Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 17:20
General
-
Target
ff88982d0f9494ca5f821811c8d342e0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
ff88982d0f9494ca5f821811c8d342e0
-
SHA1
8d30de1b04b92dd19ccdcb4697cd492b08cbfedd
-
SHA256
2d2575e63a4bd45de05aeccea8c58b92079dee2c33c7ff59eb50e14a58780cb0
-
SHA512
8e77573cd3b5d01bcb6307822175373980a487e8f803b700ecc40e0f010fab023c538c4e091e252182b1522deaace92ebcf36d0d04d7f9269f06e5f9b16ffa5d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrAg:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ff88982d0f9494ca5f821811c8d342e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ff88982d0f9494ca5f821811c8d342e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlflll.exec:\7rlflll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnn.exec:\nnhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddd.exec:\dpddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxffl.exec:\rlxxffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhh.exec:\thnhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfflr.exec:\lfrfflr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntt.exec:\tnhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjj.exec:\9jjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxrrf.exec:\5lxxrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxfrrf.exec:\9fxfrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbn.exec:\nhntbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djjp.exec:\5djjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flllll.exec:\5flllll.exe17⤵
- Executes dropped EXE
-
\??\c:\5frfflr.exec:\5frfflr.exe18⤵
- Executes dropped EXE
-
\??\c:\rlrxfxf.exec:\rlrxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\bttbth.exec:\bttbth.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe21⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe22⤵
- Executes dropped EXE
-
\??\c:\9xrrxxf.exec:\9xrrxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\9xlrfxf.exec:\9xlrfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe26⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe27⤵
- Executes dropped EXE
-
\??\c:\9lllxrx.exec:\9lllxrx.exe28⤵
- Executes dropped EXE
-
\??\c:\1bhnnb.exec:\1bhnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe30⤵
- Executes dropped EXE
-
\??\c:\9rllrrx.exec:\9rllrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\xffxfxf.exec:\xffxfxf.exe32⤵
- Executes dropped EXE
-
\??\c:\5thbbb.exec:\5thbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe34⤵
- Executes dropped EXE
-
\??\c:\9pjdd.exec:\9pjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\rfrrlll.exec:\rfrrlll.exe37⤵
- Executes dropped EXE
-
\??\c:\9rlffxf.exec:\9rlffxf.exe38⤵
- Executes dropped EXE
-
\??\c:\thnnhn.exec:\thnnhn.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnhnh.exec:\nbnhnh.exe40⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxfxxx.exec:\lfxfxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\9rlrfxf.exec:\9rlrfxf.exe44⤵
- Executes dropped EXE
-
\??\c:\1nhntt.exec:\1nhntt.exe45⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\3fflffl.exec:\3fflffl.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfflff.exec:\fxfflff.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe51⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe53⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxxffl.exec:\xlxxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\9fxfffl.exec:\9fxfffl.exe56⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe57⤵
- Executes dropped EXE
-
\??\c:\bhbhht.exec:\bhbhht.exe58⤵
- Executes dropped EXE
-
\??\c:\1bthnt.exec:\1bthnt.exe59⤵
- Executes dropped EXE
-
\??\c:\5pddv.exec:\5pddv.exe60⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe61⤵
- Executes dropped EXE
-
\??\c:\7fxrrrx.exec:\7fxrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\frxrrll.exec:\frxrrll.exe63⤵
- Executes dropped EXE
-
\??\c:\xllffff.exec:\xllffff.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbhnb.exec:\tnbhnb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe66⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe67⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe68⤵
-
\??\c:\lflfflr.exec:\lflfflr.exe69⤵
-
\??\c:\3lffrrl.exec:\3lffrrl.exe70⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe71⤵
-
\??\c:\1tnhbn.exec:\1tnhbn.exe72⤵
-
\??\c:\vpppp.exec:\vpppp.exe73⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe74⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe75⤵
-
\??\c:\1rfrrll.exec:\1rfrrll.exe76⤵
-
\??\c:\rllffxf.exec:\rllffxf.exe77⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe78⤵
-
\??\c:\nhnbhb.exec:\nhnbhb.exe79⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe80⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe81⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe82⤵
-
\??\c:\7frxxrx.exec:\7frxxrx.exe83⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe84⤵
-
\??\c:\ttbnbh.exec:\ttbnbh.exe85⤵
-
\??\c:\thbttb.exec:\thbttb.exe86⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe87⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe88⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe89⤵
-
\??\c:\ffrxffx.exec:\ffrxffx.exe90⤵
-
\??\c:\rfrflrr.exec:\rfrflrr.exe91⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe92⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe93⤵
-
\??\c:\3vddd.exec:\3vddd.exe94⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe95⤵
-
\??\c:\xllllrx.exec:\xllllrx.exe96⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe97⤵
-
\??\c:\xxlxflx.exec:\xxlxflx.exe98⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe99⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe100⤵
-
\??\c:\7rfflll.exec:\7rfflll.exe101⤵
-
\??\c:\5nhhtt.exec:\5nhhtt.exe102⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe103⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe104⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe105⤵
-
\??\c:\9dddj.exec:\9dddj.exe106⤵
-
\??\c:\9fxlrxl.exec:\9fxlrxl.exe107⤵
-
\??\c:\rfxxfll.exec:\rfxxfll.exe108⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe109⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe110⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe111⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe112⤵
-
\??\c:\9lrfllr.exec:\9lrfllr.exe113⤵
-
\??\c:\lxffrfr.exec:\lxffrfr.exe114⤵
-
\??\c:\bthntt.exec:\bthntt.exe115⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe116⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe117⤵
-
\??\c:\xlrrxrx.exec:\xlrrxrx.exe118⤵
-
\??\c:\xrxrrlr.exec:\xrxrrlr.exe119⤵
-
\??\c:\nhtttn.exec:\nhtttn.exe120⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe121⤵
-
\??\c:\vdddj.exec:\vdddj.exe122⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe123⤵
-
\??\c:\7rllfxx.exec:\7rllfxx.exe124⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe125⤵
-
\??\c:\xlfxxlx.exec:\xlfxxlx.exe126⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe127⤵
-
\??\c:\5tnhhn.exec:\5tnhhn.exe128⤵
-
\??\c:\pjddp.exec:\pjddp.exe129⤵
-
\??\c:\vdppp.exec:\vdppp.exe130⤵
-
\??\c:\lxxxrlf.exec:\lxxxrlf.exe131⤵
-
\??\c:\5lrrxxl.exec:\5lrrxxl.exe132⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe133⤵
-
\??\c:\nbntth.exec:\nbntth.exe134⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe135⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe136⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe137⤵
-
\??\c:\rfflfxx.exec:\rfflfxx.exe138⤵
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe139⤵
-
\??\c:\tbbbth.exec:\tbbbth.exe140⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe141⤵
-
\??\c:\vjppp.exec:\vjppp.exe142⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe143⤵
-
\??\c:\3lffxxl.exec:\3lffxxl.exe144⤵
-
\??\c:\5rffrrf.exec:\5rffrrf.exe145⤵
-
\??\c:\hthntb.exec:\hthntb.exe146⤵
-
\??\c:\9thttn.exec:\9thttn.exe147⤵
-
\??\c:\5bbnbb.exec:\5bbnbb.exe148⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe149⤵
-
\??\c:\rflllfx.exec:\rflllfx.exe150⤵
-
\??\c:\5rxxfff.exec:\5rxxfff.exe151⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe152⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe153⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe154⤵
-
\??\c:\1djdd.exec:\1djdd.exe155⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe156⤵
-
\??\c:\1lxrrrr.exec:\1lxrrrr.exe157⤵
-
\??\c:\flfxrlf.exec:\flfxrlf.exe158⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe159⤵
-
\??\c:\thhbhh.exec:\thhbhh.exe160⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe161⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe162⤵
-
\??\c:\1xfxxxl.exec:\1xfxxxl.exe163⤵
-
\??\c:\1xlllll.exec:\1xlllll.exe164⤵
-
\??\c:\9btbnn.exec:\9btbnn.exe165⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe166⤵
-
\??\c:\ddppd.exec:\ddppd.exe167⤵
-
\??\c:\xlxrllr.exec:\xlxrllr.exe168⤵
-
\??\c:\lfllrrr.exec:\lfllrrr.exe169⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe170⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe171⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe172⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe173⤵
-
\??\c:\pddvv.exec:\pddvv.exe174⤵
-
\??\c:\rrxlflx.exec:\rrxlflx.exe175⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe176⤵
-
\??\c:\5nhbbt.exec:\5nhbbt.exe177⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe178⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe179⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe180⤵
-
\??\c:\5rfxrlx.exec:\5rfxrlx.exe181⤵
-
\??\c:\lllxxrf.exec:\lllxxrf.exe182⤵
-
\??\c:\9bhhhn.exec:\9bhhhn.exe183⤵
-
\??\c:\3hhbbt.exec:\3hhbbt.exe184⤵
-
\??\c:\3ppdd.exec:\3ppdd.exe185⤵
-
\??\c:\vppvv.exec:\vppvv.exe186⤵
-
\??\c:\fxllfxx.exec:\fxllfxx.exe187⤵
-
\??\c:\7rlxxrl.exec:\7rlxxrl.exe188⤵
-
\??\c:\thtbnt.exec:\thtbnt.exe189⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe190⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe191⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe192⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe193⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe194⤵
-
\??\c:\thntnt.exec:\thntnt.exe195⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe196⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe197⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe198⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe199⤵
-
\??\c:\frrfllx.exec:\frrfllx.exe200⤵
-
\??\c:\llxxlrf.exec:\llxxlrf.exe201⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe202⤵
-
\??\c:\9htbbt.exec:\9htbbt.exe203⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe204⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe205⤵
-
\??\c:\fxxlrrf.exec:\fxxlrrf.exe206⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe207⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe208⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe209⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe210⤵
-
\??\c:\vpddv.exec:\vpddv.exe211⤵
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe212⤵
-
\??\c:\5rxxxxf.exec:\5rxxxxf.exe213⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe214⤵
-
\??\c:\httbtn.exec:\httbtn.exe215⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe216⤵
-
\??\c:\vjddj.exec:\vjddj.exe217⤵
-
\??\c:\1xxfffl.exec:\1xxfffl.exe218⤵
-
\??\c:\3xrxflx.exec:\3xrxflx.exe219⤵
-
\??\c:\9bnbhh.exec:\9bnbhh.exe220⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe221⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe222⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe223⤵
-
\??\c:\thnttt.exec:\thnttt.exe224⤵
-
\??\c:\9tnntt.exec:\9tnntt.exe225⤵
-
\??\c:\9htnbn.exec:\9htnbn.exe226⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe227⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe228⤵
-
\??\c:\rrffrrf.exec:\rrffrrf.exe229⤵
-
\??\c:\bnbbth.exec:\bnbbth.exe230⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe231⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe232⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe233⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe234⤵
-
\??\c:\xxxfxxl.exec:\xxxfxxl.exe235⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe236⤵
-
\??\c:\ffrrlrr.exec:\ffrrlrr.exe237⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe238⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe239⤵
-
\??\c:\vjppv.exec:\vjppv.exe240⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe241⤵