Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
19-05-2024 17:07
General
-
Target
fc4f5c3efed453004a0cbe612d698e20_NeikiAnalytics.exe
-
Size
493KB
-
MD5
fc4f5c3efed453004a0cbe612d698e20
-
SHA1
60069f1ce8e51f2ce760533c5ef1bbcd0a5f8df8
-
SHA256
497aaf00ac7919f1b0c2a8a4ea6894cf3e55f8af9bae8095ebbdc608a6b43437
-
SHA512
6f7c0e6d61ceeebb4044196b1ba69a7f55c475ab52c1e066470a4badc9d09bc45a631e5ca5d35bc8b723387b61eb86f3be69653578fc9a9a0f20a95a3b08739e
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93svqTbWL5wEpOQ9DRRK:n3C9yMo+S0L9xRnoq7H9QYcmeN9DS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fc4f5c3efed453004a0cbe612d698e20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fc4f5c3efed453004a0cbe612d698e20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxxlxl.exec:\7xxxlxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnh.exec:\bthtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppp.exec:\1dppp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxlx.exec:\fxllxlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnt.exec:\httbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjv.exec:\pvvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllxxl.exec:\lrllxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfllf.exec:\xxrfllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbtb.exec:\tntbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbh.exec:\ttntbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrxl.exec:\rfffrxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbnn.exec:\htbbnn.exe17⤵
- Executes dropped EXE
-
\??\c:\rffflxr.exec:\rffflxr.exe18⤵
- Executes dropped EXE
-
\??\c:\3thnbt.exec:\3thnbt.exe19⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe20⤵
- Executes dropped EXE
-
\??\c:\xfxfrxr.exec:\xfxfrxr.exe21⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe22⤵
- Executes dropped EXE
-
\??\c:\7dpdp.exec:\7dpdp.exe23⤵
- Executes dropped EXE
-
\??\c:\fffxlfx.exec:\fffxlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlxlrr.exec:\rrlxlrr.exe27⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\llxflrl.exec:\llxflrl.exe30⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\xlfrrfl.exec:\xlfrrfl.exe32⤵
- Executes dropped EXE
-
\??\c:\thhtbh.exec:\thhtbh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\tthtnt.exec:\tthtnt.exe36⤵
- Executes dropped EXE
-
\??\c:\nnthtb.exec:\nnthtb.exe37⤵
- Executes dropped EXE
-
\??\c:\7dddp.exec:\7dddp.exe38⤵
- Executes dropped EXE
-
\??\c:\7dpdj.exec:\7dpdj.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrfrxf.exec:\xxrfrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\hthnnt.exec:\hthnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\tthhtn.exec:\tthhtn.exe42⤵
- Executes dropped EXE
-
\??\c:\3vjdd.exec:\3vjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe44⤵
- Executes dropped EXE
-
\??\c:\xlllrrr.exec:\xlllrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe47⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe48⤵
- Executes dropped EXE
-
\??\c:\flxlxxr.exec:\flxlxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe51⤵
- Executes dropped EXE
-
\??\c:\htbnbb.exec:\htbnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe53⤵
- Executes dropped EXE
-
\??\c:\rlxlxff.exec:\rlxlxff.exe54⤵
- Executes dropped EXE
-
\??\c:\9rrfffl.exec:\9rrfffl.exe55⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\3jdjj.exec:\3jdjj.exe57⤵
- Executes dropped EXE
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\rllrllf.exec:\rllrllf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtntn.exec:\hbtntn.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe61⤵
- Executes dropped EXE
-
\??\c:\7rllxxl.exec:\7rllxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\rllxllx.exec:\rllxllx.exe63⤵
- Executes dropped EXE
-
\??\c:\5bbbnn.exec:\5bbbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe65⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe66⤵
-
\??\c:\7xllffr.exec:\7xllffr.exe67⤵
-
\??\c:\ttbbbh.exec:\ttbbbh.exe68⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe69⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe70⤵
-
\??\c:\9xflxfx.exec:\9xflxfx.exe71⤵
-
\??\c:\ntthbn.exec:\ntthbn.exe72⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe73⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe74⤵
-
\??\c:\5rflxxr.exec:\5rflxxr.exe75⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe76⤵
-
\??\c:\hhtttn.exec:\hhtttn.exe77⤵
-
\??\c:\jdppj.exec:\jdppj.exe78⤵
-
\??\c:\5fxfllx.exec:\5fxfllx.exe79⤵
-
\??\c:\5frrxxf.exec:\5frrxxf.exe80⤵
-
\??\c:\htbhnh.exec:\htbhnh.exe81⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe82⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe83⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe84⤵
-
\??\c:\rrfflrr.exec:\rrfflrr.exe85⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe86⤵
-
\??\c:\nbthtt.exec:\nbthtt.exe87⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe88⤵
-
\??\c:\rfrxlrf.exec:\rfrxlrf.exe89⤵
-
\??\c:\5xllxxf.exec:\5xllxxf.exe90⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe91⤵
-
\??\c:\nntthh.exec:\nntthh.exe92⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe93⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe94⤵
-
\??\c:\xflxxrx.exec:\xflxxrx.exe95⤵
-
\??\c:\tbbbth.exec:\tbbbth.exe96⤵
-
\??\c:\5thhhh.exec:\5thhhh.exe97⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe98⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe99⤵
-
\??\c:\frxfrrx.exec:\frxfrrx.exe100⤵
-
\??\c:\hhtbtn.exec:\hhtbtn.exe101⤵
-
\??\c:\1ntbbh.exec:\1ntbbh.exe102⤵
-
\??\c:\9vddj.exec:\9vddj.exe103⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe104⤵
-
\??\c:\rxrxllx.exec:\rxrxllx.exe105⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe106⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe107⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe108⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe109⤵
-
\??\c:\flflxll.exec:\flflxll.exe110⤵
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe111⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe112⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe113⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe114⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe115⤵
-
\??\c:\rrllrfr.exec:\rrllrfr.exe116⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe117⤵
-
\??\c:\btbtth.exec:\btbtth.exe118⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe119⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe120⤵
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe121⤵
-
\??\c:\1tnntt.exec:\1tnntt.exe122⤵
-
\??\c:\nnnbhh.exec:\nnnbhh.exe123⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe124⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe125⤵
-
\??\c:\fxxfxlr.exec:\fxxfxlr.exe126⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe127⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe128⤵
-
\??\c:\pddjp.exec:\pddjp.exe129⤵
-
\??\c:\jjddj.exec:\jjddj.exe130⤵
-
\??\c:\xxfllfx.exec:\xxfllfx.exe131⤵
-
\??\c:\bbhhnh.exec:\bbhhnh.exe132⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe133⤵
-
\??\c:\vjddj.exec:\vjddj.exe134⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe135⤵
-
\??\c:\xxrxffr.exec:\xxrxffr.exe136⤵
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe137⤵
-
\??\c:\3ntnhb.exec:\3ntnhb.exe138⤵
-
\??\c:\bntntn.exec:\bntntn.exe139⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe140⤵
-
\??\c:\flxxffl.exec:\flxxffl.exe141⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe142⤵
-
\??\c:\5djdd.exec:\5djdd.exe143⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe144⤵
-
\??\c:\bhbbnb.exec:\bhbbnb.exe145⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe146⤵
-
\??\c:\lxxlrlx.exec:\lxxlrlx.exe147⤵
-
\??\c:\5hthbh.exec:\5hthbh.exe148⤵
-
\??\c:\7flffxf.exec:\7flffxf.exe149⤵
-
\??\c:\ththhb.exec:\ththhb.exe150⤵
-
\??\c:\vvppd.exec:\vvppd.exe151⤵
-
\??\c:\7lffllx.exec:\7lffllx.exe152⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe153⤵
-
\??\c:\7xrlllr.exec:\7xrlllr.exe154⤵
-
\??\c:\7hbtbb.exec:\7hbtbb.exe155⤵
-
\??\c:\5xrrxrr.exec:\5xrrxrr.exe156⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe157⤵
-
\??\c:\5vvdp.exec:\5vvdp.exe158⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe159⤵
-
\??\c:\flfrxlx.exec:\flfrxlx.exe160⤵
-
\??\c:\thnbht.exec:\thnbht.exe161⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe162⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe163⤵
-
\??\c:\rfrfxxr.exec:\rfrfxxr.exe164⤵
-
\??\c:\9nhhnn.exec:\9nhhnn.exe165⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe166⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe167⤵
-
\??\c:\lfrrrfx.exec:\lfrrrfx.exe168⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe169⤵
-
\??\c:\bthntn.exec:\bthntn.exe170⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe171⤵
-
\??\c:\rrflrrl.exec:\rrflrrl.exe172⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe173⤵
-
\??\c:\9hnhnh.exec:\9hnhnh.exe174⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe175⤵
-
\??\c:\xxllrxx.exec:\xxllrxx.exe176⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe177⤵
-
\??\c:\7htttb.exec:\7htttb.exe178⤵
-
\??\c:\vdpvv.exec:\vdpvv.exe179⤵
-
\??\c:\rlflrlr.exec:\rlflrlr.exe180⤵
-
\??\c:\1bhhth.exec:\1bhhth.exe181⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe182⤵
-
\??\c:\9pdjv.exec:\9pdjv.exe183⤵
-
\??\c:\llfxrxl.exec:\llfxrxl.exe184⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe185⤵
-
\??\c:\bhnthb.exec:\bhnthb.exe186⤵
-
\??\c:\pdppp.exec:\pdppp.exe187⤵
-
\??\c:\flfflrf.exec:\flfflrf.exe188⤵
-
\??\c:\lfrlffr.exec:\lfrlffr.exe189⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe190⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe191⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe192⤵
-
\??\c:\flrrlfr.exec:\flrrlfr.exe193⤵
-
\??\c:\5hnbhn.exec:\5hnbhn.exe194⤵
-
\??\c:\9htttn.exec:\9htttn.exe195⤵
-
\??\c:\pppjp.exec:\pppjp.exe196⤵
-
\??\c:\9xlrflx.exec:\9xlrflx.exe197⤵
-
\??\c:\7hbhhn.exec:\7hbhhn.exe198⤵
-
\??\c:\1nbbtb.exec:\1nbbtb.exe199⤵
-
\??\c:\7pddj.exec:\7pddj.exe200⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe201⤵
-
\??\c:\7lrxfll.exec:\7lrxfll.exe202⤵
-
\??\c:\3hhnht.exec:\3hhnht.exe203⤵
-
\??\c:\5jvvj.exec:\5jvvj.exe204⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe205⤵
-
\??\c:\rfrflrx.exec:\rfrflrx.exe206⤵
-
\??\c:\3ttnth.exec:\3ttnth.exe207⤵
-
\??\c:\9ththh.exec:\9ththh.exe208⤵
-
\??\c:\dddpv.exec:\dddpv.exe209⤵
-
\??\c:\frfflll.exec:\frfflll.exe210⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe211⤵
-
\??\c:\thtthb.exec:\thtthb.exe212⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe213⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe214⤵
-
\??\c:\fxxflxr.exec:\fxxflxr.exe215⤵
-
\??\c:\5tntbh.exec:\5tntbh.exe216⤵
-
\??\c:\djjvp.exec:\djjvp.exe217⤵
-
\??\c:\1jddd.exec:\1jddd.exe218⤵
-
\??\c:\frxrxrx.exec:\frxrxrx.exe219⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe220⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe221⤵
-
\??\c:\7vvdj.exec:\7vvdj.exe222⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe223⤵
-
\??\c:\nththn.exec:\nththn.exe224⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe225⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe226⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe227⤵
-
\??\c:\1llfrxf.exec:\1llfrxf.exe228⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe229⤵
-
\??\c:\pdppv.exec:\pdppv.exe230⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe231⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe232⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe233⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe234⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe235⤵
-
\??\c:\lfllflr.exec:\lfllflr.exe236⤵
-
\??\c:\7rfrffx.exec:\7rfrffx.exe237⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe238⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe239⤵
-
\??\c:\3jvjj.exec:\3jvjj.exe240⤵
-
\??\c:\flxxffx.exec:\flxxffx.exe241⤵