
\??\c:\lrxllxx.exec:\lrxllxx.exe119⤵
-
\??\c:\1lfxlrx.exec:\1lfxlrx.exe120⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe121⤵
-
\??\c:\bnbntn.exec:\bnbntn.exe122⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe123⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe124⤵
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe125⤵
-
\??\c:\7bthth.exec:\7bthth.exe126⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe127⤵
-
\??\c:\vjppd.exec:\vjppd.exe128⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe129⤵
-
\??\c:\rrxxllx.exec:\rrxxllx.exe130⤵
-
\??\c:\xffrlrr.exec:\xffrlrr.exe131⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe132⤵
-
\??\c:\9nhnhn.exec:\9nhnhn.exe133⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe134⤵
-
\??\c:\7xxxrrf.exec:\7xxxrrf.exe135⤵
-
\??\c:\rrlrllx.exec:\rrlrllx.exe136⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe137⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe138⤵
-
\??\c:\jdppp.exec:\jdppp.exe139⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe140⤵
-
\??\c:\xxxxffr.exec:\xxxxffr.exe141⤵
-
\??\c:\rrrflfx.exec:\rrrflfx.exe142⤵
-
\??\c:\5tbhhh.exec:\5tbhhh.exe143⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe144⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe145⤵
-
\??\c:\rrlrlfl.exec:\rrlrlfl.exe146⤵
-
\??\c:\rlflrfx.exec:\rlflrfx.exe147⤵
-
\??\c:\1hthtb.exec:\1hthtb.exe148⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe149⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe150⤵
-
\??\c:\xxrxllx.exec:\xxrxllx.exe151⤵
-
\??\c:\ffrxflx.exec:\ffrxflx.exe152⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe153⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe154⤵
-
\??\c:\djpdd.exec:\djpdd.exe155⤵
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe156⤵
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe157⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe158⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe159⤵
-
\??\c:\jppvj.exec:\jppvj.exe160⤵
-
\??\c:\xxlxlfx.exec:\xxlxlfx.exe161⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe162⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe163⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe164⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe165⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe166⤵
-
\??\c:\rrlrffx.exec:\rrlrffx.exe167⤵
-
\??\c:\1thhnh.exec:\1thhnh.exe168⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe169⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe170⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe171⤵
-
\??\c:\pppjd.exec:\pppjd.exe172⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe173⤵
-
\??\c:\flflxlx.exec:\flflxlx.exe174⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe175⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe176⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe177⤵
-
\??\c:\ffrrrlr.exec:\ffrrrlr.exe178⤵
-
\??\c:\3frfrxl.exec:\3frfrxl.exe179⤵
-
\??\c:\hnhtbh.exec:\hnhtbh.exe180⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe181⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe182⤵
-
\??\c:\7xrxffl.exec:\7xrxffl.exe183⤵
-
\??\c:\lrlxrfl.exec:\lrlxrfl.exe184⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe185⤵
-
\??\c:\jpjvv.exec:\jpjvv.exe186⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe187⤵
-
\??\c:\xrflxfx.exec:\xrflxfx.exe188⤵
-
\??\c:\flllllr.exec:\flllllr.exe189⤵
-
\??\c:\9hbthh.exec:\9hbthh.exe190⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe191⤵
-
\??\c:\9vppv.exec:\9vppv.exe192⤵
-
\??\c:\3rrxlxl.exec:\3rrxlxl.exe193⤵
-
\??\c:\xffrxlf.exec:\xffrxlf.exe194⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe195⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe196⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe197⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe198⤵
-
\??\c:\7llrlrf.exec:\7llrlrf.exe199⤵
-
\??\c:\xxlfffr.exec:\xxlfffr.exe200⤵
-
\??\c:\7hbthn.exec:\7hbthn.exe201⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe202⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe203⤵
-
\??\c:\7rrrfrx.exec:\7rrrfrx.exe204⤵
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe205⤵
-
\??\c:\hbbtbn.exec:\hbbtbn.exe206⤵
-
\??\c:\tthttb.exec:\tthttb.exe207⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe208⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe209⤵
-
\??\c:\xxlxxfr.exec:\xxlxxfr.exe210⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe211⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe212⤵
-
\??\c:\djvdp.exec:\djvdp.exe213⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe214⤵
-
\??\c:\xrflrxr.exec:\xrflrxr.exe215⤵
-
\??\c:\rllxlrf.exec:\rllxlrf.exe216⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe217⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe218⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe219⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe220⤵
-
\??\c:\llxfrfr.exec:\llxfrfr.exe221⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe222⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe223⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe224⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe225⤵
-
\??\c:\xxrlxfr.exec:\xxrlxfr.exe226⤵
-
\??\c:\lrlxxlf.exec:\lrlxxlf.exe227⤵
-
\??\c:\bbhthb.exec:\bbhthb.exe228⤵
-
\??\c:\5nbhnb.exec:\5nbhnb.exe229⤵
-
\??\c:\jvddv.exec:\jvddv.exe230⤵
-
\??\c:\fflxlrf.exec:\fflxlrf.exe231⤵
-
\??\c:\1lfrxfr.exec:\1lfrxfr.exe232⤵
-
\??\c:\nnnnbn.exec:\nnnnbn.exe233⤵
-
\??\c:\3pjvd.exec:\3pjvd.exe234⤵
-
\??\c:\rrlffxl.exec:\rrlffxl.exe235⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe236⤵
-
\??\c:\bbhtnb.exec:\bbhtnb.exe237⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe238⤵
-
\??\c:\lxxfllr.exec:\lxxfllr.exe239⤵
-
\??\c:\lrlxxrr.exec:\lrlxxrr.exe240⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe241⤵