Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 03:08
General
-
Target
5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe
-
Size
56KB
-
MD5
5eef8191e12bcea07d3af23002803010
-
SHA1
9b0756d39b9fb400f971a5ca17488197cdb5b81c
-
SHA256
d6f093f86d3408033cfad63d4ee610b773ed0db4d3c2cc278fa451d1554bcb80
-
SHA512
c9a5c3edb2d1c116029bfa6635d00e45d255e038a0d49fda311e7eae215526daf557d8fc02f8cf4291d173ba747e6d9f5f08bd0a6aa35e954e37abfbf33dea8e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVnEz:ymb3NkkiQ3mdBjF0crEz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlflx.exec:\ffxlflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtht.exec:\hnbtht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdjd.exec:\7jdjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpd.exec:\7djpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhnt.exec:\3hbhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbtb.exec:\tntbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvdj.exec:\7pvdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdp.exec:\vvpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxflr.exec:\fffxflr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbn.exec:\btbhbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbtb.exec:\7tnbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdp.exec:\pdpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrflxl.exec:\rlrflxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfrrrr.exec:\1rfrrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhhh.exec:\3bhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe17⤵
- Executes dropped EXE
-
\??\c:\5lxrxfl.exec:\5lxrxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe19⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe20⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe21⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe22⤵
- Executes dropped EXE
-
\??\c:\xlxlxlx.exec:\xlxlxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\thhhtb.exec:\thhhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe25⤵
- Executes dropped EXE
-
\??\c:\9ppdj.exec:\9ppdj.exe26⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\flflxfl.exec:\flflxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\ttnnhb.exec:\ttnnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\9vppv.exec:\9vppv.exe30⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe31⤵
- Executes dropped EXE
-
\??\c:\llffrrl.exec:\llffrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\rxrxllx.exec:\rxrxllx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbhnh.exec:\hhbhnh.exe34⤵
- Executes dropped EXE
-
\??\c:\hnttbt.exec:\hnttbt.exe35⤵
- Executes dropped EXE
-
\??\c:\vjjvd.exec:\vjjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxrrrf.exec:\ffxrrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrrffr.exec:\rlrrffr.exe38⤵
- Executes dropped EXE
-
\??\c:\nthbbh.exec:\nthbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\1ppdp.exec:\1ppdp.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\9rlrxfl.exec:\9rlrxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\ffrfrfr.exec:\ffrfrfr.exe43⤵
- Executes dropped EXE
-
\??\c:\bntbhn.exec:\bntbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\1tbhhh.exec:\1tbhhh.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxllrfl.exec:\fxllrfl.exe48⤵
- Executes dropped EXE
-
\??\c:\llxlxfr.exec:\llxlxfr.exe49⤵
- Executes dropped EXE
-
\??\c:\7bbbhn.exec:\7bbbhn.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe52⤵
- Executes dropped EXE
-
\??\c:\1rxlfrx.exec:\1rxlfrx.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe54⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe55⤵
- Executes dropped EXE
-
\??\c:\1fxxllf.exec:\1fxxllf.exe56⤵
- Executes dropped EXE
-
\??\c:\nbhnbb.exec:\nbhnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe59⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe60⤵
- Executes dropped EXE
-
\??\c:\xrllrfr.exec:\xrllrfr.exe61⤵
- Executes dropped EXE
-
\??\c:\xxxlfrx.exec:\xxxlfrx.exe62⤵
- Executes dropped EXE
-
\??\c:\3nbntn.exec:\3nbntn.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe64⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\7lflxrf.exec:\7lflxrf.exe66⤵
-
\??\c:\9xrflrf.exec:\9xrflrf.exe67⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe68⤵
-
\??\c:\nbhttb.exec:\nbhttb.exe69⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe70⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe71⤵
-
\??\c:\rrrlffl.exec:\rrrlffl.exe72⤵
-
\??\c:\xrfrrrx.exec:\xrfrrrx.exe73⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe74⤵
-
\??\c:\dpddj.exec:\dpddj.exe75⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe76⤵
-
\??\c:\dppvj.exec:\dppvj.exe77⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe78⤵
-
\??\c:\7thnbt.exec:\7thnbt.exe79⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe80⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe81⤵
-
\??\c:\dppjp.exec:\dppjp.exe82⤵
-
\??\c:\lxlrrff.exec:\lxlrrff.exe83⤵
-
\??\c:\ffrfrlf.exec:\ffrfrlf.exe84⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe85⤵
-
\??\c:\djpjp.exec:\djpjp.exe86⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe87⤵
-
\??\c:\3frxflr.exec:\3frxflr.exe88⤵
-
\??\c:\rllxlrl.exec:\rllxlrl.exe89⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe90⤵
-
\??\c:\tnntbb.exec:\tnntbb.exe91⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe92⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe93⤵
-
\??\c:\lxffflr.exec:\lxffflr.exe94⤵
-
\??\c:\lxfflfr.exec:\lxfflfr.exe95⤵
-
\??\c:\1nnbnn.exec:\1nnbnn.exe96⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe97⤵
-
\??\c:\9bnntt.exec:\9bnntt.exe98⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe99⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe100⤵
-
\??\c:\xllxlrx.exec:\xllxlrx.exe101⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe102⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe103⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe104⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe105⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe106⤵
-
\??\c:\9xlfrll.exec:\9xlfrll.exe107⤵
-
\??\c:\fxxlfll.exec:\fxxlfll.exe108⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe109⤵
-
\??\c:\7bntnn.exec:\7bntnn.exe110⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe111⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe112⤵
-
\??\c:\lxlrxfr.exec:\lxlrxfr.exe113⤵
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe114⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe115⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe116⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe117⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe118⤵
-
\??\c:\rxxflrf.exec:\rxxflrf.exe119⤵
-
\??\c:\9xfrxrf.exec:\9xfrxrf.exe120⤵
-
\??\c:\7bntnb.exec:\7bntnb.exe121⤵
-
\??\c:\1bbnht.exec:\1bbnht.exe122⤵
-
\??\c:\jdddp.exec:\jdddp.exe123⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe124⤵
-
\??\c:\lxrxxxr.exec:\lxrxxxr.exe125⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe126⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe127⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe128⤵
-
\??\c:\7ddpp.exec:\7ddpp.exe129⤵
-
\??\c:\dppjp.exec:\dppjp.exe130⤵
-
\??\c:\xxlrxlr.exec:\xxlrxlr.exe131⤵
-
\??\c:\1rfflfr.exec:\1rfflfr.exe132⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe133⤵
-
\??\c:\htnbnt.exec:\htnbnt.exe134⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe135⤵
-
\??\c:\djpvp.exec:\djpvp.exe136⤵
-
\??\c:\9rxrllx.exec:\9rxrllx.exe137⤵
-
\??\c:\lrlrrxx.exec:\lrlrrxx.exe138⤵
-
\??\c:\ntnnhb.exec:\ntnnhb.exe139⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe140⤵
-
\??\c:\vddjv.exec:\vddjv.exe141⤵
-
\??\c:\flrrfrl.exec:\flrrfrl.exe142⤵
-
\??\c:\ffxlrxr.exec:\ffxlrxr.exe143⤵
-
\??\c:\nbhhnb.exec:\nbhhnb.exe144⤵
-
\??\c:\bthhth.exec:\bthhth.exe145⤵
-
\??\c:\3vppp.exec:\3vppp.exe146⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe147⤵
-
\??\c:\1xxxrrx.exec:\1xxxrrx.exe148⤵
-
\??\c:\rfxfxlr.exec:\rfxfxlr.exe149⤵
-
\??\c:\hnbhnh.exec:\hnbhnh.exe150⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe151⤵
-
\??\c:\1pddv.exec:\1pddv.exe152⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe153⤵
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe154⤵
-
\??\c:\lrrxlxr.exec:\lrrxlxr.exe155⤵
-
\??\c:\xxrrxlr.exec:\xxrrxlr.exe156⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe157⤵
-
\??\c:\bbtbbn.exec:\bbtbbn.exe158⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe159⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe160⤵
-
\??\c:\xrxxrxf.exec:\xrxxrxf.exe161⤵
-
\??\c:\fxxfflf.exec:\fxxfflf.exe162⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe163⤵
-
\??\c:\tthtbt.exec:\tthtbt.exe164⤵
-
\??\c:\1dppd.exec:\1dppd.exe165⤵
-
\??\c:\jvppd.exec:\jvppd.exe166⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe167⤵
-
\??\c:\fxlrrxl.exec:\fxlrrxl.exe168⤵
-
\??\c:\3bhnbb.exec:\3bhnbb.exe169⤵
-
\??\c:\btthnt.exec:\btthnt.exe170⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe171⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe172⤵
-
\??\c:\1frrfff.exec:\1frrfff.exe173⤵
-
\??\c:\lxlrrll.exec:\lxlrrll.exe174⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe175⤵
-
\??\c:\bbtbbn.exec:\bbtbbn.exe176⤵
-
\??\c:\5pdpj.exec:\5pdpj.exe177⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe178⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe179⤵
-
\??\c:\7rflflr.exec:\7rflflr.exe180⤵
-
\??\c:\9rffrrr.exec:\9rffrrr.exe181⤵
-
\??\c:\ttbnhn.exec:\ttbnhn.exe182⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe183⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe184⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe185⤵
-
\??\c:\ffxfrxx.exec:\ffxfrxx.exe186⤵
-
\??\c:\xfrrlfr.exec:\xfrrlfr.exe187⤵
-
\??\c:\3xlrxrf.exec:\3xlrxrf.exe188⤵
-
\??\c:\1hbhtb.exec:\1hbhtb.exe189⤵
-
\??\c:\1thtbh.exec:\1thtbh.exe190⤵
-
\??\c:\7dppp.exec:\7dppp.exe191⤵
-
\??\c:\3jjvj.exec:\3jjvj.exe192⤵
-
\??\c:\1rxrxfr.exec:\1rxrxfr.exe193⤵
-
\??\c:\frxfrfx.exec:\frxfrfx.exe194⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe195⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe196⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe197⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe198⤵
-
\??\c:\pvddv.exec:\pvddv.exe199⤵
-
\??\c:\lrxrrlf.exec:\lrxrrlf.exe200⤵
-
\??\c:\xxlxfrr.exec:\xxlxfrr.exe201⤵
-
\??\c:\hbbnbn.exec:\hbbnbn.exe202⤵
-
\??\c:\tthbnb.exec:\tthbnb.exe203⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe204⤵
-
\??\c:\rxfxrlr.exec:\rxfxrlr.exe205⤵
-
\??\c:\xxrlrxr.exec:\xxrlrxr.exe206⤵
-
\??\c:\xxfxllx.exec:\xxfxllx.exe207⤵
-
\??\c:\7btttt.exec:\7btttt.exe208⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe209⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe210⤵
-
\??\c:\pjppj.exec:\pjppj.exe211⤵
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe212⤵
-
\??\c:\rffflxx.exec:\rffflxx.exe213⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe214⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe215⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe216⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe217⤵
-
\??\c:\7xxlrxl.exec:\7xxlrxl.exe218⤵
-
\??\c:\rrflllr.exec:\rrflllr.exe219⤵
-
\??\c:\xxllxxf.exec:\xxllxxf.exe220⤵
-
\??\c:\xrlxxll.exec:\xrlxxll.exe221⤵
-
\??\c:\1bhhnh.exec:\1bhhnh.exe222⤵
-
\??\c:\ntnthn.exec:\ntnthn.exe223⤵
-
\??\c:\vdppj.exec:\vdppj.exe224⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe225⤵
-
\??\c:\pvddj.exec:\pvddj.exe226⤵
-
\??\c:\5lflxlf.exec:\5lflxlf.exe227⤵
-
\??\c:\lflxlxx.exec:\lflxlxx.exe228⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe229⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe230⤵
-
\??\c:\5dppd.exec:\5dppd.exe231⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe232⤵
-
\??\c:\xrlxxxf.exec:\xrlxxxf.exe233⤵
-
\??\c:\tbnttn.exec:\tbnttn.exe234⤵
-
\??\c:\7bhnnt.exec:\7bhnnt.exe235⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe236⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe237⤵
-
\??\c:\5dppp.exec:\5dppp.exe238⤵
-
\??\c:\lflrrxx.exec:\lflrrxx.exe239⤵
-
\??\c:\7lxlflf.exec:\7lxlflf.exe240⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe241⤵