Analysis
-
max time kernel
137s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
19-05-2024 14:43
General
-
Target
d9d54aeb694edf9f71d1efc0c353da40_NeikiAnalytics.exe
-
Size
73KB
-
MD5
d9d54aeb694edf9f71d1efc0c353da40
-
SHA1
9ecfb926d2de8cfbce35ed481225f9c9757a034f
-
SHA256
0769ffd17e8714c2fbd46f9e16c424f70c8585ac81016ab619986a0697e5a7b2
-
SHA512
59ce5f940a58e82680baa1cb9841dfd8e3740798daee3b8de63faa0bd6c4a4783ad2fcf2b15be94eb36c54941d22b82650188814e97c9266ad560a48cf8f1ff8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJ/:ymb3NkkiQ3mdBjFIwsDhbN1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9d54aeb694edf9f71d1efc0c353da40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d9d54aeb694edf9f71d1efc0c353da40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlrx.exec:\rflxlrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxflx.exec:\lxxxflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrffrx.exec:\fxrffrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhttb.exec:\nnhttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtbt.exec:\tbbtbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxfx.exec:\fxlrxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrlxl.exec:\frfrlxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbnb.exec:\5bhbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbtbh.exec:\5hbtbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrfxl.exec:\flxrfxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxxf.exec:\llxrxxf.exe17⤵
- Executes dropped EXE
-
\??\c:\lxxfrrf.exec:\lxxfrrf.exe18⤵
- Executes dropped EXE
-
\??\c:\tththt.exec:\tththt.exe19⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe20⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe21⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe22⤵
- Executes dropped EXE
-
\??\c:\rrlrllx.exec:\rrlrllx.exe23⤵
- Executes dropped EXE
-
\??\c:\lffrllf.exec:\lffrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe27⤵
- Executes dropped EXE
-
\??\c:\xrfrflr.exec:\xrfrflr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfllxfr.exec:\lfllxfr.exe29⤵
- Executes dropped EXE
-
\??\c:\llflxfr.exec:\llflxfr.exe30⤵
- Executes dropped EXE
-
\??\c:\thbbnt.exec:\thbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe33⤵
- Executes dropped EXE
-
\??\c:\7ddjd.exec:\7ddjd.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlxllrf.exec:\rlxllrf.exe36⤵
- Executes dropped EXE
-
\??\c:\1lxrlrf.exec:\1lxrlrf.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnbnn.exec:\tnnbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhtth.exec:\hhhtth.exe40⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe42⤵
- Executes dropped EXE
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe43⤵
- Executes dropped EXE
-
\??\c:\7fxxfff.exec:\7fxxfff.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxlrlr.exec:\lfxlrlr.exe45⤵
- Executes dropped EXE
-
\??\c:\flxrxxl.exec:\flxrxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe49⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe50⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\xffrfxx.exec:\xffrfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\lxxxfxf.exec:\lxxxfxf.exe53⤵
- Executes dropped EXE
-
\??\c:\rllrffr.exec:\rllrffr.exe54⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\3nbthh.exec:\3nbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe57⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe59⤵
- Executes dropped EXE
-
\??\c:\7jjjj.exec:\7jjjj.exe60⤵
- Executes dropped EXE
-
\??\c:\5rxxxxx.exec:\5rxxxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\lrrlrll.exec:\lrrlrll.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxfrrr.exec:\rlxfrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\bnttbn.exec:\bnttbn.exe64⤵
- Executes dropped EXE
-
\??\c:\1bnhtb.exec:\1bnhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\3tbttt.exec:\3tbttt.exe66⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe67⤵
-
\??\c:\dddpv.exec:\dddpv.exe68⤵
-
\??\c:\lfrrlrx.exec:\lfrrlrx.exe69⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe70⤵
-
\??\c:\hnbnnn.exec:\hnbnnn.exe71⤵
-
\??\c:\nbnbhn.exec:\nbnbhn.exe72⤵
-
\??\c:\9jppv.exec:\9jppv.exe73⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe74⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe75⤵
-
\??\c:\frxxxrx.exec:\frxxxrx.exe76⤵
-
\??\c:\7lrrxxx.exec:\7lrrxxx.exe77⤵
-
\??\c:\xrlfxlf.exec:\xrlfxlf.exe78⤵
-
\??\c:\7thbhh.exec:\7thbhh.exe79⤵
-
\??\c:\1ntntt.exec:\1ntntt.exe80⤵
-
\??\c:\vpddp.exec:\vpddp.exe81⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe82⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe83⤵
-
\??\c:\3rxrxrx.exec:\3rxrxrx.exe84⤵
-
\??\c:\9xrxflf.exec:\9xrxflf.exe85⤵
-
\??\c:\frlrfxf.exec:\frlrfxf.exe86⤵
-
\??\c:\1nttbb.exec:\1nttbb.exe87⤵
-
\??\c:\9nnnnn.exec:\9nnnnn.exe88⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe89⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe90⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe91⤵
-
\??\c:\djvdv.exec:\djvdv.exe92⤵
-
\??\c:\vpddj.exec:\vpddj.exe93⤵
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe94⤵
-
\??\c:\7lfrfxx.exec:\7lfrfxx.exe95⤵
-
\??\c:\5lxxllr.exec:\5lxxllr.exe96⤵
-
\??\c:\tnntnh.exec:\tnntnh.exe97⤵
-
\??\c:\7bnhnh.exec:\7bnhnh.exe98⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe99⤵
-
\??\c:\pdppv.exec:\pdppv.exe100⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe101⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe102⤵
-
\??\c:\5frlrll.exec:\5frlrll.exe103⤵
-
\??\c:\xfrrrfx.exec:\xfrrrfx.exe104⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe105⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe106⤵
-
\??\c:\hnhttb.exec:\hnhttb.exe107⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe108⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe109⤵
-
\??\c:\vdddd.exec:\vdddd.exe110⤵
-
\??\c:\rrlffxx.exec:\rrlffxx.exe111⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe112⤵
-
\??\c:\5xflrxx.exec:\5xflrxx.exe113⤵
-
\??\c:\xffrrrf.exec:\xffrrrf.exe114⤵
-
\??\c:\thbhtn.exec:\thbhtn.exe115⤵
-
\??\c:\9hthnn.exec:\9hthnn.exe116⤵
-
\??\c:\thntbb.exec:\thntbb.exe117⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe118⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe119⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe120⤵
-
\??\c:\frxfrrl.exec:\frxfrrl.exe121⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe122⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe123⤵
-
\??\c:\3thbnh.exec:\3thbnh.exe124⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe125⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe126⤵
-
\??\c:\9rxxffl.exec:\9rxxffl.exe127⤵
-
\??\c:\5nhttt.exec:\5nhttt.exe128⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe129⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe130⤵
-
\??\c:\fxlfflr.exec:\fxlfflr.exe131⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe132⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe133⤵
-
\??\c:\5dvpv.exec:\5dvpv.exe134⤵
-
\??\c:\thnntt.exec:\thnntt.exe135⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe136⤵
-
\??\c:\pjddj.exec:\pjddj.exe137⤵
-
\??\c:\5vpvp.exec:\5vpvp.exe138⤵
-
\??\c:\lflflll.exec:\lflflll.exe139⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe140⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe141⤵
-
\??\c:\frxlrxr.exec:\frxlrxr.exe142⤵
-
\??\c:\fxlxxxr.exec:\fxlxxxr.exe143⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe144⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe145⤵
-
\??\c:\fxxfllr.exec:\fxxfllr.exe146⤵
-
\??\c:\9vpjv.exec:\9vpjv.exe147⤵
-
\??\c:\lfllxff.exec:\lfllxff.exe148⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe149⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe150⤵
-
\??\c:\frflxxl.exec:\frflxxl.exe151⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe152⤵
-
\??\c:\vjppv.exec:\vjppv.exe153⤵
-
\??\c:\9flfxrx.exec:\9flfxrx.exe154⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe155⤵
-
\??\c:\nhhthb.exec:\nhhthb.exe156⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe157⤵
-
\??\c:\1vjpp.exec:\1vjpp.exe158⤵
-
\??\c:\lllrlxf.exec:\lllrlxf.exe159⤵
-
\??\c:\9xllxrr.exec:\9xllxrr.exe160⤵
-
\??\c:\lflrfxl.exec:\lflrfxl.exe161⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe162⤵
-
\??\c:\9tnhhn.exec:\9tnhhn.exe163⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe164⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe165⤵
-
\??\c:\1xlrrrr.exec:\1xlrrrr.exe166⤵
-
\??\c:\1flfffl.exec:\1flfffl.exe167⤵
-
\??\c:\xrrfrxx.exec:\xrrfrxx.exe168⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe169⤵
-
\??\c:\5hnbbt.exec:\5hnbbt.exe170⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe171⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe172⤵
-
\??\c:\frflrrx.exec:\frflrrx.exe173⤵
-
\??\c:\5lxfrrr.exec:\5lxfrrr.exe174⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe175⤵
-
\??\c:\hnhhnn.exec:\hnhhnn.exe176⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe177⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe178⤵
-
\??\c:\9vjpd.exec:\9vjpd.exe179⤵
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe180⤵
-
\??\c:\rlllrrx.exec:\rlllrrx.exe181⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe182⤵
-
\??\c:\7hnhhb.exec:\7hnhhb.exe183⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe184⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe185⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe186⤵
-
\??\c:\9frfrxx.exec:\9frfrxx.exe187⤵
-
\??\c:\frflxrr.exec:\frflxrr.exe188⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe189⤵
-
\??\c:\tthnbt.exec:\tthnbt.exe190⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe191⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe192⤵
-
\??\c:\ffxxffx.exec:\ffxxffx.exe193⤵
-
\??\c:\xxxrffr.exec:\xxxrffr.exe194⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe195⤵
-
\??\c:\1hbthh.exec:\1hbthh.exe196⤵
-
\??\c:\1nbhtb.exec:\1nbhtb.exe197⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe198⤵
-
\??\c:\ffflxfr.exec:\ffflxfr.exe199⤵
-
\??\c:\rlxfrxl.exec:\rlxfrxl.exe200⤵
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe201⤵
-
\??\c:\nnnnbt.exec:\nnnnbt.exe202⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe203⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe204⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe205⤵
-
\??\c:\xxlrrrx.exec:\xxlrrrx.exe206⤵
-
\??\c:\7xrxfxx.exec:\7xrxfxx.exe207⤵
-
\??\c:\hhnhnh.exec:\hhnhnh.exe208⤵
-
\??\c:\5tbbhn.exec:\5tbbhn.exe209⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe210⤵
-
\??\c:\1djjp.exec:\1djjp.exe211⤵
-
\??\c:\9xrrxrf.exec:\9xrrxrf.exe212⤵
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe213⤵
-
\??\c:\9hnbnt.exec:\9hnbnt.exe214⤵
-
\??\c:\tbthbn.exec:\tbthbn.exe215⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe216⤵
-
\??\c:\dppjd.exec:\dppjd.exe217⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe218⤵
-
\??\c:\7llfffl.exec:\7llfffl.exe219⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe220⤵
-
\??\c:\5dpvj.exec:\5dpvj.exe221⤵
-
\??\c:\xlxrfrf.exec:\xlxrfrf.exe222⤵
-
\??\c:\ffrrlxf.exec:\ffrrlxf.exe223⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe224⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe225⤵
-
\??\c:\rffflff.exec:\rffflff.exe226⤵
-
\??\c:\rffxxrx.exec:\rffxxrx.exe227⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe228⤵
-
\??\c:\hbhtnh.exec:\hbhtnh.exe229⤵
-
\??\c:\1jpvj.exec:\1jpvj.exe230⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe231⤵
-
\??\c:\7llxxlx.exec:\7llxxlx.exe232⤵
-
\??\c:\1lflxxl.exec:\1lflxxl.exe233⤵
-
\??\c:\rfflxlx.exec:\rfflxlx.exe234⤵
-
\??\c:\7tbhtb.exec:\7tbhtb.exe235⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe236⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe237⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe238⤵
-
\??\c:\3rxxrfr.exec:\3rxxrfr.exe239⤵
-
\??\c:\rrfrflx.exec:\rrfrflx.exe240⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe241⤵