Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 05:08
General
-
Target
b5046a0e00a97218c248624cd6b18d00_NeikiAnalytics.exe
-
Size
64KB
-
MD5
b5046a0e00a97218c248624cd6b18d00
-
SHA1
77b7e062965acbd3da8dd4288ca665c9e3481e9e
-
SHA256
46245924ee91216c1e2f71c928f1f64ce8bef3b34804d22788de1cc4be20d96b
-
SHA512
c9da62acdfd02bed7fbbacebf45799b71cc0aa6d288915d82176144ed8931ffa25997cf81bcfc2bbebc51300f0ac6c003afba7d03cf10203bcc0e9e226bdc8f8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12+:ymb3NkkiQ3mdBjFIFdJm5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b5046a0e00a97218c248624cd6b18d00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b5046a0e00a97218c248624cd6b18d00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjp.exec:\jjjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrxl.exec:\rrflrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnt.exec:\bthbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjp.exec:\pddjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdj.exec:\pvpdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxffr.exec:\xxrxffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbhh.exec:\bbbbhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thnhh.exec:\1thnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjj.exec:\7djjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlfl.exec:\lllxlfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrxl.exec:\xrllrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhh.exec:\hbtbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvj.exec:\pdvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjj.exec:\jdvjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlxfl.exec:\lxxlxfl.exe17⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe18⤵
- Executes dropped EXE
-
\??\c:\7bhhnb.exec:\7bhhnb.exe19⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe20⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe21⤵
- Executes dropped EXE
-
\??\c:\lrffxrx.exec:\lrffxrx.exe22⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe25⤵
- Executes dropped EXE
-
\??\c:\9dpjv.exec:\9dpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlxrff.exec:\xrlxrff.exe27⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe28⤵
- Executes dropped EXE
-
\??\c:\nnbhth.exec:\nnbhth.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\llfxlll.exec:\llfxlll.exe31⤵
- Executes dropped EXE
-
\??\c:\bnthhh.exec:\bnthhh.exe32⤵
- Executes dropped EXE
-
\??\c:\1nnbtb.exec:\1nnbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\jvjjd.exec:\jvjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\7xlllfl.exec:\7xlllfl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrllllr.exec:\xrllllr.exe41⤵
- Executes dropped EXE
-
\??\c:\xxlxxrr.exec:\xxlxxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe43⤵
- Executes dropped EXE
-
\??\c:\5tntbb.exec:\5tntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xlrfllx.exec:\xlrfllx.exe47⤵
- Executes dropped EXE
-
\??\c:\rfllllr.exec:\rfllllr.exe48⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\tntbnt.exec:\tntbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe51⤵
- Executes dropped EXE
-
\??\c:\5djdj.exec:\5djdj.exe52⤵
- Executes dropped EXE
-
\??\c:\llfllxf.exec:\llfllxf.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe55⤵
- Executes dropped EXE
-
\??\c:\htbtbt.exec:\htbtbt.exe56⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe58⤵
- Executes dropped EXE
-
\??\c:\lllflrx.exec:\lllflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\xxxxxfl.exec:\xxxxxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbnbb.exec:\tnbnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\frxrlrl.exec:\frxrlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\xlrfxxx.exec:\xlrfxxx.exe66⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe67⤵
-
\??\c:\7hbbbt.exec:\7hbbbt.exe68⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe69⤵
-
\??\c:\djdvv.exec:\djdvv.exe70⤵
-
\??\c:\1lxrfxl.exec:\1lxrfxl.exe71⤵
-
\??\c:\xllfxrl.exec:\xllfxrl.exe72⤵
-
\??\c:\hnnntt.exec:\hnnntt.exe73⤵
-
\??\c:\btntbb.exec:\btntbb.exe74⤵
-
\??\c:\hbbbbn.exec:\hbbbbn.exe75⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe76⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe77⤵
-
\??\c:\fxrxffl.exec:\fxrxffl.exe78⤵
-
\??\c:\frflllx.exec:\frflllx.exe79⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe80⤵
-
\??\c:\thnttb.exec:\thnttb.exe81⤵
-
\??\c:\9tnnnn.exec:\9tnnnn.exe82⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe83⤵
-
\??\c:\9vpvv.exec:\9vpvv.exe84⤵
-
\??\c:\xxflfll.exec:\xxflfll.exe85⤵
-
\??\c:\xrxffll.exec:\xrxffll.exe86⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe87⤵
-
\??\c:\pddjp.exec:\pddjp.exe88⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe89⤵
-
\??\c:\dddvd.exec:\dddvd.exe90⤵
-
\??\c:\1fflllr.exec:\1fflllr.exe91⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe92⤵
-
\??\c:\hbntth.exec:\hbntth.exe93⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe94⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe95⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe96⤵
-
\??\c:\bnbhnb.exec:\bnbhnb.exe97⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe98⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe99⤵
-
\??\c:\7vddj.exec:\7vddj.exe100⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe101⤵
-
\??\c:\3frrxfl.exec:\3frrxfl.exe102⤵
-
\??\c:\bttthh.exec:\bttthh.exe103⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe104⤵
-
\??\c:\1tbhnh.exec:\1tbhnh.exe105⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe106⤵
-
\??\c:\3pjpv.exec:\3pjpv.exe107⤵
-
\??\c:\3llrrxf.exec:\3llrrxf.exe108⤵
-
\??\c:\fxrxlxx.exec:\fxrxlxx.exe109⤵
-
\??\c:\5tttbh.exec:\5tttbh.exe110⤵
-
\??\c:\btnthn.exec:\btnthn.exe111⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe112⤵
-
\??\c:\pjppv.exec:\pjppv.exe113⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe114⤵
-
\??\c:\fxflxxx.exec:\fxflxxx.exe115⤵
-
\??\c:\ffxflrr.exec:\ffxflrr.exe116⤵
-
\??\c:\1xxfrxr.exec:\1xxfrxr.exe117⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe118⤵
-
\??\c:\1jjjv.exec:\1jjjv.exe119⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe120⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe121⤵
-
\??\c:\xrfxflr.exec:\xrfxflr.exe122⤵
-
\??\c:\xrrrflx.exec:\xrrrflx.exe123⤵
-
\??\c:\1hhbtb.exec:\1hhbtb.exe124⤵
-
\??\c:\nhhhth.exec:\nhhhth.exe125⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe126⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe127⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe128⤵
-
\??\c:\5rrfllx.exec:\5rrfllx.exe129⤵
-
\??\c:\lfrrffx.exec:\lfrrffx.exe130⤵
-
\??\c:\htntnh.exec:\htntnh.exe131⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe132⤵
-
\??\c:\vpddp.exec:\vpddp.exe133⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe134⤵
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe135⤵
-
\??\c:\rlxrflx.exec:\rlxrflx.exe136⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe137⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe138⤵
-
\??\c:\9hbbht.exec:\9hbbht.exe139⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe140⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe141⤵
-
\??\c:\xlxxxfl.exec:\xlxxxfl.exe142⤵
-
\??\c:\3fffxrf.exec:\3fffxrf.exe143⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe144⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe145⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe146⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe147⤵
-
\??\c:\dpddj.exec:\dpddj.exe148⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe149⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe150⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe151⤵
-
\??\c:\3hhhtn.exec:\3hhhtn.exe152⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe153⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe154⤵
-
\??\c:\rlrrxfx.exec:\rlrrxfx.exe155⤵
-
\??\c:\1xrxllf.exec:\1xrxllf.exe156⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe157⤵
-
\??\c:\1hbnth.exec:\1hbnth.exe158⤵
-
\??\c:\tnbhnh.exec:\tnbhnh.exe159⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe160⤵
-
\??\c:\9lrrrrx.exec:\9lrrrrx.exe161⤵
-
\??\c:\lxlrlff.exec:\lxlrlff.exe162⤵
-
\??\c:\fflxlxr.exec:\fflxlxr.exe163⤵
-
\??\c:\3bnbnn.exec:\3bnbnn.exe164⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe165⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe166⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe167⤵
-
\??\c:\pvppj.exec:\pvppj.exe168⤵
-
\??\c:\fxfflrx.exec:\fxfflrx.exe169⤵
-
\??\c:\9frlrxf.exec:\9frlrxf.exe170⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe171⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe172⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe173⤵
-
\??\c:\7vjjd.exec:\7vjjd.exe174⤵
-
\??\c:\lfrrflr.exec:\lfrrflr.exe175⤵
-
\??\c:\xlrxflr.exec:\xlrxflr.exe176⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe177⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe178⤵
-
\??\c:\7xrxffr.exec:\7xrxffr.exe179⤵
-
\??\c:\lflrrrx.exec:\lflrrrx.exe180⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe181⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe182⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe183⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe184⤵
-
\??\c:\ppddj.exec:\ppddj.exe185⤵
-
\??\c:\5rllrlr.exec:\5rllrlr.exe186⤵
-
\??\c:\rflflfx.exec:\rflflfx.exe187⤵
-
\??\c:\lflrfll.exec:\lflrfll.exe188⤵
-
\??\c:\5bthnt.exec:\5bthnt.exe189⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe190⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe191⤵
-
\??\c:\3ffrffl.exec:\3ffrffl.exe192⤵
-
\??\c:\7rlxrlx.exec:\7rlxrlx.exe193⤵
-
\??\c:\bhbntt.exec:\bhbntt.exe194⤵
-
\??\c:\3bbnhb.exec:\3bbnhb.exe195⤵
-
\??\c:\7ntbbt.exec:\7ntbbt.exe196⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe197⤵
-
\??\c:\5lrxffr.exec:\5lrxffr.exe198⤵
-
\??\c:\xrfrxfr.exec:\xrfrxfr.exe199⤵
-
\??\c:\7xlfxfr.exec:\7xlfxfr.exe200⤵
-
\??\c:\3nhnbb.exec:\3nhnbb.exe201⤵
-
\??\c:\nnnnnh.exec:\nnnnnh.exe202⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe203⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe204⤵
-
\??\c:\9xxxxrx.exec:\9xxxxrx.exe205⤵
-
\??\c:\lrxfllr.exec:\lrxfllr.exe206⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe207⤵
-
\??\c:\7ntbbt.exec:\7ntbbt.exe208⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe209⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe210⤵
-
\??\c:\llflflf.exec:\llflflf.exe211⤵
-
\??\c:\7rllrrr.exec:\7rllrrr.exe212⤵
-
\??\c:\9nnbhn.exec:\9nnbhn.exe213⤵
-
\??\c:\hntbhh.exec:\hntbhh.exe214⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe215⤵
-
\??\c:\9fxxfff.exec:\9fxxfff.exe216⤵
-
\??\c:\9ntttb.exec:\9ntttb.exe217⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe218⤵
-
\??\c:\5vjvv.exec:\5vjvv.exe219⤵
-
\??\c:\bnhntb.exec:\bnhntb.exe220⤵
-
\??\c:\thntbh.exec:\thntbh.exe221⤵
-
\??\c:\ppppd.exec:\ppppd.exe222⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe223⤵
-
\??\c:\dvppv.exec:\dvppv.exe224⤵
-
\??\c:\7rlrrlr.exec:\7rlrrlr.exe225⤵
-
\??\c:\rrrxfrf.exec:\rrrxfrf.exe226⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe227⤵
-
\??\c:\5hnbbh.exec:\5hnbbh.exe228⤵
-
\??\c:\pjppp.exec:\pjppp.exe229⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe230⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe231⤵
-
\??\c:\flflfrl.exec:\flflfrl.exe232⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe233⤵
-
\??\c:\bhnbbh.exec:\bhnbbh.exe234⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe235⤵
-
\??\c:\jdppp.exec:\jdppp.exe236⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe237⤵
-
\??\c:\3fxfxxx.exec:\3fxfxxx.exe238⤵
-
\??\c:\7rxxxxf.exec:\7rxxxxf.exe239⤵
-
\??\c:\9tnhnn.exec:\9tnhnn.exe240⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe241⤵