Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
20-05-2024 05:30
General
-
Target
b94bf585f972e9e808660ae114423980_NeikiAnalytics.exe
-
Size
61KB
-
MD5
b94bf585f972e9e808660ae114423980
-
SHA1
73d248d5887ae2b66d80d43dd4320218eba1aa7c
-
SHA256
1fceafedcc5f34c28e5eebefa1621f8ea3c812d90fa45799b4107429e23d79ac
-
SHA512
a01730f76f875bdfff991e3ee1b7ea2fb48b4349aaad992317761cacf974c7492a14f32e1513cd4d7ea4a913d70957dfa3550297980ef35309cba4000f61684d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJLC:ymb3NkkiQ3mdBjFIvAvC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b94bf585f972e9e808660ae114423980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b94bf585f972e9e808660ae114423980_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtbb.exec:\nnbtbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxfr.exec:\flflxfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvd.exec:\djjvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrxf.exec:\lfffrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbnhb.exec:\hnbnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9htbhh.exec:\9htbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpv.exec:\pjjpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrxffl.exec:\3xrxffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthnh.exec:\nbthnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbhh.exec:\ttbbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppd.exec:\pdppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdv.exec:\9pjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxfr.exec:\xrffxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htbhh.exec:\5htbhh.exe17⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe19⤵
- Executes dropped EXE
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe21⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe22⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe23⤵
- Executes dropped EXE
-
\??\c:\rllxflx.exec:\rllxflx.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\5hbhtt.exec:\5hbhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe29⤵
- Executes dropped EXE
-
\??\c:\9rxlrxf.exec:\9rxlrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\5htbhh.exec:\5htbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe34⤵
- Executes dropped EXE
-
\??\c:\7xlrxfr.exec:\7xlrxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\1thhhn.exec:\1thhhn.exe37⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\3lfxllr.exec:\3lfxllr.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxflrx.exec:\lfxflrx.exe40⤵
- Executes dropped EXE
-
\??\c:\5hbthh.exec:\5hbthh.exe41⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe42⤵
- Executes dropped EXE
-
\??\c:\5vjpd.exec:\5vjpd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe44⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe46⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe47⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe48⤵
- Executes dropped EXE
-
\??\c:\3vpvv.exec:\3vpvv.exe49⤵
- Executes dropped EXE
-
\??\c:\xlflxfl.exec:\xlflxfl.exe50⤵
- Executes dropped EXE
-
\??\c:\1hbntn.exec:\1hbntn.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe53⤵
- Executes dropped EXE
-
\??\c:\rlffffr.exec:\rlffffr.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbtnb.exec:\ntbtnb.exe55⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe56⤵
- Executes dropped EXE
-
\??\c:\9pjjd.exec:\9pjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\frflrrx.exec:\frflrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\5htbbb.exec:\5htbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe62⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe63⤵
- Executes dropped EXE
-
\??\c:\rxlrrfr.exec:\rxlrrfr.exe64⤵
- Executes dropped EXE
-
\??\c:\5rxxxrx.exec:\5rxxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\bthnhh.exec:\bthnhh.exe66⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe67⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe68⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe69⤵
-
\??\c:\7vppv.exec:\7vppv.exe70⤵
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe71⤵
-
\??\c:\3fffllr.exec:\3fffllr.exe72⤵
-
\??\c:\tbnhnb.exec:\tbnhnb.exe73⤵
-
\??\c:\hhtbbb.exec:\hhtbbb.exe74⤵
-
\??\c:\vpddj.exec:\vpddj.exe75⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe76⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe77⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe78⤵
-
\??\c:\rlflxrf.exec:\rlflxrf.exe79⤵
-
\??\c:\ttbnbb.exec:\ttbnbb.exe80⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe81⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe82⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe83⤵
-
\??\c:\fxxflrf.exec:\fxxflrf.exe84⤵
-
\??\c:\9lfxlfl.exec:\9lfxlfl.exe85⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe86⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe87⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe88⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe89⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe90⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe91⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe92⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe93⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe94⤵
-
\??\c:\9llxlrx.exec:\9llxlrx.exe95⤵
-
\??\c:\xrflflr.exec:\xrflflr.exe96⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe97⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe98⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe99⤵
-
\??\c:\frlrrrx.exec:\frlrrrx.exe100⤵
-
\??\c:\1frffxx.exec:\1frffxx.exe101⤵
-
\??\c:\bhtnth.exec:\bhtnth.exe102⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe103⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe104⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe105⤵
-
\??\c:\lfrfxxx.exec:\lfrfxxx.exe106⤵
-
\??\c:\xxxffxx.exec:\xxxffxx.exe107⤵
-
\??\c:\hbbhnh.exec:\hbbhnh.exe108⤵
-
\??\c:\5hnhtt.exec:\5hnhtt.exe109⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe110⤵
-
\??\c:\1dpvp.exec:\1dpvp.exe111⤵
-
\??\c:\rlxlrxl.exec:\rlxlrxl.exe112⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe113⤵
-
\??\c:\nbhnhh.exec:\nbhnhh.exe114⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe115⤵
-
\??\c:\1pjvd.exec:\1pjvd.exe116⤵
-
\??\c:\vdppv.exec:\vdppv.exe117⤵
-
\??\c:\fxxflll.exec:\fxxflll.exe118⤵
-
\??\c:\lfllxxl.exec:\lfllxxl.exe119⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe120⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe121⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe122⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe123⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe124⤵
-
\??\c:\rllrxxf.exec:\rllrxxf.exe125⤵
-
\??\c:\ffrrfff.exec:\ffrrfff.exe126⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe127⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe128⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe129⤵
-
\??\c:\pdppj.exec:\pdppj.exe130⤵
-
\??\c:\9frrllx.exec:\9frrllx.exe131⤵
-
\??\c:\flfrfxf.exec:\flfrfxf.exe132⤵
-
\??\c:\hhntth.exec:\hhntth.exe133⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe134⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe135⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe136⤵
-
\??\c:\lrxflxx.exec:\lrxflxx.exe137⤵
-
\??\c:\xxrrffl.exec:\xxrrffl.exe138⤵
-
\??\c:\3nnnbb.exec:\3nnnbb.exe139⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe140⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe141⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe142⤵
-
\??\c:\7xllxxl.exec:\7xllxxl.exe143⤵
-
\??\c:\xlxxlrx.exec:\xlxxlrx.exe144⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe145⤵
-
\??\c:\9nbtht.exec:\9nbtht.exe146⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe147⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe148⤵
-
\??\c:\rfffrff.exec:\rfffrff.exe149⤵
-
\??\c:\fxrxfxl.exec:\fxrxfxl.exe150⤵
-
\??\c:\bnhnbb.exec:\bnhnbb.exe151⤵
-
\??\c:\3hbhhh.exec:\3hbhhh.exe152⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe153⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe154⤵
-
\??\c:\jjddp.exec:\jjddp.exe155⤵
-
\??\c:\rlfflrx.exec:\rlfflrx.exe156⤵
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe157⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe158⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe159⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe160⤵
-
\??\c:\jdppv.exec:\jdppv.exe161⤵
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe162⤵
-
\??\c:\frllxrx.exec:\frllxrx.exe163⤵
-
\??\c:\5hthnn.exec:\5hthnn.exe164⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe165⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe166⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe167⤵
-
\??\c:\fxllxfr.exec:\fxllxfr.exe168⤵
-
\??\c:\5ffxflx.exec:\5ffxflx.exe169⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe170⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe171⤵
-
\??\c:\ddppj.exec:\ddppj.exe172⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe173⤵
-
\??\c:\rlfrxff.exec:\rlfrxff.exe174⤵
-
\??\c:\7lffflr.exec:\7lffflr.exe175⤵
-
\??\c:\9ffrrll.exec:\9ffrrll.exe176⤵
-
\??\c:\hhbhbt.exec:\hhbhbt.exe177⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe178⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe179⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe180⤵
-
\??\c:\flrllxf.exec:\flrllxf.exe181⤵
-
\??\c:\xxxxllf.exec:\xxxxllf.exe182⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe183⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe184⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe185⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe186⤵
-
\??\c:\flrlxxx.exec:\flrlxxx.exe187⤵
-
\??\c:\lfxfllr.exec:\lfxfllr.exe188⤵
-
\??\c:\tnnhnb.exec:\tnnhnb.exe189⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe190⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe191⤵
-
\??\c:\pjddj.exec:\pjddj.exe192⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe193⤵
-
\??\c:\xrxxffr.exec:\xrxxffr.exe194⤵
-
\??\c:\frrxrxf.exec:\frrxrxf.exe195⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe196⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe197⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe198⤵
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe199⤵
-
\??\c:\5xllxfl.exec:\5xllxfl.exe200⤵
-
\??\c:\btthtb.exec:\btthtb.exe201⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe202⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe203⤵
-
\??\c:\rfxfxfl.exec:\rfxfxfl.exe204⤵
-
\??\c:\frffrlx.exec:\frffrlx.exe205⤵
-
\??\c:\htnhnb.exec:\htnhnb.exe206⤵
-
\??\c:\1btttt.exec:\1btttt.exe207⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe208⤵
-
\??\c:\vppdv.exec:\vppdv.exe209⤵
-
\??\c:\9fxlfrl.exec:\9fxlfrl.exe210⤵
-
\??\c:\rlflflx.exec:\rlflflx.exe211⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe212⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe213⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe214⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe215⤵
-
\??\c:\9lxxrrf.exec:\9lxxrrf.exe216⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe217⤵
-
\??\c:\nhhnnb.exec:\nhhnnb.exe218⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe219⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe220⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe221⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe222⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe223⤵
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe224⤵
-
\??\c:\3tnbnn.exec:\3tnbnn.exe225⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe226⤵
-
\??\c:\jppdv.exec:\jppdv.exe227⤵
-
\??\c:\lxfxxfr.exec:\lxfxxfr.exe228⤵
-
\??\c:\xrffflr.exec:\xrffflr.exe229⤵
-
\??\c:\3nntnt.exec:\3nntnt.exe230⤵
-
\??\c:\ttnttn.exec:\ttnttn.exe231⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe232⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe233⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe234⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe235⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe236⤵
-
\??\c:\nnnhnt.exec:\nnnhnt.exe237⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe238⤵
-
\??\c:\1vvdp.exec:\1vvdp.exe239⤵
-
\??\c:\1fffffr.exec:\1fffffr.exe240⤵
-
\??\c:\rllrfrx.exec:\rllrfrx.exe241⤵