Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 03:55
General
-
Target
a5f436ade0ef59fdb5d68f1b6151a5b0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
a5f436ade0ef59fdb5d68f1b6151a5b0
-
SHA1
473d3e52ec3fa1c7e9376ddaa8fcd250f88f3fd6
-
SHA256
be3a8c8b238b335cbf8fb183728f2847c49928072e85c34fcb9fcaeb4a2674c9
-
SHA512
a1c88a3c99bb0ebcadf74681c56ed22f4b4f98c51db3a6a471ddeb8f57e073ee63edb253551253f2e9e295e2f4aadf25b5add85a4227b47b2ef1e286f9ca5fbe
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqKM:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqKM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a5f436ade0ef59fdb5d68f1b6151a5b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a5f436ade0ef59fdb5d68f1b6151a5b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnt.exec:\hhtbnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdj.exec:\pjjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdd.exec:\1dvdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthhn.exec:\htthhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddj.exec:\7pddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfffl.exec:\rfxfffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbn.exec:\bthnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdj.exec:\3vjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrrx.exec:\lfxlrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllrrx.exec:\lxllrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntt.exec:\tnhntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxffl.exec:\xlxxffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbb.exec:\hnhbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbnnn.exec:\7nbnnn.exe17⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe18⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfflrx.exec:\xrfflrx.exe20⤵
- Executes dropped EXE
-
\??\c:\7bthnb.exec:\7bthnb.exe21⤵
- Executes dropped EXE
-
\??\c:\9pddj.exec:\9pddj.exe22⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\5xxrffl.exec:\5xxrffl.exe24⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe25⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\5llxflr.exec:\5llxflr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrfrffl.exec:\rrfrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\llxxxfr.exec:\llxxxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbbhn.exec:\hbbbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\3ddjv.exec:\3ddjv.exe34⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe35⤵
- Executes dropped EXE
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe36⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe37⤵
- Executes dropped EXE
-
\??\c:\9bnhhh.exec:\9bnhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe40⤵
- Executes dropped EXE
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\nnnbnt.exec:\nnnbnt.exe42⤵
- Executes dropped EXE
-
\??\c:\1tbtbb.exec:\1tbtbb.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe44⤵
- Executes dropped EXE
-
\??\c:\9ppvp.exec:\9ppvp.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrfxlr.exec:\ffrfxlr.exe46⤵
- Executes dropped EXE
-
\??\c:\frxrfxf.exec:\frxrfxf.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhttb.exec:\nnhttb.exe48⤵
- Executes dropped EXE
-
\??\c:\nbhnbh.exec:\nbhnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe50⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe51⤵
- Executes dropped EXE
-
\??\c:\lflrfrf.exec:\lflrfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlfrxf.exec:\fxlfrxf.exe53⤵
- Executes dropped EXE
-
\??\c:\3bnnhn.exec:\3bnnhn.exe54⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\5fflxxr.exec:\5fflxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrlflr.exec:\xxrlflr.exe58⤵
- Executes dropped EXE
-
\??\c:\5bnnnn.exec:\5bnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\xrflllr.exec:\xrflllr.exe62⤵
- Executes dropped EXE
-
\??\c:\7hhnbh.exec:\7hhnbh.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhhnb.exec:\hbhhnb.exe64⤵
- Executes dropped EXE
-
\??\c:\9dvvp.exec:\9dvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe66⤵
-
\??\c:\frxrxrr.exec:\frxrxrr.exe67⤵
-
\??\c:\nntnth.exec:\nntnth.exe68⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe69⤵
-
\??\c:\tnhnth.exec:\tnhnth.exe70⤵
-
\??\c:\vppvd.exec:\vppvd.exe71⤵
-
\??\c:\fflllxf.exec:\fflllxf.exe72⤵
-
\??\c:\ffrflxl.exec:\ffrflxl.exe73⤵
-
\??\c:\hnhtbb.exec:\hnhtbb.exe74⤵
-
\??\c:\btnbnb.exec:\btnbnb.exe75⤵
-
\??\c:\dddjj.exec:\dddjj.exe76⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe77⤵
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe78⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe79⤵
-
\??\c:\nnbtth.exec:\nnbtth.exe80⤵
-
\??\c:\pppjv.exec:\pppjv.exe81⤵
-
\??\c:\dpppd.exec:\dpppd.exe82⤵
-
\??\c:\3rlfrfr.exec:\3rlfrfr.exe83⤵
-
\??\c:\rrfllrx.exec:\rrfllrx.exe84⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe85⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe86⤵
-
\??\c:\vpppp.exec:\vpppp.exe87⤵
-
\??\c:\3vpvv.exec:\3vpvv.exe88⤵
-
\??\c:\fffrlxl.exec:\fffrlxl.exe89⤵
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe90⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe91⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe92⤵
-
\??\c:\dvddp.exec:\dvddp.exe93⤵
-
\??\c:\dvppd.exec:\dvppd.exe94⤵
-
\??\c:\lfxxlrf.exec:\lfxxlrf.exe95⤵
-
\??\c:\ffxlxff.exec:\ffxlxff.exe96⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe97⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe98⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe99⤵
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe100⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe101⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe102⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe103⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe104⤵
-
\??\c:\3ffrfrf.exec:\3ffrfrf.exe105⤵
-
\??\c:\rlrrllr.exec:\rlrrllr.exe106⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe107⤵
-
\??\c:\tttbhb.exec:\tttbhb.exe108⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe109⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe110⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe111⤵
-
\??\c:\3rrxfrf.exec:\3rrxfrf.exe112⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe113⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe114⤵
-
\??\c:\jdppj.exec:\jdppj.exe115⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe116⤵
-
\??\c:\3llxlxr.exec:\3llxlxr.exe117⤵
-
\??\c:\rlfllrf.exec:\rlfllrf.exe118⤵
-
\??\c:\btntbh.exec:\btntbh.exe119⤵
-
\??\c:\nnhntn.exec:\nnhntn.exe120⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe121⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe122⤵
-
\??\c:\7frrflf.exec:\7frrflf.exe123⤵
-
\??\c:\fxxxlfr.exec:\fxxxlfr.exe124⤵
-
\??\c:\hbntbn.exec:\hbntbn.exe125⤵
-
\??\c:\7bbbtn.exec:\7bbbtn.exe126⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe127⤵
-
\??\c:\jddjp.exec:\jddjp.exe128⤵
-
\??\c:\1lflxlx.exec:\1lflxlx.exe129⤵
-
\??\c:\ffxfffr.exec:\ffxfffr.exe130⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe131⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe132⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe133⤵
-
\??\c:\1jdpv.exec:\1jdpv.exe134⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe135⤵
-
\??\c:\llxxllf.exec:\llxxllf.exe136⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe137⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe138⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe139⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe140⤵
-
\??\c:\lfxlfrx.exec:\lfxlfrx.exe141⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe142⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe143⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe144⤵
-
\??\c:\5xllrxl.exec:\5xllrxl.exe145⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe146⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe147⤵
-
\??\c:\3nnbnn.exec:\3nnbnn.exe148⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe149⤵
-
\??\c:\ffxfxlx.exec:\ffxfxlx.exe150⤵
-
\??\c:\rxfxxlf.exec:\rxfxxlf.exe151⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe152⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe153⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe154⤵
-
\??\c:\vppvv.exec:\vppvv.exe155⤵
-
\??\c:\7rrxflr.exec:\7rrxflr.exe156⤵
-
\??\c:\7fflrxl.exec:\7fflrxl.exe157⤵
-
\??\c:\1tnbhn.exec:\1tnbhn.exe158⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe159⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe160⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe161⤵
-
\??\c:\5fxfxlx.exec:\5fxfxlx.exe162⤵
-
\??\c:\3lxlllr.exec:\3lxlllr.exe163⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe164⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe165⤵
-
\??\c:\9vvdp.exec:\9vvdp.exe166⤵
-
\??\c:\vpddj.exec:\vpddj.exe167⤵
-
\??\c:\xrrllfl.exec:\xrrllfl.exe168⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe169⤵
-
\??\c:\1thttb.exec:\1thttb.exe170⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe171⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe172⤵
-
\??\c:\9jvvv.exec:\9jvvv.exe173⤵
-
\??\c:\frfxxfr.exec:\frfxxfr.exe174⤵
-
\??\c:\3rrrffr.exec:\3rrrffr.exe175⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe176⤵
-
\??\c:\hnhnth.exec:\hnhnth.exe177⤵
-
\??\c:\9vpjp.exec:\9vpjp.exe178⤵
-
\??\c:\dddjp.exec:\dddjp.exe179⤵
-
\??\c:\xxxlfrx.exec:\xxxlfrx.exe180⤵
-
\??\c:\5lxlxll.exec:\5lxlxll.exe181⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe182⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe183⤵
-
\??\c:\dddjj.exec:\dddjj.exe184⤵
-
\??\c:\vppvp.exec:\vppvp.exe185⤵
-
\??\c:\7xlllrl.exec:\7xlllrl.exe186⤵
-
\??\c:\rrfxrlr.exec:\rrfxrlr.exe187⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe188⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe189⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe190⤵
-
\??\c:\lfrfxxl.exec:\lfrfxxl.exe191⤵
-
\??\c:\lfrlxrx.exec:\lfrlxrx.exe192⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe193⤵
-
\??\c:\htnbbh.exec:\htnbbh.exe194⤵
-
\??\c:\jjddj.exec:\jjddj.exe195⤵
-
\??\c:\xrrrflr.exec:\xrrrflr.exe196⤵
-
\??\c:\lxfrxxr.exec:\lxfrxxr.exe197⤵
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe198⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe199⤵
-
\??\c:\nnntht.exec:\nnntht.exe200⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe201⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe202⤵
-
\??\c:\rrrfrxr.exec:\rrrfrxr.exe203⤵
-
\??\c:\7flxfrr.exec:\7flxfrr.exe204⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe205⤵
-
\??\c:\dddpj.exec:\dddpj.exe206⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe207⤵
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe208⤵
-
\??\c:\3rflrrx.exec:\3rflrrx.exe209⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe210⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe211⤵
-
\??\c:\pjddj.exec:\pjddj.exe212⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe213⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe214⤵
-
\??\c:\flfrrfr.exec:\flfrrfr.exe215⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe216⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe217⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe218⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe219⤵
-
\??\c:\lxlfllr.exec:\lxlfllr.exe220⤵
-
\??\c:\tttthb.exec:\tttthb.exe221⤵
-
\??\c:\htnnnh.exec:\htnnnh.exe222⤵
-
\??\c:\3djdd.exec:\3djdd.exe223⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe224⤵
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe225⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe226⤵
-
\??\c:\9hnhnh.exec:\9hnhnh.exe227⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe228⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe229⤵
-
\??\c:\frxrxxl.exec:\frxrxxl.exe230⤵
-
\??\c:\htnntn.exec:\htnntn.exe231⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe232⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe233⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe234⤵
-
\??\c:\3rxxxrl.exec:\3rxxxrl.exe235⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe236⤵
-
\??\c:\nbtbtb.exec:\nbtbtb.exe237⤵
-
\??\c:\7thtbb.exec:\7thtbb.exe238⤵
-
\??\c:\jdppp.exec:\jdppp.exe239⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe240⤵
-
\??\c:\xxllfll.exec:\xxllfll.exe241⤵