Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-05-2024 14:36
General
-
Target
d895262304324528d8764447114005e0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
d895262304324528d8764447114005e0
-
SHA1
24b92654c852a11181a2ddba8d7ff220f72d34e5
-
SHA256
33419dc141ad47c8a1d0514a44636f49c5d283b3ef5ded06d50dce86902d6708
-
SHA512
7943c7b1b0a7f06397a0f9b87f2cbe868ee70ded57d55822ec613b49539a63ee68881cbc5acdb5068e4a517a531389df60b6e07d7a406738bfde7b6cb58b6e91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxE6vr/mAk:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+b3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d895262304324528d8764447114005e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d895262304324528d8764447114005e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxll.exec:\llfrxll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjv.exec:\1jjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvd.exec:\pvpvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m6868.exec:\m6868.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xllrrx.exec:\7xllrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthtt.exec:\nhthtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\060086.exec:\060086.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4806228.exec:\4806228.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64684.exec:\64684.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llrxfl.exec:\3llrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\480206.exec:\480206.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnhh.exec:\7ttnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q46606.exec:\q46606.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4806884.exec:\4806884.exe17⤵
- Executes dropped EXE
-
\??\c:\86400.exec:\86400.exe18⤵
- Executes dropped EXE
-
\??\c:\642288.exec:\642288.exe19⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe20⤵
- Executes dropped EXE
-
\??\c:\6628864.exec:\6628864.exe21⤵
- Executes dropped EXE
-
\??\c:\c646228.exec:\c646228.exe22⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe23⤵
- Executes dropped EXE
-
\??\c:\i200628.exec:\i200628.exe24⤵
- Executes dropped EXE
-
\??\c:\042628.exec:\042628.exe25⤵
- Executes dropped EXE
-
\??\c:\608842.exec:\608842.exe26⤵
- Executes dropped EXE
-
\??\c:\o088662.exec:\o088662.exe27⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\20884.exec:\20884.exe29⤵
- Executes dropped EXE
-
\??\c:\i428480.exec:\i428480.exe30⤵
- Executes dropped EXE
-
\??\c:\208462.exec:\208462.exe31⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe32⤵
- Executes dropped EXE
-
\??\c:\8044246.exec:\8044246.exe33⤵
- Executes dropped EXE
-
\??\c:\222624.exec:\222624.exe34⤵
-
\??\c:\c088062.exec:\c088062.exe35⤵
- Executes dropped EXE
-
\??\c:\fllllff.exec:\fllllff.exe36⤵
- Executes dropped EXE
-
\??\c:\420688.exec:\420688.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\80248.exec:\80248.exe39⤵
- Executes dropped EXE
-
\??\c:\204424.exec:\204424.exe40⤵
- Executes dropped EXE
-
\??\c:\djvjv.exec:\djvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\xxlrllx.exec:\xxlrllx.exe42⤵
- Executes dropped EXE
-
\??\c:\7ppdv.exec:\7ppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\48806.exec:\48806.exe44⤵
- Executes dropped EXE
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\1rlffff.exec:\1rlffff.exe46⤵
- Executes dropped EXE
-
\??\c:\i868282.exec:\i868282.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxfllx.exec:\xrxfllx.exe48⤵
- Executes dropped EXE
-
\??\c:\m0284.exec:\m0284.exe49⤵
- Executes dropped EXE
-
\??\c:\8022444.exec:\8022444.exe50⤵
- Executes dropped EXE
-
\??\c:\82006.exec:\82006.exe51⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe53⤵
- Executes dropped EXE
-
\??\c:\824062.exec:\824062.exe54⤵
- Executes dropped EXE
-
\??\c:\rflxffr.exec:\rflxffr.exe55⤵
- Executes dropped EXE
-
\??\c:\tthnbb.exec:\tthnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\826246.exec:\826246.exe57⤵
- Executes dropped EXE
-
\??\c:\hnttbb.exec:\hnttbb.exe58⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxlfrx.exec:\lfxlfrx.exe60⤵
- Executes dropped EXE
-
\??\c:\6444420.exec:\6444420.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe62⤵
- Executes dropped EXE
-
\??\c:\826688.exec:\826688.exe63⤵
- Executes dropped EXE
-
\??\c:\w22228.exec:\w22228.exe64⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe65⤵
- Executes dropped EXE
-
\??\c:\nbnnbb.exec:\nbnnbb.exe66⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe67⤵
-
\??\c:\6046684.exec:\6046684.exe68⤵
-
\??\c:\9xlrxxx.exec:\9xlrxxx.exe69⤵
-
\??\c:\604422.exec:\604422.exe70⤵
-
\??\c:\vppjj.exec:\vppjj.exe71⤵
-
\??\c:\pdppp.exec:\pdppp.exe72⤵
-
\??\c:\48400.exec:\48400.exe73⤵
-
\??\c:\pjppv.exec:\pjppv.exe74⤵
-
\??\c:\7lxfrlr.exec:\7lxfrlr.exe75⤵
-
\??\c:\40086.exec:\40086.exe76⤵
-
\??\c:\86444.exec:\86444.exe77⤵
-
\??\c:\424288.exec:\424288.exe78⤵
-
\??\c:\04280.exec:\04280.exe79⤵
-
\??\c:\26006.exec:\26006.exe80⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe81⤵
-
\??\c:\20068.exec:\20068.exe82⤵
-
\??\c:\2204440.exec:\2204440.exe83⤵
-
\??\c:\608068.exec:\608068.exe84⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe85⤵
-
\??\c:\6462884.exec:\6462884.exe86⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe87⤵
-
\??\c:\o464602.exec:\o464602.exe88⤵
-
\??\c:\m0886.exec:\m0886.exe89⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe90⤵
-
\??\c:\jvddj.exec:\jvddj.exe91⤵
-
\??\c:\hhthnh.exec:\hhthnh.exe92⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe93⤵
-
\??\c:\20228.exec:\20228.exe94⤵
-
\??\c:\64284.exec:\64284.exe95⤵
-
\??\c:\22440.exec:\22440.exe96⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe97⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe98⤵
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe99⤵
-
\??\c:\g2044.exec:\g2044.exe100⤵
-
\??\c:\08484.exec:\08484.exe101⤵
-
\??\c:\3thnbb.exec:\3thnbb.exe102⤵
-
\??\c:\jddjv.exec:\jddjv.exe103⤵
-
\??\c:\5fxxxfx.exec:\5fxxxfx.exe104⤵
-
\??\c:\q66462.exec:\q66462.exe105⤵
-
\??\c:\0422222.exec:\0422222.exe106⤵
-
\??\c:\9vppd.exec:\9vppd.exe107⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe108⤵
-
\??\c:\8268482.exec:\8268482.exe109⤵
-
\??\c:\486284.exec:\486284.exe110⤵
-
\??\c:\660644.exec:\660644.exe111⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe112⤵
-
\??\c:\3nhnbh.exec:\3nhnbh.exe113⤵
-
\??\c:\xfxxxxf.exec:\xfxxxxf.exe114⤵
-
\??\c:\9frrxrf.exec:\9frrxrf.exe115⤵
-
\??\c:\6028888.exec:\6028888.exe116⤵
-
\??\c:\1tnnbb.exec:\1tnnbb.exe117⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe118⤵
-
\??\c:\862288.exec:\862288.exe119⤵
-
\??\c:\640444.exec:\640444.exe120⤵
-
\??\c:\2022402.exec:\2022402.exe121⤵
-
\??\c:\a4846.exec:\a4846.exe122⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe123⤵
-
\??\c:\426022.exec:\426022.exe124⤵
-
\??\c:\vpddj.exec:\vpddj.exe125⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe126⤵
-
\??\c:\480084.exec:\480084.exe127⤵
-
\??\c:\rxflrxr.exec:\rxflrxr.exe128⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe129⤵
-
\??\c:\c202262.exec:\c202262.exe130⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe131⤵
-
\??\c:\rfxxxrx.exec:\rfxxxrx.exe132⤵
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe133⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe134⤵
-
\??\c:\2080822.exec:\2080822.exe135⤵
-
\??\c:\048066.exec:\048066.exe136⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe137⤵
-
\??\c:\0462406.exec:\0462406.exe138⤵
-
\??\c:\046244.exec:\046244.exe139⤵
-
\??\c:\nttbnt.exec:\nttbnt.exe140⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe141⤵
-
\??\c:\rlffrxf.exec:\rlffrxf.exe142⤵
-
\??\c:\lrllrlr.exec:\lrllrlr.exe143⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe144⤵
-
\??\c:\k64684.exec:\k64684.exe145⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe146⤵
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe147⤵
-
\??\c:\3xxxffx.exec:\3xxxffx.exe148⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe149⤵
-
\??\c:\6448484.exec:\6448484.exe150⤵
-
\??\c:\xlrflrx.exec:\xlrflrx.exe151⤵
-
\??\c:\xlxlrrf.exec:\xlxlrrf.exe152⤵
-
\??\c:\hhttbn.exec:\hhttbn.exe153⤵
-
\??\c:\nbtntb.exec:\nbtntb.exe154⤵
-
\??\c:\04068.exec:\04068.exe155⤵
-
\??\c:\xrfxflf.exec:\xrfxflf.exe156⤵
-
\??\c:\rfrrflx.exec:\rfrrflx.exe157⤵
-
\??\c:\202882.exec:\202882.exe158⤵
-
\??\c:\268806.exec:\268806.exe159⤵
-
\??\c:\04284.exec:\04284.exe160⤵
-
\??\c:\lfxfrxl.exec:\lfxfrxl.exe161⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe162⤵
-
\??\c:\20666.exec:\20666.exe163⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe164⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe165⤵
-
\??\c:\4628288.exec:\4628288.exe166⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe167⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe168⤵
-
\??\c:\82008.exec:\82008.exe169⤵
-
\??\c:\7lxrrrx.exec:\7lxrrrx.exe170⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe171⤵
-
\??\c:\o200680.exec:\o200680.exe172⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe173⤵
-
\??\c:\42402.exec:\42402.exe174⤵
-
\??\c:\4862884.exec:\4862884.exe175⤵
-
\??\c:\04668.exec:\04668.exe176⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe177⤵
-
\??\c:\k44244.exec:\k44244.exe178⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe179⤵
-
\??\c:\w24846.exec:\w24846.exe180⤵
-
\??\c:\64684.exec:\64684.exe181⤵
-
\??\c:\86880.exec:\86880.exe182⤵
-
\??\c:\u806662.exec:\u806662.exe183⤵
-
\??\c:\c460288.exec:\c460288.exe184⤵
-
\??\c:\s6440.exec:\s6440.exe185⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe186⤵
-
\??\c:\u684084.exec:\u684084.exe187⤵
-
\??\c:\1hhbhn.exec:\1hhbhn.exe188⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe189⤵
-
\??\c:\1fxxllr.exec:\1fxxllr.exe190⤵
-
\??\c:\08224.exec:\08224.exe191⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe192⤵
-
\??\c:\6480888.exec:\6480888.exe193⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe194⤵
-
\??\c:\o062884.exec:\o062884.exe195⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe196⤵
-
\??\c:\9hhtnn.exec:\9hhtnn.exe197⤵
-
\??\c:\rfrfllx.exec:\rfrfllx.exe198⤵
-
\??\c:\008406.exec:\008406.exe199⤵
-
\??\c:\8200662.exec:\8200662.exe200⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe201⤵
-
\??\c:\82404.exec:\82404.exe202⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe203⤵
-
\??\c:\m0462.exec:\m0462.exe204⤵
-
\??\c:\5lflllf.exec:\5lflllf.exe205⤵
-
\??\c:\u684006.exec:\u684006.exe206⤵
-
\??\c:\o428000.exec:\o428000.exe207⤵
-
\??\c:\0462402.exec:\0462402.exe208⤵
-
\??\c:\20646.exec:\20646.exe209⤵
-
\??\c:\o088406.exec:\o088406.exe210⤵
-
\??\c:\lfrxflf.exec:\lfrxflf.exe211⤵
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe212⤵
-
\??\c:\hthnth.exec:\hthnth.exe213⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe214⤵
-
\??\c:\64288.exec:\64288.exe215⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe216⤵
-
\??\c:\djjvp.exec:\djjvp.exe217⤵
-
\??\c:\bnhtbh.exec:\bnhtbh.exe218⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe219⤵
-
\??\c:\o488406.exec:\o488406.exe220⤵
-
\??\c:\2062402.exec:\2062402.exe221⤵
-
\??\c:\826862.exec:\826862.exe222⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe223⤵
-
\??\c:\dpddj.exec:\dpddj.exe224⤵
-
\??\c:\644462.exec:\644462.exe225⤵
-
\??\c:\82640.exec:\82640.exe226⤵
-
\??\c:\xlrrflr.exec:\xlrrflr.exe227⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe228⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe229⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe230⤵
-
\??\c:\9bhbbb.exec:\9bhbbb.exe231⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe232⤵
-
\??\c:\a8284.exec:\a8284.exe233⤵
-
\??\c:\08228.exec:\08228.exe234⤵
-
\??\c:\5pvjv.exec:\5pvjv.exe235⤵
-
\??\c:\0088624.exec:\0088624.exe236⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe237⤵
-
\??\c:\k64040.exec:\k64040.exe238⤵
-
\??\c:\060424.exec:\060424.exe239⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe240⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe241⤵