Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 14:24
General
-
Target
d61f08af2d97ebbe050d232a48b53000_NeikiAnalytics.exe
-
Size
122KB
-
MD5
d61f08af2d97ebbe050d232a48b53000
-
SHA1
a94b5e063b2c5d312c3df62f0a581719c0749c7c
-
SHA256
4a915a222cf3bb2201e3cd7402cde4d6e7dd2fc6ac9647fba22115c7b3d472d9
-
SHA512
58ab0d686255321083b75a2c1d96fde81cec88189445ad9472eb579fe0edae903cc0b3c367511f8e7c44ad5c476ab4439970fa2f71918dec65e5046ea47251d2
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLSULrCimBaH8UH30w07:n3C9BRo/AIuunSppaH8m3DM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d61f08af2d97ebbe050d232a48b53000_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d61f08af2d97ebbe050d232a48b53000_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbnn.exec:\bbbbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxll.exec:\rlxlxll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddj.exec:\pvddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxlrx.exec:\xfxxlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtt.exec:\tnbbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvd.exec:\5vpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppd.exec:\jvppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bthbn.exec:\1bthbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbn.exec:\nnnhbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddjp.exec:\9ddjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxfr.exec:\fxxlxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttbhh.exec:\7ttbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlrxf.exec:\rfxlrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe18⤵
- Executes dropped EXE
-
\??\c:\htnntt.exec:\htnntt.exe19⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe20⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe21⤵
- Executes dropped EXE
-
\??\c:\llxflrx.exec:\llxflrx.exe22⤵
- Executes dropped EXE
-
\??\c:\bhthtt.exec:\bhthtt.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xflfflf.exec:\xflfflf.exe25⤵
- Executes dropped EXE
-
\??\c:\3bnhnt.exec:\3bnhnt.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhtnt.exec:\hhhtnt.exe27⤵
- Executes dropped EXE
-
\??\c:\7vvdd.exec:\7vvdd.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhtht.exec:\nnhtht.exe30⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\ffxlxlf.exec:\ffxlxlf.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxlrrl.exec:\lfxlrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\7bbtbb.exec:\7bbtbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\lxlrffl.exec:\lxlrffl.exe37⤵
- Executes dropped EXE
-
\??\c:\xlflxfl.exec:\xlflxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\nntnth.exec:\nntnth.exe39⤵
- Executes dropped EXE
-
\??\c:\5btnnb.exec:\5btnnb.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\frffrxr.exec:\frffrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\rlllxff.exec:\rlllxff.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbtbh.exec:\nhbtbh.exe45⤵
- Executes dropped EXE
-
\??\c:\9btbbb.exec:\9btbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe47⤵
- Executes dropped EXE
-
\??\c:\3ppvj.exec:\3ppvj.exe48⤵
- Executes dropped EXE
-
\??\c:\9frxlxf.exec:\9frxlxf.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhnhn.exec:\nnhnhn.exe50⤵
- Executes dropped EXE
-
\??\c:\bhtnth.exec:\bhtnth.exe51⤵
- Executes dropped EXE
-
\??\c:\7jjvv.exec:\7jjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrlrxlx.exec:\lrlrxlx.exe53⤵
- Executes dropped EXE
-
\??\c:\7rrfflf.exec:\7rrfflf.exe54⤵
- Executes dropped EXE
-
\??\c:\bhhtht.exec:\bhhtht.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe56⤵
- Executes dropped EXE
-
\??\c:\7dvvj.exec:\7dvvj.exe57⤵
- Executes dropped EXE
-
\??\c:\5fflrrf.exec:\5fflrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\3nnttn.exec:\3nnttn.exe60⤵
- Executes dropped EXE
-
\??\c:\thtbnn.exec:\thtbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrxlxf.exec:\rrrxlxf.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxfxxr.exec:\ffxfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\hhthtt.exec:\hhthtt.exe66⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe67⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe68⤵
-
\??\c:\xxlrxxl.exec:\xxlrxxl.exe69⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe70⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe71⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe72⤵
-
\??\c:\7vvdj.exec:\7vvdj.exe73⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe74⤵
-
\??\c:\3xllrxf.exec:\3xllrxf.exe75⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe76⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe77⤵
-
\??\c:\3httbb.exec:\3httbb.exe78⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe79⤵
-
\??\c:\3jppj.exec:\3jppj.exe80⤵
-
\??\c:\lxfxllx.exec:\lxfxllx.exe81⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe82⤵
-
\??\c:\5tnbhn.exec:\5tnbhn.exe83⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe84⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe85⤵
-
\??\c:\jdppp.exec:\jdppp.exe86⤵
-
\??\c:\rlrrflx.exec:\rlrrflx.exe87⤵
-
\??\c:\llxlxrl.exec:\llxlxrl.exe88⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe89⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe90⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe91⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe92⤵
-
\??\c:\llfrxxx.exec:\llfrxxx.exe93⤵
-
\??\c:\7xxllxf.exec:\7xxllxf.exe94⤵
-
\??\c:\1ttnhn.exec:\1ttnhn.exe95⤵
-
\??\c:\7dvjd.exec:\7dvjd.exe96⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe97⤵
-
\??\c:\7rlflrx.exec:\7rlflrx.exe98⤵
-
\??\c:\lflrrxl.exec:\lflrrxl.exe99⤵
-
\??\c:\ththnb.exec:\ththnb.exe100⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe101⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe102⤵
-
\??\c:\jddpp.exec:\jddpp.exe103⤵
-
\??\c:\7lflxrx.exec:\7lflxrx.exe104⤵
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe105⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe106⤵
-
\??\c:\btthtn.exec:\btthtn.exe107⤵
-
\??\c:\7ddpp.exec:\7ddpp.exe108⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe109⤵
-
\??\c:\9llxffr.exec:\9llxffr.exe110⤵
-
\??\c:\5hntbb.exec:\5hntbb.exe111⤵
-
\??\c:\1btbbb.exec:\1btbbb.exe112⤵
-
\??\c:\7jdpp.exec:\7jdpp.exe113⤵
-
\??\c:\dvddp.exec:\dvddp.exe114⤵
-
\??\c:\3xrxflx.exec:\3xrxflx.exe115⤵
-
\??\c:\rlfllrf.exec:\rlfllrf.exe116⤵
-
\??\c:\1hbhnt.exec:\1hbhnt.exe117⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe118⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe119⤵
-
\??\c:\3fllxxr.exec:\3fllxxr.exe120⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe121⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe122⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe123⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe124⤵
-
\??\c:\rrfrlll.exec:\rrfrlll.exe125⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe126⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe127⤵
-
\??\c:\7hnbnn.exec:\7hnbnn.exe128⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe129⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe130⤵
-
\??\c:\xrlflfx.exec:\xrlflfx.exe131⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe132⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe133⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe134⤵
-
\??\c:\lffrxfr.exec:\lffrxfr.exe135⤵
-
\??\c:\ffflxxf.exec:\ffflxxf.exe136⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe137⤵
-
\??\c:\jdddj.exec:\jdddj.exe138⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe139⤵
-
\??\c:\xrxxflr.exec:\xrxxflr.exe140⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe141⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe142⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe143⤵
-
\??\c:\7xrflrx.exec:\7xrflrx.exe144⤵
-
\??\c:\9rlrrfl.exec:\9rlrrfl.exe145⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe146⤵
-
\??\c:\1nhntn.exec:\1nhntn.exe147⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe148⤵
-
\??\c:\vvppp.exec:\vvppp.exe149⤵
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe150⤵
-
\??\c:\3tnnhb.exec:\3tnnhb.exe151⤵
-
\??\c:\7nhtht.exec:\7nhtht.exe152⤵
-
\??\c:\djjdj.exec:\djjdj.exe153⤵
-
\??\c:\9jvvp.exec:\9jvvp.exe154⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe155⤵
-
\??\c:\flfrrfl.exec:\flfrrfl.exe156⤵
-
\??\c:\btbnth.exec:\btbnth.exe157⤵
-
\??\c:\bbhtnh.exec:\bbhtnh.exe158⤵
-
\??\c:\9ppvj.exec:\9ppvj.exe159⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe160⤵
-
\??\c:\llxrfxf.exec:\llxrfxf.exe161⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe162⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe163⤵
-
\??\c:\9vdjv.exec:\9vdjv.exe164⤵
-
\??\c:\jdppv.exec:\jdppv.exe165⤵
-
\??\c:\xrrxxlx.exec:\xrrxxlx.exe166⤵
-
\??\c:\hhhhnb.exec:\hhhhnb.exe167⤵
-
\??\c:\tthbht.exec:\tthbht.exe168⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe169⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe170⤵
-
\??\c:\rxrlfrl.exec:\rxrlfrl.exe171⤵
-
\??\c:\lllxlxf.exec:\lllxlxf.exe172⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe173⤵
-
\??\c:\djpdv.exec:\djpdv.exe174⤵
-
\??\c:\jppdv.exec:\jppdv.exe175⤵
-
\??\c:\lllxrxl.exec:\lllxrxl.exe176⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe177⤵
-
\??\c:\xrlxllx.exec:\xrlxllx.exe178⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe179⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe180⤵
-
\??\c:\7rxflrf.exec:\7rxflrf.exe181⤵
-
\??\c:\xxlrlfr.exec:\xxlrlfr.exe182⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe183⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe184⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe185⤵
-
\??\c:\lxxllxf.exec:\lxxllxf.exe186⤵
-
\??\c:\1btbnb.exec:\1btbnb.exe187⤵
-
\??\c:\1hbnnn.exec:\1hbnnn.exe188⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe189⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe190⤵
-
\??\c:\xxrxflr.exec:\xxrxflr.exe191⤵
-
\??\c:\7nhbnt.exec:\7nhbnt.exe192⤵
-
\??\c:\tnhbnt.exec:\tnhbnt.exe193⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe194⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe195⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe196⤵
-
\??\c:\fxrxrrx.exec:\fxrxrrx.exe197⤵
-
\??\c:\bttbbn.exec:\bttbbn.exe198⤵
-
\??\c:\5vdjp.exec:\5vdjp.exe199⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe200⤵
-
\??\c:\7rrxxfx.exec:\7rrxxfx.exe201⤵
-
\??\c:\5rxrfrr.exec:\5rxrfrr.exe202⤵
-
\??\c:\5bnbhn.exec:\5bnbhn.exe203⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe204⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe205⤵
-
\??\c:\1xrxrrl.exec:\1xrxrrl.exe206⤵
-
\??\c:\xlrxlxl.exec:\xlrxlxl.exe207⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe208⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe209⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe210⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe211⤵
-
\??\c:\rlllrxl.exec:\rlllrxl.exe212⤵
-
\??\c:\bbbntt.exec:\bbbntt.exe213⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe214⤵
-
\??\c:\jvppd.exec:\jvppd.exe215⤵
-
\??\c:\7xxlxrx.exec:\7xxlxrx.exe216⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe217⤵
-
\??\c:\9thbhh.exec:\9thbhh.exe218⤵
-
\??\c:\jddvd.exec:\jddvd.exe219⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe220⤵
-
\??\c:\fxxlflr.exec:\fxxlflr.exe221⤵
-
\??\c:\3rlxfll.exec:\3rlxfll.exe222⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe223⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe224⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe225⤵
-
\??\c:\lfxfffr.exec:\lfxfffr.exe226⤵
-
\??\c:\xxlxrxr.exec:\xxlxrxr.exe227⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe228⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe229⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe230⤵
-
\??\c:\5djjj.exec:\5djjj.exe231⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe232⤵
-
\??\c:\frllxrf.exec:\frllxrf.exe233⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe234⤵
-
\??\c:\hthtbt.exec:\hthtbt.exe235⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe236⤵
-
\??\c:\7rfrllr.exec:\7rfrllr.exe237⤵
-
\??\c:\5lllrfr.exec:\5lllrfr.exe238⤵
-
\??\c:\thtbnt.exec:\thtbnt.exe239⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe240⤵
-
\??\c:\dddjd.exec:\dddjd.exe241⤵