Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 09:53
General
-
Target
e1b8c1e240162dee6c143cd563b22210_NeikiAnalytics.exe
-
Size
213KB
-
MD5
e1b8c1e240162dee6c143cd563b22210
-
SHA1
830a4ce28c031e3b5033f8f7c5cfaab7f7e671b3
-
SHA256
fc75cec9080cf75174a4395e139e37f12bd391b9592f2e66d7d56a9d60e9ab13
-
SHA512
bcac50eb65f7327c9bc6361d71e9d2e0df2b10b786b119f733f49d1fd402c5900813b3b2ebfb66785bfc86934a3f2103ecd2cb7281e187ba4ec90d61308f67be
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmABvP:n3C9BRIG0asYFm71m8+GdkB9EBX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1b8c1e240162dee6c143cd563b22210_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e1b8c1e240162dee6c143cd563b22210_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlrlfl.exec:\1xlrlfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnt.exec:\tthhnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbntnt.exec:\nbntnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrffr.exec:\7fxrffr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdd.exec:\pvjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxlx.exec:\rlxrxlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnbhn.exec:\1nnbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjp.exec:\dvdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxlrx.exec:\xffxlrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthht.exec:\ttthht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrffr.exec:\rrfrffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhb.exec:\bhnhhb.exe17⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe18⤵
- Executes dropped EXE
-
\??\c:\rlrrffr.exec:\rlrrffr.exe19⤵
- Executes dropped EXE
-
\??\c:\xxlrrxl.exec:\xxlrrxl.exe20⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrflrx.exec:\fxrflrx.exe22⤵
- Executes dropped EXE
-
\??\c:\tbnhbt.exec:\tbnhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\frfxxxl.exec:\frfxxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\bhbbhh.exec:\bhbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\3lxxflr.exec:\3lxxflr.exe27⤵
- Executes dropped EXE
-
\??\c:\lllxxrf.exec:\lllxxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\bbbhht.exec:\bbbhht.exe29⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\9xxlxlx.exec:\9xxlxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\9pvjv.exec:\9pvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe33⤵
- Executes dropped EXE
-
\??\c:\ttttht.exec:\ttttht.exe34⤵
- Executes dropped EXE
-
\??\c:\9nhhnt.exec:\9nhhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe36⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe37⤵
- Executes dropped EXE
-
\??\c:\frrfrlr.exec:\frrfrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\bhtbbb.exec:\bhtbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe40⤵
- Executes dropped EXE
-
\??\c:\5jvjd.exec:\5jvjd.exe41⤵
- Executes dropped EXE
-
\??\c:\9jpdd.exec:\9jpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\3fxfrxf.exec:\3fxfrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\rllxrlf.exec:\rllxrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe45⤵
- Executes dropped EXE
-
\??\c:\pdvdp.exec:\pdvdp.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrxllx.exec:\lfrxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe49⤵
- Executes dropped EXE
-
\??\c:\bntnht.exec:\bntnht.exe50⤵
- Executes dropped EXE
-
\??\c:\1vvdp.exec:\1vvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\llffrrx.exec:\llffrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\rlxrllx.exec:\rlxrllx.exe53⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\1hhttt.exec:\1hhttt.exe55⤵
- Executes dropped EXE
-
\??\c:\3jdjj.exec:\3jdjj.exe56⤵
- Executes dropped EXE
-
\??\c:\flffrrr.exec:\flffrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\llffflx.exec:\llffflx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjvd.exec:\jvjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\flrfxrl.exec:\flrfxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbtbn.exec:\hhbtbn.exe63⤵
- Executes dropped EXE
-
\??\c:\tbbttn.exec:\tbbttn.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\xlrlxfl.exec:\xlrlxfl.exe66⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe67⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe68⤵
-
\??\c:\bhntnb.exec:\bhntnb.exe69⤵
-
\??\c:\jddjv.exec:\jddjv.exe70⤵
-
\??\c:\xrflffr.exec:\xrflffr.exe71⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe72⤵
-
\??\c:\1tbnbb.exec:\1tbnbb.exe73⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe74⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe75⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe76⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe77⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe78⤵
-
\??\c:\dddpd.exec:\dddpd.exe79⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe80⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe81⤵
-
\??\c:\3nbnbn.exec:\3nbnbn.exe82⤵
-
\??\c:\1btthh.exec:\1btthh.exe83⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe84⤵
-
\??\c:\lrxxffr.exec:\lrxxffr.exe85⤵
-
\??\c:\fxxxlxx.exec:\fxxxlxx.exe86⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe87⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe88⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe89⤵
-
\??\c:\fxffrfr.exec:\fxffrfr.exe90⤵
-
\??\c:\frrflfl.exec:\frrflfl.exe91⤵
-
\??\c:\ttntnb.exec:\ttntnb.exe92⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe93⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe94⤵
-
\??\c:\1rrfrfx.exec:\1rrfrfx.exe95⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe96⤵
-
\??\c:\bbntht.exec:\bbntht.exe97⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe98⤵
-
\??\c:\5jpdd.exec:\5jpdd.exe99⤵
-
\??\c:\3lflrxr.exec:\3lflrxr.exe100⤵
-
\??\c:\ffrfrll.exec:\ffrfrll.exe101⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe102⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe103⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe104⤵
-
\??\c:\rlxlffx.exec:\rlxlffx.exe105⤵
-
\??\c:\5rllflr.exec:\5rllflr.exe106⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe107⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe108⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe109⤵
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe110⤵
-
\??\c:\fxfxlxf.exec:\fxfxlxf.exe111⤵
-
\??\c:\3tnbht.exec:\3tnbht.exe112⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe113⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe114⤵
-
\??\c:\9xlrfxl.exec:\9xlrfxl.exe115⤵
-
\??\c:\fxrlxlx.exec:\fxrlxlx.exe116⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe117⤵
-
\??\c:\5nnttb.exec:\5nnttb.exe118⤵
-
\??\c:\7jppp.exec:\7jppp.exe119⤵
-
\??\c:\xxfllrr.exec:\xxfllrr.exe120⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe121⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe122⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe123⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe124⤵
-
\??\c:\llxlfxr.exec:\llxlfxr.exe125⤵
-
\??\c:\hbbnhn.exec:\hbbnhn.exe126⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe127⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe128⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe129⤵
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe130⤵
-
\??\c:\xxlrffl.exec:\xxlrffl.exe131⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe132⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe133⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe134⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe135⤵
-
\??\c:\3tbtnn.exec:\3tbtnn.exe136⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe137⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe138⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe139⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe140⤵
-
\??\c:\bhbtbb.exec:\bhbtbb.exe141⤵
-
\??\c:\nhbtht.exec:\nhbtht.exe142⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe143⤵
-
\??\c:\rrrrflx.exec:\rrrrflx.exe144⤵
-
\??\c:\fxrxlxl.exec:\fxrxlxl.exe145⤵
-
\??\c:\ntnbbb.exec:\ntnbbb.exe146⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe147⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe148⤵
-
\??\c:\xxxxlfr.exec:\xxxxlfr.exe149⤵
-
\??\c:\frfflff.exec:\frfflff.exe150⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe151⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe152⤵
-
\??\c:\7xlrffr.exec:\7xlrffr.exe153⤵
-
\??\c:\xxlrxxl.exec:\xxlrxxl.exe154⤵
-
\??\c:\tnnbht.exec:\tnnbht.exe155⤵
-
\??\c:\jpddd.exec:\jpddd.exe156⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe157⤵
-
\??\c:\lfrfrfl.exec:\lfrfrfl.exe158⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe159⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe160⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe161⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe162⤵
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe163⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe164⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe165⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe166⤵
-
\??\c:\7dpdj.exec:\7dpdj.exe167⤵
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe168⤵
-
\??\c:\rlfrrfl.exec:\rlfrrfl.exe169⤵
-
\??\c:\hnhthn.exec:\hnhthn.exe170⤵
-
\??\c:\hbntht.exec:\hbntht.exe171⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe172⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe173⤵
-
\??\c:\llxlrfl.exec:\llxlrfl.exe174⤵
-
\??\c:\5ttnbt.exec:\5ttnbt.exe175⤵
-
\??\c:\7hbhtt.exec:\7hbhtt.exe176⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe177⤵
-
\??\c:\lrrrlfr.exec:\lrrrlfr.exe178⤵
-
\??\c:\rllfllf.exec:\rllfllf.exe179⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe180⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe181⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe182⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe183⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe184⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe185⤵
-
\??\c:\nbnnth.exec:\nbnnth.exe186⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe187⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe188⤵
-
\??\c:\rlflxlr.exec:\rlflxlr.exe189⤵
-
\??\c:\1rxlflx.exec:\1rxlflx.exe190⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe191⤵
-
\??\c:\ntnbbn.exec:\ntnbbn.exe192⤵
-
\??\c:\dpppd.exec:\dpppd.exe193⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe194⤵
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe195⤵
-
\??\c:\rrrxlxr.exec:\rrrxlxr.exe196⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe197⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe198⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe199⤵
-
\??\c:\lflrxxf.exec:\lflrxxf.exe200⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe201⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe202⤵
-
\??\c:\5tntbh.exec:\5tntbh.exe203⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe204⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe205⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe206⤵
-
\??\c:\xrxlflf.exec:\xrxlflf.exe207⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe208⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe209⤵
-
\??\c:\dpddj.exec:\dpddj.exe210⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe211⤵
-
\??\c:\rrllxfr.exec:\rrllxfr.exe212⤵
-
\??\c:\3htbtb.exec:\3htbtb.exe213⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe214⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe215⤵
-
\??\c:\xxlfrxr.exec:\xxlfrxr.exe216⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe217⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe218⤵
-
\??\c:\7tntht.exec:\7tntht.exe219⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe220⤵
-
\??\c:\ffxfrlf.exec:\ffxfrlf.exe221⤵
-
\??\c:\xrlrlfx.exec:\xrlrlfx.exe222⤵
-
\??\c:\7htthn.exec:\7htthn.exe223⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe224⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe225⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe226⤵
-
\??\c:\xxlfrxx.exec:\xxlfrxx.exe227⤵
-
\??\c:\hnhhnh.exec:\hnhhnh.exe228⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe229⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe230⤵
-
\??\c:\xlfrrxr.exec:\xlfrrxr.exe231⤵
-
\??\c:\flfrfrf.exec:\flfrfrf.exe232⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe233⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe234⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe235⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe236⤵
-
\??\c:\rlfllxl.exec:\rlfllxl.exe237⤵
-
\??\c:\5hbntt.exec:\5hbntt.exe238⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe239⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe240⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe241⤵