Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
19-05-2024 17:16
General
-
Target
fe86339a4a5a645e31d45969b1dcd850_NeikiAnalytics.exe
-
Size
81KB
-
MD5
fe86339a4a5a645e31d45969b1dcd850
-
SHA1
976e9a17b5fbfe2bddff2949479f9ef754666f35
-
SHA256
34f832e56750b865bb7de766161852357fbe9d39f223240ebe7c59897be8ab8f
-
SHA512
e3e0c9bc886958d2582e0992661170c9285237b2df8127dfd464a87d4c0c8c3d24b1c8ee09e6298967a122ba83acddce51ad0257a217a6964724ccb45f6f0d78
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8njZ:ymb3NkkiQ3mdBjFo7LAIbT6jZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe86339a4a5a645e31d45969b1dcd850_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fe86339a4a5a645e31d45969b1dcd850_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7nthht.exec:\7nthht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxxf.exec:\xrxfxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhnh.exec:\hthhnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpj.exec:\7pvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxxrr.exec:\xxrxxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhth.exec:\tbnhth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrfrl.exec:\3lxrfrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xflrfx.exec:\5xflrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbntn.exec:\ntbntn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrflx.exec:\3xrrflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrlx.exec:\llfxrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnbb.exec:\bhnnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvvj.exec:\5pvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffrx.exec:\fxlffrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thntn.exec:\5thntn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjj.exec:\1jpjj.exe17⤵
- Executes dropped EXE
-
\??\c:\flxlxrx.exec:\flxlxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\1hbnhn.exec:\1hbnhn.exe19⤵
- Executes dropped EXE
-
\??\c:\5vpvd.exec:\5vpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe21⤵
- Executes dropped EXE
-
\??\c:\7fxxfrf.exec:\7fxxfrf.exe22⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe23⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe24⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe25⤵
- Executes dropped EXE
-
\??\c:\lxlrlxx.exec:\lxlrlxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\rlflffl.exec:\rlflffl.exe33⤵
- Executes dropped EXE
-
\??\c:\lrlxxrr.exec:\lrlxxrr.exe34⤵
- Executes dropped EXE
-
\??\c:\ttttht.exec:\ttttht.exe35⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrrrrx.exec:\rxrrrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\lrlffxr.exec:\lrlffxr.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbnht.exec:\hhbnht.exe39⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\5lxxlrx.exec:\5lxxlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\frlrfxf.exec:\frlrfxf.exe42⤵
- Executes dropped EXE
-
\??\c:\9hnnbn.exec:\9hnnbn.exe43⤵
- Executes dropped EXE
-
\??\c:\5vvjd.exec:\5vvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\5fxrflx.exec:\5fxrflx.exe46⤵
- Executes dropped EXE
-
\??\c:\llllfrf.exec:\llllfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\5dvjp.exec:\5dvjp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe51⤵
- Executes dropped EXE
-
\??\c:\lrxrxxr.exec:\lrxrxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\llxfrxl.exec:\llxfrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\llllrrx.exec:\llllrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\7ttbnt.exec:\7ttbnt.exe58⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvdp.exec:\dpvdp.exe60⤵
- Executes dropped EXE
-
\??\c:\1ffrffr.exec:\1ffrffr.exe61⤵
- Executes dropped EXE
-
\??\c:\5bthth.exec:\5bthth.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe64⤵
- Executes dropped EXE
-
\??\c:\rxlllff.exec:\rxlllff.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxxxff.exec:\fxxxxff.exe66⤵
-
\??\c:\thtnnb.exec:\thtnnb.exe67⤵
-
\??\c:\7vvdj.exec:\7vvdj.exe68⤵
-
\??\c:\3vddv.exec:\3vddv.exe69⤵
-
\??\c:\flrlrlf.exec:\flrlrlf.exe70⤵
-
\??\c:\1hbhtb.exec:\1hbhtb.exe71⤵
-
\??\c:\bbhtth.exec:\bbhtth.exe72⤵
-
\??\c:\1ppvd.exec:\1ppvd.exe73⤵
-
\??\c:\xlrxfrf.exec:\xlrxfrf.exe74⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe75⤵
-
\??\c:\bnttbn.exec:\bnttbn.exe76⤵
-
\??\c:\jjppv.exec:\jjppv.exe77⤵
-
\??\c:\9rlxlxr.exec:\9rlxlxr.exe78⤵
-
\??\c:\rlxlfxx.exec:\rlxlfxx.exe79⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe80⤵
-
\??\c:\djvjv.exec:\djvjv.exe81⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe82⤵
-
\??\c:\1xrffxr.exec:\1xrffxr.exe83⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe84⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe85⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe86⤵
-
\??\c:\3xffrff.exec:\3xffrff.exe87⤵
-
\??\c:\fxlrffl.exec:\fxlrffl.exe88⤵
-
\??\c:\bthntt.exec:\bthntt.exe89⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe90⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe91⤵
-
\??\c:\rrlxxfx.exec:\rrlxxfx.exe92⤵
-
\??\c:\flrrrxf.exec:\flrrrxf.exe93⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe94⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe95⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe96⤵
-
\??\c:\xrlxffr.exec:\xrlxffr.exe97⤵
-
\??\c:\ttnhbn.exec:\ttnhbn.exe98⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe99⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe100⤵
-
\??\c:\rrlxrrf.exec:\rrlxrrf.exe101⤵
-
\??\c:\5llxllr.exec:\5llxllr.exe102⤵
-
\??\c:\5hhthh.exec:\5hhthh.exe103⤵
-
\??\c:\7hbhht.exec:\7hbhht.exe104⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe105⤵
-
\??\c:\ppppd.exec:\ppppd.exe106⤵
-
\??\c:\9llxlrx.exec:\9llxlrx.exe107⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe108⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe109⤵
-
\??\c:\7vpvp.exec:\7vpvp.exe110⤵
-
\??\c:\rfrfrfl.exec:\rfrfrfl.exe111⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe112⤵
-
\??\c:\3htnth.exec:\3htnth.exe113⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe114⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe115⤵
-
\??\c:\3ffrlfr.exec:\3ffrlfr.exe116⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe117⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe118⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe119⤵
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe120⤵
-
\??\c:\7xfrxlr.exec:\7xfrxlr.exe121⤵
-
\??\c:\3tbhbt.exec:\3tbhbt.exe122⤵
-
\??\c:\pdppv.exec:\pdppv.exe123⤵
-
\??\c:\xxlflxf.exec:\xxlflxf.exe124⤵
-
\??\c:\xfrrxxl.exec:\xfrrxxl.exe125⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe126⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe127⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe128⤵
-
\??\c:\fxrllxx.exec:\fxrllxx.exe129⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe130⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe131⤵
-
\??\c:\rrxlrfx.exec:\rrxlrfx.exe132⤵
-
\??\c:\tntbnb.exec:\tntbnb.exe133⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe134⤵
-
\??\c:\7djdv.exec:\7djdv.exe135⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe136⤵
-
\??\c:\xfrlflr.exec:\xfrlflr.exe137⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe138⤵
-
\??\c:\7nnthn.exec:\7nnthn.exe139⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe140⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe141⤵
-
\??\c:\xllllrr.exec:\xllllrr.exe142⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe143⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe144⤵
-
\??\c:\djpdv.exec:\djpdv.exe145⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe146⤵
-
\??\c:\xffxllf.exec:\xffxllf.exe147⤵
-
\??\c:\rlrlrxx.exec:\rlrlrxx.exe148⤵
-
\??\c:\7btbth.exec:\7btbth.exe149⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe150⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe151⤵
-
\??\c:\frlrxlr.exec:\frlrxlr.exe152⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe153⤵
-
\??\c:\djdpv.exec:\djdpv.exe154⤵
-
\??\c:\3rrfrrl.exec:\3rrfrrl.exe155⤵
-
\??\c:\llfxrrx.exec:\llfxrrx.exe156⤵
-
\??\c:\nnthtn.exec:\nnthtn.exe157⤵
-
\??\c:\bttttn.exec:\bttttn.exe158⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe159⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe160⤵
-
\??\c:\xrffxxf.exec:\xrffxxf.exe161⤵
-
\??\c:\3rlxflx.exec:\3rlxflx.exe162⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe163⤵
-
\??\c:\pjppp.exec:\pjppp.exe164⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe165⤵
-
\??\c:\vpddj.exec:\vpddj.exe166⤵
-
\??\c:\rrllxfr.exec:\rrllxfr.exe167⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe168⤵
-
\??\c:\nhhtht.exec:\nhhtht.exe169⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe170⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe171⤵
-
\??\c:\7vvdj.exec:\7vvdj.exe172⤵
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe173⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe174⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe175⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe176⤵
-
\??\c:\xfxrllx.exec:\xfxrllx.exe177⤵
-
\??\c:\llxfrfr.exec:\llxfrfr.exe178⤵
-
\??\c:\hntnbn.exec:\hntnbn.exe179⤵
-
\??\c:\tbthnb.exec:\tbthnb.exe180⤵
-
\??\c:\7vddv.exec:\7vddv.exe181⤵
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe182⤵
-
\??\c:\nnbhbn.exec:\nnbhbn.exe183⤵
-
\??\c:\htbbth.exec:\htbbth.exe184⤵
-
\??\c:\vppvj.exec:\vppvj.exe185⤵
-
\??\c:\9pdvj.exec:\9pdvj.exe186⤵
-
\??\c:\fxffrrx.exec:\fxffrrx.exe187⤵
-
\??\c:\rrflrfr.exec:\rrflrfr.exe188⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe189⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe190⤵
-
\??\c:\dvddd.exec:\dvddd.exe191⤵
-
\??\c:\rrlxfrr.exec:\rrlxfrr.exe192⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe193⤵
-
\??\c:\7nntnt.exec:\7nntnt.exe194⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe195⤵
-
\??\c:\5vvvd.exec:\5vvvd.exe196⤵
-
\??\c:\lxxlxff.exec:\lxxlxff.exe197⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe198⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe199⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe200⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe201⤵
-
\??\c:\xxlrxlx.exec:\xxlrxlx.exe202⤵
-
\??\c:\rffrflx.exec:\rffrflx.exe203⤵
-
\??\c:\tttbtt.exec:\tttbtt.exe204⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe205⤵
-
\??\c:\9ddjd.exec:\9ddjd.exe206⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe207⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe208⤵
-
\??\c:\thnhnt.exec:\thnhnt.exe209⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe210⤵
-
\??\c:\jvdpv.exec:\jvdpv.exe211⤵
-
\??\c:\fxfllxl.exec:\fxfllxl.exe212⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe213⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe214⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe215⤵
-
\??\c:\7pvpv.exec:\7pvpv.exe216⤵
-
\??\c:\rflrrxr.exec:\rflrrxr.exe217⤵
-
\??\c:\1fflrfr.exec:\1fflrfr.exe218⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe219⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe220⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe221⤵
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe222⤵
-
\??\c:\flfxlxx.exec:\flfxlxx.exe223⤵
-
\??\c:\7tthnt.exec:\7tthnt.exe224⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe225⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe226⤵
-
\??\c:\lxrxrxx.exec:\lxrxrxx.exe227⤵
-
\??\c:\7lfxfrr.exec:\7lfxfrr.exe228⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe229⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe230⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe231⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe232⤵
-
\??\c:\fxlrxfx.exec:\fxlrxfx.exe233⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe234⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe235⤵
-
\??\c:\dddvj.exec:\dddvj.exe236⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe237⤵
-
\??\c:\5lllrrx.exec:\5lllrrx.exe238⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe239⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe240⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe241⤵