Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 10:13
General
-
Target
e54ae86212c2e30aef9435df2ff7e7e0_NeikiAnalytics.exe
-
Size
116KB
-
MD5
e54ae86212c2e30aef9435df2ff7e7e0
-
SHA1
95ef366dadebc8ca9ae9c316f2075d7039ba03bc
-
SHA256
08fbc2cdc276b6d5edc3b66e8b59dd9e41b2ddbd3824f8c8a273073cdf4991b6
-
SHA512
bfe4fcb87bd0a24c2f24420f01c6876e07327f8275e693373d344cf7059737d065d7ae3db3ae3c306888ddbaf361f12ae93c4a412ee81c7aa77f89e9848f6a15
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFn:n3C9BRosxW8MFHLMWvlm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e54ae86212c2e30aef9435df2ff7e7e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e54ae86212c2e30aef9435df2ff7e7e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntt.exec:\tnnntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxxl.exec:\xlrxxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflffr.exec:\xrflffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnt.exec:\ttbbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbtt.exec:\1bbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdpd.exec:\1jdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffflx.exec:\fxffflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxlf.exec:\xrflxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpd.exec:\pjjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pddj.exec:\9pddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrflx.exec:\rrlrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdp.exec:\vjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxxlxlr.exec:\xxxlxlr.exe18⤵
- Executes dropped EXE
-
\??\c:\9lxrrrf.exec:\9lxrrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\bthtbh.exec:\bthtbh.exe20⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrxll.exec:\fxlrxll.exe22⤵
- Executes dropped EXE
-
\??\c:\xrfxllf.exec:\xrfxllf.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe25⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe26⤵
- Executes dropped EXE
-
\??\c:\xxflllx.exec:\xxflllx.exe27⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe28⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe29⤵
- Executes dropped EXE
-
\??\c:\fxllrrl.exec:\fxllrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe33⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe34⤵
- Executes dropped EXE
-
\??\c:\fflrxxf.exec:\fflrxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\xllrxrx.exec:\xllrxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\1nbbbh.exec:\1nbbbh.exe38⤵
- Executes dropped EXE
-
\??\c:\5dvvj.exec:\5dvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe40⤵
- Executes dropped EXE
-
\??\c:\rfrxrxx.exec:\rfrxrxx.exe41⤵
- Executes dropped EXE
-
\??\c:\3lxfllx.exec:\3lxfllx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbthnn.exec:\hbthnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe45⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\xrfflrx.exec:\xrfflrx.exe49⤵
- Executes dropped EXE
-
\??\c:\hhhttt.exec:\hhhttt.exe50⤵
- Executes dropped EXE
-
\??\c:\hbthnn.exec:\hbthnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe52⤵
- Executes dropped EXE
-
\??\c:\1pjjj.exec:\1pjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxxffl.exec:\xlxxffl.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxxxxl.exec:\5rxxxxl.exe55⤵
- Executes dropped EXE
-
\??\c:\rlfxffr.exec:\rlfxffr.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhhtn.exec:\bnhhtn.exe57⤵
- Executes dropped EXE
-
\??\c:\9hnntb.exec:\9hnntb.exe58⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe59⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffrxl.exec:\xrffrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\9lxllrx.exec:\9lxllrx.exe62⤵
- Executes dropped EXE
-
\??\c:\7nbnbb.exec:\7nbnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\3pvvd.exec:\3pvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe66⤵
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe67⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe68⤵
-
\??\c:\bthntt.exec:\bthntt.exe69⤵
-
\??\c:\1ppjp.exec:\1ppjp.exe70⤵
-
\??\c:\7pdpd.exec:\7pdpd.exe71⤵
-
\??\c:\xxlrxff.exec:\xxlrxff.exe72⤵
-
\??\c:\ffrlfrl.exec:\ffrlfrl.exe73⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe74⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe75⤵
-
\??\c:\7ddjp.exec:\7ddjp.exe76⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe77⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe78⤵
-
\??\c:\frlrxrx.exec:\frlrxrx.exe79⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe80⤵
-
\??\c:\btbntt.exec:\btbntt.exe81⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe82⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe83⤵
-
\??\c:\5frlrrx.exec:\5frlrrx.exe84⤵
-
\??\c:\rrlxfff.exec:\rrlxfff.exe85⤵
-
\??\c:\bthnth.exec:\bthnth.exe86⤵
-
\??\c:\9tbnbh.exec:\9tbnbh.exe87⤵
-
\??\c:\dppvd.exec:\dppvd.exe88⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe89⤵
-
\??\c:\rlxfrlf.exec:\rlxfrlf.exe90⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe91⤵
-
\??\c:\3hhthn.exec:\3hhthn.exe92⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe93⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe94⤵
-
\??\c:\9rlfllr.exec:\9rlfllr.exe95⤵
-
\??\c:\rlxxlfr.exec:\rlxxlfr.exe96⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe97⤵
-
\??\c:\1ttbhn.exec:\1ttbhn.exe98⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe99⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe100⤵
-
\??\c:\9frrrfl.exec:\9frrrfl.exe101⤵
-
\??\c:\lfllffl.exec:\lfllffl.exe102⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe103⤵
-
\??\c:\tnbnhb.exec:\tnbnhb.exe104⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe105⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe106⤵
-
\??\c:\xrrxllx.exec:\xrrxllx.exe107⤵
-
\??\c:\xrrxxfr.exec:\xrrxxfr.exe108⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe109⤵
-
\??\c:\5btbhh.exec:\5btbhh.exe110⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe111⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe112⤵
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe113⤵
-
\??\c:\3lfflrx.exec:\3lfflrx.exe114⤵
-
\??\c:\tththn.exec:\tththn.exe115⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe116⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe117⤵
-
\??\c:\dvppd.exec:\dvppd.exe118⤵
-
\??\c:\rlrrrxl.exec:\rlrrrxl.exe119⤵
-
\??\c:\9rxlrxr.exec:\9rxlrxr.exe120⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe121⤵
-
\??\c:\htbhhb.exec:\htbhhb.exe122⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe123⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe124⤵
-
\??\c:\xlffrlr.exec:\xlffrlr.exe125⤵
-
\??\c:\7frxxxr.exec:\7frxxxr.exe126⤵
-
\??\c:\nbttbn.exec:\nbttbn.exe127⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe128⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe129⤵
-
\??\c:\jvppv.exec:\jvppv.exe130⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe131⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe132⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe133⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe134⤵
-
\??\c:\5frxrxf.exec:\5frxrxf.exe135⤵
-
\??\c:\9fxlfrx.exec:\9fxlfrx.exe136⤵
-
\??\c:\3tnbth.exec:\3tnbth.exe137⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe138⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe139⤵
-
\??\c:\vjddd.exec:\vjddd.exe140⤵
-
\??\c:\7lfxrrf.exec:\7lfxrrf.exe141⤵
-
\??\c:\llllxll.exec:\llllxll.exe142⤵
-
\??\c:\3hhntb.exec:\3hhntb.exe143⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe144⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe145⤵
-
\??\c:\5vppp.exec:\5vppp.exe146⤵
-
\??\c:\9lxrlrl.exec:\9lxrlrl.exe147⤵
-
\??\c:\frfllrf.exec:\frfllrf.exe148⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe149⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe150⤵
-
\??\c:\7pddj.exec:\7pddj.exe151⤵
-
\??\c:\jddvp.exec:\jddvp.exe152⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe153⤵
-
\??\c:\9fxlflf.exec:\9fxlflf.exe154⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe155⤵
-
\??\c:\1btthh.exec:\1btthh.exe156⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe157⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe158⤵
-
\??\c:\rlffrxl.exec:\rlffrxl.exe159⤵
-
\??\c:\lxlrfxl.exec:\lxlrfxl.exe160⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe161⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe162⤵
-
\??\c:\3jddj.exec:\3jddj.exe163⤵
-
\??\c:\3jppp.exec:\3jppp.exe164⤵
-
\??\c:\3fxxfff.exec:\3fxxfff.exe165⤵
-
\??\c:\lfffxfl.exec:\lfffxfl.exe166⤵
-
\??\c:\nbhnbt.exec:\nbhnbt.exe167⤵
-
\??\c:\5nhnnt.exec:\5nhnnt.exe168⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe169⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe170⤵
-
\??\c:\fxrxfrx.exec:\fxrxfrx.exe171⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe172⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe173⤵
-
\??\c:\djdjp.exec:\djdjp.exe174⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe175⤵
-
\??\c:\llxxlll.exec:\llxxlll.exe176⤵
-
\??\c:\xxffllx.exec:\xxffllx.exe177⤵
-
\??\c:\7thhnh.exec:\7thhnh.exe178⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe179⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe180⤵
-
\??\c:\xrfxllf.exec:\xrfxllf.exe181⤵
-
\??\c:\lxllrrl.exec:\lxllrrl.exe182⤵
-
\??\c:\httthn.exec:\httthn.exe183⤵
-
\??\c:\thbbhb.exec:\thbbhb.exe184⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe185⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe186⤵
-
\??\c:\xrxfrfr.exec:\xrxfrfr.exe187⤵
-
\??\c:\9tnbtb.exec:\9tnbtb.exe188⤵
-
\??\c:\ttthth.exec:\ttthth.exe189⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe190⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe191⤵
-
\??\c:\fxllxfx.exec:\fxllxfx.exe192⤵
-
\??\c:\5ttbhh.exec:\5ttbhh.exe193⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe194⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe195⤵
-
\??\c:\xrfflxx.exec:\xrfflxx.exe196⤵
-
\??\c:\fxxxrxl.exec:\fxxxrxl.exe197⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe198⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe199⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe200⤵
-
\??\c:\1jdpv.exec:\1jdpv.exe201⤵
-
\??\c:\rlflflr.exec:\rlflflr.exe202⤵
-
\??\c:\xlxlxfx.exec:\xlxlxfx.exe203⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe204⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe205⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe206⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe207⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe208⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe209⤵
-
\??\c:\3httbh.exec:\3httbh.exe210⤵
-
\??\c:\1dpvv.exec:\1dpvv.exe211⤵
-
\??\c:\ddddv.exec:\ddddv.exe212⤵
-
\??\c:\lflfrxl.exec:\lflfrxl.exe213⤵
-
\??\c:\rrfflff.exec:\rrfflff.exe214⤵
-
\??\c:\1bnthn.exec:\1bnthn.exe215⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe216⤵
-
\??\c:\ddddj.exec:\ddddj.exe217⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe218⤵
-
\??\c:\xrllxfl.exec:\xrllxfl.exe219⤵
-
\??\c:\1htbbh.exec:\1htbbh.exe220⤵
-
\??\c:\5tnttb.exec:\5tnttb.exe221⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe222⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe223⤵
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe224⤵
-
\??\c:\llffllx.exec:\llffllx.exe225⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe226⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe227⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe228⤵
-
\??\c:\7jdpp.exec:\7jdpp.exe229⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe230⤵
-
\??\c:\7rrxrxr.exec:\7rrxrxr.exe231⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe232⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe233⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe234⤵
-
\??\c:\5fxlxxf.exec:\5fxlxxf.exe235⤵
-
\??\c:\7rfrfrf.exec:\7rfrfrf.exe236⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe237⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe238⤵
-
\??\c:\1vvvj.exec:\1vvvj.exe239⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe240⤵
-
\??\c:\fxxfffx.exec:\fxxfffx.exe241⤵