Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 04:20
General
-
Target
aaf060dff37c9a7d6f83d6c40c40b7e0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
aaf060dff37c9a7d6f83d6c40c40b7e0
-
SHA1
16355dbc3d842e99cc93eb0a9ecbac51073352c4
-
SHA256
d584d78b811f0fb073202659f7487222275daa294123738baaaea20134fc3ed7
-
SHA512
966e3ab8f0b36e49ecfa65fd85bfb7b119dd441ff96c6bbb38ae089d4289deef258570562152c10a4986a62ffc83027541170a44380041edb09bf9de83a7a0ef
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNI:ymb3NkkiQ3mdBjFo73yX+vI+qm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aaf060dff37c9a7d6f83d6c40c40b7e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\aaf060dff37c9a7d6f83d6c40c40b7e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbh.exec:\tnbhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthh.exec:\ttnthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpj.exec:\vpjpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxlx.exec:\flflxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnnbn.exec:\1nnnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnht.exec:\hbbnht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdd.exec:\7vvdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrlrf.exec:\rlxrlrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntn.exec:\btnntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdd.exec:\jjvdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxffl.exec:\9lxxffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnthn.exec:\hhnthn.exe17⤵
- Executes dropped EXE
-
\??\c:\tnthnt.exec:\tnthnt.exe18⤵
- Executes dropped EXE
-
\??\c:\vvdpp.exec:\vvdpp.exe19⤵
- Executes dropped EXE
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe20⤵
- Executes dropped EXE
-
\??\c:\hnbbhb.exec:\hnbbhb.exe21⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe22⤵
- Executes dropped EXE
-
\??\c:\7vpdj.exec:\7vpdj.exe23⤵
- Executes dropped EXE
-
\??\c:\5lxxxff.exec:\5lxxxff.exe24⤵
- Executes dropped EXE
-
\??\c:\btnnnt.exec:\btnnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\7dppp.exec:\7dppp.exe26⤵
- Executes dropped EXE
-
\??\c:\9dppp.exec:\9dppp.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnbht.exec:\tnnbht.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\1ddjd.exec:\1ddjd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrlrfrl.exec:\rrlrfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\ttthtt.exec:\ttthtt.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe33⤵
- Executes dropped EXE
-
\??\c:\9vvdd.exec:\9vvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\frflxfr.exec:\frflxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrflfr.exec:\lfrflfr.exe36⤵
- Executes dropped EXE
-
\??\c:\7tbhnn.exec:\7tbhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\5rlxlrf.exec:\5rlxlrf.exe40⤵
- Executes dropped EXE
-
\??\c:\llfrlrx.exec:\llfrlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe44⤵
- Executes dropped EXE
-
\??\c:\3fxxxxf.exec:\3fxxxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\xrrrrxr.exec:\xrrrrxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe48⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\9rrxrrf.exec:\9rrxrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\9rrfllr.exec:\9rrfllr.exe51⤵
- Executes dropped EXE
-
\??\c:\9htbtb.exec:\9htbtb.exe52⤵
- Executes dropped EXE
-
\??\c:\htnnbb.exec:\htnnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlxfrf.exec:\rrlxfrf.exe55⤵
- Executes dropped EXE
-
\??\c:\lflxlrx.exec:\lflxlrx.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhhnh.exec:\bnhhnh.exe57⤵
- Executes dropped EXE
-
\??\c:\btnttt.exec:\btnttt.exe58⤵
- Executes dropped EXE
-
\??\c:\7dpjv.exec:\7dpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe60⤵
- Executes dropped EXE
-
\??\c:\lrxrxlx.exec:\lrxrxlx.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\5thnbb.exec:\5thnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\7vjdj.exec:\7vjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe65⤵
- Executes dropped EXE
-
\??\c:\xxrxxfx.exec:\xxrxxfx.exe66⤵
-
\??\c:\xrlxffx.exec:\xrlxffx.exe67⤵
-
\??\c:\7hntnn.exec:\7hntnn.exe68⤵
-
\??\c:\9thhht.exec:\9thhht.exe69⤵
-
\??\c:\5vvjv.exec:\5vvjv.exe70⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe71⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe72⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe73⤵
-
\??\c:\1nbntn.exec:\1nbntn.exe74⤵
-
\??\c:\5nhbth.exec:\5nhbth.exe75⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe76⤵
-
\??\c:\9rflllr.exec:\9rflllr.exe77⤵
-
\??\c:\rrlrlxf.exec:\rrlrlxf.exe78⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe79⤵
-
\??\c:\9nbnbh.exec:\9nbnbh.exe80⤵
-
\??\c:\vpddd.exec:\vpddd.exe81⤵
-
\??\c:\frlfllx.exec:\frlfllx.exe82⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe83⤵
-
\??\c:\bthntb.exec:\bthntb.exe84⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe85⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe86⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe87⤵
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe88⤵
-
\??\c:\rlllrrf.exec:\rlllrrf.exe89⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe90⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe91⤵
-
\??\c:\5btbnt.exec:\5btbnt.exe92⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe93⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe94⤵
-
\??\c:\xlxffxf.exec:\xlxffxf.exe95⤵
-
\??\c:\xrrfrxf.exec:\xrrfrxf.exe96⤵
-
\??\c:\5tbnnn.exec:\5tbnnn.exe97⤵
-
\??\c:\1btbtt.exec:\1btbtt.exe98⤵
-
\??\c:\3djjd.exec:\3djjd.exe99⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe100⤵
-
\??\c:\xlfxrrx.exec:\xlfxrrx.exe101⤵
-
\??\c:\3rfflrx.exec:\3rfflrx.exe102⤵
-
\??\c:\rxxrrlx.exec:\rxxrrlx.exe103⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe104⤵
-
\??\c:\tnnbhh.exec:\tnnbhh.exe105⤵
-
\??\c:\9pddp.exec:\9pddp.exe106⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe107⤵
-
\??\c:\frfflrl.exec:\frfflrl.exe108⤵
-
\??\c:\3tnbhh.exec:\3tnbhh.exe109⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe110⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe111⤵
-
\??\c:\xxxffrx.exec:\xxxffrx.exe112⤵
-
\??\c:\9thhtn.exec:\9thhtn.exe113⤵
-
\??\c:\9thnnb.exec:\9thnnb.exe114⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe115⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe116⤵
-
\??\c:\9xxrxlf.exec:\9xxrxlf.exe117⤵
-
\??\c:\rfrxflr.exec:\rfrxflr.exe118⤵
-
\??\c:\tttbnh.exec:\tttbnh.exe119⤵
-
\??\c:\btbttt.exec:\btbttt.exe120⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe121⤵
-
\??\c:\7fffffr.exec:\7fffffr.exe122⤵
-
\??\c:\3fflrxl.exec:\3fflrxl.exe123⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe124⤵
-
\??\c:\7bnhht.exec:\7bnhht.exe125⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe126⤵
-
\??\c:\3pvdj.exec:\3pvdj.exe127⤵
-
\??\c:\fflrrrr.exec:\fflrrrr.exe128⤵
-
\??\c:\1lfflrx.exec:\1lfflrx.exe129⤵
-
\??\c:\lfrffrx.exec:\lfrffrx.exe130⤵
-
\??\c:\9nnbnt.exec:\9nnbnt.exe131⤵
-
\??\c:\btnthn.exec:\btnthn.exe132⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe133⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe134⤵
-
\??\c:\llxrflx.exec:\llxrflx.exe135⤵
-
\??\c:\lfxrxfl.exec:\lfxrxfl.exe136⤵
-
\??\c:\ttthnh.exec:\ttthnh.exe137⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe138⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe139⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe140⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe141⤵
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe142⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe143⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe144⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe145⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe146⤵
-
\??\c:\rllrxrf.exec:\rllrxrf.exe147⤵
-
\??\c:\7fxrfxf.exec:\7fxrfxf.exe148⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe149⤵
-
\??\c:\3hbtnb.exec:\3hbtnb.exe150⤵
-
\??\c:\7jjjp.exec:\7jjjp.exe151⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe152⤵
-
\??\c:\rlffflx.exec:\rlffflx.exe153⤵
-
\??\c:\fxrfllx.exec:\fxrfllx.exe154⤵
-
\??\c:\5hnntb.exec:\5hnntb.exe155⤵
-
\??\c:\1nbhtt.exec:\1nbhtt.exe156⤵
-
\??\c:\3dvdp.exec:\3dvdp.exe157⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe158⤵
-
\??\c:\rfrxfrr.exec:\rfrxfrr.exe159⤵
-
\??\c:\xrrxflx.exec:\xrrxflx.exe160⤵
-
\??\c:\hhtbtn.exec:\hhtbtn.exe161⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe162⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe163⤵
-
\??\c:\llflllr.exec:\llflllr.exe164⤵
-
\??\c:\xrffrxx.exec:\xrffrxx.exe165⤵
-
\??\c:\9lllxxx.exec:\9lllxxx.exe166⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe167⤵
-
\??\c:\tthnhb.exec:\tthnhb.exe168⤵
-
\??\c:\1djpp.exec:\1djpp.exe169⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe170⤵
-
\??\c:\3fxlrrf.exec:\3fxlrrf.exe171⤵
-
\??\c:\rfrxlrf.exec:\rfrxlrf.exe172⤵
-
\??\c:\bbbnth.exec:\bbbnth.exe173⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe174⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe175⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe176⤵
-
\??\c:\rlllflr.exec:\rlllflr.exe177⤵
-
\??\c:\5xlxxxl.exec:\5xlxxxl.exe178⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe179⤵
-
\??\c:\hhnbht.exec:\hhnbht.exe180⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe181⤵
-
\??\c:\llflrrx.exec:\llflrrx.exe182⤵
-
\??\c:\9fxfxlx.exec:\9fxfxlx.exe183⤵
-
\??\c:\7bbnnb.exec:\7bbnnb.exe184⤵
-
\??\c:\btnnnb.exec:\btnnnb.exe185⤵
-
\??\c:\pppvj.exec:\pppvj.exe186⤵
-
\??\c:\xxlrffr.exec:\xxlrffr.exe187⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe188⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe189⤵
-
\??\c:\1pjpj.exec:\1pjpj.exe190⤵
-
\??\c:\rlxxflx.exec:\rlxxflx.exe191⤵
-
\??\c:\ttnhtn.exec:\ttnhtn.exe192⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe193⤵
-
\??\c:\lrlxxrl.exec:\lrlxxrl.exe194⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe195⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe196⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe197⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe198⤵
-
\??\c:\1fxxlll.exec:\1fxxlll.exe199⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe200⤵
-
\??\c:\nhbhnh.exec:\nhbhnh.exe201⤵
-
\??\c:\5jpdv.exec:\5jpdv.exe202⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe203⤵
-
\??\c:\5lxrffl.exec:\5lxrffl.exe204⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe205⤵
-
\??\c:\1bhnnt.exec:\1bhnnt.exe206⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe207⤵
-
\??\c:\jdddd.exec:\jdddd.exe208⤵
-
\??\c:\rfxlrrf.exec:\rfxlrrf.exe209⤵
-
\??\c:\rllrflr.exec:\rllrflr.exe210⤵
-
\??\c:\9hbhbn.exec:\9hbhbn.exe211⤵
-
\??\c:\hbbhnn.exec:\hbbhnn.exe212⤵
-
\??\c:\3pjdj.exec:\3pjdj.exe213⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe214⤵
-
\??\c:\fxxflxl.exec:\fxxflxl.exe215⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe216⤵
-
\??\c:\httnnh.exec:\httnnh.exe217⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe218⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe219⤵
-
\??\c:\7fxlflr.exec:\7fxlflr.exe220⤵
-
\??\c:\fxxflrf.exec:\fxxflrf.exe221⤵
-
\??\c:\3bttbb.exec:\3bttbb.exe222⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe223⤵
-
\??\c:\dpddp.exec:\dpddp.exe224⤵
-
\??\c:\1fxxflf.exec:\1fxxflf.exe225⤵
-
\??\c:\rfrxxfr.exec:\rfrxxfr.exe226⤵
-
\??\c:\bbnthb.exec:\bbnthb.exe227⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe228⤵
-
\??\c:\7pddj.exec:\7pddj.exe229⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe230⤵
-
\??\c:\rlflrxx.exec:\rlflrxx.exe231⤵
-
\??\c:\9rlxrxl.exec:\9rlxrxl.exe232⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe233⤵
-
\??\c:\1nhhnb.exec:\1nhhnb.exe234⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe235⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe236⤵
-
\??\c:\9llxxrf.exec:\9llxxrf.exe237⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe238⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe239⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe240⤵
-
\??\c:\pjppd.exec:\pjppd.exe241⤵