Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 03:14
General
-
Target
605ed75d864e9beff80679b360b2fa60_NeikiAnalytics.exe
-
Size
64KB
-
MD5
605ed75d864e9beff80679b360b2fa60
-
SHA1
5eb95d6bdb3d038b062ee70238638ab36aaa1100
-
SHA256
b222d5bd53c509091f47b70e8d102c5e47a002e0c932dc1af762c5f1da57d6d4
-
SHA512
7ef8e6c5a60fcae7e05316e605fa4e1586c6ce165e77918c155ce582807faf72c5a461bd7d99dbe567ab24336624379aa0fa8eacff0749eee8e31e9b606f95d1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luv2xj:ymb3NkkiQ3mdBjF0yMlDxj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\605ed75d864e9beff80679b360b2fa60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\605ed75d864e9beff80679b360b2fa60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvp.exec:\vvpvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrfx.exec:\xxxrrfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllff.exec:\rflllff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhnh.exec:\nthhnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllrrr.exec:\rfllrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnnnt.exec:\7hnnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntjjj.exec:\hntjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjp.exec:\3vjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfffl.exec:\rlxfffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxxl.exec:\lfflxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbntt.exec:\1tbntt.exe17⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe18⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe19⤵
- Executes dropped EXE
-
\??\c:\1lrlfff.exec:\1lrlfff.exe20⤵
- Executes dropped EXE
-
\??\c:\7frfflr.exec:\7frfflr.exe21⤵
- Executes dropped EXE
-
\??\c:\7bbtbh.exec:\7bbtbh.exe22⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe23⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe24⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrffrxf.exec:\xrffrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\frffrlr.exec:\frffrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\3jvdj.exec:\3jvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe29⤵
- Executes dropped EXE
-
\??\c:\frffllx.exec:\frffllx.exe30⤵
- Executes dropped EXE
-
\??\c:\frfflll.exec:\frfflll.exe31⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxllrl.exec:\ffxllrl.exe35⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe36⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbtbt.exec:\tnbtbt.exe38⤵
- Executes dropped EXE
-
\??\c:\9ddvd.exec:\9ddvd.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxflllr.exec:\fxflllr.exe41⤵
- Executes dropped EXE
-
\??\c:\llrrxrx.exec:\llrrxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\bnnhht.exec:\bnnhht.exe43⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlxxxf.exec:\fxlxxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\lrxxxrx.exec:\lrxxxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\3hnnbh.exec:\3hnnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe50⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe51⤵
- Executes dropped EXE
-
\??\c:\9rrxxxf.exec:\9rrxxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\3frxlfl.exec:\3frxlfl.exe53⤵
- Executes dropped EXE
-
\??\c:\7htbtb.exec:\7htbtb.exe54⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe55⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe56⤵
- Executes dropped EXE
-
\??\c:\frffxrx.exec:\frffxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnbtt.exec:\hbnbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\3dvvd.exec:\3dvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe61⤵
- Executes dropped EXE
-
\??\c:\1xlrxxr.exec:\1xlrxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\llfflrx.exec:\llfflrx.exe63⤵
- Executes dropped EXE
-
\??\c:\nnbbhh.exec:\nnbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\9pjdd.exec:\9pjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe66⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe67⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe68⤵
-
\??\c:\lllfrrr.exec:\lllfrrr.exe69⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe70⤵
-
\??\c:\bbbhtn.exec:\bbbhtn.exe71⤵
-
\??\c:\1dddd.exec:\1dddd.exe72⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe73⤵
-
\??\c:\7xrrxlr.exec:\7xrrxlr.exe74⤵
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe75⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe76⤵
-
\??\c:\5thttn.exec:\5thttn.exe77⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe78⤵
-
\??\c:\9djvd.exec:\9djvd.exe79⤵
-
\??\c:\xxlxffx.exec:\xxlxffx.exe80⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe81⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe82⤵
-
\??\c:\tbnttb.exec:\tbnttb.exe83⤵
-
\??\c:\7nhthh.exec:\7nhthh.exe84⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe85⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe86⤵
-
\??\c:\rfrfxff.exec:\rfrfxff.exe87⤵
-
\??\c:\lfllffr.exec:\lfllffr.exe88⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe89⤵
-
\??\c:\btnthn.exec:\btnthn.exe90⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe91⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe92⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe93⤵
-
\??\c:\1xfxrll.exec:\1xfxrll.exe94⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe95⤵
-
\??\c:\hbnbbb.exec:\hbnbbb.exe96⤵
-
\??\c:\5nhtnn.exec:\5nhtnn.exe97⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe98⤵
-
\??\c:\dvddd.exec:\dvddd.exe99⤵
-
\??\c:\ffrrxxx.exec:\ffrrxxx.exe100⤵
-
\??\c:\frxxlrx.exec:\frxxlrx.exe101⤵
-
\??\c:\bntntt.exec:\bntntt.exe102⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe103⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe104⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe105⤵
-
\??\c:\lfrxxfr.exec:\lfrxxfr.exe106⤵
-
\??\c:\9fxrrlx.exec:\9fxrrlx.exe107⤵
-
\??\c:\1tbhtb.exec:\1tbhtb.exe108⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe109⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe110⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe111⤵
-
\??\c:\djpjd.exec:\djpjd.exe112⤵
-
\??\c:\lxrrrlx.exec:\lxrrrlx.exe113⤵
-
\??\c:\9llxllr.exec:\9llxllr.exe114⤵
-
\??\c:\3tttbt.exec:\3tttbt.exe115⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe116⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe117⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe118⤵
-
\??\c:\xxxrflr.exec:\xxxrflr.exe119⤵
-
\??\c:\rlxfflx.exec:\rlxfflx.exe120⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe121⤵
-
\??\c:\1nnbht.exec:\1nnbht.exe122⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe123⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe124⤵
-
\??\c:\1jvpp.exec:\1jvpp.exe125⤵
-
\??\c:\3fxfxfl.exec:\3fxfxfl.exe126⤵
-
\??\c:\9llxlll.exec:\9llxlll.exe127⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe128⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe129⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe130⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe131⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe132⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe133⤵
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe134⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe135⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe136⤵
-
\??\c:\vpddv.exec:\vpddv.exe137⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe138⤵
-
\??\c:\1llrxxf.exec:\1llrxxf.exe139⤵
-
\??\c:\frffllr.exec:\frffllr.exe140⤵
-
\??\c:\llfrllx.exec:\llfrllx.exe141⤵
-
\??\c:\5ntbnt.exec:\5ntbnt.exe142⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe143⤵
-
\??\c:\7ddjd.exec:\7ddjd.exe144⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe145⤵
-
\??\c:\fllxrlf.exec:\fllxrlf.exe146⤵
-
\??\c:\1lfrlxr.exec:\1lfrlxr.exe147⤵
-
\??\c:\rlfllrr.exec:\rlfllrr.exe148⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe149⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe150⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe151⤵
-
\??\c:\xrlxxlf.exec:\xrlxxlf.exe152⤵
-
\??\c:\5llrrff.exec:\5llrrff.exe153⤵
-
\??\c:\bhhtnt.exec:\bhhtnt.exe154⤵
-
\??\c:\thtbtt.exec:\thtbtt.exe155⤵
-
\??\c:\5pvjd.exec:\5pvjd.exe156⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe157⤵
-
\??\c:\5rrrflr.exec:\5rrrflr.exe158⤵
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe159⤵
-
\??\c:\llrxfrf.exec:\llrxfrf.exe160⤵
-
\??\c:\ttthtb.exec:\ttthtb.exe161⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe162⤵
-
\??\c:\3vppd.exec:\3vppd.exe163⤵
-
\??\c:\djpvp.exec:\djpvp.exe164⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe165⤵
-
\??\c:\llrffrl.exec:\llrffrl.exe166⤵
-
\??\c:\flflffx.exec:\flflffx.exe167⤵
-
\??\c:\btnttb.exec:\btnttb.exe168⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe169⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe170⤵
-
\??\c:\vpddp.exec:\vpddp.exe171⤵
-
\??\c:\xrflrfl.exec:\xrflrfl.exe172⤵
-
\??\c:\rrlrllx.exec:\rrlrllx.exe173⤵
-
\??\c:\llrfrxf.exec:\llrfrxf.exe174⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe175⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe176⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe177⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe178⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe179⤵
-
\??\c:\xrfxxfr.exec:\xrfxxfr.exe180⤵
-
\??\c:\xrxfxlr.exec:\xrxfxlr.exe181⤵
-
\??\c:\9rfrflr.exec:\9rfrflr.exe182⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe183⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe184⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe185⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe186⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe187⤵
-
\??\c:\9rlrxfx.exec:\9rlrxfx.exe188⤵
-
\??\c:\1rrrxlr.exec:\1rrrxlr.exe189⤵
-
\??\c:\fxxlxfl.exec:\fxxlxfl.exe190⤵
-
\??\c:\hbbhnh.exec:\hbbhnh.exe191⤵
-
\??\c:\7hbhtb.exec:\7hbhtb.exe192⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe193⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe194⤵
-
\??\c:\3ffllrf.exec:\3ffllrf.exe195⤵
-
\??\c:\1rffrxf.exec:\1rffrxf.exe196⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe197⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe198⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe199⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe200⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe201⤵
-
\??\c:\lfffllf.exec:\lfffllf.exe202⤵
-
\??\c:\lfrflrr.exec:\lfrflrr.exe203⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe204⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe205⤵
-
\??\c:\5jpvj.exec:\5jpvj.exe206⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe207⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe208⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe209⤵
-
\??\c:\llffxfl.exec:\llffxfl.exe210⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe211⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe212⤵
-
\??\c:\9nhthn.exec:\9nhthn.exe213⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe214⤵
-
\??\c:\djjjd.exec:\djjjd.exe215⤵
-
\??\c:\frfrrfr.exec:\frfrrfr.exe216⤵
-
\??\c:\rrrfrrr.exec:\rrrfrrr.exe217⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe218⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe219⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe220⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe221⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe222⤵
-
\??\c:\3llxllx.exec:\3llxllx.exe223⤵
-
\??\c:\frxrflr.exec:\frxrflr.exe224⤵
-
\??\c:\9btbbt.exec:\9btbbt.exe225⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe226⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe227⤵
-
\??\c:\djjjd.exec:\djjjd.exe228⤵
-
\??\c:\5lrfrxf.exec:\5lrfrxf.exe229⤵
-
\??\c:\7hhbnn.exec:\7hhbnn.exe230⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe231⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe232⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe233⤵
-
\??\c:\3lxxflr.exec:\3lxxflr.exe234⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe235⤵
-
\??\c:\rrrlrfx.exec:\rrrlrfx.exe236⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe237⤵
-
\??\c:\7tntbb.exec:\7tntbb.exe238⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe239⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe240⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe241⤵