Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 15:14
General
-
Target
dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe
-
Size
158KB
-
MD5
dfeeee3861cfc3dc291fdd06d4082b50
-
SHA1
e1f13d0bb613867e2758a0895ac8f9a264ea97f9
-
SHA256
dfa399af916afe8ede2654ae74e36b516131ba7c5eeaf2abe51a4471f97ab6c9
-
SHA512
e00bd120f067dc2847a7984d3234626f23b595c45a1fcc6406057de1bf422093e3de453c24b17a11d1d8377bee8159407bc54385d88b9ef645c1379be6b9c207
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIbT2NRUv8XK9wnftqPQhSLcINkSyCmtDWd:n3C9BRo/AIX2MUXownfWQkyCmtDWd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpv.exec:\pdvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfffll.exec:\7rfffll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnn.exec:\hbbhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djpv.exec:\1djpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpv.exec:\jvjpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrffr.exec:\fxrrffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbnn.exec:\hhbbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrf.exec:\fxllrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntb.exec:\bnhntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jppv.exec:\1jppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrffr.exec:\ffrrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btntn.exec:\1btntn.exe17⤵
- Executes dropped EXE
-
\??\c:\7pjvd.exec:\7pjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\lxlrflr.exec:\lxlrflr.exe19⤵
- Executes dropped EXE
-
\??\c:\lflrxxl.exec:\lflrxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\nntbnh.exec:\nntbnh.exe21⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\frlrfll.exec:\frlrfll.exe24⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe26⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe27⤵
- Executes dropped EXE
-
\??\c:\xxrxllx.exec:\xxrxllx.exe28⤵
- Executes dropped EXE
-
\??\c:\frxrrrl.exec:\frxrrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\rlfxlrx.exec:\rlfxlrx.exe32⤵
- Executes dropped EXE
-
\??\c:\5rxrxxl.exec:\5rxrxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\7btthh.exec:\7btthh.exe34⤵
-
\??\c:\dvppd.exec:\dvppd.exe35⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\xfllxxl.exec:\xfllxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxfllx.exec:\lfxfllx.exe38⤵
- Executes dropped EXE
-
\??\c:\1nttbh.exec:\1nttbh.exe39⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe40⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe43⤵
- Executes dropped EXE
-
\??\c:\htbbhb.exec:\htbbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\7tnthh.exec:\7tnthh.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxfllr.exec:\xlxfllr.exe48⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe50⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe51⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe52⤵
- Executes dropped EXE
-
\??\c:\xllllfl.exec:\xllllfl.exe53⤵
- Executes dropped EXE
-
\??\c:\thnntb.exec:\thnntb.exe54⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\1vjvj.exec:\1vjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\9llflrx.exec:\9llflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\hbthbb.exec:\hbthbb.exe60⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfflrf.exec:\xxfflrf.exe63⤵
- Executes dropped EXE
-
\??\c:\rlrrxxr.exec:\rlrrxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\nbhhnt.exec:\nbhhnt.exe66⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe67⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe68⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe69⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe70⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe71⤵
-
\??\c:\tthntb.exec:\tthntb.exe72⤵
-
\??\c:\thtntb.exec:\thtntb.exe73⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe74⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe75⤵
-
\??\c:\ffxxrxf.exec:\ffxxrxf.exe76⤵
-
\??\c:\7frrrxx.exec:\7frrrxx.exe77⤵
-
\??\c:\3bhhnt.exec:\3bhhnt.exe78⤵
-
\??\c:\5nhtbb.exec:\5nhtbb.exe79⤵
-
\??\c:\pjddp.exec:\pjddp.exe80⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe81⤵
-
\??\c:\3xllrrx.exec:\3xllrrx.exe82⤵
-
\??\c:\xrfflxl.exec:\xrfflxl.exe83⤵
-
\??\c:\3nbbnn.exec:\3nbbnn.exe84⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe85⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe86⤵
-
\??\c:\djpdv.exec:\djpdv.exe87⤵
-
\??\c:\7rffflx.exec:\7rffflx.exe88⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe89⤵
-
\??\c:\5hbhnb.exec:\5hbhnb.exe90⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe91⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe92⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe93⤵
-
\??\c:\xlffffr.exec:\xlffffr.exe94⤵
-
\??\c:\xlfxxxx.exec:\xlfxxxx.exe95⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe96⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe97⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe98⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe99⤵
-
\??\c:\1rffllr.exec:\1rffllr.exe100⤵
-
\??\c:\3xrfxfr.exec:\3xrfxfr.exe101⤵
-
\??\c:\hthnbt.exec:\hthnbt.exe102⤵
-
\??\c:\1nhnth.exec:\1nhnth.exe103⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe104⤵
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe105⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe106⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe107⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe108⤵
-
\??\c:\bttttt.exec:\bttttt.exe109⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe110⤵
-
\??\c:\5pddp.exec:\5pddp.exe111⤵
-
\??\c:\frfxxxf.exec:\frfxxxf.exe112⤵
-
\??\c:\3thhnn.exec:\3thhnn.exe113⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe114⤵
-
\??\c:\ttntht.exec:\ttntht.exe115⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe116⤵
-
\??\c:\3xxxlrx.exec:\3xxxlrx.exe117⤵
-
\??\c:\xlxxllr.exec:\xlxxllr.exe118⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe119⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe120⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe121⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe122⤵
-
\??\c:\rfffrrx.exec:\rfffrrx.exe123⤵
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe124⤵
-
\??\c:\bthnnh.exec:\bthnnh.exe125⤵
-
\??\c:\btnthn.exec:\btnthn.exe126⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe127⤵
-
\??\c:\9dppd.exec:\9dppd.exe128⤵
-
\??\c:\1lrxflx.exec:\1lrxflx.exe129⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe130⤵
-
\??\c:\fxfxfll.exec:\fxfxfll.exe131⤵
-
\??\c:\bnbtbh.exec:\bnbtbh.exe132⤵
-
\??\c:\btbhnh.exec:\btbhnh.exe133⤵
-
\??\c:\3pddd.exec:\3pddd.exe134⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe135⤵
-
\??\c:\rfrrlll.exec:\rfrrlll.exe136⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe137⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe138⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe139⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe140⤵
-
\??\c:\pjppp.exec:\pjppp.exe141⤵
-
\??\c:\rlllflr.exec:\rlllflr.exe142⤵
-
\??\c:\3xrlrrx.exec:\3xrlrrx.exe143⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe144⤵
-
\??\c:\bttntn.exec:\bttntn.exe145⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe146⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe147⤵
-
\??\c:\lflrrxx.exec:\lflrrxx.exe148⤵
-
\??\c:\xxrrffx.exec:\xxrrffx.exe149⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe150⤵
-
\??\c:\5bnthn.exec:\5bnthn.exe151⤵
-
\??\c:\7nnntb.exec:\7nnntb.exe152⤵
-
\??\c:\vpddp.exec:\vpddp.exe153⤵
-
\??\c:\3rfffxl.exec:\3rfffxl.exe154⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe155⤵
-
\??\c:\ththnt.exec:\ththnt.exe156⤵
-
\??\c:\5bnntb.exec:\5bnntb.exe157⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe158⤵
-
\??\c:\7ppdj.exec:\7ppdj.exe159⤵
-
\??\c:\xfrxllf.exec:\xfrxllf.exe160⤵
-
\??\c:\5frrxfl.exec:\5frrxfl.exe161⤵
-
\??\c:\btbthb.exec:\btbthb.exe162⤵
-
\??\c:\ntbnbn.exec:\ntbnbn.exe163⤵
-
\??\c:\btbthh.exec:\btbthh.exe164⤵
-
\??\c:\5jjpp.exec:\5jjpp.exe165⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe166⤵
-
\??\c:\rlxllrf.exec:\rlxllrf.exe167⤵
-
\??\c:\7xlfrrf.exec:\7xlfrrf.exe168⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe169⤵
-
\??\c:\5tnttt.exec:\5tnttt.exe170⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe171⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe172⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe173⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe174⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe175⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe176⤵
-
\??\c:\9dppd.exec:\9dppd.exe177⤵
-
\??\c:\pjppv.exec:\pjppv.exe178⤵
-
\??\c:\rrffrrx.exec:\rrffrrx.exe179⤵
-
\??\c:\9frrxxl.exec:\9frrxxl.exe180⤵
-
\??\c:\3bhhtt.exec:\3bhhtt.exe181⤵
-
\??\c:\bntthn.exec:\bntthn.exe182⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe183⤵
-
\??\c:\3pddd.exec:\3pddd.exe184⤵
-
\??\c:\xlxrxfl.exec:\xlxrxfl.exe185⤵
-
\??\c:\rlrfrrf.exec:\rlrfrrf.exe186⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe187⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe188⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe189⤵
-
\??\c:\9ffxxxf.exec:\9ffxxxf.exe190⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe191⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe192⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe193⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe194⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe195⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe196⤵
-
\??\c:\lxlfflr.exec:\lxlfflr.exe197⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe198⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe199⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe200⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe201⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe202⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe203⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe204⤵
-
\??\c:\rlrxllx.exec:\rlrxllx.exe205⤵
-
\??\c:\rlrrflx.exec:\rlrrflx.exe206⤵
-
\??\c:\3btbhh.exec:\3btbhh.exe207⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe208⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe209⤵
-
\??\c:\3vvdd.exec:\3vvdd.exe210⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe211⤵
-
\??\c:\1rfxllr.exec:\1rfxllr.exe212⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe213⤵
-
\??\c:\pdppd.exec:\pdppd.exe214⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe215⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe216⤵
-
\??\c:\rflfrfl.exec:\rflfrfl.exe217⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe218⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe219⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe220⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe221⤵
-
\??\c:\1rlfflr.exec:\1rlfflr.exe222⤵
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe223⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe224⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe225⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe226⤵
-
\??\c:\1djjp.exec:\1djjp.exe227⤵
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe228⤵
-
\??\c:\llflrrl.exec:\llflrrl.exe229⤵
-
\??\c:\5nnbnn.exec:\5nnbnn.exe230⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe231⤵
-
\??\c:\1jddp.exec:\1jddp.exe232⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe233⤵
-
\??\c:\3frlrrx.exec:\3frlrrx.exe234⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe235⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe236⤵
-
\??\c:\dvddj.exec:\dvddj.exe237⤵
-
\??\c:\vppvv.exec:\vppvv.exe238⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe239⤵
-
\??\c:\lfxlrfl.exec:\lfxlrfl.exe240⤵
-
\??\c:\rllrrlx.exec:\rllrrlx.exe241⤵