Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 02:34
General
-
Target
564a3ae8cf79af146a25edef68cbe230_NeikiAnalytics.exe
-
Size
387KB
-
MD5
564a3ae8cf79af146a25edef68cbe230
-
SHA1
6922dcaab672f3edb35e3e30830bc46fea317301
-
SHA256
ada4edc6062dbd832e9ccc0acbaadf50372adf1afb0290b8ad5ae9f2139ae8a0
-
SHA512
61e31c5808e23725ce66563e3bc6381e81a9d448d10578ac830377bc6a16e9d5e8a4a2cee3cbc0cd70dbf5676e9fdb8374bb4c4cede105978f1fb39262d48db8
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthT:n3C9uYA7okVqdKwaO5CVMhT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\564a3ae8cf79af146a25edef68cbe230_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\564a3ae8cf79af146a25edef68cbe230_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvdj.exec:\1jvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfffxf.exec:\5rfffxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jddj.exec:\7jddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxlrf.exec:\lrlxlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbnb.exec:\1tnbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbh.exec:\ttntbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxllf.exec:\rrfxllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnnbh.exec:\7bnnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrllx.exec:\ffrrllx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnnn.exec:\5bnnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrf.exec:\xrflrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhhh.exec:\7hbhhh.exe17⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe18⤵
- Executes dropped EXE
-
\??\c:\frffrlr.exec:\frffrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe20⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\5bnntt.exec:\5bnntt.exe22⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe23⤵
- Executes dropped EXE
-
\??\c:\1xlfllr.exec:\1xlfllr.exe24⤵
- Executes dropped EXE
-
\??\c:\thtthb.exec:\thtthb.exe25⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe28⤵
- Executes dropped EXE
-
\??\c:\9vjvd.exec:\9vjvd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\7vdjd.exec:\7vdjd.exe32⤵
- Executes dropped EXE
-
\??\c:\xlfrllf.exec:\xlfrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe34⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\frfflrf.exec:\frfflrf.exe36⤵
- Executes dropped EXE
-
\??\c:\htnnbh.exec:\htnnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\9tnhnn.exec:\9tnhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\3rfxxrx.exec:\3rfxxrx.exe41⤵
- Executes dropped EXE
-
\??\c:\7bnhnn.exec:\7bnhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe43⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxxfll.exec:\xlxxfll.exe45⤵
- Executes dropped EXE
-
\??\c:\xrflxxr.exec:\xrflxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\5nnhhh.exec:\5nnhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe48⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe49⤵
- Executes dropped EXE
-
\??\c:\rfrlrrf.exec:\rfrlrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnhnh.exec:\nbnhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\thtttn.exec:\thtttn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\3xxflll.exec:\3xxflll.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlrflf.exec:\rrlrflf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhbtth.exec:\bhbtth.exe60⤵
- Executes dropped EXE
-
\??\c:\tbhhnh.exec:\tbhhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe62⤵
- Executes dropped EXE
-
\??\c:\9flrrxx.exec:\9flrrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlrfrl.exec:\7rlrfrl.exe64⤵
- Executes dropped EXE
-
\??\c:\bbhtbh.exec:\bbhtbh.exe65⤵
- Executes dropped EXE
-
\??\c:\1vdjv.exec:\1vdjv.exe66⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe67⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe68⤵
-
\??\c:\flxlrfr.exec:\flxlrfr.exe69⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe70⤵
-
\??\c:\pjddp.exec:\pjddp.exe71⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe72⤵
-
\??\c:\9rlrxxl.exec:\9rlrxxl.exe73⤵
-
\??\c:\rflrxll.exec:\rflrxll.exe74⤵
-
\??\c:\ntnttb.exec:\ntnttb.exe75⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe76⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe77⤵
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe78⤵
-
\??\c:\thnbhn.exec:\thnbhn.exe79⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe80⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe81⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe82⤵
-
\??\c:\lxxfxfr.exec:\lxxfxfr.exe83⤵
-
\??\c:\9btnbh.exec:\9btnbh.exe84⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe85⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe86⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe87⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe88⤵
-
\??\c:\7btbhn.exec:\7btbhn.exe89⤵
-
\??\c:\vpddj.exec:\vpddj.exe90⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe91⤵
-
\??\c:\lrrrflf.exec:\lrrrflf.exe92⤵
-
\??\c:\5lffllf.exec:\5lffllf.exe93⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe94⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe95⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe96⤵
-
\??\c:\xrllrff.exec:\xrllrff.exe97⤵
-
\??\c:\nnntnb.exec:\nnntnb.exe98⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe99⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe100⤵
-
\??\c:\xxrflrx.exec:\xxrflrx.exe101⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe102⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe103⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe104⤵
-
\??\c:\1fxllrf.exec:\1fxllrf.exe105⤵
-
\??\c:\9lfllrx.exec:\9lfllrx.exe106⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe107⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe108⤵
-
\??\c:\djjvd.exec:\djjvd.exe109⤵
-
\??\c:\fflfxrr.exec:\fflfxrr.exe110⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe111⤵
-
\??\c:\3tnthh.exec:\3tnthh.exe112⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe113⤵
-
\??\c:\lfrxrfl.exec:\lfrxrfl.exe114⤵
-
\??\c:\7xfflrf.exec:\7xfflrf.exe115⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe116⤵
-
\??\c:\hbthbn.exec:\hbthbn.exe117⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe118⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe119⤵
-
\??\c:\lrlxlrf.exec:\lrlxlrf.exe120⤵
-
\??\c:\5ntbtb.exec:\5ntbtb.exe121⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe122⤵
-
\??\c:\7pddv.exec:\7pddv.exe123⤵
-
\??\c:\rrllflf.exec:\rrllflf.exe124⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe125⤵
-
\??\c:\ntnthh.exec:\ntnthh.exe126⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe127⤵
-
\??\c:\fxrflxf.exec:\fxrflxf.exe128⤵
-
\??\c:\9rlfrlx.exec:\9rlfrlx.exe129⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe130⤵
-
\??\c:\htbbnt.exec:\htbbnt.exe131⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe132⤵
-
\??\c:\1djvd.exec:\1djvd.exe133⤵
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe134⤵
-
\??\c:\5nhntt.exec:\5nhntt.exe135⤵
-
\??\c:\nnhhht.exec:\nnhhht.exe136⤵
-
\??\c:\9djpp.exec:\9djpp.exe137⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe138⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe139⤵
-
\??\c:\7nbthn.exec:\7nbthn.exe140⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe141⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe142⤵
-
\??\c:\9xffrxr.exec:\9xffrxr.exe143⤵
-
\??\c:\nhhtbh.exec:\nhhtbh.exe144⤵
-
\??\c:\btnbht.exec:\btnbht.exe145⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe146⤵
-
\??\c:\hnhnbb.exec:\hnhnbb.exe147⤵
-
\??\c:\9btbhn.exec:\9btbhn.exe148⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe149⤵
-
\??\c:\pppvd.exec:\pppvd.exe150⤵
-
\??\c:\3xrrxrx.exec:\3xrrxrx.exe151⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe152⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe153⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe154⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe155⤵
-
\??\c:\1xrrffx.exec:\1xrrffx.exe156⤵
-
\??\c:\5bhhth.exec:\5bhhth.exe157⤵
-
\??\c:\5bntbn.exec:\5bntbn.exe158⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe159⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe160⤵
-
\??\c:\fxlxxfx.exec:\fxlxxfx.exe161⤵
-
\??\c:\3xflxxr.exec:\3xflxxr.exe162⤵
-
\??\c:\thhtnb.exec:\thhtnb.exe163⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe164⤵
-
\??\c:\9vddj.exec:\9vddj.exe165⤵
-
\??\c:\9lxrxfl.exec:\9lxrxfl.exe166⤵
-
\??\c:\7thhnt.exec:\7thhnt.exe167⤵
-
\??\c:\7htbht.exec:\7htbht.exe168⤵
-
\??\c:\vpppd.exec:\vpppd.exe169⤵
-
\??\c:\lxlrrrl.exec:\lxlrrrl.exe170⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe171⤵
-
\??\c:\hnhnbn.exec:\hnhnbn.exe172⤵
-
\??\c:\vpddp.exec:\vpddp.exe173⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe174⤵
-
\??\c:\1llflxl.exec:\1llflxl.exe175⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe176⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe177⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe178⤵
-
\??\c:\7xxxlrx.exec:\7xxxlrx.exe179⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe180⤵
-
\??\c:\nhthth.exec:\nhthth.exe181⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe182⤵
-
\??\c:\jjddj.exec:\jjddj.exe183⤵
-
\??\c:\lfrrlxx.exec:\lfrrlxx.exe184⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe185⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe186⤵
-
\??\c:\dvppv.exec:\dvppv.exe187⤵
-
\??\c:\rfrrfll.exec:\rfrrfll.exe188⤵
-
\??\c:\9ffrxfx.exec:\9ffrxfx.exe189⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe190⤵
-
\??\c:\jddjv.exec:\jddjv.exe191⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe192⤵
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe193⤵
-
\??\c:\bnnntn.exec:\bnnntn.exe194⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe195⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe196⤵
-
\??\c:\7xrfllx.exec:\7xrfllx.exe197⤵
-
\??\c:\5rxrrrr.exec:\5rxrrrr.exe198⤵
-
\??\c:\1hthtt.exec:\1hthtt.exe199⤵
-
\??\c:\3bnntt.exec:\3bnntt.exe200⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe201⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe202⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe203⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe204⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe205⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe206⤵
-
\??\c:\1xrflxf.exec:\1xrflxf.exe207⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe208⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe209⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe210⤵
-
\??\c:\3xrllrf.exec:\3xrllrf.exe211⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe212⤵
-
\??\c:\9nhnnt.exec:\9nhnnt.exe213⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe214⤵
-
\??\c:\xfxfxfr.exec:\xfxfxfr.exe215⤵
-
\??\c:\5lflxfx.exec:\5lflxfx.exe216⤵
-
\??\c:\9btntt.exec:\9btntt.exe217⤵
-
\??\c:\jdddp.exec:\jdddp.exe218⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe219⤵
-
\??\c:\xxxfrfx.exec:\xxxfrfx.exe220⤵
-
\??\c:\9ththn.exec:\9ththn.exe221⤵
-
\??\c:\vdppv.exec:\vdppv.exe222⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe223⤵
-
\??\c:\1lllxxf.exec:\1lllxxf.exe224⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe225⤵
-
\??\c:\bbthht.exec:\bbthht.exe226⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe227⤵
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe228⤵
-
\??\c:\3fxlrrf.exec:\3fxlrrf.exe229⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe230⤵
-
\??\c:\dddjv.exec:\dddjv.exe231⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe232⤵
-
\??\c:\flfrffx.exec:\flfrffx.exe233⤵
-
\??\c:\httbtb.exec:\httbtb.exe234⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe235⤵
-
\??\c:\dppjd.exec:\dppjd.exe236⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe237⤵
-
\??\c:\lxlrlfx.exec:\lxlrlfx.exe238⤵
-
\??\c:\bbbbht.exec:\bbbbht.exe239⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe240⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe241⤵