Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
19-05-2024 17:09
General
-
Target
fcbc119198856c71d92e740275e28890_NeikiAnalytics.exe
-
Size
343KB
-
MD5
fcbc119198856c71d92e740275e28890
-
SHA1
65055439ff939d23028daad1238486dd613b38aa
-
SHA256
8ee894f4eb1997e4ed2b3500053ac2aee7de380c39ec1d34d827044bd967ab9c
-
SHA512
d94f887fcab6a9a8bb2ee116f9a25948da7cb8726ea2f59bb1dcf99e8b467f52840f871a3315f2df548c060d49128dd08346b51dcf06d3d1a32af284c4fce1a5
-
SSDEEP
6144:n3C9BRo/AIX2MUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhXjmnwJQyII:n3C9uDnUXoSWlnwJv90aKToFqwfIBm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fcbc119198856c71d92e740275e28890_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fcbc119198856c71d92e740275e28890_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnb.exec:\nnntnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpd.exec:\djjpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrfrrl.exec:\rrrfrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnthb.exec:\nnnthb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhntb.exec:\9nhntb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxllx.exec:\lfxxllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnth.exec:\tthnth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjv.exec:\jdvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrfr.exec:\lfxfrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxfll.exec:\flrxfll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtbt.exec:\nhhtbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllxfr.exec:\9rllxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfxf.exec:\llxrfxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnntt.exec:\7hnntt.exe17⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe18⤵
- Executes dropped EXE
-
\??\c:\rlflrlr.exec:\rlflrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\tbtbhh.exec:\tbtbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\7jvdd.exec:\7jvdd.exe22⤵
- Executes dropped EXE
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe24⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe27⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\7lflrlr.exec:\7lflrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\5htthb.exec:\5htthb.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\3vdjv.exec:\3vdjv.exe33⤵
- Executes dropped EXE
-
\??\c:\rlflrfr.exec:\rlflrfr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe35⤵
- Executes dropped EXE
-
\??\c:\5nbhtb.exec:\5nbhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\ffrfflr.exec:\ffrfflr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe39⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\1dpjp.exec:\1dpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlflrf.exec:\xrlflrf.exe42⤵
- Executes dropped EXE
-
\??\c:\tbbnnh.exec:\tbbnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe44⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\frflrll.exec:\frflrll.exe46⤵
- Executes dropped EXE
-
\??\c:\rrxffrf.exec:\rrxffrf.exe47⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe48⤵
- Executes dropped EXE
-
\??\c:\7jdvd.exec:\7jdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe51⤵
- Executes dropped EXE
-
\??\c:\1thnbh.exec:\1thnbh.exe52⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe53⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\3rlxlxl.exec:\3rlxlxl.exe55⤵
- Executes dropped EXE
-
\??\c:\3xllllr.exec:\3xllllr.exe56⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe59⤵
- Executes dropped EXE
-
\??\c:\xlxxfxl.exec:\xlxxfxl.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlfrfr.exec:\rxlfrfr.exe61⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\9pddd.exec:\9pddd.exe63⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe64⤵
- Executes dropped EXE
-
\??\c:\1lfllfr.exec:\1lfllfr.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe66⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe67⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe68⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe69⤵
-
\??\c:\fxfflrr.exec:\fxfflrr.exe70⤵
-
\??\c:\frfffxx.exec:\frfffxx.exe71⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe72⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe73⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe74⤵
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe75⤵
-
\??\c:\rlxxlfl.exec:\rlxxlfl.exe76⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe77⤵
-
\??\c:\thnbhh.exec:\thnbhh.exe78⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe79⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe80⤵
-
\??\c:\rfrfllr.exec:\rfrfllr.exe81⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe82⤵
-
\??\c:\thtbtn.exec:\thtbtn.exe83⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe84⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe85⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe86⤵
-
\??\c:\lrrlrlf.exec:\lrrlrlf.exe87⤵
-
\??\c:\1bthbh.exec:\1bthbh.exe88⤵
-
\??\c:\ttnhnt.exec:\ttnhnt.exe89⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe90⤵
-
\??\c:\pppvd.exec:\pppvd.exe91⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe92⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe93⤵
-
\??\c:\7ttnhn.exec:\7ttnhn.exe94⤵
-
\??\c:\dddjv.exec:\dddjv.exe95⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe96⤵
-
\??\c:\llflrfx.exec:\llflrfx.exe97⤵
-
\??\c:\fffrffr.exec:\fffrffr.exe98⤵
-
\??\c:\bbntth.exec:\bbntth.exe99⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe100⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe101⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe102⤵
-
\??\c:\rrlrlrl.exec:\rrlrlrl.exe103⤵
-
\??\c:\rrxfrfr.exec:\rrxfrfr.exe104⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe105⤵
-
\??\c:\5nhbhn.exec:\5nhbhn.exe106⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe107⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe108⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe109⤵
-
\??\c:\7lxxrrf.exec:\7lxxrrf.exe110⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe111⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe112⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe113⤵
-
\??\c:\lfllxxf.exec:\lfllxxf.exe114⤵
-
\??\c:\frfflrf.exec:\frfflrf.exe115⤵
-
\??\c:\7tbhhn.exec:\7tbhhn.exe116⤵
-
\??\c:\bttthn.exec:\bttthn.exe117⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe118⤵
-
\??\c:\dvppv.exec:\dvppv.exe119⤵
-
\??\c:\lrffllr.exec:\lrffllr.exe120⤵
-
\??\c:\lrfflrx.exec:\lrfflrx.exe121⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe122⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe123⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe124⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe125⤵
-
\??\c:\7xlxrfx.exec:\7xlxrfx.exe126⤵
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe127⤵
-
\??\c:\7ttttb.exec:\7ttttb.exe128⤵
-
\??\c:\nbtthb.exec:\nbtthb.exe129⤵
-
\??\c:\dpddj.exec:\dpddj.exe130⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe131⤵
-
\??\c:\5xrlrrx.exec:\5xrlrrx.exe132⤵
-
\??\c:\fxfxllr.exec:\fxfxllr.exe133⤵
-
\??\c:\bnbtht.exec:\bnbtht.exe134⤵
-
\??\c:\btbthh.exec:\btbthh.exe135⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe136⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe137⤵
-
\??\c:\llflrrf.exec:\llflrrf.exe138⤵
-
\??\c:\frffrxx.exec:\frffrxx.exe139⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe140⤵
-
\??\c:\nnthhh.exec:\nnthhh.exe141⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe142⤵
-
\??\c:\9vjpj.exec:\9vjpj.exe143⤵
-
\??\c:\5lfxllx.exec:\5lfxllx.exe144⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe145⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe146⤵
-
\??\c:\5jppv.exec:\5jppv.exe147⤵
-
\??\c:\pjppv.exec:\pjppv.exe148⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe149⤵
-
\??\c:\1rfflxx.exec:\1rfflxx.exe150⤵
-
\??\c:\5ntbbh.exec:\5ntbbh.exe151⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe152⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe153⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe154⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe155⤵
-
\??\c:\frlflrr.exec:\frlflrr.exe156⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe157⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe158⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe159⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe160⤵
-
\??\c:\1frrllr.exec:\1frrllr.exe161⤵
-
\??\c:\3xxxfll.exec:\3xxxfll.exe162⤵
-
\??\c:\7bnntn.exec:\7bnntn.exe163⤵
-
\??\c:\ttbbnb.exec:\ttbbnb.exe164⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe165⤵
-
\??\c:\djvvj.exec:\djvvj.exe166⤵
-
\??\c:\9rllffl.exec:\9rllffl.exe167⤵
-
\??\c:\9xrffff.exec:\9xrffff.exe168⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe169⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe170⤵
-
\??\c:\jjddp.exec:\jjddp.exe171⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe172⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe173⤵
-
\??\c:\3lrrxxx.exec:\3lrrxxx.exe174⤵
-
\??\c:\nthttb.exec:\nthttb.exe175⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe176⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe177⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe178⤵
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe179⤵
-
\??\c:\fxfxlrx.exec:\fxfxlrx.exe180⤵
-
\??\c:\9thbnn.exec:\9thbnn.exe181⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe182⤵
-
\??\c:\rlllxrx.exec:\rlllxrx.exe183⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe184⤵
-
\??\c:\7bnttt.exec:\7bnttt.exe185⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe186⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe187⤵
-
\??\c:\9pvvd.exec:\9pvvd.exe188⤵
-
\??\c:\xllfxrx.exec:\xllfxrx.exe189⤵
-
\??\c:\7xrxllx.exec:\7xrxllx.exe190⤵
-
\??\c:\nhhbnt.exec:\nhhbnt.exe191⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe192⤵
-
\??\c:\djjvj.exec:\djjvj.exe193⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe194⤵
-
\??\c:\3llfrfl.exec:\3llfrfl.exe195⤵
-
\??\c:\5lrfrxr.exec:\5lrfrxr.exe196⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe197⤵
-
\??\c:\thhhnn.exec:\thhhnn.exe198⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe199⤵
-
\??\c:\3pddd.exec:\3pddd.exe200⤵
-
\??\c:\1pvdd.exec:\1pvdd.exe201⤵
-
\??\c:\1rfflff.exec:\1rfflff.exe202⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe203⤵
-
\??\c:\hnhhhb.exec:\hnhhhb.exe204⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe205⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe206⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe207⤵
-
\??\c:\xlxrxxx.exec:\xlxrxxx.exe208⤵
-
\??\c:\bhhnht.exec:\bhhnht.exe209⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe210⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe211⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe212⤵
-
\??\c:\jvppp.exec:\jvppp.exe213⤵
-
\??\c:\xfxrxlx.exec:\xfxrxlx.exe214⤵
-
\??\c:\1nbhhh.exec:\1nbhhh.exe215⤵
-
\??\c:\3hhhhb.exec:\3hhhhb.exe216⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe217⤵
-
\??\c:\djdvj.exec:\djdvj.exe218⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe219⤵
-
\??\c:\frxffff.exec:\frxffff.exe220⤵
-
\??\c:\1flfllr.exec:\1flfllr.exe221⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe222⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe223⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe224⤵
-
\??\c:\5vvjj.exec:\5vvjj.exe225⤵
-
\??\c:\jdppv.exec:\jdppv.exe226⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe227⤵
-
\??\c:\rlrfrxl.exec:\rlrfrxl.exe228⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe229⤵
-
\??\c:\7bntbb.exec:\7bntbb.exe230⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe231⤵
-
\??\c:\9vvdd.exec:\9vvdd.exe232⤵
-
\??\c:\xxrfxrx.exec:\xxrfxrx.exe233⤵
-
\??\c:\3lxfrfx.exec:\3lxfrfx.exe234⤵
-
\??\c:\5lxllll.exec:\5lxllll.exe235⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe236⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe237⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe238⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe239⤵
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe240⤵
-
\??\c:\lfrrlrf.exec:\lfrrlrf.exe241⤵