Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 15:29
General
-
Target
e3dacc19ed3055db861e1d434e271b00_NeikiAnalytics.exe
-
Size
140KB
-
MD5
e3dacc19ed3055db861e1d434e271b00
-
SHA1
8d3bb19eeef76fa112ff562a205745c9bb47be0b
-
SHA256
5a96dfe9c324fab00ea6a92f61aa8cb99ec3b3b8e6547c9cc6c60e6e47bfabaa
-
SHA512
44132fadb49d55b67abcb9c0c301c833cb1291dc6a82826407973fb692b98bfc40b85249f49713fe9561c1c9981a7ca2c175e8d4d93bd91c88563864eb3ca03a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgyek10:n3C9BRomRph+0GsgyeY0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3dacc19ed3055db861e1d434e271b00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e3dacc19ed3055db861e1d434e271b00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpd.exec:\dddpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrxl.exec:\rfrlrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xllxlr.exec:\7xllxlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvjv.exec:\1jvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrffx.exec:\5rrrffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntthb.exec:\bntthb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrffl.exec:\xrfrffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llrrrf.exec:\1llrrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthn.exec:\tnhthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjj.exec:\ppvjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrfrl.exec:\3fxrfrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnn.exec:\nhnnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhthn.exec:\hbhthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpvd.exec:\3jpvd.exe17⤵
- Executes dropped EXE
-
\??\c:\1flrffl.exec:\1flrffl.exe18⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe19⤵
- Executes dropped EXE
-
\??\c:\9thttt.exec:\9thttt.exe20⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxflrxl.exec:\fxflrxl.exe22⤵
- Executes dropped EXE
-
\??\c:\thtbnn.exec:\thtbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\5bnhhh.exec:\5bnhhh.exe24⤵
- Executes dropped EXE
-
\??\c:\1pvdp.exec:\1pvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\ffxlfrf.exec:\ffxlfrf.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe28⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rffrxrr.exec:\rffrxrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe32⤵
- Executes dropped EXE
-
\??\c:\1vddj.exec:\1vddj.exe33⤵
- Executes dropped EXE
-
\??\c:\ffrxrrf.exec:\ffrxrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\7lxxlll.exec:\7lxxlll.exe35⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\9pjjj.exec:\9pjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\lxlrfll.exec:\lxlrfll.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\3bnhnn.exec:\3bnhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe43⤵
- Executes dropped EXE
-
\??\c:\3pjvj.exec:\3pjvj.exe44⤵
- Executes dropped EXE
-
\??\c:\xrfflrx.exec:\xrfflrx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlxrffr.exec:\rlxrffr.exe46⤵
- Executes dropped EXE
-
\??\c:\7bbbhn.exec:\7bbbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe48⤵
- Executes dropped EXE
-
\??\c:\5vdvd.exec:\5vdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\dpdpp.exec:\dpdpp.exe50⤵
- Executes dropped EXE
-
\??\c:\lfxxrrf.exec:\lfxxrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\7xllrrf.exec:\7xllrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\7hnhhn.exec:\7hnhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\3jddv.exec:\3jddv.exe56⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe58⤵
- Executes dropped EXE
-
\??\c:\1tbbhh.exec:\1tbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\3bbbnt.exec:\3bbbnt.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\lfllxxl.exec:\lfllxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\xlllrxl.exec:\xlllrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\bnbtbb.exec:\bnbtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe66⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe67⤵
-
\??\c:\xxllxfl.exec:\xxllxfl.exe68⤵
-
\??\c:\1tntbb.exec:\1tntbb.exe69⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe70⤵
-
\??\c:\vpddj.exec:\vpddj.exe71⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe72⤵
-
\??\c:\fxllrrl.exec:\fxllrrl.exe73⤵
-
\??\c:\xrxfllx.exec:\xrxfllx.exe74⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe75⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe76⤵
-
\??\c:\jjddv.exec:\jjddv.exe77⤵
-
\??\c:\9xxlfxl.exec:\9xxlfxl.exe78⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe79⤵
-
\??\c:\5htbnt.exec:\5htbnt.exe80⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe81⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe82⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe83⤵
-
\??\c:\lfrrfrx.exec:\lfrrfrx.exe84⤵
-
\??\c:\7thhtt.exec:\7thhtt.exe85⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe86⤵
-
\??\c:\7dppv.exec:\7dppv.exe87⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe88⤵
-
\??\c:\rlxxllx.exec:\rlxxllx.exe89⤵
-
\??\c:\fxflffr.exec:\fxflffr.exe90⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe91⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe92⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe93⤵
-
\??\c:\xlllrrl.exec:\xlllrrl.exe94⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe95⤵
-
\??\c:\9nhnhh.exec:\9nhnhh.exe96⤵
-
\??\c:\7nhhtt.exec:\7nhhtt.exe97⤵
-
\??\c:\vpddv.exec:\vpddv.exe98⤵
-
\??\c:\5lxxxxf.exec:\5lxxxxf.exe99⤵
-
\??\c:\5fxlrxr.exec:\5fxlrxr.exe100⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe101⤵
-
\??\c:\1thhnh.exec:\1thhnh.exe102⤵
-
\??\c:\3vjvj.exec:\3vjvj.exe103⤵
-
\??\c:\rlxlxfx.exec:\rlxlxfx.exe104⤵
-
\??\c:\9lflxff.exec:\9lflxff.exe105⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe106⤵
-
\??\c:\9jpdp.exec:\9jpdp.exe107⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe108⤵
-
\??\c:\fxllrlr.exec:\fxllrlr.exe109⤵
-
\??\c:\3xrrffr.exec:\3xrrffr.exe110⤵
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe111⤵
-
\??\c:\bbtnnb.exec:\bbtnnb.exe112⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe113⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe114⤵
-
\??\c:\lflffxf.exec:\lflffxf.exe115⤵
-
\??\c:\xrrrxfl.exec:\xrrrxfl.exe116⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe117⤵
-
\??\c:\jdppv.exec:\jdppv.exe118⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe119⤵
-
\??\c:\5ffrxfl.exec:\5ffrxfl.exe120⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe121⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe122⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe123⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe124⤵
-
\??\c:\9fxxffr.exec:\9fxxffr.exe125⤵
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe126⤵
-
\??\c:\9nbbnn.exec:\9nbbnn.exe127⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe128⤵
-
\??\c:\3ppvv.exec:\3ppvv.exe129⤵
-
\??\c:\frrrxxl.exec:\frrrxxl.exe130⤵
-
\??\c:\rfrflrf.exec:\rfrflrf.exe131⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe132⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe133⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe134⤵
-
\??\c:\7rlrlxl.exec:\7rlrlxl.exe135⤵
-
\??\c:\llrlxfr.exec:\llrlxfr.exe136⤵
-
\??\c:\nnhhnh.exec:\nnhhnh.exe137⤵
-
\??\c:\9bthtt.exec:\9bthtt.exe138⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe139⤵
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe140⤵
-
\??\c:\fxflfrx.exec:\fxflfrx.exe141⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe142⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe143⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe144⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe145⤵
-
\??\c:\9fllffr.exec:\9fllffr.exe146⤵
-
\??\c:\bhbhtt.exec:\bhbhtt.exe147⤵
-
\??\c:\btnthn.exec:\btnthn.exe148⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe149⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe150⤵
-
\??\c:\rfxxrxx.exec:\rfxxrxx.exe151⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe152⤵
-
\??\c:\btbthh.exec:\btbthh.exe153⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe154⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe155⤵
-
\??\c:\rlrfllr.exec:\rlrfllr.exe156⤵
-
\??\c:\7fxrffr.exec:\7fxrffr.exe157⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe158⤵
-
\??\c:\bbnnbn.exec:\bbnnbn.exe159⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe160⤵
-
\??\c:\xlffffl.exec:\xlffffl.exe161⤵
-
\??\c:\xxxfrfr.exec:\xxxfrfr.exe162⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe163⤵
-
\??\c:\tthhhb.exec:\tthhhb.exe164⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe165⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe166⤵
-
\??\c:\fflrffr.exec:\fflrffr.exe167⤵
-
\??\c:\7lxxlxl.exec:\7lxxlxl.exe168⤵
-
\??\c:\ntntnn.exec:\ntntnn.exe169⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe170⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe171⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe172⤵
-
\??\c:\1rlrflr.exec:\1rlrflr.exe173⤵
-
\??\c:\ntbtth.exec:\ntbtth.exe174⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe175⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe176⤵
-
\??\c:\vjddp.exec:\vjddp.exe177⤵
-
\??\c:\xxxrfrx.exec:\xxxrfrx.exe178⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe179⤵
-
\??\c:\btnttt.exec:\btnttt.exe180⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe181⤵
-
\??\c:\dddjv.exec:\dddjv.exe182⤵
-
\??\c:\lxfxlfr.exec:\lxfxlfr.exe183⤵
-
\??\c:\fxfrxlx.exec:\fxfrxlx.exe184⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe185⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe186⤵
-
\??\c:\vpddj.exec:\vpddj.exe187⤵
-
\??\c:\flllllf.exec:\flllllf.exe188⤵
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe189⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe190⤵
-
\??\c:\bbtthn.exec:\bbtthn.exe191⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe192⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe193⤵
-
\??\c:\llrrffl.exec:\llrrffl.exe194⤵
-
\??\c:\fflrxxf.exec:\fflrxxf.exe195⤵
-
\??\c:\bttbnh.exec:\bttbnh.exe196⤵
-
\??\c:\5htbbh.exec:\5htbbh.exe197⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe198⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe199⤵
-
\??\c:\7rllxrf.exec:\7rllxrf.exe200⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe201⤵
-
\??\c:\1hhnbb.exec:\1hhnbb.exe202⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe203⤵
-
\??\c:\pjppd.exec:\pjppd.exe204⤵
-
\??\c:\5vpdj.exec:\5vpdj.exe205⤵
-
\??\c:\lxrlrlr.exec:\lxrlrlr.exe206⤵
-
\??\c:\5xxlxxl.exec:\5xxlxxl.exe207⤵
-
\??\c:\1hbttt.exec:\1hbttt.exe208⤵
-
\??\c:\dvddj.exec:\dvddj.exe209⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe210⤵
-
\??\c:\7xfffxx.exec:\7xfffxx.exe211⤵
-
\??\c:\rlrfllx.exec:\rlrfllx.exe212⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe213⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe214⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe215⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe216⤵
-
\??\c:\xxrxxfx.exec:\xxrxxfx.exe217⤵
-
\??\c:\lrlrrrl.exec:\lrlrrrl.exe218⤵
-
\??\c:\1tnbhh.exec:\1tnbhh.exe219⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe220⤵
-
\??\c:\1djpv.exec:\1djpv.exe221⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe222⤵
-
\??\c:\frxlxxl.exec:\frxlxxl.exe223⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe224⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe225⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe226⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe227⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe228⤵
-
\??\c:\xlxflrl.exec:\xlxflrl.exe229⤵
-
\??\c:\hhbhbt.exec:\hhbhbt.exe230⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe231⤵
-
\??\c:\1pjdd.exec:\1pjdd.exe232⤵
-
\??\c:\9flrxlr.exec:\9flrxlr.exe233⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe234⤵
-
\??\c:\1hbhnt.exec:\1hbhnt.exe235⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe236⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe237⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe238⤵
-
\??\c:\1lfrrxf.exec:\1lfrrxf.exe239⤵
-
\??\c:\7tbbbh.exec:\7tbbbh.exe240⤵
-
\??\c:\7tntbh.exec:\7tntbh.exe241⤵