Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 14:11
General
-
Target
d337b7e036a7071d1b2c8aff039f54d0_NeikiAnalytics.exe
-
Size
372KB
-
MD5
d337b7e036a7071d1b2c8aff039f54d0
-
SHA1
27cf33225a48b7d0987568c5625fe41c35082057
-
SHA256
f4aed443666b24ed01fe22fc1b7dc8590082fc6e2e7f7335c58aeeeec35f9c31
-
SHA512
a8858ef73d7d6a16365b47649bc36c1941b9807ceb79ba21cf83f3001aab0d06e38a7d196c4c44124ccb665bb3ab0476263de2f925c1c32c580b849204df2008
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMP:n3C9uYA7i3/stR9HGYyvtTxTKMQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d337b7e036a7071d1b2c8aff039f54d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d337b7e036a7071d1b2c8aff039f54d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhtt.exec:\bnhhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrll.exec:\fxflrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhnh.exec:\9hbhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfrfrx.exec:\7rfrfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbbb.exec:\1hbbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxfxf.exec:\flxxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxfl.exec:\rrfxxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxxrx.exec:\rflxxrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbhb.exec:\tnbbhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddd.exec:\1pddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flrxfl.exec:\7flrxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhtt.exec:\9thhtt.exe17⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe18⤵
- Executes dropped EXE
-
\??\c:\ffrrxrx.exec:\ffrrxrx.exe19⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\1rllrlx.exec:\1rllrlx.exe21⤵
- Executes dropped EXE
-
\??\c:\5hbntb.exec:\5hbntb.exe22⤵
- Executes dropped EXE
-
\??\c:\7lxrxfr.exec:\7lxrxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\hhnttb.exec:\hhnttb.exe24⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe25⤵
- Executes dropped EXE
-
\??\c:\flxrrrx.exec:\flxrrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\xxlfrfx.exec:\xxlfrfx.exe28⤵
- Executes dropped EXE
-
\??\c:\1tbbbb.exec:\1tbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xffrlrf.exec:\xffrlrf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe32⤵
- Executes dropped EXE
-
\??\c:\7rflllx.exec:\7rflllx.exe33⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\3jpvv.exec:\3jpvv.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe36⤵
- Executes dropped EXE
-
\??\c:\7xrxxxf.exec:\7xrxxxf.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe39⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe40⤵
- Executes dropped EXE
-
\??\c:\7xllrrx.exec:\7xllrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnbhh.exec:\hbnbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\1pdjj.exec:\1pdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\lflllfl.exec:\lflllfl.exe45⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\3jjpd.exec:\3jjpd.exe48⤵
- Executes dropped EXE
-
\??\c:\llxfllr.exec:\llxfllr.exe49⤵
- Executes dropped EXE
-
\??\c:\9lflxfl.exec:\9lflxfl.exe50⤵
- Executes dropped EXE
-
\??\c:\1nttnn.exec:\1nttnn.exe51⤵
- Executes dropped EXE
-
\??\c:\tntnnt.exec:\tntnnt.exe52⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrlllr.exec:\lfrlllr.exe54⤵
- Executes dropped EXE
-
\??\c:\tththn.exec:\tththn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe58⤵
- Executes dropped EXE
-
\??\c:\7fllrfl.exec:\7fllrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe61⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe62⤵
- Executes dropped EXE
-
\??\c:\9xrxxxf.exec:\9xrxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\1nbtbb.exec:\1nbtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhnt.exec:\nhhhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe66⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe67⤵
-
\??\c:\lfrxfll.exec:\lfrxfll.exe68⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe69⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe70⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe71⤵
-
\??\c:\lrfxfxr.exec:\lrfxfxr.exe72⤵
-
\??\c:\5frffrl.exec:\5frffrl.exe73⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe74⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe75⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe76⤵
-
\??\c:\xlflrrx.exec:\xlflrrx.exe77⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe78⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe79⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe80⤵
-
\??\c:\frfflfl.exec:\frfflfl.exe81⤵
-
\??\c:\9bhnbt.exec:\9bhnbt.exe82⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe83⤵
-
\??\c:\ppddj.exec:\ppddj.exe84⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe85⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe86⤵
-
\??\c:\7htttt.exec:\7htttt.exe87⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe88⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe89⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe90⤵
-
\??\c:\7lfxxrx.exec:\7lfxxrx.exe91⤵
-
\??\c:\3nnttb.exec:\3nnttb.exe92⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe93⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe94⤵
-
\??\c:\9lxxxxx.exec:\9lxxxxx.exe95⤵
-
\??\c:\7rfxxrr.exec:\7rfxxrr.exe96⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe97⤵
-
\??\c:\pjddv.exec:\pjddv.exe98⤵
-
\??\c:\pdppd.exec:\pdppd.exe99⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe100⤵
-
\??\c:\1bbbbb.exec:\1bbbbb.exe101⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe102⤵
-
\??\c:\dvddj.exec:\dvddj.exe103⤵
-
\??\c:\rfxllll.exec:\rfxllll.exe104⤵
-
\??\c:\frxxfxx.exec:\frxxfxx.exe105⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe106⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe107⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe108⤵
-
\??\c:\5llxxxx.exec:\5llxxxx.exe109⤵
-
\??\c:\7flffll.exec:\7flffll.exe110⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe111⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe112⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe113⤵
-
\??\c:\frxxrrx.exec:\frxxrrx.exe114⤵
-
\??\c:\9lrfxrr.exec:\9lrfxrr.exe115⤵
-
\??\c:\7bnttt.exec:\7bnttt.exe116⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe117⤵
-
\??\c:\jvppv.exec:\jvppv.exe118⤵
-
\??\c:\ffrfllx.exec:\ffrfllx.exe119⤵
-
\??\c:\rfxxfff.exec:\rfxxfff.exe120⤵
-
\??\c:\thtntn.exec:\thtntn.exe121⤵
-
\??\c:\ddppv.exec:\ddppv.exe122⤵
-
\??\c:\7pddj.exec:\7pddj.exe123⤵
-
\??\c:\7lrlfxr.exec:\7lrlfxr.exe124⤵
-
\??\c:\lflrxrx.exec:\lflrxrx.exe125⤵
-
\??\c:\thntth.exec:\thntth.exe126⤵
-
\??\c:\pjddj.exec:\pjddj.exe127⤵
-
\??\c:\pdddj.exec:\pdddj.exe128⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe129⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe130⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe131⤵
-
\??\c:\3vdpp.exec:\3vdpp.exe132⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe133⤵
-
\??\c:\lxfflfr.exec:\lxfflfr.exe134⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe135⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe136⤵
-
\??\c:\vpddd.exec:\vpddd.exe137⤵
-
\??\c:\5llrxfl.exec:\5llrxfl.exe138⤵
-
\??\c:\rflrrxf.exec:\rflrrxf.exe139⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe140⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe141⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe142⤵
-
\??\c:\5dvpv.exec:\5dvpv.exe143⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe144⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe145⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe146⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe147⤵
-
\??\c:\fxxxxff.exec:\fxxxxff.exe148⤵
-
\??\c:\bbbhtt.exec:\bbbhtt.exe149⤵
-
\??\c:\1bbhnh.exec:\1bbhnh.exe150⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe151⤵
-
\??\c:\9lxfflr.exec:\9lxfflr.exe152⤵
-
\??\c:\xffflfl.exec:\xffflfl.exe153⤵
-
\??\c:\nhbhnb.exec:\nhbhnb.exe154⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe155⤵
-
\??\c:\5djdv.exec:\5djdv.exe156⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe157⤵
-
\??\c:\7hntbh.exec:\7hntbh.exe158⤵
-
\??\c:\hhhnbb.exec:\hhhnbb.exe159⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe160⤵
-
\??\c:\lflflrr.exec:\lflflrr.exe161⤵
-
\??\c:\1fflxfl.exec:\1fflxfl.exe162⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe163⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe164⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe165⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe166⤵
-
\??\c:\7rrrxxl.exec:\7rrrxxl.exe167⤵
-
\??\c:\3nhbhb.exec:\3nhbhb.exe168⤵
-
\??\c:\5ddjj.exec:\5ddjj.exe169⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe170⤵
-
\??\c:\fxllxlf.exec:\fxllxlf.exe171⤵
-
\??\c:\5bnhhh.exec:\5bnhhh.exe172⤵
-
\??\c:\9btbhn.exec:\9btbhn.exe173⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe174⤵
-
\??\c:\rrffxfl.exec:\rrffxfl.exe175⤵
-
\??\c:\5rrrxfr.exec:\5rrrxfr.exe176⤵
-
\??\c:\bnhthh.exec:\bnhthh.exe177⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe178⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe179⤵
-
\??\c:\9xrffxx.exec:\9xrffxx.exe180⤵
-
\??\c:\xllrxxf.exec:\xllrxxf.exe181⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe182⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe183⤵
-
\??\c:\jdppp.exec:\jdppp.exe184⤵
-
\??\c:\xlfxffl.exec:\xlfxffl.exe185⤵
-
\??\c:\3bbttt.exec:\3bbttt.exe186⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe187⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe188⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe189⤵
-
\??\c:\rllxlxr.exec:\rllxlxr.exe190⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe191⤵
-
\??\c:\hthntb.exec:\hthntb.exe192⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe193⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe194⤵
-
\??\c:\rrlrfxf.exec:\rrlrfxf.exe195⤵
-
\??\c:\5htnhb.exec:\5htnhb.exe196⤵
-
\??\c:\3thnnn.exec:\3thnnn.exe197⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe198⤵
-
\??\c:\lflxxrx.exec:\lflxxrx.exe199⤵
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe200⤵
-
\??\c:\1bbhhh.exec:\1bbhhh.exe201⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe202⤵
-
\??\c:\dvppv.exec:\dvppv.exe203⤵
-
\??\c:\1lxllfx.exec:\1lxllfx.exe204⤵
-
\??\c:\rlfflff.exec:\rlfflff.exe205⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe206⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe207⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe208⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe209⤵
-
\??\c:\ntnthb.exec:\ntnthb.exe210⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe211⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe212⤵
-
\??\c:\rrfffrr.exec:\rrfffrr.exe213⤵
-
\??\c:\rlrffxl.exec:\rlrffxl.exe214⤵
-
\??\c:\9bnhhh.exec:\9bnhhh.exe215⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe216⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe217⤵
-
\??\c:\lxrxllx.exec:\lxrxllx.exe218⤵
-
\??\c:\7rfffff.exec:\7rfffff.exe219⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe220⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe221⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe222⤵
-
\??\c:\frllrxl.exec:\frllrxl.exe223⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe224⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe225⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe226⤵
-
\??\c:\1dddd.exec:\1dddd.exe227⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe228⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe229⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe230⤵
-
\??\c:\vjppp.exec:\vjppp.exe231⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe232⤵
-
\??\c:\3lxlllr.exec:\3lxlllr.exe233⤵
-
\??\c:\9btbhb.exec:\9btbhb.exe234⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe235⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe236⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe237⤵
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe238⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe239⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe240⤵
-
\??\c:\9xxlrff.exec:\9xxlrff.exe241⤵