Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
19-05-2024 17:43
General
-
Target
09c9fbfe87d9137bb06a270c30d328f0_NeikiAnalytics.exe
-
Size
78KB
-
MD5
09c9fbfe87d9137bb06a270c30d328f0
-
SHA1
21d45091f67d923d58da20c0b8dd0315e8437dba
-
SHA256
d314c3dd04d179cd85b33bc53b0348ba09c5334c7b884d25d28fd6dd2ab80d56
-
SHA512
6c968cf95686881f0e884bfab9a7083e754d4d074080a1d7957552d60c6b72eabe264728a3c470061798347ec33463e1877a9970c728c3f980dfb1475da19b1e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcv:ymb3NkkiQ3mdBjFo68YBVIJc9Jtxv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09c9fbfe87d9137bb06a270c30d328f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09c9fbfe87d9137bb06a270c30d328f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbt.exec:\hbnbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbt.exec:\bnttbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddd.exec:\3jddd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfflxf.exec:\xrfflxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbn.exec:\nhttbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbht.exec:\bnbbht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvj.exec:\vjvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvj.exec:\pppvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrllf.exec:\7lrrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxffff.exec:\xrxffff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httthn.exec:\httthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhhb.exec:\thbhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvp.exec:\5vpvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe17⤵
- Executes dropped EXE
-
\??\c:\rlrffrf.exec:\rlrffrf.exe18⤵
- Executes dropped EXE
-
\??\c:\5fllrrx.exec:\5fllrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\7bhhhh.exec:\7bhhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\bntbhh.exec:\bntbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\hhhnht.exec:\hhhnht.exe22⤵
- Executes dropped EXE
-
\??\c:\5vvdv.exec:\5vvdv.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrffxx.exec:\xrrffxx.exe25⤵
- Executes dropped EXE
-
\??\c:\rfllrll.exec:\rfllrll.exe26⤵
- Executes dropped EXE
-
\??\c:\rfrxllr.exec:\rfrxllr.exe27⤵
- Executes dropped EXE
-
\??\c:\1ttbbh.exec:\1ttbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe30⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe31⤵
- Executes dropped EXE
-
\??\c:\rxfllll.exec:\rxfllll.exe32⤵
- Executes dropped EXE
-
\??\c:\5ffxllx.exec:\5ffxllx.exe33⤵
- Executes dropped EXE
-
\??\c:\bthhnh.exec:\bthhnh.exe34⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe35⤵
- Executes dropped EXE
-
\??\c:\7thhbb.exec:\7thhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\pddpj.exec:\pddpj.exe37⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe38⤵
- Executes dropped EXE
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\lflflff.exec:\lflflff.exe40⤵
- Executes dropped EXE
-
\??\c:\5xrlllr.exec:\5xrlllr.exe41⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nbbnht.exec:\nbbnht.exe43⤵
- Executes dropped EXE
-
\??\c:\nhntbt.exec:\nhntbt.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\3pvjj.exec:\3pvjj.exe46⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe47⤵
- Executes dropped EXE
-
\??\c:\frfrlff.exec:\frfrlff.exe48⤵
- Executes dropped EXE
-
\??\c:\frfffff.exec:\frfffff.exe49⤵
- Executes dropped EXE
-
\??\c:\rfffxrr.exec:\rfffxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\1ntnhh.exec:\1ntnhh.exe53⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe54⤵
- Executes dropped EXE
-
\??\c:\9pdjd.exec:\9pdjd.exe55⤵
- Executes dropped EXE
-
\??\c:\5jvvj.exec:\5jvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\7lrffxx.exec:\7lrffxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe59⤵
- Executes dropped EXE
-
\??\c:\3bhhnt.exec:\3bhhnt.exe60⤵
- Executes dropped EXE
-
\??\c:\5hnnnn.exec:\5hnnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\htbnnn.exec:\htbnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe64⤵
- Executes dropped EXE
-
\??\c:\9jpjp.exec:\9jpjp.exe65⤵
- Executes dropped EXE
-
\??\c:\9lxxrrx.exec:\9lxxrrx.exe66⤵
-
\??\c:\lflrxrf.exec:\lflrxrf.exe67⤵
-
\??\c:\7lxrlff.exec:\7lxrlff.exe68⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe69⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe70⤵
-
\??\c:\3bhntt.exec:\3bhntt.exe71⤵
-
\??\c:\5nbnhb.exec:\5nbnhb.exe72⤵
-
\??\c:\3jppj.exec:\3jppj.exe73⤵
-
\??\c:\1djdp.exec:\1djdp.exe74⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe75⤵
-
\??\c:\fxfffxx.exec:\fxfffxx.exe76⤵
-
\??\c:\1lrlrll.exec:\1lrlrll.exe77⤵
-
\??\c:\lfflrll.exec:\lfflrll.exe78⤵
-
\??\c:\xlllrrl.exec:\xlllrrl.exe79⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe80⤵
-
\??\c:\9thhtt.exec:\9thhtt.exe81⤵
-
\??\c:\thtttt.exec:\thtttt.exe82⤵
-
\??\c:\nhnhth.exec:\nhnhth.exe83⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe84⤵
-
\??\c:\pdddv.exec:\pdddv.exe85⤵
-
\??\c:\3pdjd.exec:\3pdjd.exe86⤵
-
\??\c:\djvjd.exec:\djvjd.exe87⤵
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe88⤵
-
\??\c:\xllxxrr.exec:\xllxxrr.exe89⤵
-
\??\c:\lfrfrrx.exec:\lfrfrrx.exe90⤵
-
\??\c:\9lxxlff.exec:\9lxxlff.exe91⤵
-
\??\c:\thtthh.exec:\thtthh.exe92⤵
-
\??\c:\9bnnnh.exec:\9bnnnh.exe93⤵
-
\??\c:\7httth.exec:\7httth.exe94⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe95⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe96⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe97⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe98⤵
-
\??\c:\xlrxfff.exec:\xlrxfff.exe99⤵
-
\??\c:\7xlflxx.exec:\7xlflxx.exe100⤵
-
\??\c:\5rrxxxx.exec:\5rrxxxx.exe101⤵
-
\??\c:\5xlrlff.exec:\5xlrlff.exe102⤵
-
\??\c:\5nbhbb.exec:\5nbhbb.exe103⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe104⤵
-
\??\c:\9hthbt.exec:\9hthbt.exe105⤵
-
\??\c:\3htttn.exec:\3htttn.exe106⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe107⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe108⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe109⤵
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe110⤵
-
\??\c:\frffrlr.exec:\frffrlr.exe111⤵
-
\??\c:\xlllffl.exec:\xlllffl.exe112⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe113⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe114⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe115⤵
-
\??\c:\lxflffx.exec:\lxflffx.exe116⤵
-
\??\c:\frffxrr.exec:\frffxrr.exe117⤵
-
\??\c:\lfrfrrr.exec:\lfrfrrr.exe118⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe119⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe120⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe121⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe122⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe123⤵
-
\??\c:\dvddd.exec:\dvddd.exe124⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe125⤵
-
\??\c:\5rxllfl.exec:\5rxllfl.exe126⤵
-
\??\c:\rflllxl.exec:\rflllxl.exe127⤵
-
\??\c:\3rxlxlx.exec:\3rxlxlx.exe128⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe129⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe130⤵
-
\??\c:\9htnhb.exec:\9htnhb.exe131⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe132⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe133⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe134⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe135⤵
-
\??\c:\xrrrfll.exec:\xrrrfll.exe136⤵
-
\??\c:\5frxrrr.exec:\5frxrrr.exe137⤵
-
\??\c:\5xfffff.exec:\5xfffff.exe138⤵
-
\??\c:\hnhtth.exec:\hnhtth.exe139⤵
-
\??\c:\1nbbnn.exec:\1nbbnn.exe140⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe141⤵
-
\??\c:\jvddd.exec:\jvddd.exe142⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe143⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe144⤵
-
\??\c:\lxffxfr.exec:\lxffxfr.exe145⤵
-
\??\c:\xllffxf.exec:\xllffxf.exe146⤵
-
\??\c:\5htnnn.exec:\5htnnn.exe147⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe148⤵
-
\??\c:\ffrfllr.exec:\ffrfllr.exe149⤵
-
\??\c:\frflflf.exec:\frflflf.exe150⤵
-
\??\c:\5nhtnb.exec:\5nhtnb.exe151⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe152⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe153⤵
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe154⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe155⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe156⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe157⤵
-
\??\c:\9lxfllr.exec:\9lxfllr.exe158⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe159⤵
-
\??\c:\9dppd.exec:\9dppd.exe160⤵
-
\??\c:\rlxrxrl.exec:\rlxrxrl.exe161⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe162⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe163⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe164⤵
-
\??\c:\xflflll.exec:\xflflll.exe165⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe166⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe167⤵
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe168⤵
-
\??\c:\5xlrlrl.exec:\5xlrlrl.exe169⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe170⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe171⤵
-
\??\c:\7rlffrx.exec:\7rlffrx.exe172⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe173⤵
-
\??\c:\dpddv.exec:\dpddv.exe174⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe175⤵
-
\??\c:\frffxfl.exec:\frffxfl.exe176⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe177⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe178⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe179⤵
-
\??\c:\xxllfrl.exec:\xxllfrl.exe180⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe181⤵
-
\??\c:\9hbbbb.exec:\9hbbbb.exe182⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe183⤵
-
\??\c:\1frrlxr.exec:\1frrlxr.exe184⤵
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe185⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe186⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe187⤵
-
\??\c:\7rxxxxx.exec:\7rxxxxx.exe188⤵
-
\??\c:\7xrrxfl.exec:\7xrrxfl.exe189⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe190⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe191⤵
-
\??\c:\7rfxllx.exec:\7rfxllx.exe192⤵
-
\??\c:\bnbnhb.exec:\bnbnhb.exe193⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe194⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe195⤵
-
\??\c:\lfllxxx.exec:\lfllxxx.exe196⤵
-
\??\c:\ffrfrfl.exec:\ffrfrfl.exe197⤵
-
\??\c:\1ntttb.exec:\1ntttb.exe198⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe199⤵
-
\??\c:\1xflffx.exec:\1xflffx.exe200⤵
-
\??\c:\9thnhh.exec:\9thnhh.exe201⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe202⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe203⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe204⤵
-
\??\c:\lxxrlfl.exec:\lxxrlfl.exe205⤵
-
\??\c:\nttttn.exec:\nttttn.exe206⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe207⤵
-
\??\c:\lrrxfxx.exec:\lrrxfxx.exe208⤵
-
\??\c:\3rflrrr.exec:\3rflrrr.exe209⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe210⤵
-
\??\c:\3vdjj.exec:\3vdjj.exe211⤵
-
\??\c:\lrrfxlx.exec:\lrrfxlx.exe212⤵
-
\??\c:\nbhbth.exec:\nbhbth.exe213⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe214⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe215⤵
-
\??\c:\lflxrlr.exec:\lflxrlr.exe216⤵
-
\??\c:\5fffffr.exec:\5fffffr.exe217⤵
-
\??\c:\frlffxf.exec:\frlffxf.exe218⤵
-
\??\c:\5bttnh.exec:\5bttnh.exe219⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe220⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe221⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe222⤵
-
\??\c:\3lrrrll.exec:\3lrrrll.exe223⤵
-
\??\c:\xrfflfl.exec:\xrfflfl.exe224⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe225⤵
-
\??\c:\3nthhh.exec:\3nthhh.exe226⤵
-
\??\c:\pddvd.exec:\pddvd.exe227⤵
-
\??\c:\3xrxlll.exec:\3xrxlll.exe228⤵
-
\??\c:\fxrrlrf.exec:\fxrrlrf.exe229⤵
-
\??\c:\hthnnb.exec:\hthnnb.exe230⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe231⤵
-
\??\c:\7pdvd.exec:\7pdvd.exe232⤵
-
\??\c:\5xrrffr.exec:\5xrrffr.exe233⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe234⤵
-
\??\c:\dpddv.exec:\dpddv.exe235⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe236⤵
-
\??\c:\rrrxlrx.exec:\rrrxlrx.exe237⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe238⤵
-
\??\c:\hbhnbt.exec:\hbhnbt.exe239⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe240⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe241⤵