Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 06:28
General
-
Target
90f1a16711de3f7c32a7fe9460d80510_NeikiAnalytics.exe
-
Size
123KB
-
MD5
90f1a16711de3f7c32a7fe9460d80510
-
SHA1
3287b0c38ad1f97413cbeb062a75e46ce4e1ca16
-
SHA256
3d4862696440eb5b6be9c377d820194295694300e81401056e2a6a309cbc38d3
-
SHA512
79b8a56ce87302c19545840d6bbd25f0a9eb3e7b816bb3af5a65fead7a1394c9a73a65dba3b0133281111769593631049b4be66af46039db20ab0059e7bd0e17
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JgY0nU7:9cm4FmowdHoS49oU7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\90f1a16711de3f7c32a7fe9460d80510_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\90f1a16711de3f7c32a7fe9460d80510_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbb.exec:\hbtnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbntt.exec:\thbntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpv.exec:\vvvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlrl.exec:\xxlxlrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtbb.exec:\nhbtbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhttt.exec:\5nhttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxff.exec:\fxlrxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttnh.exec:\9nttnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjv.exec:\3vpjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrrx.exec:\rlflrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lflrrr.exec:\7lflrrr.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\hbthbb.exec:\hbthbb.exe19⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe20⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\xffxllx.exec:\xffxllx.exe22⤵
- Executes dropped EXE
-
\??\c:\fxllxxl.exec:\fxllxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe26⤵
- Executes dropped EXE
-
\??\c:\3lfllxf.exec:\3lfllxf.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbtb.exec:\bbbbtb.exe28⤵
- Executes dropped EXE
-
\??\c:\5nnbnt.exec:\5nnbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\1vpvj.exec:\1vpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rrlrffr.exec:\rrlrffr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe34⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe35⤵
- Executes dropped EXE
-
\??\c:\3fxfrfr.exec:\3fxfrfr.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfllrr.exec:\rlfllrr.exe37⤵
- Executes dropped EXE
-
\??\c:\bnthnn.exec:\bnthnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhtbb.exec:\hhhtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\1fxrffr.exec:\1fxrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\fxflxfr.exec:\fxflxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfrffl.exec:\fxfrffl.exe44⤵
- Executes dropped EXE
-
\??\c:\bbbtbt.exec:\bbbtbt.exe45⤵
- Executes dropped EXE
-
\??\c:\9thnhh.exec:\9thnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\7xlffff.exec:\7xlffff.exe49⤵
- Executes dropped EXE
-
\??\c:\fxffffr.exec:\fxffffr.exe50⤵
- Executes dropped EXE
-
\??\c:\thtnbb.exec:\thtnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe52⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe53⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\5rrrxfr.exec:\5rrrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxfrfr.exec:\rxxfrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\1tnbth.exec:\1tnbth.exe58⤵
- Executes dropped EXE
-
\??\c:\ntbttn.exec:\ntbttn.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\1xxllrr.exec:\1xxllrr.exe61⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\3bntbb.exec:\3bntbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxllrx.exec:\lfxllrx.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe66⤵
-
\??\c:\5xfllfx.exec:\5xfllfx.exe67⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe68⤵
-
\??\c:\9vpdj.exec:\9vpdj.exe69⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe70⤵
-
\??\c:\5rfflrx.exec:\5rfflrx.exe71⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe72⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe73⤵
-
\??\c:\nbhntb.exec:\nbhntb.exe74⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe75⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe76⤵
-
\??\c:\3frlrlr.exec:\3frlrlr.exe77⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe78⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe79⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe80⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe81⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe82⤵
-
\??\c:\lrxxffr.exec:\lrxxffr.exe83⤵
-
\??\c:\nhbnnn.exec:\nhbnnn.exe84⤵
-
\??\c:\tnthth.exec:\tnthth.exe85⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe86⤵
-
\??\c:\pdppp.exec:\pdppp.exe87⤵
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe88⤵
-
\??\c:\flrrxrr.exec:\flrrxrr.exe89⤵
-
\??\c:\rlrxffl.exec:\rlrxffl.exe90⤵
-
\??\c:\btntbn.exec:\btntbn.exe91⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe92⤵
-
\??\c:\djjdd.exec:\djjdd.exe93⤵
-
\??\c:\fffrrxr.exec:\fffrrxr.exe94⤵
-
\??\c:\1rllllr.exec:\1rllllr.exe95⤵
-
\??\c:\1ththt.exec:\1ththt.exe96⤵
-
\??\c:\3ntttb.exec:\3ntttb.exe97⤵
-
\??\c:\pddjj.exec:\pddjj.exe98⤵
-
\??\c:\pjppd.exec:\pjppd.exe99⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe100⤵
-
\??\c:\fffxfff.exec:\fffxfff.exe101⤵
-
\??\c:\xffrlxr.exec:\xffrlxr.exe102⤵
-
\??\c:\hbnnth.exec:\hbnnth.exe103⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe104⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe105⤵
-
\??\c:\lffrxxl.exec:\lffrxxl.exe106⤵
-
\??\c:\llxlfxf.exec:\llxlfxf.exe107⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe108⤵
-
\??\c:\hnbbhb.exec:\hnbbhb.exe109⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe110⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe111⤵
-
\??\c:\frrllxx.exec:\frrllxx.exe112⤵
-
\??\c:\rrrfffx.exec:\rrrfffx.exe113⤵
-
\??\c:\7hnntn.exec:\7hnntn.exe114⤵
-
\??\c:\1btntt.exec:\1btntt.exe115⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe116⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe117⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe118⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe119⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe120⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe121⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe122⤵
-
\??\c:\lrxxlxf.exec:\lrxxlxf.exe123⤵
-
\??\c:\1rrlrrr.exec:\1rrlrrr.exe124⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe125⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe126⤵
-
\??\c:\7jpvv.exec:\7jpvv.exe127⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe128⤵
-
\??\c:\xlxfxrl.exec:\xlxfxrl.exe129⤵
-
\??\c:\ffxfllx.exec:\ffxfllx.exe130⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe131⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe132⤵
-
\??\c:\pdppd.exec:\pdppd.exe133⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe134⤵
-
\??\c:\1rfxfff.exec:\1rfxfff.exe135⤵
-
\??\c:\lfrxlxr.exec:\lfrxlxr.exe136⤵
-
\??\c:\5btttt.exec:\5btttt.exe137⤵
-
\??\c:\3nbbbh.exec:\3nbbbh.exe138⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe139⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe140⤵
-
\??\c:\xllrxll.exec:\xllrxll.exe141⤵
-
\??\c:\9rrrrrf.exec:\9rrrrrf.exe142⤵
-
\??\c:\5tbbhb.exec:\5tbbhb.exe143⤵
-
\??\c:\nthttn.exec:\nthttn.exe144⤵
-
\??\c:\dpddd.exec:\dpddd.exe145⤵
-
\??\c:\rlxfxff.exec:\rlxfxff.exe146⤵
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe147⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe148⤵
-
\??\c:\1nnntb.exec:\1nnntb.exe149⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe150⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe151⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe152⤵
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe153⤵
-
\??\c:\xxflxfl.exec:\xxflxfl.exe154⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe155⤵
-
\??\c:\pdppv.exec:\pdppv.exe156⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe157⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe158⤵
-
\??\c:\7flrrxr.exec:\7flrrxr.exe159⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe160⤵
-
\??\c:\thtttn.exec:\thtttn.exe161⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe162⤵
-
\??\c:\jvddv.exec:\jvddv.exe163⤵
-
\??\c:\7lfrxff.exec:\7lfrxff.exe164⤵
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe165⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe166⤵
-
\??\c:\tnttbn.exec:\tnttbn.exe167⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe168⤵
-
\??\c:\dpddj.exec:\dpddj.exe169⤵
-
\??\c:\7xllxrx.exec:\7xllxrx.exe170⤵
-
\??\c:\lrxlrll.exec:\lrxlrll.exe171⤵
-
\??\c:\7thnbb.exec:\7thnbb.exe172⤵
-
\??\c:\ttbntn.exec:\ttbntn.exe173⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe174⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe175⤵
-
\??\c:\1xxxffl.exec:\1xxxffl.exe176⤵
-
\??\c:\xrlrxff.exec:\xrlrxff.exe177⤵
-
\??\c:\bhtnnh.exec:\bhtnnh.exe178⤵
-
\??\c:\5thtbt.exec:\5thtbt.exe179⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe180⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe181⤵
-
\??\c:\1rlxfll.exec:\1rlxfll.exe182⤵
-
\??\c:\7xxrrff.exec:\7xxrrff.exe183⤵
-
\??\c:\3bhnbt.exec:\3bhnbt.exe184⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe185⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe186⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe187⤵
-
\??\c:\lxlrfxl.exec:\lxlrfxl.exe188⤵
-
\??\c:\3htnnn.exec:\3htnnn.exe189⤵
-
\??\c:\thhttb.exec:\thhttb.exe190⤵
-
\??\c:\pdppp.exec:\pdppp.exe191⤵
-
\??\c:\vjppp.exec:\vjppp.exe192⤵
-
\??\c:\xllrrff.exec:\xllrrff.exe193⤵
-
\??\c:\7flfrlx.exec:\7flfrlx.exe194⤵
-
\??\c:\bnntbb.exec:\bnntbb.exe195⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe196⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe197⤵
-
\??\c:\vjddj.exec:\vjddj.exe198⤵
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe199⤵
-
\??\c:\3xfxfrx.exec:\3xfxfrx.exe200⤵
-
\??\c:\llrrfll.exec:\llrrfll.exe201⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe202⤵
-
\??\c:\vjddd.exec:\vjddd.exe203⤵
-
\??\c:\1xrrxxr.exec:\1xrrxxr.exe204⤵
-
\??\c:\flllrlr.exec:\flllrlr.exe205⤵
-
\??\c:\xllffff.exec:\xllffff.exe206⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe207⤵
-
\??\c:\pdppp.exec:\pdppp.exe208⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe209⤵
-
\??\c:\xfrrrrl.exec:\xfrrrrl.exe210⤵
-
\??\c:\xlrllxx.exec:\xlrllxx.exe211⤵
-
\??\c:\xllrxxf.exec:\xllrxxf.exe212⤵
-
\??\c:\bbtbbb.exec:\bbtbbb.exe213⤵
-
\??\c:\pddvp.exec:\pddvp.exe214⤵
-
\??\c:\djjdv.exec:\djjdv.exe215⤵
-
\??\c:\xllxfxf.exec:\xllxfxf.exe216⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe217⤵
-
\??\c:\3thntt.exec:\3thntt.exe218⤵
-
\??\c:\tbhbbn.exec:\tbhbbn.exe219⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe220⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe221⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe222⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe223⤵
-
\??\c:\xlrrfxl.exec:\xlrrfxl.exe224⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe225⤵
-
\??\c:\bhhntb.exec:\bhhntb.exe226⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe227⤵
-
\??\c:\jdppp.exec:\jdppp.exe228⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe229⤵
-
\??\c:\rffrrrf.exec:\rffrrrf.exe230⤵
-
\??\c:\1frrfxl.exec:\1frrfxl.exe231⤵
-
\??\c:\1nntbn.exec:\1nntbn.exe232⤵
-
\??\c:\5bnttn.exec:\5bnttn.exe233⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe234⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe235⤵
-
\??\c:\7xrrlrx.exec:\7xrrlrx.exe236⤵
-
\??\c:\xrxxxrl.exec:\xrxxxrl.exe237⤵
-
\??\c:\thtttt.exec:\thtttt.exe238⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe239⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe240⤵
-
\??\c:\5ddpp.exec:\5ddpp.exe241⤵