Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 07:09
General
-
Target
9c1c870639474cf17363d39533a43950_NeikiAnalytics.exe
-
Size
63KB
-
MD5
9c1c870639474cf17363d39533a43950
-
SHA1
a9823a41c1d790234411fb5308eaa5408a7186c8
-
SHA256
a4b2d6321007834182bb891802bf98fbd1fd5d9dd2155116c178ad3153aea041
-
SHA512
5613e4fde75e5ce9a3197b92213f19f54dbabd5f6ac82b66b7a584db0057a98826607f9ec3839bcf202498e9d793de2f3bfb16443ed9386b66ec3a23502eb534
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/w7:ymb3NkkiQ3mdBjFILmq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c1c870639474cf17363d39533a43950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9c1c870639474cf17363d39533a43950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxflr.exec:\fxxxflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfllx.exec:\lfrfllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnbh.exec:\hnhnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpj.exec:\1pdpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxr.exec:\xrflxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxfr.exec:\frflxfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtt.exec:\ththtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btbtt.exec:\1btbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppj.exec:\9jppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llfrxf.exec:\1llfrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfffl.exec:\lfxfffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhn.exec:\tnbbhn.exe17⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\xfllrll.exec:\xfllrll.exe19⤵
- Executes dropped EXE
-
\??\c:\7lrxrlx.exec:\7lrxrlx.exe20⤵
- Executes dropped EXE
-
\??\c:\3btbtb.exec:\3btbtb.exe21⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe22⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\5fxfxlf.exec:\5fxfxlf.exe24⤵
- Executes dropped EXE
-
\??\c:\ffrxlxl.exec:\ffrxlxl.exe25⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\hhtbtt.exec:\hhtbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe28⤵
- Executes dropped EXE
-
\??\c:\frrlxrr.exec:\frrlxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\9xrxlfr.exec:\9xrxlfr.exe30⤵
- Executes dropped EXE
-
\??\c:\9bbbbb.exec:\9bbbbb.exe31⤵
- Executes dropped EXE
-
\??\c:\3pvvp.exec:\3pvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe33⤵
- Executes dropped EXE
-
\??\c:\rlxxfrx.exec:\rlxxfrx.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxxflx.exec:\rlxxflx.exe35⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe38⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\1rllrlf.exec:\1rllrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\thnbbb.exec:\thnbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe43⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe44⤵
- Executes dropped EXE
-
\??\c:\1dppd.exec:\1dppd.exe45⤵
- Executes dropped EXE
-
\??\c:\lrfxxlf.exec:\lrfxxlf.exe46⤵
- Executes dropped EXE
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe47⤵
- Executes dropped EXE
-
\??\c:\htttnt.exec:\htttnt.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\ffxrffr.exec:\ffxrffr.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe53⤵
- Executes dropped EXE
-
\??\c:\nbbhhh.exec:\nbbhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe56⤵
- Executes dropped EXE
-
\??\c:\3xxxflx.exec:\3xxxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbbhb.exec:\tnbbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe61⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe62⤵
- Executes dropped EXE
-
\??\c:\1jvvv.exec:\1jvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\3xlrxfl.exec:\3xlrxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\rrflllr.exec:\rrflllr.exe65⤵
- Executes dropped EXE
-
\??\c:\nnntth.exec:\nnntth.exe66⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe67⤵
-
\??\c:\dvddd.exec:\dvddd.exe68⤵
-
\??\c:\vpddj.exec:\vpddj.exe69⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe70⤵
-
\??\c:\lxxlrrx.exec:\lxxlrrx.exe71⤵
-
\??\c:\flrllxr.exec:\flrllxr.exe72⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe73⤵
-
\??\c:\htbbnh.exec:\htbbnh.exe74⤵
-
\??\c:\rllrrrf.exec:\rllrrrf.exe75⤵
-
\??\c:\xrxffrx.exec:\xrxffrx.exe76⤵
-
\??\c:\9bnntt.exec:\9bnntt.exe77⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe78⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe79⤵
-
\??\c:\xlxxllx.exec:\xlxxllx.exe80⤵
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe81⤵
-
\??\c:\nhnthb.exec:\nhnthb.exe82⤵
-
\??\c:\5hhtbh.exec:\5hhtbh.exe83⤵
-
\??\c:\jjddd.exec:\jjddd.exe84⤵
-
\??\c:\dpddd.exec:\dpddd.exe85⤵
-
\??\c:\xfrlxfx.exec:\xfrlxfx.exe86⤵
-
\??\c:\xrfrllr.exec:\xrfrllr.exe87⤵
-
\??\c:\nbnnnh.exec:\nbnnnh.exe88⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe89⤵
-
\??\c:\vjppv.exec:\vjppv.exe90⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe91⤵
-
\??\c:\ffrrlrx.exec:\ffrrlrx.exe92⤵
-
\??\c:\ffxfllx.exec:\ffxfllx.exe93⤵
-
\??\c:\lflxfff.exec:\lflxfff.exe94⤵
-
\??\c:\1thnbh.exec:\1thnbh.exe95⤵
-
\??\c:\hbthht.exec:\hbthht.exe96⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe97⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe98⤵
-
\??\c:\1rrxxfl.exec:\1rrxxfl.exe99⤵
-
\??\c:\xrxlrrf.exec:\xrxlrrf.exe100⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe101⤵
-
\??\c:\9nbhhn.exec:\9nbhhn.exe102⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe103⤵
-
\??\c:\vvddp.exec:\vvddp.exe104⤵
-
\??\c:\jvppv.exec:\jvppv.exe105⤵
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe106⤵
-
\??\c:\xxlfrxl.exec:\xxlfrxl.exe107⤵
-
\??\c:\1bthhh.exec:\1bthhh.exe108⤵
-
\??\c:\7btbhh.exec:\7btbhh.exe109⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe110⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe111⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe112⤵
-
\??\c:\3lrrrrx.exec:\3lrrrrx.exe113⤵
-
\??\c:\bthnhh.exec:\bthnhh.exe114⤵
-
\??\c:\1bhhbh.exec:\1bhhbh.exe115⤵
-
\??\c:\vpppd.exec:\vpppd.exe116⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe117⤵
-
\??\c:\7lrlrlx.exec:\7lrlrlx.exe118⤵
-
\??\c:\9ffrllx.exec:\9ffrllx.exe119⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe120⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe121⤵
-
\??\c:\9nhbhh.exec:\9nhbhh.exe122⤵
-
\??\c:\7ppjp.exec:\7ppjp.exe123⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe124⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe125⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe126⤵
-
\??\c:\bthntb.exec:\bthntb.exe127⤵
-
\??\c:\jdddj.exec:\jdddj.exe128⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe129⤵
-
\??\c:\fxlffxl.exec:\fxlffxl.exe130⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe131⤵
-
\??\c:\1nhhnn.exec:\1nhhnn.exe132⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe133⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe134⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe135⤵
-
\??\c:\1lxxffx.exec:\1lxxffx.exe136⤵
-
\??\c:\5ffflrx.exec:\5ffflrx.exe137⤵
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe138⤵
-
\??\c:\7ttthh.exec:\7ttthh.exe139⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe140⤵
-
\??\c:\ppppj.exec:\ppppj.exe141⤵
-
\??\c:\pppvp.exec:\pppvp.exe142⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe143⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe144⤵
-
\??\c:\3tthnt.exec:\3tthnt.exe145⤵
-
\??\c:\bhhtht.exec:\bhhtht.exe146⤵
-
\??\c:\vpppv.exec:\vpppv.exe147⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe148⤵
-
\??\c:\5lrrrxl.exec:\5lrrrxl.exe149⤵
-
\??\c:\frxxfll.exec:\frxxfll.exe150⤵
-
\??\c:\1nnbtt.exec:\1nnbtt.exe151⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe152⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe153⤵
-
\??\c:\7pddd.exec:\7pddd.exe154⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe155⤵
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe156⤵
-
\??\c:\7llxxxl.exec:\7llxxxl.exe157⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe158⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe159⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe160⤵
-
\??\c:\dvppj.exec:\dvppj.exe161⤵
-
\??\c:\5xrfrrx.exec:\5xrfrrx.exe162⤵
-
\??\c:\1rrrfrx.exec:\1rrrfrx.exe163⤵
-
\??\c:\9bbhnt.exec:\9bbhnt.exe164⤵
-
\??\c:\9thbhn.exec:\9thbhn.exe165⤵
-
\??\c:\7dpvj.exec:\7dpvj.exe166⤵
-
\??\c:\5lxflfr.exec:\5lxflfr.exe167⤵
-
\??\c:\9xrlrxf.exec:\9xrlrxf.exe168⤵
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe169⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe170⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe171⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe172⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe173⤵
-
\??\c:\xrxflfl.exec:\xrxflfl.exe174⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe175⤵
-
\??\c:\rflxffr.exec:\rflxffr.exe176⤵
-
\??\c:\tbthnb.exec:\tbthnb.exe177⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe178⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe179⤵
-
\??\c:\frllllr.exec:\frllllr.exe180⤵
-
\??\c:\rfrrfxf.exec:\rfrrfxf.exe181⤵
-
\??\c:\7flrrrf.exec:\7flrrrf.exe182⤵
-
\??\c:\bttbhb.exec:\bttbhb.exe183⤵
-
\??\c:\hbthbb.exec:\hbthbb.exe184⤵
-
\??\c:\1jjpv.exec:\1jjpv.exe185⤵
-
\??\c:\3vppv.exec:\3vppv.exe186⤵
-
\??\c:\3lllffl.exec:\3lllffl.exe187⤵
-
\??\c:\7lflrrx.exec:\7lflrrx.exe188⤵
-
\??\c:\5bhnnn.exec:\5bhnnn.exe189⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe190⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe191⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe192⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe193⤵
-
\??\c:\1lrxflx.exec:\1lrxflx.exe194⤵
-
\??\c:\lxrfllr.exec:\lxrfllr.exe195⤵
-
\??\c:\7tbthh.exec:\7tbthh.exe196⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe197⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe198⤵
-
\??\c:\ppppp.exec:\ppppp.exe199⤵
-
\??\c:\rfxfllx.exec:\rfxfllx.exe200⤵
-
\??\c:\frfflrx.exec:\frfflrx.exe201⤵
-
\??\c:\fxfflfr.exec:\fxfflfr.exe202⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe203⤵
-
\??\c:\1bttbt.exec:\1bttbt.exe204⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe205⤵
-
\??\c:\ppddj.exec:\ppddj.exe206⤵
-
\??\c:\llxrxfl.exec:\llxrxfl.exe207⤵
-
\??\c:\xxrfllr.exec:\xxrfllr.exe208⤵
-
\??\c:\1hnntb.exec:\1hnntb.exe209⤵
-
\??\c:\9nttbh.exec:\9nttbh.exe210⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe211⤵
-
\??\c:\fffxrrf.exec:\fffxrrf.exe212⤵
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe213⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe214⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe215⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe216⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe217⤵
-
\??\c:\9ppvd.exec:\9ppvd.exe218⤵
-
\??\c:\lrllrxx.exec:\lrllrxx.exe219⤵
-
\??\c:\1lfrxfl.exec:\1lfrxfl.exe220⤵
-
\??\c:\9hntnn.exec:\9hntnn.exe221⤵
-
\??\c:\5bbhth.exec:\5bbhth.exe222⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe223⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe224⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe225⤵
-
\??\c:\5lfxrxl.exec:\5lfxrxl.exe226⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe227⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe228⤵
-
\??\c:\dppvp.exec:\dppvp.exe229⤵
-
\??\c:\dvddd.exec:\dvddd.exe230⤵
-
\??\c:\rrllrxf.exec:\rrllrxf.exe231⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe232⤵
-
\??\c:\btntth.exec:\btntth.exe233⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe234⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe235⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe236⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe237⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe238⤵
-
\??\c:\xfrxflr.exec:\xfrxflr.exe239⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe240⤵
-
\??\c:\7bthnt.exec:\7bthnt.exe241⤵