Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 03:53
General
-
Target
a57a70b96a359232e2c6ab07934cfd90_NeikiAnalytics.exe
-
Size
393KB
-
MD5
a57a70b96a359232e2c6ab07934cfd90
-
SHA1
177f7d1696bcacf17af2a6a1f86c17247649967d
-
SHA256
a9e014f9f8620874f55144dca60b37424402c3275a53f53c7bb4598b739eb06c
-
SHA512
93a21c5228d6ae762e1e395e412c389671119008f003ec4259859c75d7559f78f2fda64370658aff884dec1c7006b8cce85a1ac292f2826fc550098690759694
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwOwX:n3C9uYA7okVqdKwaO5CVCX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a57a70b96a359232e2c6ab07934cfd90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a57a70b96a359232e2c6ab07934cfd90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttth.exec:\ntttth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrfrr.exec:\xrlrfrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhh.exec:\bhnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jppp.exec:\7jppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxlrx.exec:\7frxlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxxf.exec:\rflrxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlrxl.exec:\rlxlrxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttt.exec:\htbttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlrl.exec:\lffrlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvv.exec:\jdpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpp.exec:\vpdpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nntnn.exec:\7nntnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnh.exec:\tnbbnh.exe17⤵
- Executes dropped EXE
-
\??\c:\xrrflxx.exec:\xrrflxx.exe18⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe19⤵
- Executes dropped EXE
-
\??\c:\1pvvd.exec:\1pvvd.exe20⤵
- Executes dropped EXE
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe22⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe23⤵
- Executes dropped EXE
-
\??\c:\fffrxfr.exec:\fffrxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\9jdpv.exec:\9jdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhnbh.exec:\nhhnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\flrfrfx.exec:\flrfrfx.exe28⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbhnn.exec:\hnbhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\ffxrffl.exec:\ffxrffl.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhnhb.exec:\nhhnhb.exe35⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe36⤵
- Executes dropped EXE
-
\??\c:\xllrxrl.exec:\xllrxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\5tnhnb.exec:\5tnhnb.exe38⤵
- Executes dropped EXE
-
\??\c:\3jpdp.exec:\3jpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\xxxfrxr.exec:\xxxfrxr.exe44⤵
- Executes dropped EXE
-
\??\c:\xxrxfrx.exec:\xxrxfrx.exe45⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe46⤵
- Executes dropped EXE
-
\??\c:\5dvvv.exec:\5dvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\rrflxfx.exec:\rrflxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\5dvpd.exec:\5dvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\rflflxr.exec:\rflflxr.exe52⤵
- Executes dropped EXE
-
\??\c:\bbbnbn.exec:\bbbnbn.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\3fxlxlr.exec:\3fxlxlr.exe55⤵
- Executes dropped EXE
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxrrlr.exec:\lrxrrlr.exe59⤵
- Executes dropped EXE
-
\??\c:\hnhbnn.exec:\hnhbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtthb.exec:\hbtthb.exe63⤵
- Executes dropped EXE
-
\??\c:\5nbbbb.exec:\5nbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\jddpv.exec:\jddpv.exe65⤵
- Executes dropped EXE
-
\??\c:\7fxfllr.exec:\7fxfllr.exe66⤵
-
\??\c:\9hthnt.exec:\9hthnt.exe67⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe68⤵
-
\??\c:\lfrxrxr.exec:\lfrxrxr.exe69⤵
-
\??\c:\frxflrr.exec:\frxflrr.exe70⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe71⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe72⤵
-
\??\c:\9rfrxll.exec:\9rfrxll.exe73⤵
-
\??\c:\7tnnhh.exec:\7tnnhh.exe74⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe75⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe76⤵
-
\??\c:\frrfrlr.exec:\frrfrlr.exe77⤵
-
\??\c:\btnthh.exec:\btnthh.exe78⤵
-
\??\c:\vpddp.exec:\vpddp.exe79⤵
-
\??\c:\lfxrfxl.exec:\lfxrfxl.exe80⤵
-
\??\c:\hbhhbt.exec:\hbhhbt.exe81⤵
-
\??\c:\htnbtn.exec:\htnbtn.exe82⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe83⤵
-
\??\c:\xlxlrrx.exec:\xlxlrrx.exe84⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe85⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe86⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe87⤵
-
\??\c:\5frfrfx.exec:\5frfrfx.exe88⤵
-
\??\c:\5bntbb.exec:\5bntbb.exe89⤵
-
\??\c:\5vpvp.exec:\5vpvp.exe90⤵
-
\??\c:\rxxxxfr.exec:\rxxxxfr.exe91⤵
-
\??\c:\rlfxlrl.exec:\rlfxlrl.exe92⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe93⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe94⤵
-
\??\c:\llflrxr.exec:\llflrxr.exe95⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe96⤵
-
\??\c:\1djvj.exec:\1djvj.exe97⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe98⤵
-
\??\c:\xlrllxl.exec:\xlrllxl.exe99⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe100⤵
-
\??\c:\5btbbn.exec:\5btbbn.exe101⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe102⤵
-
\??\c:\lrrxxfr.exec:\lrrxxfr.exe103⤵
-
\??\c:\tbhtth.exec:\tbhtth.exe104⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe105⤵
-
\??\c:\llrffrl.exec:\llrffrl.exe106⤵
-
\??\c:\7llrlxx.exec:\7llrlxx.exe107⤵
-
\??\c:\htnhht.exec:\htnhht.exe108⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe109⤵
-
\??\c:\1fxxrfr.exec:\1fxxrfr.exe110⤵
-
\??\c:\rxflxxf.exec:\rxflxxf.exe111⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe112⤵
-
\??\c:\5djpd.exec:\5djpd.exe113⤵
-
\??\c:\frflxxf.exec:\frflxxf.exe114⤵
-
\??\c:\xrffffr.exec:\xrffffr.exe115⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe116⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe117⤵
-
\??\c:\lxrrxfl.exec:\lxrrxfl.exe118⤵
-
\??\c:\xxllxrx.exec:\xxllxrx.exe119⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe120⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe121⤵
-
\??\c:\tttnth.exec:\tttnth.exe122⤵
-
\??\c:\7djpd.exec:\7djpd.exe123⤵
-
\??\c:\jdppd.exec:\jdppd.exe124⤵
-
\??\c:\xflrffx.exec:\xflrffx.exe125⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe126⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe127⤵
-
\??\c:\3pjvd.exec:\3pjvd.exe128⤵
-
\??\c:\fxllxfx.exec:\fxllxfx.exe129⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe130⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe131⤵
-
\??\c:\dvppd.exec:\dvppd.exe132⤵
-
\??\c:\lrrfxfl.exec:\lrrfxfl.exe133⤵
-
\??\c:\9bnthn.exec:\9bnthn.exe134⤵
-
\??\c:\7dpvp.exec:\7dpvp.exe135⤵
-
\??\c:\3lffrxf.exec:\3lffrxf.exe136⤵
-
\??\c:\nttthb.exec:\nttthb.exe137⤵
-
\??\c:\nntntt.exec:\nntntt.exe138⤵
-
\??\c:\5ddjd.exec:\5ddjd.exe139⤵
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe140⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe141⤵
-
\??\c:\tnnttt.exec:\tnnttt.exe142⤵
-
\??\c:\pppdd.exec:\pppdd.exe143⤵
-
\??\c:\lfxlrrl.exec:\lfxlrrl.exe144⤵
-
\??\c:\7fxrlfl.exec:\7fxrlfl.exe145⤵
-
\??\c:\3hnttb.exec:\3hnttb.exe146⤵
-
\??\c:\vppjd.exec:\vppjd.exe147⤵
-
\??\c:\ffflrxr.exec:\ffflrxr.exe148⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe149⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe150⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe151⤵
-
\??\c:\1jppd.exec:\1jppd.exe152⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe153⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe154⤵
-
\??\c:\jppvv.exec:\jppvv.exe155⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe156⤵
-
\??\c:\3fxrrxf.exec:\3fxrrxf.exe157⤵
-
\??\c:\btthnt.exec:\btthnt.exe158⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe159⤵
-
\??\c:\pjddp.exec:\pjddp.exe160⤵
-
\??\c:\lflrxrx.exec:\lflrxrx.exe161⤵
-
\??\c:\httntn.exec:\httntn.exe162⤵
-
\??\c:\7ttthn.exec:\7ttthn.exe163⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe164⤵
-
\??\c:\xxfrrff.exec:\xxfrrff.exe165⤵
-
\??\c:\9llrxfl.exec:\9llrxfl.exe166⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe167⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe168⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe169⤵
-
\??\c:\xxrxflx.exec:\xxrxflx.exe170⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe171⤵
-
\??\c:\9pjpv.exec:\9pjpv.exe172⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe173⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe174⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe175⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe176⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe177⤵
-
\??\c:\xxxrxfx.exec:\xxxrxfx.exe178⤵
-
\??\c:\nhnthh.exec:\nhnthh.exe179⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe180⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe181⤵
-
\??\c:\rlrxxxr.exec:\rlrxxxr.exe182⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe183⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe184⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe185⤵
-
\??\c:\rlflxlr.exec:\rlflxlr.exe186⤵
-
\??\c:\tnhnbt.exec:\tnhnbt.exe187⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe188⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe189⤵
-
\??\c:\1rfrxxl.exec:\1rfrxxl.exe190⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe191⤵
-
\??\c:\9dddp.exec:\9dddp.exe192⤵
-
\??\c:\rlffxxl.exec:\rlffxxl.exe193⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe194⤵
-
\??\c:\hhhbth.exec:\hhhbth.exe195⤵
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe196⤵
-
\??\c:\fllrxfl.exec:\fllrxfl.exe197⤵
-
\??\c:\9nhntb.exec:\9nhntb.exe198⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe199⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe200⤵
-
\??\c:\ffrfxlr.exec:\ffrfxlr.exe201⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe202⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe203⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe204⤵
-
\??\c:\lfffxrx.exec:\lfffxrx.exe205⤵
-
\??\c:\9nntbh.exec:\9nntbh.exe206⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe207⤵
-
\??\c:\dvppd.exec:\dvppd.exe208⤵
-
\??\c:\lrxxrlr.exec:\lrxxrlr.exe209⤵
-
\??\c:\fxxxfrx.exec:\fxxxfrx.exe210⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe211⤵
-
\??\c:\dvppv.exec:\dvppv.exe212⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe213⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe214⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe215⤵
-
\??\c:\bhnbnb.exec:\bhnbnb.exe216⤵
-
\??\c:\vvppj.exec:\vvppj.exe217⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe218⤵
-
\??\c:\9ffxrrf.exec:\9ffxrrf.exe219⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe220⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe221⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe222⤵
-
\??\c:\lfrrlrf.exec:\lfrrlrf.exe223⤵
-
\??\c:\9tnnbn.exec:\9tnnbn.exe224⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe225⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe226⤵
-
\??\c:\xxlxxxf.exec:\xxlxxxf.exe227⤵
-
\??\c:\xlllxff.exec:\xlllxff.exe228⤵
-
\??\c:\tbtttn.exec:\tbtttn.exe229⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe230⤵
-
\??\c:\lflrflf.exec:\lflrflf.exe231⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe232⤵
-
\??\c:\bhbtbn.exec:\bhbtbn.exe233⤵
-
\??\c:\ddppv.exec:\ddppv.exe234⤵
-
\??\c:\7ffxfrl.exec:\7ffxfrl.exe235⤵
-
\??\c:\3htthn.exec:\3htthn.exe236⤵
-
\??\c:\tbhtnt.exec:\tbhtnt.exe237⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe238⤵
-
\??\c:\rxxfflf.exec:\rxxfflf.exe239⤵
-
\??\c:\tbhbnt.exec:\tbhbnt.exe240⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe241⤵