Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 01:03
General
-
Target
3cba0fb76f7e24be8758c1e572b55740_NeikiAnalytics.exe
-
Size
585KB
-
MD5
3cba0fb76f7e24be8758c1e572b55740
-
SHA1
a0ab49bee53e8f3bc354e8e43dbf7ed0a7348338
-
SHA256
eecb456061d27393e42c39490c265eb5c7e73d5c8a11057f06e6eded4bee8d30
-
SHA512
00363f0e437a777ea17a6b5f9ea1144f446c9b70e83804bc74f118ab04877d343b4bd210ee0262c59b021390817c7ce5cf59cb6859b9dbe513c8715d7f1a0350
-
SSDEEP
12288:n3C9ytvngQjuPh2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiZQ:SgdnJKPh2kkkkK4kXkkkkkkkkJQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cba0fb76f7e24be8758c1e572b55740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3cba0fb76f7e24be8758c1e572b55740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnh.exec:\btbtnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllffl.exec:\frllffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvj.exec:\jvpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxlrl.exec:\flxxlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxfl.exec:\rrllxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfxfl.exec:\5xxfxfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthh.exec:\nbnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxl.exec:\lxfxrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntt.exec:\hthntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxffr.exec:\9rxxffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhtb.exec:\9hhhtb.exe17⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe18⤵
- Executes dropped EXE
-
\??\c:\xrxfflr.exec:\xrxfflr.exe19⤵
- Executes dropped EXE
-
\??\c:\fxffxfl.exec:\fxffxfl.exe20⤵
- Executes dropped EXE
-
\??\c:\9lxxfll.exec:\9lxxfll.exe21⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe22⤵
- Executes dropped EXE
-
\??\c:\1rffrxl.exec:\1rffrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\5thhnn.exec:\5thhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe26⤵
- Executes dropped EXE
-
\??\c:\1nhbbt.exec:\1nhbbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnnnb.exec:\tnnnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\frflllf.exec:\frflllf.exe31⤵
- Executes dropped EXE
-
\??\c:\hnnnbh.exec:\hnnnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\7dpdv.exec:\7dpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\hnbbnt.exec:\hnbbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\7jddj.exec:\7jddj.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxflfl.exec:\xrxflfl.exe36⤵
- Executes dropped EXE
-
\??\c:\bnntnb.exec:\bnntnb.exe37⤵
- Executes dropped EXE
-
\??\c:\djdjj.exec:\djdjj.exe38⤵
- Executes dropped EXE
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\3xrrffl.exec:\3xrrffl.exe40⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\5vjjp.exec:\5vjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\5rllrxl.exec:\5rllrxl.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbhhb.exec:\hbbhhb.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\1jjjj.exec:\1jjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\7rffflx.exec:\7rffflx.exe48⤵
- Executes dropped EXE
-
\??\c:\nbtbhb.exec:\nbtbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\1hbbnh.exec:\1hbbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrfxxrf.exec:\xrfxxrf.exe52⤵
- Executes dropped EXE
-
\??\c:\rrllllr.exec:\rrllllr.exe53⤵
- Executes dropped EXE
-
\??\c:\5nbbbh.exec:\5nbbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe55⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxxxrx.exec:\lfxxxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrrflr.exec:\rlrrflr.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe59⤵
- Executes dropped EXE
-
\??\c:\1jddj.exec:\1jddj.exe60⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe61⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe62⤵
- Executes dropped EXE
-
\??\c:\hbthhh.exec:\hbthhh.exe63⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrrxff.exec:\rlrrxff.exe65⤵
- Executes dropped EXE
-
\??\c:\ntbthh.exec:\ntbthh.exe66⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe67⤵
-
\??\c:\5vpdv.exec:\5vpdv.exe68⤵
-
\??\c:\5fflllr.exec:\5fflllr.exe69⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe70⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe71⤵
-
\??\c:\xxxxflx.exec:\xxxxflx.exe72⤵
-
\??\c:\9hbbnt.exec:\9hbbnt.exe73⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe74⤵
-
\??\c:\djjvp.exec:\djjvp.exe75⤵
-
\??\c:\3xfxrxf.exec:\3xfxrxf.exe76⤵
-
\??\c:\7nbbhb.exec:\7nbbhb.exe77⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe78⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe79⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe80⤵
-
\??\c:\hbhnhb.exec:\hbhnhb.exe81⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe82⤵
-
\??\c:\rflfrfl.exec:\rflfrfl.exe83⤵
-
\??\c:\pjddp.exec:\pjddp.exe84⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe85⤵
-
\??\c:\lxxxfll.exec:\lxxxfll.exe86⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe87⤵
-
\??\c:\pdppp.exec:\pdppp.exe88⤵
-
\??\c:\9fxfxxl.exec:\9fxfxxl.exe89⤵
-
\??\c:\9lxxfff.exec:\9lxxfff.exe90⤵
-
\??\c:\ttthhb.exec:\ttthhb.exe91⤵
-
\??\c:\1pppj.exec:\1pppj.exe92⤵
-
\??\c:\xlrlrrr.exec:\xlrlrrr.exe93⤵
-
\??\c:\3hhntb.exec:\3hhntb.exe94⤵
-
\??\c:\3nbbtn.exec:\3nbbtn.exe95⤵
-
\??\c:\dvddj.exec:\dvddj.exe96⤵
-
\??\c:\xllxfxx.exec:\xllxfxx.exe97⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe98⤵
-
\??\c:\7pjdd.exec:\7pjdd.exe99⤵
-
\??\c:\pddpp.exec:\pddpp.exe100⤵
-
\??\c:\ffxxfll.exec:\ffxxfll.exe101⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe102⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe103⤵
-
\??\c:\fxrrxff.exec:\fxrrxff.exe104⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe105⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe106⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe107⤵
-
\??\c:\xxrrflx.exec:\xxrrflx.exe108⤵
-
\??\c:\thbhbh.exec:\thbhbh.exe109⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe110⤵
-
\??\c:\nntthh.exec:\nntthh.exe111⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe112⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe113⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe114⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe115⤵
-
\??\c:\7flrrxr.exec:\7flrrxr.exe116⤵
-
\??\c:\1rlrrxf.exec:\1rlrrxf.exe117⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe118⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe119⤵
-
\??\c:\rrxxfrr.exec:\rrxxfrr.exe120⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe121⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe122⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe123⤵
-
\??\c:\1frlrrr.exec:\1frlrrr.exe124⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe125⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe126⤵
-
\??\c:\vvppd.exec:\vvppd.exe127⤵
-
\??\c:\rfxffxx.exec:\rfxffxx.exe128⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe129⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe130⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe131⤵
-
\??\c:\7fxxrxx.exec:\7fxxrxx.exe132⤵
-
\??\c:\hbtbht.exec:\hbtbht.exe133⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe134⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe135⤵
-
\??\c:\xfflfrl.exec:\xfflfrl.exe136⤵
-
\??\c:\3nbnnn.exec:\3nbnnn.exe137⤵
-
\??\c:\pjppv.exec:\pjppv.exe138⤵
-
\??\c:\lfxlrfl.exec:\lfxlrfl.exe139⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe140⤵
-
\??\c:\bbttht.exec:\bbttht.exe141⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe142⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe143⤵
-
\??\c:\7nbbhh.exec:\7nbbhh.exe144⤵
-
\??\c:\httttt.exec:\httttt.exe145⤵
-
\??\c:\7dppj.exec:\7dppj.exe146⤵
-
\??\c:\xlxrrxf.exec:\xlxrrxf.exe147⤵
-
\??\c:\7htbbh.exec:\7htbbh.exe148⤵
-
\??\c:\3bnhnn.exec:\3bnhnn.exe149⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe150⤵
-
\??\c:\xlxrlxl.exec:\xlxrlxl.exe151⤵
-
\??\c:\bntntt.exec:\bntntt.exe152⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe153⤵
-
\??\c:\djvvv.exec:\djvvv.exe154⤵
-
\??\c:\9frxxfl.exec:\9frxxfl.exe155⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe156⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe157⤵
-
\??\c:\3jdjj.exec:\3jdjj.exe158⤵
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe159⤵
-
\??\c:\7nbhnt.exec:\7nbhnt.exe160⤵
-
\??\c:\vvddp.exec:\vvddp.exe161⤵
-
\??\c:\vjppv.exec:\vjppv.exe162⤵
-
\??\c:\3xllrrl.exec:\3xllrrl.exe163⤵
-
\??\c:\3htttn.exec:\3htttn.exe164⤵
-
\??\c:\ppppv.exec:\ppppv.exe165⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe166⤵
-
\??\c:\1xffrrx.exec:\1xffrrx.exe167⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe168⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe169⤵
-
\??\c:\vddjd.exec:\vddjd.exe170⤵
-
\??\c:\9lxxrrr.exec:\9lxxrrr.exe171⤵
-
\??\c:\ttbbnh.exec:\ttbbnh.exe172⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe173⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe174⤵
-
\??\c:\xrfflxx.exec:\xrfflxx.exe175⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe176⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe177⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe178⤵
-
\??\c:\fxfrlrf.exec:\fxfrlrf.exe179⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe180⤵
-
\??\c:\jddvp.exec:\jddvp.exe181⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe182⤵
-
\??\c:\5rlrxrl.exec:\5rlrxrl.exe183⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe184⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe185⤵
-
\??\c:\jdddj.exec:\jdddj.exe186⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe187⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe188⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe189⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe190⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe191⤵
-
\??\c:\7bhnnh.exec:\7bhnnh.exe192⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe193⤵
-
\??\c:\9fxxxfr.exec:\9fxxxfr.exe194⤵
-
\??\c:\1xfffff.exec:\1xfffff.exe195⤵
-
\??\c:\hhthhn.exec:\hhthhn.exe196⤵
-
\??\c:\1vvjd.exec:\1vvjd.exe197⤵
-
\??\c:\rlxrlxf.exec:\rlxrlxf.exe198⤵
-
\??\c:\7tnnbb.exec:\7tnnbb.exe199⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe200⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe201⤵
-
\??\c:\9lxrlll.exec:\9lxrlll.exe202⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe203⤵
-
\??\c:\3bbthb.exec:\3bbthb.exe204⤵
-
\??\c:\dppjd.exec:\dppjd.exe205⤵
-
\??\c:\lllfrrf.exec:\lllfrrf.exe206⤵
-
\??\c:\frrrrrl.exec:\frrrrrl.exe207⤵
-
\??\c:\5bhhhn.exec:\5bhhhn.exe208⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe209⤵
-
\??\c:\5jvvj.exec:\5jvvj.exe210⤵
-
\??\c:\5rxrxlr.exec:\5rxrxlr.exe211⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe212⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe213⤵
-
\??\c:\9xrlxfl.exec:\9xrlxfl.exe214⤵
-
\??\c:\xfflxlf.exec:\xfflxlf.exe215⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe216⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe217⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe218⤵
-
\??\c:\ffflrlr.exec:\ffflrlr.exe219⤵
-
\??\c:\bhhbhb.exec:\bhhbhb.exe220⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe221⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe222⤵
-
\??\c:\3lxfxxr.exec:\3lxfxxr.exe223⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe224⤵
-
\??\c:\3nnhnt.exec:\3nnhnt.exe225⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe226⤵
-
\??\c:\rfrfrxx.exec:\rfrfrxx.exe227⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe228⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe229⤵
-
\??\c:\9djvv.exec:\9djvv.exe230⤵
-
\??\c:\lfrxrfr.exec:\lfrxrfr.exe231⤵
-
\??\c:\xlflxfl.exec:\xlflxfl.exe232⤵
-
\??\c:\9thntt.exec:\9thntt.exe233⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe234⤵
-
\??\c:\xfxlrrr.exec:\xfxlrrr.exe235⤵
-
\??\c:\lfffrll.exec:\lfffrll.exe236⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe237⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe238⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe239⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe240⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe241⤵