Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 06:33
General
-
Target
920bd5a31fb16db574c6c96d2dc8ef10_NeikiAnalytics.exe
-
Size
965KB
-
MD5
920bd5a31fb16db574c6c96d2dc8ef10
-
SHA1
9df56953ab3ecc413b51a0ddcf207d4aa9e317d3
-
SHA256
8e2238d677a88937997e2c45d5a75a2091519bf9dad1fbb5fc020b46c8a9692b
-
SHA512
23a92169530cdc13d311f6d95c6eebaa66a042eb0090786886c3190412a37f6431cfb56fd54c884ff23a2b5cbde3920a07126eea1cd00477204a17517cb693b0
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWpZ:SgdnJVwLgdnJq9fuw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\920bd5a31fb16db574c6c96d2dc8ef10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\920bd5a31fb16db574c6c96d2dc8ef10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbhn.exec:\bnhbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppd.exec:\pdppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntn.exec:\hhnntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htttb.exec:\9htttb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllxfx.exec:\xlllxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhtt.exec:\7tbhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhn.exec:\tnhnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlrxfr.exec:\5rlrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbth.exec:\nbtbth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnbh.exec:\hnhnbh.exe17⤵
- Executes dropped EXE
-
\??\c:\9vjdp.exec:\9vjdp.exe18⤵
- Executes dropped EXE
-
\??\c:\xfrllrx.exec:\xfrllrx.exe19⤵
- Executes dropped EXE
-
\??\c:\nhhbth.exec:\nhhbth.exe20⤵
- Executes dropped EXE
-
\??\c:\5tbbht.exec:\5tbbht.exe21⤵
- Executes dropped EXE
-
\??\c:\rrflrxl.exec:\rrflrxl.exe22⤵
- Executes dropped EXE
-
\??\c:\hnhtnt.exec:\hnhtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\rxfrrlf.exec:\rxfrrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\9vjpj.exec:\9vjpj.exe25⤵
- Executes dropped EXE
-
\??\c:\lrrllfl.exec:\lrrllfl.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhnbt.exec:\hhhnbt.exe27⤵
- Executes dropped EXE
-
\??\c:\bnttnt.exec:\bnttnt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\5xllffl.exec:\5xllffl.exe30⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe31⤵
- Executes dropped EXE
-
\??\c:\rfxfllx.exec:\rfxfllx.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe33⤵
- Executes dropped EXE
-
\??\c:\bhttbb.exec:\bhttbb.exe34⤵
- Executes dropped EXE
-
\??\c:\5rflrrx.exec:\5rflrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\thbntt.exec:\thbntt.exe36⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe37⤵
- Executes dropped EXE
-
\??\c:\5fxflfl.exec:\5fxflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\jvdjv.exec:\jvdjv.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe42⤵
- Executes dropped EXE
-
\??\c:\1djpp.exec:\1djpp.exe43⤵
- Executes dropped EXE
-
\??\c:\7lflxfr.exec:\7lflxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe45⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\llxflfr.exec:\llxflfr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\ttntnn.exec:\ttntnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfllxxl.exec:\lfllxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\3hbhbn.exec:\3hbhbn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe53⤵
- Executes dropped EXE
-
\??\c:\1fxxfxf.exec:\1fxxfxf.exe54⤵
- Executes dropped EXE
-
\??\c:\3nttbt.exec:\3nttbt.exe55⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe56⤵
- Executes dropped EXE
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe57⤵
- Executes dropped EXE
-
\??\c:\3bnhtt.exec:\3bnhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\9jppj.exec:\9jppj.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe60⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\xlxlxxl.exec:\xlxlxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe66⤵
-
\??\c:\7tbthb.exec:\7tbthb.exe67⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe68⤵
-
\??\c:\9rxrrlx.exec:\9rxrrlx.exe69⤵
-
\??\c:\rfxxrxf.exec:\rfxxrxf.exe70⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe71⤵
-
\??\c:\9dppj.exec:\9dppj.exe72⤵
-
\??\c:\1lffllr.exec:\1lffllr.exe73⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe74⤵
-
\??\c:\3dvvj.exec:\3dvvj.exe75⤵
-
\??\c:\7thbnt.exec:\7thbnt.exe76⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe77⤵
-
\??\c:\fxrxfll.exec:\fxrxfll.exe78⤵
-
\??\c:\fxllffx.exec:\fxllffx.exe79⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe80⤵
-
\??\c:\dvddp.exec:\dvddp.exe81⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe82⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe83⤵
-
\??\c:\7jpvj.exec:\7jpvj.exe84⤵
-
\??\c:\1frlxrx.exec:\1frlxrx.exe85⤵
-
\??\c:\9hbbnn.exec:\9hbbnn.exe86⤵
-
\??\c:\vvppv.exec:\vvppv.exe87⤵
-
\??\c:\5ffllll.exec:\5ffllll.exe88⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe89⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe90⤵
-
\??\c:\3rllrrf.exec:\3rllrrf.exe91⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe92⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe93⤵
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe94⤵
-
\??\c:\thhbbn.exec:\thhbbn.exe95⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe96⤵
-
\??\c:\xrfxfll.exec:\xrfxfll.exe97⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe98⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe99⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe100⤵
-
\??\c:\5fxfrxx.exec:\5fxfrxx.exe101⤵
-
\??\c:\thnthh.exec:\thnthh.exe102⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe103⤵
-
\??\c:\rfxrrll.exec:\rfxrrll.exe104⤵
-
\??\c:\thhbht.exec:\thhbht.exe105⤵
-
\??\c:\dvppd.exec:\dvppd.exe106⤵
-
\??\c:\xxflrxl.exec:\xxflrxl.exe107⤵
-
\??\c:\7llfrxf.exec:\7llfrxf.exe108⤵
-
\??\c:\nbntht.exec:\nbntht.exe109⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe110⤵
-
\??\c:\9lffxxx.exec:\9lffxxx.exe111⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe112⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe113⤵
-
\??\c:\7lxxffl.exec:\7lxxffl.exe114⤵
-
\??\c:\5htbnh.exec:\5htbnh.exe115⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe116⤵
-
\??\c:\rflffff.exec:\rflffff.exe117⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe118⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe119⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe120⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe121⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe122⤵
-
\??\c:\rflffxl.exec:\rflffxl.exe123⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe124⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe125⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe126⤵
-
\??\c:\xxrrffx.exec:\xxrrffx.exe127⤵
-
\??\c:\5bnnbb.exec:\5bnnbb.exe128⤵
-
\??\c:\jvddd.exec:\jvddd.exe129⤵
-
\??\c:\rfrrlfr.exec:\rfrrlfr.exe130⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe131⤵
-
\??\c:\vpppd.exec:\vpppd.exe132⤵
-
\??\c:\rlrllrx.exec:\rlrllrx.exe133⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe134⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe135⤵
-
\??\c:\lflfrxf.exec:\lflfrxf.exe136⤵
-
\??\c:\bbhtbt.exec:\bbhtbt.exe137⤵
-
\??\c:\9jjvp.exec:\9jjvp.exe138⤵
-
\??\c:\xfxrxrf.exec:\xfxrxrf.exe139⤵
-
\??\c:\bbntht.exec:\bbntht.exe140⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe141⤵
-
\??\c:\xrffflx.exec:\xrffflx.exe142⤵
-
\??\c:\thtbnh.exec:\thtbnh.exe143⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe144⤵
-
\??\c:\1llxrlr.exec:\1llxrlr.exe145⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe146⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe147⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe148⤵
-
\??\c:\frxfrxf.exec:\frxfrxf.exe149⤵
-
\??\c:\bthnnb.exec:\bthnnb.exe150⤵
-
\??\c:\1pddj.exec:\1pddj.exe151⤵
-
\??\c:\flffrrl.exec:\flffrrl.exe152⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe153⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe154⤵
-
\??\c:\fxrxlfx.exec:\fxrxlfx.exe155⤵
-
\??\c:\htttbh.exec:\htttbh.exe156⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe157⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe158⤵
-
\??\c:\1bbbth.exec:\1bbbth.exe159⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe160⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe161⤵
-
\??\c:\xrxxxrf.exec:\xrxxxrf.exe162⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe163⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe164⤵
-
\??\c:\xxflfxf.exec:\xxflfxf.exe165⤵
-
\??\c:\1nhhbb.exec:\1nhhbb.exe166⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe167⤵
-
\??\c:\fxlfrxl.exec:\fxlfrxl.exe168⤵
-
\??\c:\9tntbb.exec:\9tntbb.exe169⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe170⤵
-
\??\c:\rxflrxx.exec:\rxflrxx.exe171⤵
-
\??\c:\ffxllll.exec:\ffxllll.exe172⤵
-
\??\c:\5btnht.exec:\5btnht.exe173⤵
-
\??\c:\pppvj.exec:\pppvj.exe174⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe175⤵
-
\??\c:\3bhnhh.exec:\3bhnhh.exe176⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe177⤵
-
\??\c:\ffrxfll.exec:\ffrxfll.exe178⤵
-
\??\c:\3hbhbb.exec:\3hbhbb.exe179⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe180⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe181⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe182⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe183⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe184⤵
-
\??\c:\xrxxfxx.exec:\xrxxfxx.exe185⤵
-
\??\c:\bbtbtn.exec:\bbtbtn.exe186⤵
-
\??\c:\1djpv.exec:\1djpv.exe187⤵
-
\??\c:\xrllrfr.exec:\xrllrfr.exe188⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe189⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe190⤵
-
\??\c:\xrflxlx.exec:\xrflxlx.exe191⤵
-
\??\c:\1bbtbh.exec:\1bbtbh.exe192⤵
-
\??\c:\dvppp.exec:\dvppp.exe193⤵
-
\??\c:\lfxflxl.exec:\lfxflxl.exe194⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe195⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe196⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe197⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe198⤵
-
\??\c:\7bhnbb.exec:\7bhnbb.exe199⤵
-
\??\c:\7thhtb.exec:\7thhtb.exe200⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe201⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe202⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe203⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe204⤵
-
\??\c:\rrxxfxf.exec:\rrxxfxf.exe205⤵
-
\??\c:\bttbbt.exec:\bttbbt.exe206⤵
-
\??\c:\vvddp.exec:\vvddp.exe207⤵
-
\??\c:\rxllflr.exec:\rxllflr.exe208⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe209⤵
-
\??\c:\3jddd.exec:\3jddd.exe210⤵
-
\??\c:\frlflfl.exec:\frlflfl.exe211⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe212⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe213⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe214⤵
-
\??\c:\xlrxfff.exec:\xlrxfff.exe215⤵
-
\??\c:\thbnbh.exec:\thbnbh.exe216⤵
-
\??\c:\dvppd.exec:\dvppd.exe217⤵
-
\??\c:\rrfxlfl.exec:\rrfxlfl.exe218⤵
-
\??\c:\5tnntb.exec:\5tnntb.exe219⤵
-
\??\c:\vpddd.exec:\vpddd.exe220⤵
-
\??\c:\3xrxxfl.exec:\3xrxxfl.exe221⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe222⤵
-
\??\c:\btttbt.exec:\btttbt.exe223⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe224⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe225⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe226⤵
-
\??\c:\pjppp.exec:\pjppp.exe227⤵
-
\??\c:\frxxlll.exec:\frxxlll.exe228⤵
-
\??\c:\hhhnbn.exec:\hhhnbn.exe229⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe230⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe231⤵
-
\??\c:\btnthb.exec:\btnthb.exe232⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe233⤵
-
\??\c:\frflxrf.exec:\frflxrf.exe234⤵
-
\??\c:\hnnnbt.exec:\hnnnbt.exe235⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe236⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe237⤵
-
\??\c:\5bnhhh.exec:\5bnhhh.exe238⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe239⤵
-
\??\c:\vjddp.exec:\vjddp.exe240⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe241⤵