Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 05:10
General
-
Target
7dd0dfa2fcbc69ad809dbe32eb241d30_NeikiAnalytics.exe
-
Size
123KB
-
MD5
7dd0dfa2fcbc69ad809dbe32eb241d30
-
SHA1
d2057c28033132affc3c0aa7e65fdf87fc5829af
-
SHA256
7f16a68b48f475df7dfb0895bd619664fecc8f00c602437a5acaeb665c9e3170
-
SHA512
29746d782618dd92aa5a1426da5d7345db66e922add26bce530a6c8f0d21d9c44f3d10a47a594e35b956f43e5a44b9648614d2d4f87e813fe94237152770319c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90If9yo:n3C9BRW0j/uVEZFmIf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7dd0dfa2fcbc69ad809dbe32eb241d30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7dd0dfa2fcbc69ad809dbe32eb241d30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfllr.exec:\xxlfllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhtb.exec:\hbbhtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfflll.exec:\lxfflll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxllr.exec:\xrxxllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dddj.exec:\5dddj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdv.exec:\djpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxfr.exec:\llffxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpj.exec:\pjdpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrfflx.exec:\7xrfflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhnt.exec:\hbhhnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe17⤵
- Executes dropped EXE
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe19⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe20⤵
- Executes dropped EXE
-
\??\c:\7pdpd.exec:\7pdpd.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe22⤵
- Executes dropped EXE
-
\??\c:\xlflxxl.exec:\xlflxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\bbnbtt.exec:\bbnbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\3jppv.exec:\3jppv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhtbn.exec:\tnhtbn.exe27⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe29⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe31⤵
- Executes dropped EXE
-
\??\c:\tthtbh.exec:\tthtbh.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxlrfx.exec:\ffxlrfx.exe34⤵
- Executes dropped EXE
-
\??\c:\3rllxxl.exec:\3rllxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\7llxflx.exec:\7llxflx.exe36⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\ttbbnt.exec:\ttbbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\5hntbb.exec:\5hntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\1frxlrf.exec:\1frxlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\1lfxflr.exec:\1lfxflr.exe47⤵
- Executes dropped EXE
-
\??\c:\3nthht.exec:\3nthht.exe48⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe49⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\3fffrrf.exec:\3fffrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\3htnnh.exec:\3htnnh.exe53⤵
- Executes dropped EXE
-
\??\c:\9htbnn.exec:\9htbnn.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\3dvdj.exec:\3dvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\9xrxrfr.exec:\9xrxrfr.exe58⤵
- Executes dropped EXE
-
\??\c:\1thhtt.exec:\1thhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe60⤵
- Executes dropped EXE
-
\??\c:\7pjpv.exec:\7pjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe62⤵
- Executes dropped EXE
-
\??\c:\1fffxrf.exec:\1fffxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\5rlrlrx.exec:\5rlrlrx.exe64⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbhbb.exec:\tnbhbb.exe66⤵
-
\??\c:\jjppd.exec:\jjppd.exe67⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe68⤵
-
\??\c:\1fxrxrx.exec:\1fxrxrx.exe69⤵
-
\??\c:\xllrflr.exec:\xllrflr.exe70⤵
-
\??\c:\tntntt.exec:\tntntt.exe71⤵
-
\??\c:\9htbbb.exec:\9htbbb.exe72⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe73⤵
-
\??\c:\jdppd.exec:\jdppd.exe74⤵
-
\??\c:\1fxfllr.exec:\1fxfllr.exe75⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe76⤵
-
\??\c:\7bhnhh.exec:\7bhnhh.exe77⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe78⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe79⤵
-
\??\c:\1rllrxx.exec:\1rllrxx.exe80⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe81⤵
-
\??\c:\tthhtn.exec:\tthhtn.exe82⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe83⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe84⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe85⤵
-
\??\c:\7fxfxrf.exec:\7fxfxrf.exe86⤵
-
\??\c:\rlxrlfr.exec:\rlxrlfr.exe87⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe88⤵
-
\??\c:\7hnnbb.exec:\7hnnbb.exe89⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe90⤵
-
\??\c:\dvddp.exec:\dvddp.exe91⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe92⤵
-
\??\c:\xlrrxfr.exec:\xlrrxfr.exe93⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe94⤵
-
\??\c:\3btbnh.exec:\3btbnh.exe95⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe96⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe97⤵
-
\??\c:\lfflrrx.exec:\lfflrrx.exe98⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe99⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe100⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe101⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe102⤵
-
\??\c:\9dvdd.exec:\9dvdd.exe103⤵
-
\??\c:\lrxlflx.exec:\lrxlflx.exe104⤵
-
\??\c:\7lrrflr.exec:\7lrrflr.exe105⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe106⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe107⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe108⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe109⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe110⤵
-
\??\c:\lxffrxf.exec:\lxffrxf.exe111⤵
-
\??\c:\ntbhnn.exec:\ntbhnn.exe112⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe113⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe114⤵
-
\??\c:\vjddd.exec:\vjddd.exe115⤵
-
\??\c:\9xrfrrr.exec:\9xrfrrr.exe116⤵
-
\??\c:\9lxxllr.exec:\9lxxllr.exe117⤵
-
\??\c:\htbhnh.exec:\htbhnh.exe118⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe119⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe120⤵
-
\??\c:\5rrxflr.exec:\5rrxflr.exe121⤵
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe122⤵
-
\??\c:\7thtth.exec:\7thtth.exe123⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe124⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe125⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe126⤵
-
\??\c:\1lxfrrl.exec:\1lxfrrl.exe127⤵
-
\??\c:\lfxflxl.exec:\lfxflxl.exe128⤵
-
\??\c:\tntntt.exec:\tntntt.exe129⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe130⤵
-
\??\c:\3jpjp.exec:\3jpjp.exe131⤵
-
\??\c:\lxfxllr.exec:\lxfxllr.exe132⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe133⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe134⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe135⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe136⤵
-
\??\c:\vpddp.exec:\vpddp.exe137⤵
-
\??\c:\3xrfxxx.exec:\3xrfxxx.exe138⤵
-
\??\c:\1fxxfxl.exec:\1fxxfxl.exe139⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe140⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe141⤵
-
\??\c:\5pdjp.exec:\5pdjp.exe142⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe143⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe144⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe145⤵
-
\??\c:\7ththb.exec:\7ththb.exe146⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe147⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe148⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe149⤵
-
\??\c:\1xfllrf.exec:\1xfllrf.exe150⤵
-
\??\c:\thhttn.exec:\thhttn.exe151⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe152⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe153⤵
-
\??\c:\9djjp.exec:\9djjp.exe154⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe155⤵
-
\??\c:\fxlrxxr.exec:\fxlrxxr.exe156⤵
-
\??\c:\9btttt.exec:\9btttt.exe157⤵
-
\??\c:\nbhnnn.exec:\nbhnnn.exe158⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe159⤵
-
\??\c:\3djjv.exec:\3djjv.exe160⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe161⤵
-
\??\c:\5lxfllx.exec:\5lxfllx.exe162⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe163⤵
-
\??\c:\7bbbbb.exec:\7bbbbb.exe164⤵
-
\??\c:\vpddj.exec:\vpddj.exe165⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe166⤵
-
\??\c:\xlfflll.exec:\xlfflll.exe167⤵
-
\??\c:\rfrrfxf.exec:\rfrrfxf.exe168⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe169⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe170⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe171⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe172⤵
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe173⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe174⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe175⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe176⤵
-
\??\c:\7jvjd.exec:\7jvjd.exe177⤵
-
\??\c:\1lrllfr.exec:\1lrllfr.exe178⤵
-
\??\c:\frxrffl.exec:\frxrffl.exe179⤵
-
\??\c:\5thhtb.exec:\5thhtb.exe180⤵
-
\??\c:\3bnthn.exec:\3bnthn.exe181⤵
-
\??\c:\3ddjv.exec:\3ddjv.exe182⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe183⤵
-
\??\c:\rlrrrll.exec:\rlrrrll.exe184⤵
-
\??\c:\3llrxxf.exec:\3llrxxf.exe185⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe186⤵
-
\??\c:\5htttt.exec:\5htttt.exe187⤵
-
\??\c:\pjddp.exec:\pjddp.exe188⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe189⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe190⤵
-
\??\c:\xrllxfl.exec:\xrllxfl.exe191⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe192⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe193⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe194⤵
-
\??\c:\xrffrxx.exec:\xrffrxx.exe195⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe196⤵
-
\??\c:\3thhtb.exec:\3thhtb.exe197⤵
-
\??\c:\5tntbt.exec:\5tntbt.exe198⤵
-
\??\c:\rlllxrf.exec:\rlllxrf.exe199⤵
-
\??\c:\lxfllll.exec:\lxfllll.exe200⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe201⤵
-
\??\c:\nntnbn.exec:\nntnbn.exe202⤵
-
\??\c:\vjppv.exec:\vjppv.exe203⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe204⤵
-
\??\c:\9fffffl.exec:\9fffffl.exe205⤵
-
\??\c:\rflfrxf.exec:\rflfrxf.exe206⤵
-
\??\c:\nnbbnh.exec:\nnbbnh.exe207⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe208⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe209⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe210⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe211⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe212⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe213⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe214⤵
-
\??\c:\pdppd.exec:\pdppd.exe215⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe216⤵
-
\??\c:\3frxxxf.exec:\3frxxxf.exe217⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe218⤵
-
\??\c:\5hnhnh.exec:\5hnhnh.exe219⤵
-
\??\c:\3hbnht.exec:\3hbnht.exe220⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe221⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe222⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe223⤵
-
\??\c:\xrxfrlx.exec:\xrxfrlx.exe224⤵
-
\??\c:\3htnbh.exec:\3htnbh.exe225⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe226⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe227⤵
-
\??\c:\7vpdj.exec:\7vpdj.exe228⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe229⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe230⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe231⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe232⤵
-
\??\c:\5jdpv.exec:\5jdpv.exe233⤵
-
\??\c:\lflrlrr.exec:\lflrlrr.exe234⤵
-
\??\c:\ffxflrl.exec:\ffxflrl.exe235⤵
-
\??\c:\9xxflrf.exec:\9xxflrf.exe236⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe237⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe238⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe239⤵
-
\??\c:\5dpvv.exec:\5dpvv.exe240⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe241⤵