Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 03:03
General
-
Target
5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
5e0aa7a8f8fab8977e653ae7651a3ab0
-
SHA1
5d47e2df66490c4708dadc65dbc8216c815051e4
-
SHA256
48a6cd4c621c0893732381aff1a2ff3cce9a8d04e0733413b41c2e6938aa38aa
-
SHA512
97dbc7a507dadf71e0d6a5c5cef0424157b00149100fa4c95ab0f5200881947ac63be5fdab234f98e28c5e3d893ca67166db9ffe52de4b88c4c7ede539cb17c1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5+:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5btbhn.exec:\5btbhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tttbb.exec:\1tttbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrfr.exec:\rrlfrfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbb.exec:\nhnnbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbhb.exec:\7hbbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvv.exec:\1vvvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrll.exec:\lrrrrll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrxrl.exec:\3fxrxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvvv.exec:\5pvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxlf.exec:\frflxlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhb.exec:\thhhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhnn.exec:\3nhhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfflf.exec:\llrfflf.exe17⤵
- Executes dropped EXE
-
\??\c:\rxlxrfl.exec:\rxlxrfl.exe18⤵
- Executes dropped EXE
-
\??\c:\7bnttt.exec:\7bnttt.exe19⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\1jpjp.exec:\1jpjp.exe21⤵
- Executes dropped EXE
-
\??\c:\xrxlxlx.exec:\xrxlxlx.exe22⤵
- Executes dropped EXE
-
\??\c:\lxxxfxl.exec:\lxxxfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\bhbbbb.exec:\bhbbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\3nhbnh.exec:\3nhbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\1lffxxx.exec:\1lffxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\llllrrf.exec:\llllrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnhhn.exec:\tnnhhn.exe29⤵
- Executes dropped EXE
-
\??\c:\htthtb.exec:\htthtb.exe30⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe31⤵
- Executes dropped EXE
-
\??\c:\9lrxrfl.exec:\9lrxrfl.exe32⤵
- Executes dropped EXE
-
\??\c:\lxfrxxf.exec:\lxfrxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvdv.exec:\3jvdv.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\9lfrxxr.exec:\9lfrxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\flfxlfx.exec:\flfxlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe39⤵
- Executes dropped EXE
-
\??\c:\5tnbhh.exec:\5tnbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\5pjpp.exec:\5pjpp.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\xxffrxl.exec:\xxffrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\nhthbt.exec:\nhthbt.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrlrlrx.exec:\rrlrlrx.exe46⤵
- Executes dropped EXE
-
\??\c:\lfrfflr.exec:\lfrfflr.exe47⤵
- Executes dropped EXE
-
\??\c:\hnhbth.exec:\hnhbth.exe48⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe49⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe50⤵
- Executes dropped EXE
-
\??\c:\rrfxfrf.exec:\rrfxfrf.exe51⤵
- Executes dropped EXE
-
\??\c:\bthtnt.exec:\bthtnt.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe53⤵
- Executes dropped EXE
-
\??\c:\1dvpp.exec:\1dvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrfxff.exec:\xrrfxff.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\3tbhhn.exec:\3tbhhn.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe58⤵
- Executes dropped EXE
-
\??\c:\5pddv.exec:\5pddv.exe59⤵
- Executes dropped EXE
-
\??\c:\xfrllxx.exec:\xfrllxx.exe60⤵
- Executes dropped EXE
-
\??\c:\xffllfr.exec:\xffllfr.exe61⤵
- Executes dropped EXE
-
\??\c:\ttbnbb.exec:\ttbnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe63⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe64⤵
- Executes dropped EXE
-
\??\c:\llxlflr.exec:\llxlflr.exe65⤵
- Executes dropped EXE
-
\??\c:\9rlrrff.exec:\9rlrrff.exe66⤵
-
\??\c:\hhnbtb.exec:\hhnbtb.exe67⤵
-
\??\c:\dppjv.exec:\dppjv.exe68⤵
-
\??\c:\5xlllrx.exec:\5xlllrx.exe69⤵
-
\??\c:\fxfrflx.exec:\fxfrflx.exe70⤵
-
\??\c:\nhthbn.exec:\nhthbn.exe71⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe72⤵
-
\??\c:\7vvjp.exec:\7vvjp.exe73⤵
-
\??\c:\lxlflrl.exec:\lxlflrl.exe74⤵
-
\??\c:\1xrfrxr.exec:\1xrfrxr.exe75⤵
-
\??\c:\3lrrffx.exec:\3lrrffx.exe76⤵
-
\??\c:\1bbnhn.exec:\1bbnhn.exe77⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe78⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe79⤵
-
\??\c:\rfxxflx.exec:\rfxxflx.exe80⤵
-
\??\c:\llfxrfr.exec:\llfxrfr.exe81⤵
-
\??\c:\nhtnth.exec:\nhtnth.exe82⤵
-
\??\c:\7hbthh.exec:\7hbthh.exe83⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe84⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe85⤵
-
\??\c:\lfrflxr.exec:\lfrflxr.exe86⤵
-
\??\c:\xxfrffl.exec:\xxfrffl.exe87⤵
-
\??\c:\lffrxxf.exec:\lffrxxf.exe88⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe89⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe90⤵
-
\??\c:\7vppd.exec:\7vppd.exe91⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe92⤵
-
\??\c:\7dddp.exec:\7dddp.exe93⤵
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe94⤵
-
\??\c:\9xrxflx.exec:\9xrxflx.exe95⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe96⤵
-
\??\c:\tnhbbh.exec:\tnhbbh.exe97⤵
-
\??\c:\ntbhnn.exec:\ntbhnn.exe98⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe99⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe100⤵
-
\??\c:\xrfllrr.exec:\xrfllrr.exe101⤵
-
\??\c:\5frrlrx.exec:\5frrlrx.exe102⤵
-
\??\c:\3rrxlrr.exec:\3rrxlrr.exe103⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe104⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe105⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe106⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe107⤵
-
\??\c:\5fxxlxl.exec:\5fxxlxl.exe108⤵
-
\??\c:\rrlrxlr.exec:\rrlrxlr.exe109⤵
-
\??\c:\llfflfr.exec:\llfflfr.exe110⤵
-
\??\c:\hnhnbn.exec:\hnhnbn.exe111⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe112⤵
-
\??\c:\7ppjp.exec:\7ppjp.exe113⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe114⤵
-
\??\c:\lllllrx.exec:\lllllrx.exe115⤵
-
\??\c:\9rlrlrl.exec:\9rlrlrl.exe116⤵
-
\??\c:\hhnhth.exec:\hhnhth.exe117⤵
-
\??\c:\htbhtb.exec:\htbhtb.exe118⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe119⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe120⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe121⤵
-
\??\c:\lffxxlx.exec:\lffxxlx.exe122⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe123⤵
-
\??\c:\hnbhbb.exec:\hnbhbb.exe124⤵
-
\??\c:\1nthtb.exec:\1nthtb.exe125⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe126⤵
-
\??\c:\xxllxlf.exec:\xxllxlf.exe127⤵
-
\??\c:\ntbhht.exec:\ntbhht.exe128⤵
-
\??\c:\nhbhhb.exec:\nhbhhb.exe129⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe130⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe131⤵
-
\??\c:\rllxxfl.exec:\rllxxfl.exe132⤵
-
\??\c:\ffflflf.exec:\ffflflf.exe133⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe134⤵
-
\??\c:\7thhtb.exec:\7thhtb.exe135⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe136⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe137⤵
-
\??\c:\fxlxxfr.exec:\fxlxxfr.exe138⤵
-
\??\c:\5fxfrxr.exec:\5fxfrxr.exe139⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe140⤵
-
\??\c:\bbtnbt.exec:\bbtnbt.exe141⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe142⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe143⤵
-
\??\c:\jjddp.exec:\jjddp.exe144⤵
-
\??\c:\lfrfxrf.exec:\lfrfxrf.exe145⤵
-
\??\c:\xxrlflx.exec:\xxrlflx.exe146⤵
-
\??\c:\3hthbn.exec:\3hthbn.exe147⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe148⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe149⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe150⤵
-
\??\c:\7xxlxxr.exec:\7xxlxxr.exe151⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe152⤵
-
\??\c:\7lrlxxr.exec:\7lrlxxr.exe153⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe154⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe155⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe156⤵
-
\??\c:\7rlfrxl.exec:\7rlfrxl.exe157⤵
-
\??\c:\5xxlffr.exec:\5xxlffr.exe158⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe159⤵
-
\??\c:\ttbhtb.exec:\ttbhtb.exe160⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe161⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe162⤵
-
\??\c:\ffrrxlr.exec:\ffrrxlr.exe163⤵
-
\??\c:\9xxfrxf.exec:\9xxfrxf.exe164⤵
-
\??\c:\ntnttt.exec:\ntnttt.exe165⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe166⤵
-
\??\c:\jddpj.exec:\jddpj.exe167⤵
-
\??\c:\pdppp.exec:\pdppp.exe168⤵
-
\??\c:\lxlfllf.exec:\lxlfllf.exe169⤵
-
\??\c:\rfrlrff.exec:\rfrlrff.exe170⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe171⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe172⤵
-
\??\c:\1djdd.exec:\1djdd.exe173⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe174⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe175⤵
-
\??\c:\llxfxrl.exec:\llxfxrl.exe176⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe177⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe178⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe179⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe180⤵
-
\??\c:\xrffrfr.exec:\xrffrfr.exe181⤵
-
\??\c:\xlrfflr.exec:\xlrfflr.exe182⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe183⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe184⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe185⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe186⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe187⤵
-
\??\c:\rlxrrll.exec:\rlxrrll.exe188⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe189⤵
-
\??\c:\1ttbtt.exec:\1ttbtt.exe190⤵
-
\??\c:\hhtnnb.exec:\hhtnnb.exe191⤵
-
\??\c:\pdddp.exec:\pdddp.exe192⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe193⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe194⤵
-
\??\c:\rxfxfxl.exec:\rxfxfxl.exe195⤵
-
\??\c:\tnnttn.exec:\tnnttn.exe196⤵
-
\??\c:\vpppp.exec:\vpppp.exe197⤵
-
\??\c:\pjddp.exec:\pjddp.exe198⤵
-
\??\c:\5rlffxx.exec:\5rlffxx.exe199⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe200⤵
-
\??\c:\bhnhbn.exec:\bhnhbn.exe201⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe202⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe203⤵
-
\??\c:\rflflff.exec:\rflflff.exe204⤵
-
\??\c:\5lrrrrx.exec:\5lrrrrx.exe205⤵
-
\??\c:\htbttt.exec:\htbttt.exe206⤵
-
\??\c:\tbbhhn.exec:\tbbhhn.exe207⤵
-
\??\c:\bththn.exec:\bththn.exe208⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe209⤵
-
\??\c:\7lxfflr.exec:\7lxfflr.exe210⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe211⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe212⤵
-
\??\c:\vdppp.exec:\vdppp.exe213⤵
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe214⤵
-
\??\c:\frxxrrx.exec:\frxxrrx.exe215⤵
-
\??\c:\7xlxxlf.exec:\7xlxxlf.exe216⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe217⤵
-
\??\c:\5btbht.exec:\5btbht.exe218⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe219⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe220⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe221⤵
-
\??\c:\9llrflx.exec:\9llrflx.exe222⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe223⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe224⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe225⤵
-
\??\c:\7djdd.exec:\7djdd.exe226⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe227⤵
-
\??\c:\llrxffl.exec:\llrxffl.exe228⤵
-
\??\c:\5rfllfl.exec:\5rfllfl.exe229⤵
-
\??\c:\nbbhnt.exec:\nbbhnt.exe230⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe231⤵
-
\??\c:\9vjvj.exec:\9vjvj.exe232⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe233⤵
-
\??\c:\frfllll.exec:\frfllll.exe234⤵
-
\??\c:\xlxrrll.exec:\xlxrrll.exe235⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe236⤵
-
\??\c:\hnnbnt.exec:\hnnbnt.exe237⤵
-
\??\c:\5ddpp.exec:\5ddpp.exe238⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe239⤵
-
\??\c:\fxlxrrr.exec:\fxlxrrr.exe240⤵
-
\??\c:\3lrxxrx.exec:\3lrxxrx.exe241⤵