Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 07:10
General
-
Target
9c62d9c67ae26ef75a6c952fe78f84e0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
9c62d9c67ae26ef75a6c952fe78f84e0
-
SHA1
3c74041f850c8cdb524c9999a22a99ef16507f08
-
SHA256
d7833d30868008db1ab2c7afe0d7266abe2ca7bf0d2a0b95f3fc8b42a433c337
-
SHA512
7fa55f64361be7bfaf3ba12f77417e187e922a5c2163bb3dd07643ba92a9354aefd659a096739fe828537d7d548b6bf43a417321a833150fc9ce0c6e1eecbe0a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFv:ymb3NkkiQ3mdBjFIFv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c62d9c67ae26ef75a6c952fe78f84e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9c62d9c67ae26ef75a6c952fe78f84e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnb.exec:\hhtbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvd.exec:\pdpvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhnn.exec:\1nhhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntn.exec:\nhnntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppd.exec:\ppppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxlllx.exec:\7xxlllx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxffr.exec:\rfrxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbntn.exec:\5hbntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtht.exec:\nhhtht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdj.exec:\5pjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxx.exec:\xrflxxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxfxx.exec:\xlxxfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnb.exec:\tnhtnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpd.exec:\jpdpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrffrx.exec:\rrrffrx.exe17⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\hhnbnt.exec:\hhnbnt.exe19⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe20⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe21⤵
- Executes dropped EXE
-
\??\c:\fffrlxl.exec:\fffrlxl.exe22⤵
- Executes dropped EXE
-
\??\c:\5rrllrx.exec:\5rrllrx.exe23⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe24⤵
- Executes dropped EXE
-
\??\c:\bthnnn.exec:\bthnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\9ddjd.exec:\9ddjd.exe26⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe27⤵
- Executes dropped EXE
-
\??\c:\lxllxfr.exec:\lxllxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\9nhntt.exec:\9nhntt.exe29⤵
- Executes dropped EXE
-
\??\c:\bbbnnb.exec:\bbbnnb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xlflrxx.exec:\xlflrxx.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdpj.exec:\dpdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe36⤵
- Executes dropped EXE
-
\??\c:\1lxxlrx.exec:\1lxxlrx.exe37⤵
- Executes dropped EXE
-
\??\c:\flfffxf.exec:\flfffxf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnthnt.exec:\tnthnt.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe40⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe43⤵
- Executes dropped EXE
-
\??\c:\9fxfllr.exec:\9fxfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhhtn.exec:\nhhhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhbhn.exec:\nnhbhn.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxllrxl.exec:\lxllrxl.exe49⤵
- Executes dropped EXE
-
\??\c:\ffrfxrl.exec:\ffrfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\1htbhn.exec:\1htbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\7bbhtb.exec:\7bbhtb.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\1xrflrx.exec:\1xrflrx.exe54⤵
- Executes dropped EXE
-
\??\c:\rfxxffl.exec:\rfxxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe56⤵
- Executes dropped EXE
-
\??\c:\3nhthh.exec:\3nhthh.exe57⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe58⤵
- Executes dropped EXE
-
\??\c:\9pjpd.exec:\9pjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe60⤵
- Executes dropped EXE
-
\??\c:\lflfrrf.exec:\lflfrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\7xrflrf.exec:\7xrflrf.exe62⤵
- Executes dropped EXE
-
\??\c:\3tttbn.exec:\3tttbn.exe63⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe64⤵
- Executes dropped EXE
-
\??\c:\7dvdp.exec:\7dvdp.exe65⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe66⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe67⤵
-
\??\c:\9rllrlx.exec:\9rllrlx.exe68⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe69⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe70⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe71⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe72⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe73⤵
-
\??\c:\frlxflf.exec:\frlxflf.exe74⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe75⤵
-
\??\c:\9vpjv.exec:\9vpjv.exe76⤵
-
\??\c:\dvddp.exec:\dvddp.exe77⤵
-
\??\c:\vpddj.exec:\vpddj.exe78⤵
-
\??\c:\5llrxxf.exec:\5llrxxf.exe79⤵
-
\??\c:\nthnnb.exec:\nthnnb.exe80⤵
-
\??\c:\3nnhnh.exec:\3nnhnh.exe81⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe82⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe83⤵
-
\??\c:\7xrrxrf.exec:\7xrrxrf.exe84⤵
-
\??\c:\9rllrfl.exec:\9rllrfl.exe85⤵
-
\??\c:\rrrfxlx.exec:\rrrfxlx.exe86⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe87⤵
-
\??\c:\7hbhnn.exec:\7hbhnn.exe88⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe89⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe90⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe91⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe92⤵
-
\??\c:\5hbtht.exec:\5hbtht.exe93⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe94⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe95⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe96⤵
-
\??\c:\rflfxrx.exec:\rflfxrx.exe97⤵
-
\??\c:\ffrrfll.exec:\ffrrfll.exe98⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe99⤵
-
\??\c:\hhtbhb.exec:\hhtbhb.exe100⤵
-
\??\c:\7tthtb.exec:\7tthtb.exe101⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe102⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe103⤵
-
\??\c:\lflflll.exec:\lflflll.exe104⤵
-
\??\c:\xxrfrrx.exec:\xxrfrrx.exe105⤵
-
\??\c:\3btbhh.exec:\3btbhh.exe106⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe107⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe108⤵
-
\??\c:\9pppp.exec:\9pppp.exe109⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe110⤵
-
\??\c:\9rrrxxl.exec:\9rrrxxl.exe111⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe112⤵
-
\??\c:\hbbhnh.exec:\hbbhnh.exe113⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe114⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe115⤵
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe116⤵
-
\??\c:\xrxfffr.exec:\xrxfffr.exe117⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe118⤵
-
\??\c:\btnthh.exec:\btnthh.exe119⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe120⤵
-
\??\c:\5dpvj.exec:\5dpvj.exe121⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe122⤵
-
\??\c:\1rlrffl.exec:\1rlrffl.exe123⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe124⤵
-
\??\c:\bbnbnh.exec:\bbnbnh.exe125⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe126⤵
-
\??\c:\jdppd.exec:\jdppd.exe127⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe128⤵
-
\??\c:\flxfrrf.exec:\flxfrrf.exe129⤵
-
\??\c:\rlllfrf.exec:\rlllfrf.exe130⤵
-
\??\c:\ttntht.exec:\ttntht.exe131⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe132⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe133⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe134⤵
-
\??\c:\xxfxllr.exec:\xxfxllr.exe135⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe136⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe137⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe138⤵
-
\??\c:\hbbnnt.exec:\hbbnnt.exe139⤵
-
\??\c:\jddjv.exec:\jddjv.exe140⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe141⤵
-
\??\c:\7xrrrrx.exec:\7xrrrrx.exe142⤵
-
\??\c:\5ffrffl.exec:\5ffrffl.exe143⤵
-
\??\c:\hntbhb.exec:\hntbhb.exe144⤵
-
\??\c:\7vvjj.exec:\7vvjj.exe145⤵
-
\??\c:\fxrxxxl.exec:\fxrxxxl.exe146⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe147⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe148⤵
-
\??\c:\tntttb.exec:\tntttb.exe149⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe150⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe151⤵
-
\??\c:\5dvpj.exec:\5dvpj.exe152⤵
-
\??\c:\1fxfffl.exec:\1fxfffl.exe153⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe154⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe155⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe156⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe157⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe158⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe159⤵
-
\??\c:\frlfffr.exec:\frlfffr.exe160⤵
-
\??\c:\btbbnb.exec:\btbbnb.exe161⤵
-
\??\c:\tththt.exec:\tththt.exe162⤵
-
\??\c:\9vppd.exec:\9vppd.exe163⤵
-
\??\c:\dpppp.exec:\dpppp.exe164⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe165⤵
-
\??\c:\frxfxfl.exec:\frxfxfl.exe166⤵
-
\??\c:\5xllrxf.exec:\5xllrxf.exe167⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe168⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe169⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe170⤵
-
\??\c:\5ddjd.exec:\5ddjd.exe171⤵
-
\??\c:\jjppv.exec:\jjppv.exe172⤵
-
\??\c:\flffflr.exec:\flffflr.exe173⤵
-
\??\c:\1thnth.exec:\1thnth.exe174⤵
-
\??\c:\bbthth.exec:\bbthth.exe175⤵
-
\??\c:\1hhntb.exec:\1hhntb.exe176⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe177⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe178⤵
-
\??\c:\lxfxrlr.exec:\lxfxrlr.exe179⤵
-
\??\c:\9rxlxfx.exec:\9rxlxfx.exe180⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe181⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe182⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe183⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe184⤵
-
\??\c:\7ffxlxx.exec:\7ffxlxx.exe185⤵
-
\??\c:\lfflxxx.exec:\lfflxxx.exe186⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe187⤵
-
\??\c:\tthntt.exec:\tthntt.exe188⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe189⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe190⤵
-
\??\c:\ddppd.exec:\ddppd.exe191⤵
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe192⤵
-
\??\c:\7lllrlx.exec:\7lllrlx.exe193⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe194⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe195⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe196⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe197⤵
-
\??\c:\xrlrfll.exec:\xrlrfll.exe198⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe199⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe200⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe201⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe202⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe203⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe204⤵
-
\??\c:\7rlflfl.exec:\7rlflfl.exe205⤵
-
\??\c:\ntntbh.exec:\ntntbh.exe206⤵
-
\??\c:\3thnth.exec:\3thnth.exe207⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe208⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe209⤵
-
\??\c:\7lllrxf.exec:\7lllrxf.exe210⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe211⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe212⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe213⤵
-
\??\c:\rfllxfl.exec:\rfllxfl.exe214⤵
-
\??\c:\ffflllr.exec:\ffflllr.exe215⤵
-
\??\c:\3bnnbb.exec:\3bnnbb.exe216⤵
-
\??\c:\nnttth.exec:\nnttth.exe217⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe218⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe219⤵
-
\??\c:\xlrflff.exec:\xlrflff.exe220⤵
-
\??\c:\xrllxxr.exec:\xrllxxr.exe221⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe222⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe223⤵
-
\??\c:\nhhtbt.exec:\nhhtbt.exe224⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe225⤵
-
\??\c:\vjppj.exec:\vjppj.exe226⤵
-
\??\c:\5rfxfxr.exec:\5rfxfxr.exe227⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe228⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe229⤵
-
\??\c:\9nhnnt.exec:\9nhnnt.exe230⤵
-
\??\c:\7bhhhb.exec:\7bhhhb.exe231⤵
-
\??\c:\jddvv.exec:\jddvv.exe232⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe233⤵
-
\??\c:\1lfxxxf.exec:\1lfxxxf.exe234⤵
-
\??\c:\xxffrrr.exec:\xxffrrr.exe235⤵
-
\??\c:\5htttt.exec:\5htttt.exe236⤵
-
\??\c:\bttntn.exec:\bttntn.exe237⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe238⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe239⤵
-
\??\c:\rflxxlr.exec:\rflxxlr.exe240⤵
-
\??\c:\lxlffxl.exec:\lxlffxl.exe241⤵