Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
20-05-2024 04:02
General
-
Target
a774e7f1f94a96bcb160ee331ee35070_NeikiAnalytics.exe
-
Size
389KB
-
MD5
a774e7f1f94a96bcb160ee331ee35070
-
SHA1
efab24c72513123eb8df63af1669b5ae49695967
-
SHA256
cc15b3da6bbeff2861ea3d6fb4e09bd4ba95d92ac2d8a013d1150831bf199152
-
SHA512
63ef9d72e1989a94e29d64cddcc0534c5ead7eb7224cd312b59007d9863b730250c27117853052f4d54e429735dc892d5edad1408a88ce9dc56599b59fe72613
-
SSDEEP
12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfi:SgdnJVU4TlnwJ6Go/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a774e7f1f94a96bcb160ee331ee35070_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a774e7f1f94a96bcb160ee331ee35070_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffffl.exec:\xlffffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjv.exec:\1vvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfrxx.exec:\xrrfrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdv.exec:\djpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxxr.exec:\frlrxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnb.exec:\ttnbnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxffxx.exec:\flxffxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnt.exec:\bttbnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxrlx.exec:\3rfxrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjp.exec:\5jjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxfl.exec:\rrllxfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxfx.exec:\ffflxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrrx.exec:\xxllrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe17⤵
- Executes dropped EXE
-
\??\c:\9jvdj.exec:\9jvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe19⤵
- Executes dropped EXE
-
\??\c:\3dvdp.exec:\3dvdp.exe20⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\frlxrrx.exec:\frlxrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\9bbtbb.exec:\9bbtbb.exe24⤵
- Executes dropped EXE
-
\??\c:\3djpv.exec:\3djpv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\bhbbnt.exec:\bhbbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\flxllrf.exec:\flxllrf.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnnbh.exec:\nnnnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxflrf.exec:\rlxflrf.exe30⤵
- Executes dropped EXE
-
\??\c:\bhbbtt.exec:\bhbbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe32⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\3hhbhn.exec:\3hhbhn.exe34⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe35⤵
- Executes dropped EXE
-
\??\c:\9xfrxfx.exec:\9xfrxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\btbhnn.exec:\btbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\9vdjp.exec:\9vdjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\thbhnt.exec:\thbhnt.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe43⤵
- Executes dropped EXE
-
\??\c:\lrxxlrx.exec:\lrxxlrx.exe44⤵
- Executes dropped EXE
-
\??\c:\hnthtb.exec:\hnthtb.exe45⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe46⤵
- Executes dropped EXE
-
\??\c:\frffrfl.exec:\frffrfl.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhnbh.exec:\nhhnbh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xxflflf.exec:\xxflflf.exe51⤵
- Executes dropped EXE
-
\??\c:\5flrfrf.exec:\5flrfrf.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhnth.exec:\tnhnth.exe53⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe54⤵
- Executes dropped EXE
-
\??\c:\9rfxffl.exec:\9rfxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\xrllxfr.exec:\xrllxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\1bnhtn.exec:\1bnhtn.exe57⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\lxrxrlr.exec:\lxrxrlr.exe60⤵
- Executes dropped EXE
-
\??\c:\tbtnnt.exec:\tbtnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\fffrfrf.exec:\fffrfrf.exe63⤵
- Executes dropped EXE
-
\??\c:\1bhhtb.exec:\1bhhtb.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnbtb.exec:\hbnbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\5pjvj.exec:\5pjvj.exe66⤵
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe67⤵
-
\??\c:\xfxfxfx.exec:\xfxfxfx.exe68⤵
-
\??\c:\9bnthn.exec:\9bnthn.exe69⤵
-
\??\c:\vjddj.exec:\vjddj.exe70⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe71⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe72⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe73⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe74⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe75⤵
-
\??\c:\rxxlxfl.exec:\rxxlxfl.exe76⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe77⤵
-
\??\c:\nbnbbh.exec:\nbnbbh.exe78⤵
-
\??\c:\jddjj.exec:\jddjj.exe79⤵
-
\??\c:\xrrfrxr.exec:\xrrfrxr.exe80⤵
-
\??\c:\rrrfrxx.exec:\rrrfrxx.exe81⤵
-
\??\c:\5hhhtt.exec:\5hhhtt.exe82⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe83⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe84⤵
-
\??\c:\flffflf.exec:\flffflf.exe85⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe86⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe87⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe88⤵
-
\??\c:\xrlflrx.exec:\xrlflrx.exe89⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe90⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe91⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe92⤵
-
\??\c:\fxfflrl.exec:\fxfflrl.exe93⤵
-
\??\c:\1rxrxxf.exec:\1rxrxxf.exe94⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe95⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe96⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe97⤵
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe98⤵
-
\??\c:\nthtbh.exec:\nthtbh.exe99⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe100⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe101⤵
-
\??\c:\ffrrrlx.exec:\ffrrrlx.exe102⤵
-
\??\c:\xffrlrf.exec:\xffrlrf.exe103⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe104⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe105⤵
-
\??\c:\vddjv.exec:\vddjv.exe106⤵
-
\??\c:\5xllrrx.exec:\5xllrrx.exe107⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe108⤵
-
\??\c:\bnnhth.exec:\bnnhth.exe109⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe110⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe111⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe112⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe113⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe114⤵
-
\??\c:\fxfflff.exec:\fxfflff.exe115⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe116⤵
-
\??\c:\ntntnt.exec:\ntntnt.exe117⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe118⤵
-
\??\c:\xxlxrfr.exec:\xxlxrfr.exe119⤵
-
\??\c:\lrrxxlf.exec:\lrrxxlf.exe120⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe121⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe122⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe123⤵
-
\??\c:\3xxlxxl.exec:\3xxlxxl.exe124⤵
-
\??\c:\tttbhb.exec:\tttbhb.exe125⤵
-
\??\c:\9vpdj.exec:\9vpdj.exe126⤵
-
\??\c:\3llrrlx.exec:\3llrrlx.exe127⤵
-
\??\c:\5nhbnt.exec:\5nhbnt.exe128⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe129⤵
-
\??\c:\9xllllf.exec:\9xllllf.exe130⤵
-
\??\c:\frflfrf.exec:\frflfrf.exe131⤵
-
\??\c:\tnbnhb.exec:\tnbnhb.exe132⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe133⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe134⤵
-
\??\c:\frfrxlf.exec:\frfrxlf.exe135⤵
-
\??\c:\htttbb.exec:\htttbb.exe136⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe137⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe138⤵
-
\??\c:\xxxllrl.exec:\xxxllrl.exe139⤵
-
\??\c:\nnbthn.exec:\nnbthn.exe140⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe141⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe142⤵
-
\??\c:\1lxxxfr.exec:\1lxxxfr.exe143⤵
-
\??\c:\rlflxxf.exec:\rlflxxf.exe144⤵
-
\??\c:\3tnthh.exec:\3tnthh.exe145⤵
-
\??\c:\9htbhb.exec:\9htbhb.exe146⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe147⤵
-
\??\c:\9lrlflx.exec:\9lrlflx.exe148⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe149⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe150⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe151⤵
-
\??\c:\llflxfr.exec:\llflxfr.exe152⤵
-
\??\c:\bhthhn.exec:\bhthhn.exe153⤵
-
\??\c:\jvppv.exec:\jvppv.exe154⤵
-
\??\c:\jdddd.exec:\jdddd.exe155⤵
-
\??\c:\xrlrflf.exec:\xrlrflf.exe156⤵
-
\??\c:\ttnhht.exec:\ttnhht.exe157⤵
-
\??\c:\bbbbhn.exec:\bbbbhn.exe158⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe159⤵
-
\??\c:\xrllfrx.exec:\xrllfrx.exe160⤵
-
\??\c:\rxrxlxl.exec:\rxrxlxl.exe161⤵
-
\??\c:\tthtbt.exec:\tthtbt.exe162⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe163⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe164⤵
-
\??\c:\frlxrfr.exec:\frlxrfr.exe165⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe166⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe167⤵
-
\??\c:\vppjp.exec:\vppjp.exe168⤵
-
\??\c:\fxlrfrr.exec:\fxlrfrr.exe169⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe170⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe171⤵
-
\??\c:\1pvdp.exec:\1pvdp.exe172⤵
-
\??\c:\flllxlx.exec:\flllxlx.exe173⤵
-
\??\c:\5tnnbn.exec:\5tnnbn.exe174⤵
-
\??\c:\ttthnb.exec:\ttthnb.exe175⤵
-
\??\c:\pddpj.exec:\pddpj.exe176⤵
-
\??\c:\rrxrllx.exec:\rrxrllx.exe177⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe178⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe179⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe180⤵
-
\??\c:\5dpvj.exec:\5dpvj.exe181⤵
-
\??\c:\3xfxrfr.exec:\3xfxrfr.exe182⤵
-
\??\c:\5lrrlrf.exec:\5lrrlrf.exe183⤵
-
\??\c:\tbbtnt.exec:\tbbtnt.exe184⤵
-
\??\c:\dddvp.exec:\dddvp.exe185⤵
-
\??\c:\djdjj.exec:\djdjj.exe186⤵
-
\??\c:\9fxlxlx.exec:\9fxlxlx.exe187⤵
-
\??\c:\5nbnht.exec:\5nbnht.exe188⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe189⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe190⤵
-
\??\c:\lrrlxrr.exec:\lrrlxrr.exe191⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe192⤵
-
\??\c:\tththt.exec:\tththt.exe193⤵
-
\??\c:\jdddj.exec:\jdddj.exe194⤵
-
\??\c:\dddpd.exec:\dddpd.exe195⤵
-
\??\c:\rllxrxx.exec:\rllxrxx.exe196⤵
-
\??\c:\7tnnbh.exec:\7tnnbh.exe197⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe198⤵
-
\??\c:\vddvp.exec:\vddvp.exe199⤵
-
\??\c:\fxfxlfl.exec:\fxfxlfl.exe200⤵
-
\??\c:\1xrxrlx.exec:\1xrxrlx.exe201⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe202⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe203⤵
-
\??\c:\7vjvd.exec:\7vjvd.exe204⤵
-
\??\c:\ffxlxlf.exec:\ffxlxlf.exe205⤵
-
\??\c:\tbtnbh.exec:\tbtnbh.exe206⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe207⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe208⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe209⤵
-
\??\c:\flrrxff.exec:\flrrxff.exe210⤵
-
\??\c:\xrlrlrl.exec:\xrlrlrl.exe211⤵
-
\??\c:\5bbhtb.exec:\5bbhtb.exe212⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe213⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe214⤵
-
\??\c:\7fffrfx.exec:\7fffrfx.exe215⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe216⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe217⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe218⤵
-
\??\c:\rrrflxl.exec:\rrrflxl.exe219⤵
-
\??\c:\9rlrfrf.exec:\9rlrfrf.exe220⤵
-
\??\c:\9ttbnt.exec:\9ttbnt.exe221⤵
-
\??\c:\dddpd.exec:\dddpd.exe222⤵
-
\??\c:\jddjv.exec:\jddjv.exe223⤵
-
\??\c:\5fxfrxl.exec:\5fxfrxl.exe224⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe225⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe226⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe227⤵
-
\??\c:\lrxflrl.exec:\lrxflrl.exe228⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe229⤵
-
\??\c:\1bthth.exec:\1bthth.exe230⤵
-
\??\c:\djjvj.exec:\djjvj.exe231⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe232⤵
-
\??\c:\rxlxflx.exec:\rxlxflx.exe233⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe234⤵
-
\??\c:\1hthnb.exec:\1hthnb.exe235⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe236⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe237⤵
-
\??\c:\llflxlx.exec:\llflxlx.exe238⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe239⤵
-
\??\c:\hnbtbt.exec:\hnbtbt.exe240⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe241⤵