Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 04:27
General
-
Target
ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe
-
Size
68KB
-
MD5
ac39b289bc71770f5d7242c48f8dbb70
-
SHA1
b4c166e5426a153ba2f93aa86274c62e43915fe7
-
SHA256
1f76c0949280ad24a805d3631e3b521857e992b87218a234862b9e6976298f79
-
SHA512
99fcbcf24c77e66998a2dfdc4212b8d05571df9cf811531608510f2fc51a5954d06c3caccc5baf65cd977cd810f011c29855f80eff3cb651d98524d9f16e2991
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89+b:ymb3NkkiQ3mdBjFIvl358nLA89K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthhb.exec:\hnthhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdpd.exec:\3pdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnb.exec:\ttnbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddp.exec:\5vddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflfxl.exec:\xxflfxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrxf.exec:\fxffrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdpj.exec:\3pdpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlfxl.exec:\xrxlfxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbht.exec:\5tnbht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thnnt.exec:\3thnnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfffxf.exec:\llfffxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhhn.exec:\hhbhhn.exe17⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe19⤵
- Executes dropped EXE
-
\??\c:\xxlrffx.exec:\xxlrffx.exe20⤵
- Executes dropped EXE
-
\??\c:\lxlrrxx.exec:\lxlrrxx.exe21⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe22⤵
- Executes dropped EXE
-
\??\c:\9vvjv.exec:\9vvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\vddpj.exec:\vddpj.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe26⤵
- Executes dropped EXE
-
\??\c:\nttnnn.exec:\nttnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxxffr.exec:\fxxxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\1ntbnt.exec:\1ntbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\btbtnb.exec:\btbtnb.exe31⤵
- Executes dropped EXE
-
\??\c:\7jdjj.exec:\7jdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\5llrfxl.exec:\5llrfxl.exe33⤵
- Executes dropped EXE
-
\??\c:\7bnthb.exec:\7bnthb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtthn.exec:\hbtthn.exe35⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe36⤵
- Executes dropped EXE
-
\??\c:\1pvvd.exec:\1pvvd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxllrxr.exec:\fxllrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhhtn.exec:\nnhhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe41⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe42⤵
- Executes dropped EXE
-
\??\c:\llrrrrf.exec:\llrrrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\1fxxffl.exec:\1fxxffl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe46⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe47⤵
- Executes dropped EXE
-
\??\c:\9rrfrrx.exec:\9rrfrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\lllllrr.exec:\lllllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbtbh.exec:\ntbtbh.exe50⤵
- Executes dropped EXE
-
\??\c:\3bnbhb.exec:\3bnbhb.exe51⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe52⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\rxfrrxl.exec:\rxfrrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\bhntbn.exec:\bhntbn.exe55⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe57⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxxlrx.exec:\xrxxlrx.exe59⤵
- Executes dropped EXE
-
\??\c:\xxfllfl.exec:\xxfllfl.exe60⤵
- Executes dropped EXE
-
\??\c:\tthntn.exec:\tthntn.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxxflx.exec:\ffxxflx.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxlrxf.exec:\fxxlrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\5ththn.exec:\5ththn.exe66⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe67⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe68⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe69⤵
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe70⤵
-
\??\c:\5lfrrrl.exec:\5lfrrrl.exe71⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe72⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe73⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe74⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe75⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe76⤵
-
\??\c:\3fllfrx.exec:\3fllfrx.exe77⤵
-
\??\c:\1tnthn.exec:\1tnthn.exe78⤵
-
\??\c:\1hhntb.exec:\1hhntb.exe79⤵
-
\??\c:\djdpp.exec:\djdpp.exe80⤵
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe81⤵
-
\??\c:\1frxllx.exec:\1frxllx.exe82⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe83⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe84⤵
-
\??\c:\3jpjp.exec:\3jpjp.exe85⤵
-
\??\c:\frxrfff.exec:\frxrfff.exe86⤵
-
\??\c:\lllrlxx.exec:\lllrlxx.exe87⤵
-
\??\c:\htthtt.exec:\htthtt.exe88⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe89⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe90⤵
-
\??\c:\lrxlrlf.exec:\lrxlrlf.exe91⤵
-
\??\c:\xxxfxll.exec:\xxxfxll.exe92⤵
-
\??\c:\hhtbbn.exec:\hhtbbn.exe93⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe94⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe95⤵
-
\??\c:\flffrfl.exec:\flffrfl.exe96⤵
-
\??\c:\tbbnnb.exec:\tbbnnb.exe97⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe98⤵
-
\??\c:\3dppp.exec:\3dppp.exe99⤵
-
\??\c:\llfxxxr.exec:\llfxxxr.exe100⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe101⤵
-
\??\c:\hhbntn.exec:\hhbntn.exe102⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe103⤵
-
\??\c:\9tnbhh.exec:\9tnbhh.exe104⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe105⤵
-
\??\c:\htnhht.exec:\htnhht.exe106⤵
-
\??\c:\nnthhb.exec:\nnthhb.exe107⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe108⤵
-
\??\c:\jdddj.exec:\jdddj.exe109⤵
-
\??\c:\lfrflxr.exec:\lfrflxr.exe110⤵
-
\??\c:\lxrxffr.exec:\lxrxffr.exe111⤵
-
\??\c:\7htbhh.exec:\7htbhh.exe112⤵
-
\??\c:\1bbbnb.exec:\1bbbnb.exe113⤵
-
\??\c:\pjddv.exec:\pjddv.exe114⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe115⤵
-
\??\c:\3fflrxf.exec:\3fflrxf.exe116⤵
-
\??\c:\xlxllxr.exec:\xlxllxr.exe117⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe118⤵
-
\??\c:\btnnnt.exec:\btnnnt.exe119⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe120⤵
-
\??\c:\rffrlrx.exec:\rffrlrx.exe121⤵
-
\??\c:\xrxlrrl.exec:\xrxlrrl.exe122⤵
-
\??\c:\nhbhnb.exec:\nhbhnb.exe123⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe124⤵
-
\??\c:\djvvd.exec:\djvvd.exe125⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe126⤵
-
\??\c:\ffrxxfr.exec:\ffrxxfr.exe127⤵
-
\??\c:\lfrrfxf.exec:\lfrrfxf.exe128⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe129⤵
-
\??\c:\3nhhhn.exec:\3nhhhn.exe130⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe131⤵
-
\??\c:\5jddv.exec:\5jddv.exe132⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe133⤵
-
\??\c:\xllllll.exec:\xllllll.exe134⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe135⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe136⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe137⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe138⤵
-
\??\c:\rrffrrf.exec:\rrffrrf.exe139⤵
-
\??\c:\ffflrxx.exec:\ffflrxx.exe140⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe141⤵
-
\??\c:\btbtht.exec:\btbtht.exe142⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe143⤵
-
\??\c:\9djjj.exec:\9djjj.exe144⤵
-
\??\c:\lflfxrx.exec:\lflfxrx.exe145⤵
-
\??\c:\thbttn.exec:\thbttn.exe146⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe147⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe148⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe149⤵
-
\??\c:\lfrfxrx.exec:\lfrfxrx.exe150⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe151⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe152⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe153⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe154⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe155⤵
-
\??\c:\9rlxlxr.exec:\9rlxlxr.exe156⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe157⤵
-
\??\c:\7djjj.exec:\7djjj.exe158⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe159⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe160⤵
-
\??\c:\frxfxfr.exec:\frxfxfr.exe161⤵
-
\??\c:\1thhhn.exec:\1thhhn.exe162⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe163⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe164⤵
-
\??\c:\pjppp.exec:\pjppp.exe165⤵
-
\??\c:\frlxllx.exec:\frlxllx.exe166⤵
-
\??\c:\hhbbnb.exec:\hhbbnb.exe167⤵
-
\??\c:\7bttnn.exec:\7bttnn.exe168⤵
-
\??\c:\dddjd.exec:\dddjd.exe169⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe170⤵
-
\??\c:\xxflxfr.exec:\xxflxfr.exe171⤵
-
\??\c:\xxfrfrl.exec:\xxfrfrl.exe172⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe173⤵
-
\??\c:\1djjd.exec:\1djjd.exe174⤵
-
\??\c:\9dvdv.exec:\9dvdv.exe175⤵
-
\??\c:\7rlflxl.exec:\7rlflxl.exe176⤵
-
\??\c:\frxflfl.exec:\frxflfl.exe177⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe178⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe179⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe180⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe181⤵
-
\??\c:\3lfllfr.exec:\3lfllfr.exe182⤵
-
\??\c:\lxlxrxx.exec:\lxlxrxx.exe183⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe184⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe185⤵
-
\??\c:\fxlllxx.exec:\fxlllxx.exe186⤵
-
\??\c:\lxfffxr.exec:\lxfffxr.exe187⤵
-
\??\c:\hhtbnb.exec:\hhtbnb.exe188⤵
-
\??\c:\tttntb.exec:\tttntb.exe189⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe190⤵
-
\??\c:\dppjd.exec:\dppjd.exe191⤵
-
\??\c:\1rxxrxf.exec:\1rxxrxf.exe192⤵
-
\??\c:\fxffrrf.exec:\fxffrrf.exe193⤵
-
\??\c:\fxxfrrx.exec:\fxxfrrx.exe194⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe195⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe196⤵
-
\??\c:\jdppp.exec:\jdppp.exe197⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe198⤵
-
\??\c:\xlxlxxf.exec:\xlxlxxf.exe199⤵
-
\??\c:\xlrfxff.exec:\xlrfxff.exe200⤵
-
\??\c:\1nbbnt.exec:\1nbbnt.exe201⤵
-
\??\c:\1hbbht.exec:\1hbbht.exe202⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe203⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe204⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe205⤵
-
\??\c:\xrflrxr.exec:\xrflrxr.exe206⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe207⤵
-
\??\c:\hhhntn.exec:\hhhntn.exe208⤵
-
\??\c:\9pvjp.exec:\9pvjp.exe209⤵
-
\??\c:\djjjj.exec:\djjjj.exe210⤵
-
\??\c:\fflllll.exec:\fflllll.exe211⤵
-
\??\c:\1xxlxfr.exec:\1xxlxfr.exe212⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe213⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe214⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe215⤵
-
\??\c:\5flrxfl.exec:\5flrxfl.exe216⤵
-
\??\c:\lllfrlx.exec:\lllfrlx.exe217⤵
-
\??\c:\3hntbt.exec:\3hntbt.exe218⤵
-
\??\c:\9nhtbh.exec:\9nhtbh.exe219⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe220⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe221⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe222⤵
-
\??\c:\rlllxfl.exec:\rlllxfl.exe223⤵
-
\??\c:\1bnbtt.exec:\1bnbtt.exe224⤵
-
\??\c:\btntnb.exec:\btntnb.exe225⤵
-
\??\c:\1jddd.exec:\1jddd.exe226⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe227⤵
-
\??\c:\rrrxllr.exec:\rrrxllr.exe228⤵
-
\??\c:\3ffflrr.exec:\3ffflrr.exe229⤵
-
\??\c:\lrlllrx.exec:\lrlllrx.exe230⤵
-
\??\c:\tthtnh.exec:\tthtnh.exe231⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe232⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe233⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe234⤵
-
\??\c:\5xxxffl.exec:\5xxxffl.exe235⤵
-
\??\c:\lfxflfl.exec:\lfxflfl.exe236⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe237⤵
-
\??\c:\3tntbh.exec:\3tntbh.exe238⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe239⤵
-
\??\c:\5vvdv.exec:\5vvdv.exe240⤵
-
\??\c:\9xrrrrx.exec:\9xrrrrx.exe241⤵