Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 08:06
General
-
Target
a848ade49df16065fdc7f41db62260c0_NeikiAnalytics.exe
-
Size
114KB
-
MD5
a848ade49df16065fdc7f41db62260c0
-
SHA1
c1718d17cd5392f977b5ffcd7976830679faafbb
-
SHA256
98c7e46ed1bfff2700e17c43348a5b1baee22117f0415e82570d4a14d0711821
-
SHA512
175f2b5a090ce65cb41872a8f445aed5ccf68844e41d0c9ba00efa56984534d7c1052c91be1f63dae6ba5a7385fa66951b6f3c0ec768dc78524048433441391c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0Nj:ymb3NkkiQ3mdBjFo73HUoMsAbrg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a848ade49df16065fdc7f41db62260c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a848ade49df16065fdc7f41db62260c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxfrf.exec:\5rxxfrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfrxxl.exec:\9rfrxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhn.exec:\btbhhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbh.exec:\nhbnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhnt.exec:\3bnhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frflrf.exec:\9frflrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntb.exec:\tttntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvjj.exec:\1pvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbh.exec:\btttbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllfl.exec:\xrrllfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrflrx.exec:\5xrflrx.exe17⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe18⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfflrl.exec:\xrfflrl.exe20⤵
- Executes dropped EXE
-
\??\c:\nhbhnb.exec:\nhbhnb.exe21⤵
- Executes dropped EXE
-
\??\c:\htnttt.exec:\htnttt.exe22⤵
- Executes dropped EXE
-
\??\c:\3ppdp.exec:\3ppdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe24⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbnth.exec:\tnbnth.exe26⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrxllr.exec:\lfrxllr.exe28⤵
- Executes dropped EXE
-
\??\c:\1bthnb.exec:\1bthnb.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\rrfrlll.exec:\rrfrlll.exe32⤵
- Executes dropped EXE
-
\??\c:\1nhnht.exec:\1nhnht.exe33⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjjvd.exec:\jjjvd.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\fxllrxx.exec:\fxllrxx.exe37⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\9tnnhh.exec:\9tnnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe41⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe42⤵
- Executes dropped EXE
-
\??\c:\fflrffr.exec:\fflrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\thbnnt.exec:\thbnnt.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\rlfxffl.exec:\rlfxffl.exe49⤵
- Executes dropped EXE
-
\??\c:\llxfrrx.exec:\llxfrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnntn.exec:\ttnntn.exe51⤵
- Executes dropped EXE
-
\??\c:\nntbhh.exec:\nntbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe54⤵
- Executes dropped EXE
-
\??\c:\xffllxx.exec:\xffllxx.exe55⤵
- Executes dropped EXE
-
\??\c:\xlflxfl.exec:\xlflxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\hbthbn.exec:\hbthbn.exe57⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe62⤵
- Executes dropped EXE
-
\??\c:\9nbhhh.exec:\9nbhhh.exe63⤵
- Executes dropped EXE
-
\??\c:\7bnhnn.exec:\7bnhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\1pjpd.exec:\1pjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe66⤵
- Executes dropped EXE
-
\??\c:\fxllxxr.exec:\fxllxxr.exe67⤵
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe68⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe69⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe70⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe71⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe72⤵
-
\??\c:\xlrrflx.exec:\xlrrflx.exe73⤵
-
\??\c:\xlflxxf.exec:\xlflxxf.exe74⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe75⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe76⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe77⤵
-
\??\c:\jdddd.exec:\jdddd.exe78⤵
-
\??\c:\fxrrrxf.exec:\fxrrrxf.exe79⤵
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe80⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe81⤵
-
\??\c:\bnhbnn.exec:\bnhbnn.exe82⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe83⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe84⤵
-
\??\c:\frxflfl.exec:\frxflfl.exe85⤵
-
\??\c:\9frllll.exec:\9frllll.exe86⤵
-
\??\c:\9tnbhn.exec:\9tnbhn.exe87⤵
-
\??\c:\bntntn.exec:\bntntn.exe88⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe89⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe90⤵
-
\??\c:\9xllxxf.exec:\9xllxxf.exe91⤵
-
\??\c:\fxllrfl.exec:\fxllrfl.exe92⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe93⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe94⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe95⤵
-
\??\c:\rlxffff.exec:\rlxffff.exe96⤵
-
\??\c:\7rllxfl.exec:\7rllxfl.exe97⤵
-
\??\c:\9bbtbh.exec:\9bbtbh.exe98⤵
-
\??\c:\tntbhb.exec:\tntbhb.exe99⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe100⤵
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe101⤵
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe102⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe103⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe104⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe105⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe106⤵
-
\??\c:\frfxxrx.exec:\frfxxrx.exe107⤵
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe108⤵
-
\??\c:\5httnn.exec:\5httnn.exe109⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe110⤵
-
\??\c:\dvppj.exec:\dvppj.exe111⤵
-
\??\c:\1xlxrrx.exec:\1xlxrrx.exe112⤵
-
\??\c:\nntbht.exec:\nntbht.exe113⤵
-
\??\c:\htbhnt.exec:\htbhnt.exe114⤵
-
\??\c:\jddvp.exec:\jddvp.exe115⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe116⤵
-
\??\c:\llfrfrr.exec:\llfrfrr.exe117⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe118⤵
-
\??\c:\9hbtnn.exec:\9hbtnn.exe119⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe120⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe121⤵
-
\??\c:\llflrrf.exec:\llflrrf.exe122⤵
-
\??\c:\xrlrrlr.exec:\xrlrrlr.exe123⤵
-
\??\c:\5tbntn.exec:\5tbntn.exe124⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe125⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe126⤵
-
\??\c:\9pddv.exec:\9pddv.exe127⤵
-
\??\c:\7fflxfr.exec:\7fflxfr.exe128⤵
-
\??\c:\rlffrlr.exec:\rlffrlr.exe129⤵
-
\??\c:\ththnh.exec:\ththnh.exe130⤵
-
\??\c:\9nntbh.exec:\9nntbh.exe131⤵
-
\??\c:\9vjvd.exec:\9vjvd.exe132⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe133⤵
-
\??\c:\xlllflf.exec:\xlllflf.exe134⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe135⤵
-
\??\c:\1thhhh.exec:\1thhhh.exe136⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe137⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe138⤵
-
\??\c:\5dddd.exec:\5dddd.exe139⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe140⤵
-
\??\c:\rfrrflr.exec:\rfrrflr.exe141⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe142⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe143⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe144⤵
-
\??\c:\lfllrrf.exec:\lfllrrf.exe145⤵
-
\??\c:\3rfrxff.exec:\3rfrxff.exe146⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe147⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe148⤵
-
\??\c:\pddvv.exec:\pddvv.exe149⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe150⤵
-
\??\c:\3lflrxl.exec:\3lflrxl.exe151⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe152⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe153⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe154⤵
-
\??\c:\vjddv.exec:\vjddv.exe155⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe156⤵
-
\??\c:\djjpd.exec:\djjpd.exe157⤵
-
\??\c:\xxfxrrf.exec:\xxfxrrf.exe158⤵
-
\??\c:\9xxrflr.exec:\9xxrflr.exe159⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe160⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe161⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe162⤵
-
\??\c:\7xlffll.exec:\7xlffll.exe163⤵
-
\??\c:\rffxxrr.exec:\rffxxrr.exe164⤵
-
\??\c:\xlrrxfl.exec:\xlrrxfl.exe165⤵
-
\??\c:\1htthb.exec:\1htthb.exe166⤵
-
\??\c:\nbntbh.exec:\nbntbh.exe167⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe168⤵
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe169⤵
-
\??\c:\lflfrlr.exec:\lflfrlr.exe170⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe171⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe172⤵
-
\??\c:\7bnnnh.exec:\7bnnnh.exe173⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe174⤵
-
\??\c:\3rffffr.exec:\3rffffr.exe175⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe176⤵
-
\??\c:\3hnhhn.exec:\3hnhhn.exe177⤵
-
\??\c:\pjppv.exec:\pjppv.exe178⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe179⤵
-
\??\c:\xlrlrlx.exec:\xlrlrlx.exe180⤵
-
\??\c:\xxrrlrx.exec:\xxrrlrx.exe181⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe182⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe183⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe184⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe185⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe186⤵
-
\??\c:\xrfrxrf.exec:\xrfrxrf.exe187⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe188⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe189⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe190⤵
-
\??\c:\3pddp.exec:\3pddp.exe191⤵
-
\??\c:\frllxxf.exec:\frllxxf.exe192⤵
-
\??\c:\9hbnbn.exec:\9hbnbn.exe193⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe194⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe195⤵
-
\??\c:\fxxxxfl.exec:\fxxxxfl.exe196⤵
-
\??\c:\xrlxflx.exec:\xrlxflx.exe197⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe198⤵
-
\??\c:\bntbtt.exec:\bntbtt.exe199⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe200⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe201⤵
-
\??\c:\1rrxffl.exec:\1rrxffl.exe202⤵
-
\??\c:\frflrxf.exec:\frflrxf.exe203⤵
-
\??\c:\7thbnn.exec:\7thbnn.exe204⤵
-
\??\c:\3nhnbn.exec:\3nhnbn.exe205⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe206⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe207⤵
-
\??\c:\5fxfrlr.exec:\5fxfrlr.exe208⤵
-
\??\c:\3lxfflx.exec:\3lxfflx.exe209⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe210⤵
-
\??\c:\3htttt.exec:\3htttt.exe211⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe212⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe213⤵
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe214⤵
-
\??\c:\9frrxrf.exec:\9frrxrf.exe215⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe216⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe217⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe218⤵
-
\??\c:\ffxfllr.exec:\ffxfllr.exe219⤵
-
\??\c:\9xxxrxx.exec:\9xxxrxx.exe220⤵
-
\??\c:\7thtth.exec:\7thtth.exe221⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe222⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe223⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe224⤵
-
\??\c:\fxlfrlr.exec:\fxlfrlr.exe225⤵
-
\??\c:\7frrxrf.exec:\7frrxrf.exe226⤵
-
\??\c:\hhnthh.exec:\hhnthh.exe227⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe228⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe229⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe230⤵
-
\??\c:\rfrxxfl.exec:\rfrxxfl.exe231⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe232⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe233⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe234⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe235⤵
-
\??\c:\7ddpv.exec:\7ddpv.exe236⤵
-
\??\c:\fflxxfx.exec:\fflxxfx.exe237⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe238⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe239⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe240⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe241⤵