Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 02:25
General
-
Target
53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe
-
Size
229KB
-
MD5
53e0190a2bb775d745fe02f51afac8a0
-
SHA1
95c8391c6f361b833a396814846e9cc60362c868
-
SHA256
4d9d166acaa6093ac49df76ed04d040660bb93bc32c751405aa7985e250d8dfd
-
SHA512
327894717faaccf3a7c9209ec44037a10805ca9d25bcff1d553d8d16830dd31ef51e9614437b1ae5b634ab6c246262e5d87c55d47875ce5dfc38e4f677d31e2d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31z8mF7C/:n3C9BRo7MlrWKo+lfFe/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvjp.exec:\5vvjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbht.exec:\hnnbht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnn.exec:\nbnnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthh.exec:\hbnthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfrrr.exec:\flxfrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnbht.exec:\1bnbht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xffrxr.exec:\3xffrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntht.exec:\hhntht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlrll.exec:\xfxlrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththn.exec:\tththn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrxl.exec:\xrflrxl.exe17⤵
- Executes dropped EXE
-
\??\c:\hntnnb.exec:\hntnnb.exe18⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe19⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe20⤵
- Executes dropped EXE
-
\??\c:\5ttntt.exec:\5ttntt.exe21⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe22⤵
- Executes dropped EXE
-
\??\c:\rfrflfl.exec:\rfrflfl.exe23⤵
- Executes dropped EXE
-
\??\c:\hhntbb.exec:\hhntbb.exe24⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\rxlflxf.exec:\rxlflxf.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe27⤵
- Executes dropped EXE
-
\??\c:\lffflxx.exec:\lffflxx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnbbn.exec:\tnnbbn.exe29⤵
- Executes dropped EXE
-
\??\c:\djdpp.exec:\djdpp.exe30⤵
- Executes dropped EXE
-
\??\c:\1rlrfrf.exec:\1rlrfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbhth.exec:\hhbhth.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnbht.exec:\hhnbht.exe34⤵
- Executes dropped EXE
-
\??\c:\1nhbhn.exec:\1nhbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\rrfrflx.exec:\rrfrflx.exe37⤵
- Executes dropped EXE
-
\??\c:\1xrrfrx.exec:\1xrrfrx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe41⤵
- Executes dropped EXE
-
\??\c:\lllrfff.exec:\lllrfff.exe42⤵
- Executes dropped EXE
-
\??\c:\rfxlrxl.exec:\rfxlrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\bbthbh.exec:\bbthbh.exe45⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrfrxx.exec:\rlrfrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\5nhntt.exec:\5nhntt.exe48⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\rxlllfl.exec:\rxlllfl.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe53⤵
- Executes dropped EXE
-
\??\c:\3dvjd.exec:\3dvjd.exe54⤵
- Executes dropped EXE
-
\??\c:\1dpvd.exec:\1dpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\rlxxfxx.exec:\rlxxfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxxfrf.exec:\lfxxfrf.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxlxfr.exec:\rlxlxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe64⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe65⤵
- Executes dropped EXE
-
\??\c:\fxllxxl.exec:\fxllxxl.exe66⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe67⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe68⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe69⤵
-
\??\c:\rfrllfl.exec:\rfrllfl.exe70⤵
-
\??\c:\btbnbn.exec:\btbnbn.exe71⤵
-
\??\c:\tnnbbb.exec:\tnnbbb.exe72⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe73⤵
-
\??\c:\rrfrxlx.exec:\rrfrxlx.exe74⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe75⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe76⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe77⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe78⤵
-
\??\c:\llxxflf.exec:\llxxflf.exe79⤵
-
\??\c:\bhthhb.exec:\bhthhb.exe80⤵
-
\??\c:\vpddv.exec:\vpddv.exe81⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe82⤵
-
\??\c:\1rrxrfr.exec:\1rrxrfr.exe83⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe84⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe85⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe86⤵
-
\??\c:\rlrllxl.exec:\rlrllxl.exe87⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe88⤵
-
\??\c:\7ntbnb.exec:\7ntbnb.exe89⤵
-
\??\c:\vpddj.exec:\vpddj.exe90⤵
-
\??\c:\rllxrxr.exec:\rllxrxr.exe91⤵
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe92⤵
-
\??\c:\ttbntb.exec:\ttbntb.exe93⤵
-
\??\c:\djjjv.exec:\djjjv.exe94⤵
-
\??\c:\7dppp.exec:\7dppp.exe95⤵
-
\??\c:\3frrxxl.exec:\3frrxxl.exe96⤵
-
\??\c:\xflxrll.exec:\xflxrll.exe97⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe98⤵
-
\??\c:\jppvp.exec:\jppvp.exe99⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe100⤵
-
\??\c:\lrllllx.exec:\lrllllx.exe101⤵
-
\??\c:\tthntb.exec:\tthntb.exe102⤵
-
\??\c:\1hhntb.exec:\1hhntb.exe103⤵
-
\??\c:\vpppj.exec:\vpppj.exe104⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe105⤵
-
\??\c:\1fxlxfr.exec:\1fxlxfr.exe106⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe107⤵
-
\??\c:\vpddp.exec:\vpddp.exe108⤵
-
\??\c:\dddjd.exec:\dddjd.exe109⤵
-
\??\c:\3rlrrlf.exec:\3rlrrlf.exe110⤵
-
\??\c:\tbnbhh.exec:\tbnbhh.exe111⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe112⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe113⤵
-
\??\c:\ffxlrxf.exec:\ffxlrxf.exe114⤵
-
\??\c:\lxxfxll.exec:\lxxfxll.exe115⤵
-
\??\c:\nhhtbn.exec:\nhhtbn.exe116⤵
-
\??\c:\tbbnhn.exec:\tbbnhn.exe117⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe118⤵
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe119⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe120⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe121⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe122⤵
-
\??\c:\7lrflxl.exec:\7lrflxl.exe123⤵
-
\??\c:\lrlfrfr.exec:\lrlfrfr.exe124⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe125⤵
-
\??\c:\5vvvd.exec:\5vvvd.exe126⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe127⤵
-
\??\c:\7rxfrlx.exec:\7rxfrlx.exe128⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe129⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe130⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe131⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe132⤵
-
\??\c:\rlfflrf.exec:\rlfflrf.exe133⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe134⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe135⤵
-
\??\c:\7frrffl.exec:\7frrffl.exe136⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe137⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe138⤵
-
\??\c:\pjddp.exec:\pjddp.exe139⤵
-
\??\c:\3fxxffx.exec:\3fxxffx.exe140⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe141⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe142⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe143⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe144⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe145⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe146⤵
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe147⤵
-
\??\c:\btnttn.exec:\btnttn.exe148⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe149⤵
-
\??\c:\3jdjp.exec:\3jdjp.exe150⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe151⤵
-
\??\c:\frlllxl.exec:\frlllxl.exe152⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe153⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe154⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe155⤵
-
\??\c:\ffrxrxl.exec:\ffrxrxl.exe156⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe157⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe158⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe159⤵
-
\??\c:\frfrrfx.exec:\frfrrfx.exe160⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe161⤵
-
\??\c:\9btbbb.exec:\9btbbb.exe162⤵
-
\??\c:\9pddj.exec:\9pddj.exe163⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe164⤵
-
\??\c:\flxflrf.exec:\flxflrf.exe165⤵
-
\??\c:\hbbhht.exec:\hbbhht.exe166⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe167⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe168⤵
-
\??\c:\7rfxrlf.exec:\7rfxrlf.exe169⤵
-
\??\c:\fxrffxf.exec:\fxrffxf.exe170⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe171⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe172⤵
-
\??\c:\djvvd.exec:\djvvd.exe173⤵
-
\??\c:\rlflffl.exec:\rlflffl.exe174⤵
-
\??\c:\fxlrlfr.exec:\fxlrlfr.exe175⤵
-
\??\c:\1hhnbh.exec:\1hhnbh.exe176⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe177⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe178⤵
-
\??\c:\xllxxrr.exec:\xllxxrr.exe179⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe180⤵
-
\??\c:\bbhntn.exec:\bbhntn.exe181⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe182⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe183⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe184⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe185⤵
-
\??\c:\nttbbt.exec:\nttbbt.exe186⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe187⤵
-
\??\c:\rlxflxl.exec:\rlxflxl.exe188⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe189⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe190⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe191⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe192⤵
-
\??\c:\flxfflf.exec:\flxfflf.exe193⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe194⤵
-
\??\c:\btnbth.exec:\btnbth.exe195⤵
-
\??\c:\jjddp.exec:\jjddp.exe196⤵
-
\??\c:\fffxflx.exec:\fffxflx.exe197⤵
-
\??\c:\7rflfrx.exec:\7rflfrx.exe198⤵
-
\??\c:\9bthtb.exec:\9bthtb.exe199⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe200⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe201⤵
-
\??\c:\xrrrfll.exec:\xrrrfll.exe202⤵
-
\??\c:\lrxrrll.exec:\lrxrrll.exe203⤵
-
\??\c:\hhbtbn.exec:\hhbtbn.exe204⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe205⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe206⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe207⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe208⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe209⤵
-
\??\c:\3vppv.exec:\3vppv.exe210⤵
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe211⤵
-
\??\c:\5rlrfll.exec:\5rlrfll.exe212⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe213⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe214⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe215⤵
-
\??\c:\xflrxxx.exec:\xflrxxx.exe216⤵
-
\??\c:\bbnbth.exec:\bbnbth.exe217⤵
-
\??\c:\nhthht.exec:\nhthht.exe218⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe219⤵
-
\??\c:\ffxlffr.exec:\ffxlffr.exe220⤵
-
\??\c:\xrrlfrf.exec:\xrrlfrf.exe221⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe222⤵
-
\??\c:\nthbbn.exec:\nthbbn.exe223⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe224⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe225⤵
-
\??\c:\frxlxrx.exec:\frxlxrx.exe226⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe227⤵
-
\??\c:\nttbnn.exec:\nttbnn.exe228⤵
-
\??\c:\7dddv.exec:\7dddv.exe229⤵
-
\??\c:\fflxfrr.exec:\fflxfrr.exe230⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe231⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe232⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe233⤵
-
\??\c:\llxfrrl.exec:\llxfrrl.exe234⤵
-
\??\c:\lfrxfrl.exec:\lfrxfrl.exe235⤵
-
\??\c:\ntbthn.exec:\ntbthn.exe236⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe237⤵
-
\??\c:\djpdv.exec:\djpdv.exe238⤵
-
\??\c:\9xrfrlr.exec:\9xrfrlr.exe239⤵
-
\??\c:\rxrrxrf.exec:\rxrrxrf.exe240⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe241⤵