Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 14:27
General
-
Target
d6d827d01a9a6150fe87e5df7964e590_NeikiAnalytics.exe
-
Size
88KB
-
MD5
d6d827d01a9a6150fe87e5df7964e590
-
SHA1
94147b347d2481f2c83fedb9d5e183d0d4be14bc
-
SHA256
7adce874d484e72f8a8ef5cce0bd6060e4e9762f7a2d05afcd4b9d132ab90044
-
SHA512
8af88b1f9ad6350bd4265a30bc5c0d5b8eb44f0e7ccfac7842610d5bbcdeecab6b0696159b28a0e26fa4a2431d9c02466145d07ea560a8339240d0d0f4fe7233
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/Kjve2:ymb3NkkiQ3mdBjFo73yX+vZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6d827d01a9a6150fe87e5df7964e590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d6d827d01a9a6150fe87e5df7964e590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhh.exec:\hbtbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxfxxf.exec:\1fxfxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbt.exec:\nhttbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxfl.exec:\rlllxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnt.exec:\tnbhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhh.exec:\tnhbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpdd.exec:\1dpdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxllr.exec:\lfrxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbh.exec:\tnbtbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnt.exec:\bbhhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlxf.exec:\xrlrlxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbn.exec:\ttnnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbt.exec:\btttbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\llfrlrr.exec:\llfrlrr.exe18⤵
- Executes dropped EXE
-
\??\c:\3htbht.exec:\3htbht.exe19⤵
- Executes dropped EXE
-
\??\c:\3nbntt.exec:\3nbntt.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe21⤵
- Executes dropped EXE
-
\??\c:\xlfrxfl.exec:\xlfrxfl.exe22⤵
- Executes dropped EXE
-
\??\c:\xlxlffx.exec:\xlxlffx.exe23⤵
- Executes dropped EXE
-
\??\c:\3bttnb.exec:\3bttnb.exe24⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe25⤵
- Executes dropped EXE
-
\??\c:\djdpp.exec:\djdpp.exe26⤵
- Executes dropped EXE
-
\??\c:\fxlxflf.exec:\fxlxflf.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbnht.exec:\hbbnht.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbthn.exec:\nhbthn.exe29⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe30⤵
- Executes dropped EXE
-
\??\c:\xxlffff.exec:\xxlffff.exe31⤵
- Executes dropped EXE
-
\??\c:\btnnbh.exec:\btnnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\frfrxfx.exec:\frfrxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe36⤵
- Executes dropped EXE
-
\??\c:\7bnbht.exec:\7bnbht.exe37⤵
- Executes dropped EXE
-
\??\c:\hthtbh.exec:\hthtbh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrrflr.exec:\lxrrflr.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhtnn.exec:\tnhtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\1hnthh.exec:\1hnthh.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe44⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\1lfxllr.exec:\1lfxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe48⤵
- Executes dropped EXE
-
\??\c:\7bnbhh.exec:\7bnbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\9dppv.exec:\9dppv.exe51⤵
- Executes dropped EXE
-
\??\c:\lxllllr.exec:\lxllllr.exe52⤵
- Executes dropped EXE
-
\??\c:\5lrrxxl.exec:\5lrrxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe54⤵
- Executes dropped EXE
-
\??\c:\bntbtb.exec:\bntbtb.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe57⤵
- Executes dropped EXE
-
\??\c:\rfxrxxf.exec:\rfxrxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtbbn.exec:\bbtbbn.exe59⤵
- Executes dropped EXE
-
\??\c:\nbnnnt.exec:\nbnnnt.exe60⤵
- Executes dropped EXE
-
\??\c:\1ddpj.exec:\1ddpj.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrxllf.exec:\rfrxllf.exe63⤵
- Executes dropped EXE
-
\??\c:\llxxfff.exec:\llxxfff.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbnhn.exec:\bbbnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbnhb.exec:\tnbnhb.exe66⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe67⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe68⤵
-
\??\c:\5rlllrf.exec:\5rlllrf.exe69⤵
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe70⤵
-
\??\c:\tnthtt.exec:\tnthtt.exe71⤵
-
\??\c:\nbnhtt.exec:\nbnhtt.exe72⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe73⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe74⤵
-
\??\c:\xxlxrxf.exec:\xxlxrxf.exe75⤵
-
\??\c:\llxrllx.exec:\llxrllx.exe76⤵
-
\??\c:\7ntbbh.exec:\7ntbbh.exe77⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe78⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe79⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe80⤵
-
\??\c:\fxllrfx.exec:\fxllrfx.exe81⤵
-
\??\c:\rfrrxrr.exec:\rfrrxrr.exe82⤵
-
\??\c:\5rrfxrl.exec:\5rrfxrl.exe83⤵
-
\??\c:\5htbhn.exec:\5htbhn.exe84⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe85⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe86⤵
-
\??\c:\ddppd.exec:\ddppd.exe87⤵
-
\??\c:\ffxxlff.exec:\ffxxlff.exe88⤵
-
\??\c:\rfxfrrx.exec:\rfxfrrx.exe89⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe90⤵
-
\??\c:\5nhbhh.exec:\5nhbhh.exe91⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe92⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe93⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe94⤵
-
\??\c:\xrfflfl.exec:\xrfflfl.exe95⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe96⤵
-
\??\c:\hhbthn.exec:\hhbthn.exe97⤵
-
\??\c:\vpddv.exec:\vpddv.exe98⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe99⤵
-
\??\c:\fxrlxlr.exec:\fxrlxlr.exe100⤵
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe101⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe102⤵
-
\??\c:\1bhnth.exec:\1bhnth.exe103⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe104⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe105⤵
-
\??\c:\5xflllx.exec:\5xflllx.exe106⤵
-
\??\c:\rrflxlf.exec:\rrflxlf.exe107⤵
-
\??\c:\1tbntt.exec:\1tbntt.exe108⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe109⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe110⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe111⤵
-
\??\c:\rfxflrf.exec:\rfxflrf.exe112⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe113⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe114⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe115⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe116⤵
-
\??\c:\lffxllr.exec:\lffxllr.exe117⤵
-
\??\c:\rfxfxfl.exec:\rfxfxfl.exe118⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe119⤵
-
\??\c:\thnntb.exec:\thnntb.exe120⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe121⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe122⤵
-
\??\c:\5rrllrf.exec:\5rrllrf.exe123⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe124⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe125⤵
-
\??\c:\7htbhn.exec:\7htbhn.exe126⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe127⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe128⤵
-
\??\c:\5rrllfl.exec:\5rrllfl.exe129⤵
-
\??\c:\lllrxlr.exec:\lllrxlr.exe130⤵
-
\??\c:\7ttnbh.exec:\7ttnbh.exe131⤵
-
\??\c:\thnntb.exec:\thnntb.exe132⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe133⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe134⤵
-
\??\c:\7rrfflr.exec:\7rrfflr.exe135⤵
-
\??\c:\lfxffrx.exec:\lfxffrx.exe136⤵
-
\??\c:\thtnnt.exec:\thtnnt.exe137⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe138⤵
-
\??\c:\fxflflr.exec:\fxflflr.exe139⤵
-
\??\c:\xrxflrx.exec:\xrxflrx.exe140⤵
-
\??\c:\3bbhnh.exec:\3bbhnh.exe141⤵
-
\??\c:\nbbhbh.exec:\nbbhbh.exe142⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe143⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe144⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe145⤵
-
\??\c:\fxfrllr.exec:\fxfrllr.exe146⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe147⤵
-
\??\c:\bnhtbn.exec:\bnhtbn.exe148⤵
-
\??\c:\djjjp.exec:\djjjp.exe149⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe150⤵
-
\??\c:\3xflrxf.exec:\3xflrxf.exe151⤵
-
\??\c:\llfrrxl.exec:\llfrrxl.exe152⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe153⤵
-
\??\c:\nhbtth.exec:\nhbtth.exe154⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe155⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe156⤵
-
\??\c:\rrxfrrx.exec:\rrxfrrx.exe157⤵
-
\??\c:\xxrrflf.exec:\xxrrflf.exe158⤵
-
\??\c:\1tthth.exec:\1tthth.exe159⤵
-
\??\c:\tbhbnt.exec:\tbhbnt.exe160⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe161⤵
-
\??\c:\pjddp.exec:\pjddp.exe162⤵
-
\??\c:\7xxxlfr.exec:\7xxxlfr.exe163⤵
-
\??\c:\7xrlxfl.exec:\7xrlxfl.exe164⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe165⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe166⤵
-
\??\c:\djpvj.exec:\djpvj.exe167⤵
-
\??\c:\3ffrxfr.exec:\3ffrxfr.exe168⤵
-
\??\c:\3lfxrxx.exec:\3lfxrxx.exe169⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe170⤵
-
\??\c:\bthntb.exec:\bthntb.exe171⤵
-
\??\c:\9jddj.exec:\9jddj.exe172⤵
-
\??\c:\5jvvj.exec:\5jvvj.exe173⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe174⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe175⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe176⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe177⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe178⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe179⤵
-
\??\c:\llffffr.exec:\llffffr.exe180⤵
-
\??\c:\frfrlrx.exec:\frfrlrx.exe181⤵
-
\??\c:\3nhhbh.exec:\3nhhbh.exe182⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe183⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe184⤵
-
\??\c:\rrrrflx.exec:\rrrrflx.exe185⤵
-
\??\c:\frlrlxl.exec:\frlrlxl.exe186⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe187⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe188⤵
-
\??\c:\1pddv.exec:\1pddv.exe189⤵
-
\??\c:\lfxxlxr.exec:\lfxxlxr.exe190⤵
-
\??\c:\5lllxxf.exec:\5lllxxf.exe191⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe192⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe193⤵
-
\??\c:\pppvj.exec:\pppvj.exe194⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe195⤵
-
\??\c:\lllxlxf.exec:\lllxlxf.exe196⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe197⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe198⤵
-
\??\c:\dvppp.exec:\dvppp.exe199⤵
-
\??\c:\xrffflx.exec:\xrffflx.exe200⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe201⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe202⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe203⤵
-
\??\c:\5rrxlrx.exec:\5rrxlrx.exe204⤵
-
\??\c:\5flxffr.exec:\5flxffr.exe205⤵
-
\??\c:\btnnth.exec:\btnnth.exe206⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe207⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe208⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe209⤵
-
\??\c:\1xrffxf.exec:\1xrffxf.exe210⤵
-
\??\c:\rlxllfx.exec:\rlxllfx.exe211⤵
-
\??\c:\9nbhtt.exec:\9nbhtt.exe212⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe213⤵
-
\??\c:\9djjv.exec:\9djjv.exe214⤵
-
\??\c:\rllxlxf.exec:\rllxlxf.exe215⤵
-
\??\c:\frrlrxx.exec:\frrlrxx.exe216⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe217⤵
-
\??\c:\nbthhn.exec:\nbthhn.exe218⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe219⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe220⤵
-
\??\c:\lxrrflx.exec:\lxrrflx.exe221⤵
-
\??\c:\lfxlfrf.exec:\lfxlfrf.exe222⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe223⤵
-
\??\c:\7bhntb.exec:\7bhntb.exe224⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe225⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe226⤵
-
\??\c:\7lfrxfl.exec:\7lfrxfl.exe227⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe228⤵
-
\??\c:\9nhhtt.exec:\9nhhtt.exe229⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe230⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe231⤵
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe232⤵
-
\??\c:\fxllxrx.exec:\fxllxrx.exe233⤵
-
\??\c:\7nbnhh.exec:\7nbnhh.exe234⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe235⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe236⤵
-
\??\c:\lxrxffl.exec:\lxrxffl.exe237⤵
-
\??\c:\ffrrffr.exec:\ffrrffr.exe238⤵
-
\??\c:\btbttn.exec:\btbttn.exe239⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe240⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe241⤵