Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 04:52
General
-
Target
78cce327146adf3d7ee8a87313d0e0e0_NeikiAnalytics.exe
-
Size
77KB
-
MD5
78cce327146adf3d7ee8a87313d0e0e0
-
SHA1
7c08b4dbc154ff47d71c44005ec8463baa555101
-
SHA256
f0a5087ea5d51ffce6ee6aa0e4e14166d9197958965d20c450a7a1f3dc9df172
-
SHA512
d754621aa7eae148b9fa96d2bd38761e5dcde8f32b037382b2563e2d55da2710519375db307abfd8cbc8b57e902d3067ddbe72c85885dac40bb631c4a33c34b8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcI:ymb3NkkiQ3mdBjFo68YBVIJc9JtxI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78cce327146adf3d7ee8a87313d0e0e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\78cce327146adf3d7ee8a87313d0e0e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxffr.exec:\lfrxffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddj.exec:\3dddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvdj.exec:\1jvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdj.exec:\5vjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrfxr.exec:\fxlrfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttt.exec:\nhnttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbt.exec:\hbttbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrrrlf.exec:\5xrrrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrrxl.exec:\3frrrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhtb.exec:\nnhhtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjj.exec:\pdvjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvv.exec:\vjdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffl.exec:\xrfxffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnn.exec:\hbttnn.exe17⤵
- Executes dropped EXE
-
\??\c:\thnntn.exec:\thnntn.exe18⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe19⤵
- Executes dropped EXE
-
\??\c:\rrfffrl.exec:\rrfffrl.exe20⤵
- Executes dropped EXE
-
\??\c:\fxrrffx.exec:\fxrrffx.exe21⤵
- Executes dropped EXE
-
\??\c:\1tnhtt.exec:\1tnhtt.exe22⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\9lxxlrx.exec:\9lxxlrx.exe25⤵
- Executes dropped EXE
-
\??\c:\5ffrxxx.exec:\5ffrxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\7fxxflx.exec:\7fxxflx.exe27⤵
- Executes dropped EXE
-
\??\c:\ttbtbn.exec:\ttbtbn.exe28⤵
- Executes dropped EXE
-
\??\c:\7pvjp.exec:\7pvjp.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe30⤵
- Executes dropped EXE
-
\??\c:\1hbbnn.exec:\1hbbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\hthttb.exec:\hthttb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe33⤵
- Executes dropped EXE
-
\??\c:\dppjv.exec:\dppjv.exe34⤵
- Executes dropped EXE
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\xrllrrf.exec:\xrllrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\1hhnhn.exec:\1hhnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe39⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe41⤵
- Executes dropped EXE
-
\??\c:\fxllrfx.exec:\fxllrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe44⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\llfrxrf.exec:\llfrxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\7nnnbh.exec:\7nnnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe52⤵
- Executes dropped EXE
-
\??\c:\rlfrflx.exec:\rlfrflx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhtbn.exec:\nhhtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxllrr.exec:\xxxllrr.exe57⤵
- Executes dropped EXE
-
\??\c:\xlrlrrf.exec:\xlrlrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\ffrxffr.exec:\ffrxffr.exe59⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe60⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxrrlr.exec:\rfxrrlr.exe64⤵
- Executes dropped EXE
-
\??\c:\llffllr.exec:\llffllr.exe65⤵
- Executes dropped EXE
-
\??\c:\htbhnn.exec:\htbhnn.exe66⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe67⤵
-
\??\c:\dddpv.exec:\dddpv.exe68⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe69⤵
-
\??\c:\xrxfxfl.exec:\xrxfxfl.exe70⤵
-
\??\c:\rlxfflx.exec:\rlxfflx.exe71⤵
-
\??\c:\7nbbhh.exec:\7nbbhh.exe72⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe73⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe74⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe75⤵
-
\??\c:\5xrrlrf.exec:\5xrrlrf.exe76⤵
-
\??\c:\3xrxffl.exec:\3xrxffl.exe77⤵
-
\??\c:\1bnhnt.exec:\1bnhnt.exe78⤵
-
\??\c:\1bntnn.exec:\1bntnn.exe79⤵
-
\??\c:\vpddp.exec:\vpddp.exe80⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe81⤵
-
\??\c:\xrxfffx.exec:\xrxfffx.exe82⤵
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe83⤵
-
\??\c:\5hbbhb.exec:\5hbbhb.exe84⤵
-
\??\c:\nnbhht.exec:\nnbhht.exe85⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe86⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe87⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe88⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe89⤵
-
\??\c:\bntnnb.exec:\bntnnb.exe90⤵
-
\??\c:\hnhhtn.exec:\hnhhtn.exe91⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe92⤵
-
\??\c:\pjddj.exec:\pjddj.exe93⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe94⤵
-
\??\c:\xxfllff.exec:\xxfllff.exe95⤵
-
\??\c:\frllrrx.exec:\frllrrx.exe96⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe97⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe98⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe99⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe100⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe101⤵
-
\??\c:\1lffrxf.exec:\1lffrxf.exe102⤵
-
\??\c:\lxxfllx.exec:\lxxfllx.exe103⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe104⤵
-
\??\c:\9tntnt.exec:\9tntnt.exe105⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe106⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe107⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe108⤵
-
\??\c:\3rllxfl.exec:\3rllxfl.exe109⤵
-
\??\c:\rlxfllf.exec:\rlxfllf.exe110⤵
-
\??\c:\nhhhhb.exec:\nhhhhb.exe111⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe112⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe113⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe114⤵
-
\??\c:\7djpv.exec:\7djpv.exe115⤵
-
\??\c:\lfxfflr.exec:\lfxfflr.exe116⤵
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe117⤵
-
\??\c:\frfllrx.exec:\frfllrx.exe118⤵
-
\??\c:\htttbb.exec:\htttbb.exe119⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe120⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe121⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe122⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe123⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe124⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe125⤵
-
\??\c:\1thbbh.exec:\1thbbh.exe126⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe127⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe128⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe129⤵
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe130⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe131⤵
-
\??\c:\tnntbh.exec:\tnntbh.exe132⤵
-
\??\c:\dddjj.exec:\dddjj.exe133⤵
-
\??\c:\5jjdp.exec:\5jjdp.exe134⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe135⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe136⤵
-
\??\c:\3nhhhn.exec:\3nhhhn.exe137⤵
-
\??\c:\9ththb.exec:\9ththb.exe138⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe139⤵
-
\??\c:\3vppd.exec:\3vppd.exe140⤵
-
\??\c:\rlfrxrr.exec:\rlfrxrr.exe141⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe142⤵
-
\??\c:\3rrxlrx.exec:\3rrxlrx.exe143⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe144⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe145⤵
-
\??\c:\9vpvp.exec:\9vpvp.exe146⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe147⤵
-
\??\c:\lxlrflr.exec:\lxlrflr.exe148⤵
-
\??\c:\5ffrflx.exec:\5ffrflx.exe149⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe150⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe151⤵
-
\??\c:\9vdpp.exec:\9vdpp.exe152⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe153⤵
-
\??\c:\9pddj.exec:\9pddj.exe154⤵
-
\??\c:\7xfrxxl.exec:\7xfrxxl.exe155⤵
-
\??\c:\hhntbt.exec:\hhntbt.exe156⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe157⤵
-
\??\c:\btbttt.exec:\btbttt.exe158⤵
-
\??\c:\dvppd.exec:\dvppd.exe159⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe160⤵
-
\??\c:\fxlllrf.exec:\fxlllrf.exe161⤵
-
\??\c:\3rlxffr.exec:\3rlxffr.exe162⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe163⤵
-
\??\c:\1btnnn.exec:\1btnnn.exe164⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe165⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe166⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe167⤵
-
\??\c:\9fxrlfx.exec:\9fxrlfx.exe168⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe169⤵
-
\??\c:\hbtnbn.exec:\hbtnbn.exe170⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe171⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe172⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe173⤵
-
\??\c:\1dvdp.exec:\1dvdp.exe174⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe175⤵
-
\??\c:\9xllfll.exec:\9xllfll.exe176⤵
-
\??\c:\nbthnn.exec:\nbthnn.exe177⤵
-
\??\c:\3tntht.exec:\3tntht.exe178⤵
-
\??\c:\3jddd.exec:\3jddd.exe179⤵
-
\??\c:\1jjvp.exec:\1jjvp.exe180⤵
-
\??\c:\rlflffr.exec:\rlflffr.exe181⤵
-
\??\c:\5lflxfx.exec:\5lflxfx.exe182⤵
-
\??\c:\3rlfllx.exec:\3rlfllx.exe183⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe184⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe185⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe186⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe187⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe188⤵
-
\??\c:\7lxxlrx.exec:\7lxxlrx.exe189⤵
-
\??\c:\fxrxflf.exec:\fxrxflf.exe190⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe191⤵
-
\??\c:\nhtntb.exec:\nhtntb.exe192⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe193⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe194⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe195⤵
-
\??\c:\llxlxfl.exec:\llxlxfl.exe196⤵
-
\??\c:\5hhntb.exec:\5hhntb.exe197⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe198⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe199⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe200⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe201⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe202⤵
-
\??\c:\llxflfl.exec:\llxflfl.exe203⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe204⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe205⤵
-
\??\c:\3jddj.exec:\3jddj.exe206⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe207⤵
-
\??\c:\pjddj.exec:\pjddj.exe208⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe209⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe210⤵
-
\??\c:\7tthtb.exec:\7tthtb.exe211⤵
-
\??\c:\hhtnth.exec:\hhtnth.exe212⤵
-
\??\c:\9thnnn.exec:\9thnnn.exe213⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe214⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe215⤵
-
\??\c:\9rlrrxf.exec:\9rlrrxf.exe216⤵
-
\??\c:\fxrxfff.exec:\fxrxfff.exe217⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe218⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe219⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe220⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe221⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe222⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe223⤵
-
\??\c:\rlrrllr.exec:\rlrrllr.exe224⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe225⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe226⤵
-
\??\c:\vvppj.exec:\vvppj.exe227⤵
-
\??\c:\1rrxffr.exec:\1rrxffr.exe228⤵
-
\??\c:\9rrfllx.exec:\9rrfllx.exe229⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe230⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe231⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe232⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe233⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe234⤵
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe235⤵
-
\??\c:\lxxflrx.exec:\lxxflrx.exe236⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe237⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe238⤵
-
\??\c:\vjddp.exec:\vjddp.exe239⤵
-
\??\c:\5ddjp.exec:\5ddjp.exe240⤵
-
\??\c:\lxrflrx.exec:\lxrflrx.exe241⤵