Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
19-05-2024 19:03
General
-
Target
1e10e90fc9d132c6122b095d0a05f6b0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
1e10e90fc9d132c6122b095d0a05f6b0
-
SHA1
eeeb35c18a18f25203006f325637222606236319
-
SHA256
21e282b7686b5f3a68476b84a594406417bf73e9f8db6d846ea2c1e98e1da692
-
SHA512
01e30fd2c67326322efd2d637f79c8fa49a80c3bd9be0c643080d8aa0d7f14bb31039333b44faab5553cdda7dca02e763e2b85819586bda6030ba5b51df4c770
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvq:ymb3NkkiQ3mdBjF0yMl9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e10e90fc9d132c6122b095d0a05f6b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1e10e90fc9d132c6122b095d0a05f6b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxff.exec:\fxrfxff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhtb.exec:\7nbhtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflxxl.exec:\llflxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrxf.exec:\rrflrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhbt.exec:\9thhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxfr.exec:\rlxxxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffflrx.exec:\3ffflrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvd.exec:\5jdvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlrx.exec:\llfrlrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnn.exec:\hnbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnthn.exec:\btnthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjvj.exec:\1pjvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrrfx.exec:\flfrrfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxlrxf.exec:\3fxlrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe18⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe19⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\lfxfllr.exec:\lfxfllr.exe21⤵
- Executes dropped EXE
-
\??\c:\fxflxfl.exec:\fxflxfl.exe22⤵
- Executes dropped EXE
-
\??\c:\tttbht.exec:\tttbht.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe26⤵
- Executes dropped EXE
-
\??\c:\bbhhtb.exec:\bbhhtb.exe27⤵
- Executes dropped EXE
-
\??\c:\7bhtbb.exec:\7bhtbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxxlxl.exec:\lfxxlxl.exe31⤵
- Executes dropped EXE
-
\??\c:\bhnntn.exec:\bhnntn.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe33⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe34⤵
- Executes dropped EXE
-
\??\c:\llflrxf.exec:\llflrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\xrfrlfx.exec:\xrfrlfx.exe36⤵
- Executes dropped EXE
-
\??\c:\7bntbb.exec:\7bntbb.exe37⤵
- Executes dropped EXE
-
\??\c:\hnhnhh.exec:\hnhnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\3jdjd.exec:\3jdjd.exe39⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe40⤵
- Executes dropped EXE
-
\??\c:\xrlfllr.exec:\xrlfllr.exe41⤵
- Executes dropped EXE
-
\??\c:\ttnttb.exec:\ttnttb.exe42⤵
- Executes dropped EXE
-
\??\c:\nhtnbh.exec:\nhtnbh.exe43⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe45⤵
- Executes dropped EXE
-
\??\c:\9xrxffl.exec:\9xrxffl.exe46⤵
- Executes dropped EXE
-
\??\c:\lxlxflf.exec:\lxlxflf.exe47⤵
- Executes dropped EXE
-
\??\c:\3btnth.exec:\3btnth.exe48⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrrflr.exec:\rlrrflr.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe52⤵
- Executes dropped EXE
-
\??\c:\1bnbhn.exec:\1bnbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\9pjvv.exec:\9pjvv.exe55⤵
- Executes dropped EXE
-
\??\c:\rxrxfrr.exec:\rxrxfrr.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\7fxxflx.exec:\7fxxflx.exe58⤵
- Executes dropped EXE
-
\??\c:\9btbnh.exec:\9btbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\7vpvj.exec:\7vpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlflrf.exec:\xxlflrf.exe63⤵
- Executes dropped EXE
-
\??\c:\9tnntt.exec:\9tnntt.exe64⤵
- Executes dropped EXE
-
\??\c:\tthbhb.exec:\tthbhb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe66⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe67⤵
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe68⤵
-
\??\c:\rrllxfl.exec:\rrllxfl.exe69⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe70⤵
-
\??\c:\vvddp.exec:\vvddp.exe71⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe72⤵
-
\??\c:\frrlxff.exec:\frrlxff.exe73⤵
-
\??\c:\xxlrfrf.exec:\xxlrfrf.exe74⤵
-
\??\c:\bttthb.exec:\bttthb.exe75⤵
-
\??\c:\tntthh.exec:\tntthh.exe76⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe77⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe78⤵
-
\??\c:\xrxxlfr.exec:\xrxxlfr.exe79⤵
-
\??\c:\7flrxfr.exec:\7flrxfr.exe80⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe81⤵
-
\??\c:\bnttht.exec:\bnttht.exe82⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe83⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe84⤵
-
\??\c:\xxrfrrf.exec:\xxrfrrf.exe85⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe86⤵
-
\??\c:\9nhnbh.exec:\9nhnbh.exe87⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe88⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe89⤵
-
\??\c:\1xrfrlf.exec:\1xrfrlf.exe90⤵
-
\??\c:\rrxrflr.exec:\rrxrflr.exe91⤵
-
\??\c:\9hbntt.exec:\9hbntt.exe92⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe93⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe94⤵
-
\??\c:\lrxlflf.exec:\lrxlflf.exe95⤵
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe96⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe97⤵
-
\??\c:\9nbtnn.exec:\9nbtnn.exe98⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe99⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe100⤵
-
\??\c:\5lrlxfl.exec:\5lrlxfl.exe101⤵
-
\??\c:\ffxxllr.exec:\ffxxllr.exe102⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe103⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe104⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe105⤵
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe106⤵
-
\??\c:\lffxlrr.exec:\lffxlrr.exe107⤵
-
\??\c:\tbthtt.exec:\tbthtt.exe108⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe109⤵
-
\??\c:\vjppd.exec:\vjppd.exe110⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe111⤵
-
\??\c:\fxrfllx.exec:\fxrfllx.exe112⤵
-
\??\c:\lfrflxf.exec:\lfrflxf.exe113⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe114⤵
-
\??\c:\tbnbhh.exec:\tbnbhh.exe115⤵
-
\??\c:\7vddp.exec:\7vddp.exe116⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe117⤵
-
\??\c:\rxffrlr.exec:\rxffrlr.exe118⤵
-
\??\c:\1xfrlrx.exec:\1xfrlrx.exe119⤵
-
\??\c:\3nbntn.exec:\3nbntn.exe120⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe121⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe122⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe123⤵
-
\??\c:\rrxfrxr.exec:\rrxfrxr.exe124⤵
-
\??\c:\lfrxrrl.exec:\lfrxrrl.exe125⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe126⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe127⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe128⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe129⤵
-
\??\c:\9xrxflr.exec:\9xrxflr.exe130⤵
-
\??\c:\xrrlrrr.exec:\xrrlrrr.exe131⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe132⤵
-
\??\c:\thttbn.exec:\thttbn.exe133⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe134⤵
-
\??\c:\vvddj.exec:\vvddj.exe135⤵
-
\??\c:\9rxxflx.exec:\9rxxflx.exe136⤵
-
\??\c:\rlfrlxr.exec:\rlfrlxr.exe137⤵
-
\??\c:\9hhnnn.exec:\9hhnnn.exe138⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe139⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe140⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe141⤵
-
\??\c:\jdppd.exec:\jdppd.exe142⤵
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe143⤵
-
\??\c:\hnbnth.exec:\hnbnth.exe144⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe145⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe146⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe147⤵
-
\??\c:\7rrxllf.exec:\7rrxllf.exe148⤵
-
\??\c:\9xrrxrr.exec:\9xrrxrr.exe149⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe150⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe151⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe152⤵
-
\??\c:\3vppv.exec:\3vppv.exe153⤵
-
\??\c:\lfxfflx.exec:\lfxfflx.exe154⤵
-
\??\c:\9xxrxxl.exec:\9xxrxxl.exe155⤵
-
\??\c:\1btbtt.exec:\1btbtt.exe156⤵
-
\??\c:\hhbtbn.exec:\hhbtbn.exe157⤵
-
\??\c:\bbthth.exec:\bbthth.exe158⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe159⤵
-
\??\c:\pjppd.exec:\pjppd.exe160⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe161⤵
-
\??\c:\bbhnbb.exec:\bbhnbb.exe162⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe163⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe164⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe165⤵
-
\??\c:\xrxlrxl.exec:\xrxlrxl.exe166⤵
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe167⤵
-
\??\c:\lfxxlfr.exec:\lfxxlfr.exe168⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe169⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe170⤵
-
\??\c:\dvddv.exec:\dvddv.exe171⤵
-
\??\c:\9xlrxfl.exec:\9xlrxfl.exe172⤵
-
\??\c:\llxfrxr.exec:\llxfrxr.exe173⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe174⤵
-
\??\c:\9ntnnn.exec:\9ntnnn.exe175⤵
-
\??\c:\3pdpp.exec:\3pdpp.exe176⤵
-
\??\c:\djvvd.exec:\djvvd.exe177⤵
-
\??\c:\rxllrrf.exec:\rxllrrf.exe178⤵
-
\??\c:\5xlxflx.exec:\5xlxflx.exe179⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe180⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe181⤵
-
\??\c:\9bthnn.exec:\9bthnn.exe182⤵
-
\??\c:\9djjv.exec:\9djjv.exe183⤵
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe184⤵
-
\??\c:\llxfffl.exec:\llxfffl.exe185⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe186⤵
-
\??\c:\5thnbh.exec:\5thnbh.exe187⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe188⤵
-
\??\c:\dvddj.exec:\dvddj.exe189⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe190⤵
-
\??\c:\ffxlrrr.exec:\ffxlrrr.exe191⤵
-
\??\c:\rrflxxl.exec:\rrflxxl.exe192⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe193⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe194⤵
-
\??\c:\ttbhnb.exec:\ttbhnb.exe195⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe196⤵
-
\??\c:\ffxflrr.exec:\ffxflrr.exe197⤵
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe198⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe199⤵
-
\??\c:\rrrfflx.exec:\rrrfflx.exe200⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe201⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe202⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe203⤵
-
\??\c:\vvppd.exec:\vvppd.exe204⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe205⤵
-
\??\c:\xrfxxlr.exec:\xrfxxlr.exe206⤵
-
\??\c:\7lflrrf.exec:\7lflrrf.exe207⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe208⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe209⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe210⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe211⤵
-
\??\c:\lllffxf.exec:\lllffxf.exe212⤵
-
\??\c:\1rrlxff.exec:\1rrlxff.exe213⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe214⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe215⤵
-
\??\c:\ththhn.exec:\ththhn.exe216⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe217⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe218⤵
-
\??\c:\xxxfllr.exec:\xxxfllr.exe219⤵
-
\??\c:\xxlfrxf.exec:\xxlfrxf.exe220⤵
-
\??\c:\3nbhtt.exec:\3nbhtt.exe221⤵
-
\??\c:\hthntb.exec:\hthntb.exe222⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe223⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe224⤵
-
\??\c:\5fxxrxr.exec:\5fxxrxr.exe225⤵
-
\??\c:\rrlrlrf.exec:\rrlrlrf.exe226⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe227⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe228⤵
-
\??\c:\9tnnhh.exec:\9tnnhh.exe229⤵
-
\??\c:\vpddv.exec:\vpddv.exe230⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe231⤵
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe232⤵
-
\??\c:\llrlrrx.exec:\llrlrrx.exe233⤵
-
\??\c:\nhtbnb.exec:\nhtbnb.exe234⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe235⤵
-
\??\c:\1pjjv.exec:\1pjjv.exe236⤵
-
\??\c:\vpppv.exec:\vpppv.exe237⤵
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe238⤵
-
\??\c:\3rrrrxf.exec:\3rrrrxf.exe239⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe240⤵
-
\??\c:\djvvj.exec:\djvvj.exe241⤵