Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 07:17
General
-
Target
9e406eca242d3fb52fc1742291ce6af0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
9e406eca242d3fb52fc1742291ce6af0
-
SHA1
2ee94824eaa219888275e2ac962884c79b2101bc
-
SHA256
1f85db2b769b1577051d156e6fe0c8b13b48f32ebc980dfbdf1f643d1db1d7d9
-
SHA512
97e1261f12730b9095e8d813411888f3d2701ba482e8753170941114a78655f5f74198754bfc09baa790558a90a2f71c8d762ec712ed0941b4ceb14a80a6d328
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5Q:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e406eca242d3fb52fc1742291ce6af0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9e406eca242d3fb52fc1742291ce6af0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllflx.exec:\5rllflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvd.exec:\jvdvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlxl.exec:\ffrrlxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfllx.exec:\lxlfllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbt.exec:\hhbhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrfrf.exec:\lflrfrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxlfr.exec:\xflxlfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhtb.exec:\nnbhtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjv.exec:\1vpjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfrr.exec:\rxlxfrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbnt.exec:\hhbbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbb.exec:\nbnbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdd.exec:\vvpdd.exe17⤵
- Executes dropped EXE
-
\??\c:\lrrffff.exec:\lrrffff.exe18⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe19⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe20⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe22⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe23⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe26⤵
- Executes dropped EXE
-
\??\c:\nbnnhb.exec:\nbnnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe28⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe29⤵
- Executes dropped EXE
-
\??\c:\lxflxfr.exec:\lxflxfr.exe30⤵
- Executes dropped EXE
-
\??\c:\xlrrfxx.exec:\xlrrfxx.exe31⤵
- Executes dropped EXE
-
\??\c:\btbbht.exec:\btbbht.exe32⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe33⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe34⤵
- Executes dropped EXE
-
\??\c:\rflflfr.exec:\rflflfr.exe35⤵
- Executes dropped EXE
-
\??\c:\bhhnbb.exec:\bhhnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe39⤵
- Executes dropped EXE
-
\??\c:\1xxflxl.exec:\1xxflxl.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxfrxx.exec:\xlxfrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\nnttht.exec:\nnttht.exe42⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe43⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe44⤵
- Executes dropped EXE
-
\??\c:\flfffxx.exec:\flfffxx.exe45⤵
- Executes dropped EXE
-
\??\c:\tthhbt.exec:\tthhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe47⤵
- Executes dropped EXE
-
\??\c:\xlrxffr.exec:\xlrxffr.exe48⤵
- Executes dropped EXE
-
\??\c:\9rxfllr.exec:\9rxfllr.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe50⤵
- Executes dropped EXE
-
\??\c:\3btthn.exec:\3btthn.exe51⤵
- Executes dropped EXE
-
\??\c:\9vvdd.exec:\9vvdd.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrflxr.exec:\rrrflxr.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe54⤵
- Executes dropped EXE
-
\??\c:\lxlrffl.exec:\lxlrffl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhtbtt.exec:\hhtbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe57⤵
- Executes dropped EXE
-
\??\c:\7jvpp.exec:\7jvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\7rflxxf.exec:\7rflxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\bbthbh.exec:\bbthbh.exe60⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlxfxl.exec:\xrlxfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\3xxfrfr.exec:\3xxfrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe65⤵
- Executes dropped EXE
-
\??\c:\1btnhn.exec:\1btnhn.exe66⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe67⤵
-
\??\c:\flfrfff.exec:\flfrfff.exe68⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe69⤵
-
\??\c:\thtthh.exec:\thtthh.exe70⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe71⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe72⤵
-
\??\c:\frfrrxf.exec:\frfrrxf.exe73⤵
-
\??\c:\xfrlrll.exec:\xfrlrll.exe74⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe75⤵
-
\??\c:\hnntth.exec:\hnntth.exe76⤵
-
\??\c:\jddpj.exec:\jddpj.exe77⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe78⤵
-
\??\c:\9lrrxxl.exec:\9lrrxxl.exe79⤵
-
\??\c:\rrrfxrl.exec:\rrrfxrl.exe80⤵
-
\??\c:\5nbhnn.exec:\5nbhnn.exe81⤵
-
\??\c:\hnbnnh.exec:\hnbnnh.exe82⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe83⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe84⤵
-
\??\c:\xrflrlr.exec:\xrflrlr.exe85⤵
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe86⤵
-
\??\c:\5hbntb.exec:\5hbntb.exe87⤵
-
\??\c:\9nbnhh.exec:\9nbnhh.exe88⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe89⤵
-
\??\c:\xfrllff.exec:\xfrllff.exe90⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe91⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe92⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe93⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe94⤵
-
\??\c:\1jdjj.exec:\1jdjj.exe95⤵
-
\??\c:\3ffrlxl.exec:\3ffrlxl.exe96⤵
-
\??\c:\lfrfllx.exec:\lfrfllx.exe97⤵
-
\??\c:\1btbtb.exec:\1btbtb.exe98⤵
-
\??\c:\hhbntn.exec:\hhbntn.exe99⤵
-
\??\c:\dvppd.exec:\dvppd.exe100⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe101⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe102⤵
-
\??\c:\rrlfllf.exec:\rrlfllf.exe103⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe104⤵
-
\??\c:\thhhnh.exec:\thhhnh.exe105⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe106⤵
-
\??\c:\ppddp.exec:\ppddp.exe107⤵
-
\??\c:\rrlfxfr.exec:\rrlfxfr.exe108⤵
-
\??\c:\ffffrrf.exec:\ffffrrf.exe109⤵
-
\??\c:\7xrlxlr.exec:\7xrlxlr.exe110⤵
-
\??\c:\9bbnhn.exec:\9bbnhn.exe111⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe112⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe113⤵
-
\??\c:\5vvjv.exec:\5vvjv.exe114⤵
-
\??\c:\llfxxrl.exec:\llfxxrl.exe115⤵
-
\??\c:\rxflllx.exec:\rxflllx.exe116⤵
-
\??\c:\rrxffrl.exec:\rrxffrl.exe117⤵
-
\??\c:\tntthn.exec:\tntthn.exe118⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe119⤵
-
\??\c:\5pvjj.exec:\5pvjj.exe120⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe121⤵
-
\??\c:\xlfllxl.exec:\xlfllxl.exe122⤵
-
\??\c:\xxrllll.exec:\xxrllll.exe123⤵
-
\??\c:\9bnbnt.exec:\9bnbnt.exe124⤵
-
\??\c:\1hhbhb.exec:\1hhbhb.exe125⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe126⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe127⤵
-
\??\c:\rrlxflx.exec:\rrlxflx.exe128⤵
-
\??\c:\xrlrlxf.exec:\xrlrlxf.exe129⤵
-
\??\c:\nnhbbn.exec:\nnhbbn.exe130⤵
-
\??\c:\dddjp.exec:\dddjp.exe131⤵
-
\??\c:\1dpdj.exec:\1dpdj.exe132⤵
-
\??\c:\pppdv.exec:\pppdv.exe133⤵
-
\??\c:\ffrxlrl.exec:\ffrxlrl.exe134⤵
-
\??\c:\xrflfrf.exec:\xrflfrf.exe135⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe136⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe137⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe138⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe139⤵
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe140⤵
-
\??\c:\lfrlrxl.exec:\lfrlrxl.exe141⤵
-
\??\c:\btbhbn.exec:\btbhbn.exe142⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe143⤵
-
\??\c:\vdppj.exec:\vdppj.exe144⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe145⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe146⤵
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe147⤵
-
\??\c:\xflllff.exec:\xflllff.exe148⤵
-
\??\c:\7nbbbb.exec:\7nbbbb.exe149⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe150⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe151⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe152⤵
-
\??\c:\xrflfrf.exec:\xrflfrf.exe153⤵
-
\??\c:\rlxlrfr.exec:\rlxlrfr.exe154⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe155⤵
-
\??\c:\bnhtth.exec:\bnhtth.exe156⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe157⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe158⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe159⤵
-
\??\c:\rfllrfl.exec:\rfllrfl.exe160⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe161⤵
-
\??\c:\nnhttn.exec:\nnhttn.exe162⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe163⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe164⤵
-
\??\c:\7fxxxxf.exec:\7fxxxxf.exe165⤵
-
\??\c:\7frxlxr.exec:\7frxlxr.exe166⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe167⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe168⤵
-
\??\c:\frxllfx.exec:\frxllfx.exe169⤵
-
\??\c:\tthhth.exec:\tthhth.exe170⤵
-
\??\c:\dddjp.exec:\dddjp.exe171⤵
-
\??\c:\rflrlxl.exec:\rflrlxl.exe172⤵
-
\??\c:\rlrfrxf.exec:\rlrfrxf.exe173⤵
-
\??\c:\htttbn.exec:\htttbn.exe174⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe175⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe176⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe177⤵
-
\??\c:\fxlxffr.exec:\fxlxffr.exe178⤵
-
\??\c:\7lflrxf.exec:\7lflrxf.exe179⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe180⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe181⤵
-
\??\c:\9dppv.exec:\9dppv.exe182⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe183⤵
-
\??\c:\9xllxxf.exec:\9xllxxf.exe184⤵
-
\??\c:\lrlflxf.exec:\lrlflxf.exe185⤵
-
\??\c:\bttbhb.exec:\bttbhb.exe186⤵
-
\??\c:\3hbhbn.exec:\3hbhbn.exe187⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe188⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe189⤵
-
\??\c:\rrlxlxr.exec:\rrlxlxr.exe190⤵
-
\??\c:\7fxrlxr.exec:\7fxrlxr.exe191⤵
-
\??\c:\tbhbhh.exec:\tbhbhh.exe192⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe193⤵
-
\??\c:\djpvp.exec:\djpvp.exe194⤵
-
\??\c:\xrrxfrl.exec:\xrrxfrl.exe195⤵
-
\??\c:\rxfflxr.exec:\rxfflxr.exe196⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe197⤵
-
\??\c:\7ntnbh.exec:\7ntnbh.exe198⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe199⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe200⤵
-
\??\c:\9lflrrf.exec:\9lflrrf.exe201⤵
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe202⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe203⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe204⤵
-
\??\c:\7hhnbn.exec:\7hhnbn.exe205⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe206⤵
-
\??\c:\9vdjv.exec:\9vdjv.exe207⤵
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe208⤵
-
\??\c:\frxffxr.exec:\frxffxr.exe209⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe210⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe211⤵
-
\??\c:\tnthtb.exec:\tnthtb.exe212⤵
-
\??\c:\dddpp.exec:\dddpp.exe213⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe214⤵
-
\??\c:\9rfrlxl.exec:\9rfrlxl.exe215⤵
-
\??\c:\9xlxxfx.exec:\9xlxxfx.exe216⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe217⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe218⤵
-
\??\c:\jddjv.exec:\jddjv.exe219⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe220⤵
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe221⤵
-
\??\c:\rfrrrff.exec:\rfrrrff.exe222⤵
-
\??\c:\btntbb.exec:\btntbb.exe223⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe224⤵
-
\??\c:\btbntb.exec:\btbntb.exe225⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe226⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe227⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe228⤵
-
\??\c:\rlrlxfl.exec:\rlrlxfl.exe229⤵
-
\??\c:\9tnbth.exec:\9tnbth.exe230⤵
-
\??\c:\nbttht.exec:\nbttht.exe231⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe232⤵
-
\??\c:\pppjv.exec:\pppjv.exe233⤵
-
\??\c:\xlxxlrr.exec:\xlxxlrr.exe234⤵
-
\??\c:\llrllrl.exec:\llrllrl.exe235⤵
-
\??\c:\hthttt.exec:\hthttt.exe236⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe237⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe238⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe239⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe240⤵
-
\??\c:\7lrlflf.exec:\7lrlflf.exe241⤵