Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 04:01
General
-
Target
a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe
-
Size
104KB
-
MD5
a76bb8dcd9ebab2e23f5b61957e01340
-
SHA1
6921794cc030afb738d92a706721051bc1920b7e
-
SHA256
35fbc3a397571ce1941140801b9a02d6104d1423640f88f1ced7421b0147b058
-
SHA512
dfcf6c49ed2e5a90b7823f985992c4880099d4f1a8c8b26dc0a1fc04235b09c3b802f9386405857b5bf8c6c4c499b2dd9506cb9e829153645752aa5c23ee2ea5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfnLnN3oW:ymb3NkkiQ3mdBjFo5KDe88g1fR88
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbnt.exec:\3nbbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrlfx.exec:\lfrrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnhh.exec:\9hbnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrrr.exec:\lfflrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjpv.exec:\7vjpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjp.exec:\vvdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbh.exec:\ttnnbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpp.exec:\1ddpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxlfr.exec:\3rfxlfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrfl.exec:\rxfrrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppd.exec:\5jppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpj.exec:\vdjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tntnn.exec:\7tntnn.exe17⤵
- Executes dropped EXE
-
\??\c:\7tbntt.exec:\7tbntt.exe18⤵
- Executes dropped EXE
-
\??\c:\rrrrfxr.exec:\rrrrfxr.exe19⤵
- Executes dropped EXE
-
\??\c:\1rllllr.exec:\1rllllr.exe20⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe21⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe22⤵
- Executes dropped EXE
-
\??\c:\llxlfrx.exec:\llxlfrx.exe23⤵
- Executes dropped EXE
-
\??\c:\xxxxfrf.exec:\xxxxfrf.exe24⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrfrxl.exec:\fxrfrxl.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxxxrf.exec:\xrxxxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnbtb.exec:\nhnbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\1lxflll.exec:\1lxflll.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrfffr.exec:\lxrfffr.exe32⤵
- Executes dropped EXE
-
\??\c:\tthnhn.exec:\tthnhn.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpvp.exec:\pdpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe35⤵
- Executes dropped EXE
-
\??\c:\flrrfrf.exec:\flrrfrf.exe36⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\1htbnt.exec:\1htbnt.exe38⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\rlflrrf.exec:\rlflrrf.exe41⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\xffrrxx.exec:\xffrrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrxflr.exec:\xrrxflr.exe47⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\tbnbnh.exec:\tbnbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\3rxxllx.exec:\3rxxllx.exe52⤵
- Executes dropped EXE
-
\??\c:\5hhtbh.exec:\5hhtbh.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe55⤵
- Executes dropped EXE
-
\??\c:\xxxlxfx.exec:\xxxlxfx.exe56⤵
- Executes dropped EXE
-
\??\c:\rfxxllf.exec:\rfxxllf.exe57⤵
- Executes dropped EXE
-
\??\c:\nbnnhn.exec:\nbnnhn.exe58⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\ppvdv.exec:\ppvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\lffrlll.exec:\lffrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\rlfflxl.exec:\rlfflxl.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe63⤵
- Executes dropped EXE
-
\??\c:\9vjjj.exec:\9vjjj.exe64⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe65⤵
- Executes dropped EXE
-
\??\c:\rllfllr.exec:\rllfllr.exe66⤵
-
\??\c:\rxlffxr.exec:\rxlffxr.exe67⤵
-
\??\c:\tnbhbn.exec:\tnbhbn.exe68⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe69⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe70⤵
-
\??\c:\xfrlllx.exec:\xfrlllx.exe71⤵
-
\??\c:\llxlffx.exec:\llxlffx.exe72⤵
-
\??\c:\bttntt.exec:\bttntt.exe73⤵
-
\??\c:\djpdp.exec:\djpdp.exe74⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe75⤵
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe76⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe77⤵
-
\??\c:\nnntnh.exec:\nnntnh.exe78⤵
-
\??\c:\tttbbt.exec:\tttbbt.exe79⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe80⤵
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe81⤵
-
\??\c:\5rrxrxr.exec:\5rrxrxr.exe82⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe83⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe84⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe85⤵
-
\??\c:\ffxlffl.exec:\ffxlffl.exe86⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe87⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe88⤵
-
\??\c:\nnnnth.exec:\nnnnth.exe89⤵
-
\??\c:\5ppvj.exec:\5ppvj.exe90⤵
-
\??\c:\xrfxlrf.exec:\xrfxlrf.exe91⤵
-
\??\c:\xxrrxfr.exec:\xxrrxfr.exe92⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe93⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe94⤵
-
\??\c:\3jddj.exec:\3jddj.exe95⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe96⤵
-
\??\c:\7rffllx.exec:\7rffllx.exe97⤵
-
\??\c:\9rllffl.exec:\9rllffl.exe98⤵
-
\??\c:\1hnnbh.exec:\1hnnbh.exe99⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe100⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe101⤵
-
\??\c:\lxxrxrr.exec:\lxxrxrr.exe102⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe103⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe104⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe105⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe106⤵
-
\??\c:\5lfrffl.exec:\5lfrffl.exe107⤵
-
\??\c:\9tnbht.exec:\9tnbht.exe108⤵
-
\??\c:\thbnbt.exec:\thbnbt.exe109⤵
-
\??\c:\3pddv.exec:\3pddv.exe110⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe111⤵
-
\??\c:\xrrrxfl.exec:\xrrrxfl.exe112⤵
-
\??\c:\7frxrxf.exec:\7frxrxf.exe113⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe114⤵
-
\??\c:\nnbtht.exec:\nnbtht.exe115⤵
-
\??\c:\3vddp.exec:\3vddp.exe116⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe117⤵
-
\??\c:\rrllfrf.exec:\rrllfrf.exe118⤵
-
\??\c:\1ttnth.exec:\1ttnth.exe119⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe120⤵
-
\??\c:\9pddj.exec:\9pddj.exe121⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe122⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe123⤵
-
\??\c:\hhntnn.exec:\hhntnn.exe124⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe125⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe126⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe127⤵
-
\??\c:\3xflrxr.exec:\3xflrxr.exe128⤵
-
\??\c:\lrxxxfr.exec:\lrxxxfr.exe129⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe130⤵
-
\??\c:\hhhbbh.exec:\hhhbbh.exe131⤵
-
\??\c:\5pppd.exec:\5pppd.exe132⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe133⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe134⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe135⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe136⤵
-
\??\c:\9vppv.exec:\9vppv.exe137⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe138⤵
-
\??\c:\bbhnhn.exec:\bbhnhn.exe139⤵
-
\??\c:\7tnhnn.exec:\7tnhnn.exe140⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe141⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe142⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe143⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe144⤵
-
\??\c:\btntth.exec:\btntth.exe145⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe146⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe147⤵
-
\??\c:\lfxxrxf.exec:\lfxxrxf.exe148⤵
-
\??\c:\rlffrrl.exec:\rlffrrl.exe149⤵
-
\??\c:\3bbhth.exec:\3bbhth.exe150⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe151⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe152⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe153⤵
-
\??\c:\rlflrfx.exec:\rlflrfx.exe154⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe155⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe156⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe157⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe158⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe159⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe160⤵
-
\??\c:\httnhh.exec:\httnhh.exe161⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe162⤵
-
\??\c:\vvddj.exec:\vvddj.exe163⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe164⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe165⤵
-
\??\c:\ntntbn.exec:\ntntbn.exe166⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe167⤵
-
\??\c:\1dvjv.exec:\1dvjv.exe168⤵
-
\??\c:\jvppd.exec:\jvppd.exe169⤵
-
\??\c:\xxfxfll.exec:\xxfxfll.exe170⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe171⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe172⤵
-
\??\c:\lfxflrr.exec:\lfxflrr.exe173⤵
-
\??\c:\rrlrflx.exec:\rrlrflx.exe174⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe175⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe176⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe177⤵
-
\??\c:\frxfrff.exec:\frxfrff.exe178⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe179⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe180⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe181⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe182⤵
-
\??\c:\1rrxffr.exec:\1rrxffr.exe183⤵
-
\??\c:\9lffrrf.exec:\9lffrrf.exe184⤵
-
\??\c:\5nhnhn.exec:\5nhnhn.exe185⤵
-
\??\c:\nhbbbt.exec:\nhbbbt.exe186⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe187⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe188⤵
-
\??\c:\1frlrrf.exec:\1frlrrf.exe189⤵
-
\??\c:\frflxxl.exec:\frflxxl.exe190⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe191⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe192⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe193⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe194⤵
-
\??\c:\xxrxflx.exec:\xxrxflx.exe195⤵
-
\??\c:\llxxfrr.exec:\llxxfrr.exe196⤵
-
\??\c:\bththh.exec:\bththh.exe197⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe198⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe199⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe200⤵
-
\??\c:\xrflxlr.exec:\xrflxlr.exe201⤵
-
\??\c:\9ntbbh.exec:\9ntbbh.exe202⤵
-
\??\c:\bbhhht.exec:\bbhhht.exe203⤵
-
\??\c:\jdppj.exec:\jdppj.exe204⤵
-
\??\c:\lrlrlxr.exec:\lrlrlxr.exe205⤵
-
\??\c:\rrlxrxr.exec:\rrlxrxr.exe206⤵
-
\??\c:\3nbbtb.exec:\3nbbtb.exe207⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe208⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe209⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe210⤵
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe211⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe212⤵
-
\??\c:\5nbthh.exec:\5nbthh.exe213⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe214⤵
-
\??\c:\xrlrrrl.exec:\xrlrrrl.exe215⤵
-
\??\c:\ffrxrrf.exec:\ffrxrrf.exe216⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe217⤵
-
\??\c:\5dpvj.exec:\5dpvj.exe218⤵
-
\??\c:\vpddd.exec:\vpddd.exe219⤵
-
\??\c:\9lllxfr.exec:\9lllxfr.exe220⤵
-
\??\c:\9nbhtb.exec:\9nbhtb.exe221⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe222⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe223⤵
-
\??\c:\ffrlxrf.exec:\ffrlxrf.exe224⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe225⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe226⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe227⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe228⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe229⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe230⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe231⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe232⤵
-
\??\c:\3xflxfr.exec:\3xflxfr.exe233⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe234⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe235⤵
-
\??\c:\jvppp.exec:\jvppp.exe236⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe237⤵
-
\??\c:\xfxllll.exec:\xfxllll.exe238⤵
-
\??\c:\ttthnn.exec:\ttthnn.exe239⤵
-
\??\c:\hnhtnb.exec:\hnhtnb.exe240⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe241⤵