Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 04:19
General
-
Target
712d44a283a5b97e816d1d989a79e340_NeikiAnalytics.exe
-
Size
68KB
-
MD5
712d44a283a5b97e816d1d989a79e340
-
SHA1
374b7d0815ffd301b6032b34930331f97c2f9647
-
SHA256
6c79532d140d71388a5e4deea089b4a82605e7cc3b180af938dfe4e0125e06c9
-
SHA512
470c5662f5fca7c990cb932f21ccbf6a21c1c857ba932d23da05da2d59c7b2527896b67a6a950f20f4cd08a54f9ccf88f9d4519ac1496d54b986c1eebbdb6ec1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbLj:ymb3NkkiQ3mdBjFIfvTfCD+HG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\712d44a283a5b97e816d1d989a79e340_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\712d44a283a5b97e816d1d989a79e340_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbhn.exec:\7hbbhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntt.exec:\tntntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflfl.exec:\rlxflfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnh.exec:\bthhnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbtbn.exec:\1tbtbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxfxlr.exec:\9xxfxlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrflxf.exec:\3rrflxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntht.exec:\tnntht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vppd.exec:\1vppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxxlrf.exec:\7fxxlrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfrr.exec:\lfxxfrr.exe17⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe18⤵
- Executes dropped EXE
-
\??\c:\7jpjp.exec:\7jpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe20⤵
- Executes dropped EXE
-
\??\c:\rlxxflr.exec:\rlxxflr.exe21⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe22⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlflxrf.exec:\rlflxrf.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe27⤵
- Executes dropped EXE
-
\??\c:\9jvvd.exec:\9jvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe29⤵
- Executes dropped EXE
-
\??\c:\thbhtb.exec:\thbhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\1nhnnn.exec:\1nhnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe32⤵
- Executes dropped EXE
-
\??\c:\3jdjj.exec:\3jdjj.exe33⤵
- Executes dropped EXE
-
\??\c:\1rrxffr.exec:\1rrxffr.exe34⤵
- Executes dropped EXE
-
\??\c:\1nhtbb.exec:\1nhtbb.exe35⤵
- Executes dropped EXE
-
\??\c:\7hhhtt.exec:\7hhhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe38⤵
- Executes dropped EXE
-
\??\c:\llxfllx.exec:\llxfllx.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfllfr.exec:\rlfllfr.exe40⤵
- Executes dropped EXE
-
\??\c:\thttbn.exec:\thttbn.exe41⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\5vjvj.exec:\5vjvj.exe43⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe44⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\lllrrfl.exec:\lllrrfl.exe46⤵
- Executes dropped EXE
-
\??\c:\5bnnnn.exec:\5bnnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\9ntbtb.exec:\9ntbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\1vvpv.exec:\1vvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\ffrfflx.exec:\ffrfflx.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrflfl.exec:\fxrflfl.exe53⤵
- Executes dropped EXE
-
\??\c:\9thtbh.exec:\9thtbh.exe54⤵
- Executes dropped EXE
-
\??\c:\thtttb.exec:\thtttb.exe55⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe56⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\rlffxfr.exec:\rlffxfr.exe58⤵
- Executes dropped EXE
-
\??\c:\frllrxl.exec:\frllrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\5tnthn.exec:\5tnthn.exe60⤵
- Executes dropped EXE
-
\??\c:\bnhnnt.exec:\bnhnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\1pjjp.exec:\1pjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\9vjdp.exec:\9vjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\3lxfllr.exec:\3lxfllr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlfllr.exec:\xrlfllr.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe66⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe67⤵
-
\??\c:\xlffrrx.exec:\xlffrrx.exe68⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe69⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe70⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe71⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe72⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe73⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe74⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe75⤵
-
\??\c:\rlxxxfl.exec:\rlxxxfl.exe76⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe77⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe78⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe79⤵
-
\??\c:\3djdj.exec:\3djdj.exe80⤵
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe81⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe82⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe83⤵
-
\??\c:\nnnthb.exec:\nnnthb.exe84⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe85⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe86⤵
-
\??\c:\1frxxff.exec:\1frxxff.exe87⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe88⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe89⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe90⤵
-
\??\c:\bttttn.exec:\bttttn.exe91⤵
-
\??\c:\jdddj.exec:\jdddj.exe92⤵
-
\??\c:\vjppv.exec:\vjppv.exe93⤵
-
\??\c:\lllrfrf.exec:\lllrfrf.exe94⤵
-
\??\c:\llxxlfr.exec:\llxxlfr.exe95⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe96⤵
-
\??\c:\ttthth.exec:\ttthth.exe97⤵
-
\??\c:\1pddj.exec:\1pddj.exe98⤵
-
\??\c:\1jjvv.exec:\1jjvv.exe99⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe100⤵
-
\??\c:\lfllrxx.exec:\lfllrxx.exe101⤵
-
\??\c:\lflrrxf.exec:\lflrrxf.exe102⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe103⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe104⤵
-
\??\c:\3jpdd.exec:\3jpdd.exe105⤵
-
\??\c:\rfflrll.exec:\rfflrll.exe106⤵
-
\??\c:\fxllrll.exec:\fxllrll.exe107⤵
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe108⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe109⤵
-
\??\c:\dpddv.exec:\dpddv.exe110⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe111⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe112⤵
-
\??\c:\rlxllrf.exec:\rlxllrf.exe113⤵
-
\??\c:\1hbbnh.exec:\1hbbnh.exe114⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe115⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe116⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe117⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe118⤵
-
\??\c:\9xxxfxf.exec:\9xxxfxf.exe119⤵
-
\??\c:\rfrxxlr.exec:\rfrxxlr.exe120⤵
-
\??\c:\9thnnn.exec:\9thnnn.exe121⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe122⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe123⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe124⤵
-
\??\c:\1xrlrlr.exec:\1xrlrlr.exe125⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe126⤵
-
\??\c:\ffrrlll.exec:\ffrrlll.exe127⤵
-
\??\c:\5hhhhn.exec:\5hhhhn.exe128⤵
-
\??\c:\5htbnn.exec:\5htbnn.exe129⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe130⤵
-
\??\c:\5vpvp.exec:\5vpvp.exe131⤵
-
\??\c:\5lflxxf.exec:\5lflxxf.exe132⤵
-
\??\c:\lfxlrxr.exec:\lfxlrxr.exe133⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe134⤵
-
\??\c:\hbnttb.exec:\hbnttb.exe135⤵
-
\??\c:\1pddd.exec:\1pddd.exe136⤵
-
\??\c:\1pddj.exec:\1pddj.exe137⤵
-
\??\c:\rlxffff.exec:\rlxffff.exe138⤵
-
\??\c:\1xxlxxf.exec:\1xxlxxf.exe139⤵
-
\??\c:\7hbhnh.exec:\7hbhnh.exe140⤵
-
\??\c:\9hthtb.exec:\9hthtb.exe141⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe142⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe143⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe144⤵
-
\??\c:\rflrllr.exec:\rflrllr.exe145⤵
-
\??\c:\xlxfflx.exec:\xlxfflx.exe146⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe147⤵
-
\??\c:\thnbbb.exec:\thnbbb.exe148⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe149⤵
-
\??\c:\1vpvv.exec:\1vpvv.exe150⤵
-
\??\c:\fxffxrf.exec:\fxffxrf.exe151⤵
-
\??\c:\flrfxfx.exec:\flrfxfx.exe152⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe153⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe154⤵
-
\??\c:\vpddj.exec:\vpddj.exe155⤵
-
\??\c:\3jvvv.exec:\3jvvv.exe156⤵
-
\??\c:\1lfxllr.exec:\1lfxllr.exe157⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe158⤵
-
\??\c:\thntbh.exec:\thntbh.exe159⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe160⤵
-
\??\c:\ppddp.exec:\ppddp.exe161⤵
-
\??\c:\1dvdd.exec:\1dvdd.exe162⤵
-
\??\c:\lxlllrx.exec:\lxlllrx.exe163⤵
-
\??\c:\llxllrx.exec:\llxllrx.exe164⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe165⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe166⤵
-
\??\c:\1dddd.exec:\1dddd.exe167⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe168⤵
-
\??\c:\jdppv.exec:\jdppv.exe169⤵
-
\??\c:\lxffrxl.exec:\lxffrxl.exe170⤵
-
\??\c:\rffxxxf.exec:\rffxxxf.exe171⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe172⤵
-
\??\c:\btttbn.exec:\btttbn.exe173⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe174⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe175⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe176⤵
-
\??\c:\3rlxffr.exec:\3rlxffr.exe177⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe178⤵
-
\??\c:\htbttt.exec:\htbttt.exe179⤵
-
\??\c:\hbntht.exec:\hbntht.exe180⤵
-
\??\c:\vjppp.exec:\vjppp.exe181⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe182⤵
-
\??\c:\1frllrf.exec:\1frllrf.exe183⤵
-
\??\c:\3fxlxxx.exec:\3fxlxxx.exe184⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe185⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe186⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe187⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe188⤵
-
\??\c:\dvppv.exec:\dvppv.exe189⤵
-
\??\c:\lfflxxr.exec:\lfflxxr.exe190⤵
-
\??\c:\frxfllr.exec:\frxfllr.exe191⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe192⤵
-
\??\c:\7nnntt.exec:\7nnntt.exe193⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe194⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe195⤵
-
\??\c:\rlfxlxf.exec:\rlfxlxf.exe196⤵
-
\??\c:\fxrffff.exec:\fxrffff.exe197⤵
-
\??\c:\nbhnbh.exec:\nbhnbh.exe198⤵
-
\??\c:\3btttt.exec:\3btttt.exe199⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe200⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe201⤵
-
\??\c:\7vppd.exec:\7vppd.exe202⤵
-
\??\c:\xlxfrlx.exec:\xlxfrlx.exe203⤵
-
\??\c:\xrfxllr.exec:\xrfxllr.exe204⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe205⤵
-
\??\c:\5hnhnn.exec:\5hnhnn.exe206⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe207⤵
-
\??\c:\3dpjj.exec:\3dpjj.exe208⤵
-
\??\c:\9lxxlxf.exec:\9lxxlxf.exe209⤵
-
\??\c:\5rrflll.exec:\5rrflll.exe210⤵
-
\??\c:\htntbt.exec:\htntbt.exe211⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe212⤵
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe213⤵
-
\??\c:\rlxflfl.exec:\rlxflfl.exe214⤵
-
\??\c:\1lllrxr.exec:\1lllrxr.exe215⤵
-
\??\c:\9hhntt.exec:\9hhntt.exe216⤵
-
\??\c:\pjppd.exec:\pjppd.exe217⤵
-
\??\c:\3djpv.exec:\3djpv.exe218⤵
-
\??\c:\xrxflrl.exec:\xrxflrl.exe219⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe220⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe221⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe222⤵
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe223⤵
-
\??\c:\rlflxxf.exec:\rlflxxf.exe224⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe225⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe226⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe227⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe228⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe229⤵
-
\??\c:\frfffff.exec:\frfffff.exe230⤵
-
\??\c:\rlflrrl.exec:\rlflrrl.exe231⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe232⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe233⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe234⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe235⤵
-
\??\c:\xlxxllx.exec:\xlxxllx.exe236⤵
-
\??\c:\1rrrxrx.exec:\1rrrxrx.exe237⤵
-
\??\c:\thnbhn.exec:\thnbhn.exe238⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe239⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe240⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe241⤵