Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 09:58
General
-
Target
e2895c70985014227442e07b453984f0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
e2895c70985014227442e07b453984f0
-
SHA1
18363bb7fbd4f98d95863d4d0be8ed509e130fb8
-
SHA256
5f98e5607f4cf379b59bfa2fd1100cba62c49cf0741668f75ea2e87e05b1caed
-
SHA512
f171e2067fc17111bd15e75399278ca2230f33b18cedb32229e8616106770a4e91eae3a45ff6d9afb60e1120b0a2bd1f3332c07f0c8ce53b73a28370bc170488
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsImsC:ymb3NkkiQ3mdBjFIsIFC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2895c70985014227442e07b453984f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e2895c70985014227442e07b453984f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxlx.exec:\fxxlxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrflxx.exec:\rrrflxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttnbh.exec:\5ttnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnb.exec:\ntnbnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvp.exec:\5jdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpv.exec:\vdjpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxllrl.exec:\ffxllrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhh.exec:\hhhhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxflff.exec:\rrxflff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlrxl.exec:\3rrlrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbnb.exec:\tnnbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhnh.exec:\1hbhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe17⤵
- Executes dropped EXE
-
\??\c:\5vjjp.exec:\5vjjp.exe18⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe19⤵
- Executes dropped EXE
-
\??\c:\9xrxflx.exec:\9xrxflx.exe20⤵
- Executes dropped EXE
-
\??\c:\rrrrrlr.exec:\rrrrrlr.exe21⤵
- Executes dropped EXE
-
\??\c:\tnhnbn.exec:\tnhnbn.exe22⤵
- Executes dropped EXE
-
\??\c:\7bttbb.exec:\7bttbb.exe23⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrxflf.exec:\xxrxflf.exe26⤵
- Executes dropped EXE
-
\??\c:\xxrlllf.exec:\xxrlllf.exe27⤵
- Executes dropped EXE
-
\??\c:\bbtttb.exec:\bbtttb.exe28⤵
- Executes dropped EXE
-
\??\c:\djvjp.exec:\djvjp.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrffrf.exec:\rrrffrf.exe30⤵
- Executes dropped EXE
-
\??\c:\xffffxf.exec:\xffffxf.exe31⤵
- Executes dropped EXE
-
\??\c:\nntbhb.exec:\nntbhb.exe32⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe35⤵
- Executes dropped EXE
-
\??\c:\rlfrrfx.exec:\rlfrrfx.exe36⤵
- Executes dropped EXE
-
\??\c:\llrlffx.exec:\llrlffx.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhttt.exec:\nnhttt.exe38⤵
- Executes dropped EXE
-
\??\c:\3thbnn.exec:\3thbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe41⤵
- Executes dropped EXE
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\xfffxrx.exec:\xfffxrx.exe43⤵
- Executes dropped EXE
-
\??\c:\7xlrxfr.exec:\7xlrxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\bhtnbt.exec:\bhtnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\7rrlrll.exec:\7rrlrll.exe48⤵
- Executes dropped EXE
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\bhnbnh.exec:\bhnbnh.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhtbh.exec:\hbhtbh.exe51⤵
- Executes dropped EXE
-
\??\c:\bbnhhb.exec:\bbnhhb.exe52⤵
- Executes dropped EXE
-
\??\c:\djpjp.exec:\djpjp.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe54⤵
- Executes dropped EXE
-
\??\c:\flxrlfl.exec:\flxrlfl.exe55⤵
- Executes dropped EXE
-
\??\c:\xllrxfl.exec:\xllrxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\3ntbnn.exec:\3ntbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\nbtbbn.exec:\nbtbbn.exe58⤵
- Executes dropped EXE
-
\??\c:\9tthbb.exec:\9tthbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe61⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxxflx.exec:\ffxxflx.exe63⤵
- Executes dropped EXE
-
\??\c:\xrrlffl.exec:\xrrlffl.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe65⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe66⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe67⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe68⤵
-
\??\c:\frxxllf.exec:\frxxllf.exe69⤵
-
\??\c:\7fxlxll.exec:\7fxlxll.exe70⤵
-
\??\c:\7htbhn.exec:\7htbhn.exe71⤵
-
\??\c:\tttttn.exec:\tttttn.exe72⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe73⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe74⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe75⤵
-
\??\c:\7rllxxf.exec:\7rllxxf.exe76⤵
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe77⤵
-
\??\c:\xxrxxrr.exec:\xxrxxrr.exe78⤵
-
\??\c:\xlllrxx.exec:\xlllrxx.exe79⤵
-
\??\c:\9xflxxl.exec:\9xflxxl.exe80⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe81⤵
-
\??\c:\thttbb.exec:\thttbb.exe82⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe83⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe84⤵
-
\??\c:\9fxlllx.exec:\9fxlllx.exe85⤵
-
\??\c:\fxffrrl.exec:\fxffrrl.exe86⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe87⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe88⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe89⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe90⤵
-
\??\c:\xxfxxff.exec:\xxfxxff.exe91⤵
-
\??\c:\5llffxl.exec:\5llffxl.exe92⤵
-
\??\c:\5thnbh.exec:\5thnbh.exe93⤵
-
\??\c:\htbttb.exec:\htbttb.exe94⤵
-
\??\c:\dppjv.exec:\dppjv.exe95⤵
-
\??\c:\9vddd.exec:\9vddd.exe96⤵
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe97⤵
-
\??\c:\xflflrr.exec:\xflflrr.exe98⤵
-
\??\c:\hnnbhh.exec:\hnnbhh.exe99⤵
-
\??\c:\thbnbn.exec:\thbnbn.exe100⤵
-
\??\c:\ttnbnh.exec:\ttnbnh.exe101⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe102⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe103⤵
-
\??\c:\rfrfllx.exec:\rfrfllx.exe104⤵
-
\??\c:\7xrxxlr.exec:\7xrxxlr.exe105⤵
-
\??\c:\bhnbnb.exec:\bhnbnb.exe106⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe107⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe108⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe109⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe110⤵
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe111⤵
-
\??\c:\lxxxflx.exec:\lxxxflx.exe112⤵
-
\??\c:\nnhntn.exec:\nnhntn.exe113⤵
-
\??\c:\tntntn.exec:\tntntn.exe114⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe115⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe116⤵
-
\??\c:\1fxxflf.exec:\1fxxflf.exe117⤵
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe118⤵
-
\??\c:\thhtbb.exec:\thhtbb.exe119⤵
-
\??\c:\thntbb.exec:\thntbb.exe120⤵
-
\??\c:\7tnhnh.exec:\7tnhnh.exe121⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe122⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe123⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe124⤵
-
\??\c:\rflfffl.exec:\rflfffl.exe125⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe126⤵
-
\??\c:\hnhbbh.exec:\hnhbbh.exe127⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe128⤵
-
\??\c:\1ntbbb.exec:\1ntbbb.exe129⤵
-
\??\c:\djvdp.exec:\djvdp.exe130⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe131⤵
-
\??\c:\jjddv.exec:\jjddv.exe132⤵
-
\??\c:\rfffrll.exec:\rfffrll.exe133⤵
-
\??\c:\xlxfxxl.exec:\xlxfxxl.exe134⤵
-
\??\c:\3lxxllf.exec:\3lxxllf.exe135⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe136⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe137⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe138⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe139⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe140⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe141⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe142⤵
-
\??\c:\rrlfrfr.exec:\rrlfrfr.exe143⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe144⤵
-
\??\c:\rxfllxl.exec:\rxfllxl.exe145⤵
-
\??\c:\httbnh.exec:\httbnh.exe146⤵
-
\??\c:\hhnnbt.exec:\hhnnbt.exe147⤵
-
\??\c:\5btbbb.exec:\5btbbb.exe148⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe149⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe150⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe151⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe152⤵
-
\??\c:\rrlxxlr.exec:\rrlxxlr.exe153⤵
-
\??\c:\1frlxfr.exec:\1frlxfr.exe154⤵
-
\??\c:\3nhhtb.exec:\3nhhtb.exe155⤵
-
\??\c:\htthtt.exec:\htthtt.exe156⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe157⤵
-
\??\c:\dvddv.exec:\dvddv.exe158⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe159⤵
-
\??\c:\frrxlxr.exec:\frrxlxr.exe160⤵
-
\??\c:\xlrfrrf.exec:\xlrfrrf.exe161⤵
-
\??\c:\frrxxrr.exec:\frrxxrr.exe162⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe163⤵
-
\??\c:\5tnnbh.exec:\5tnnbh.exe164⤵
-
\??\c:\bhnnbh.exec:\bhnnbh.exe165⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe166⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe167⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe168⤵
-
\??\c:\rflfllr.exec:\rflfllr.exe169⤵
-
\??\c:\xxrlxlr.exec:\xxrlxlr.exe170⤵
-
\??\c:\xrlxlll.exec:\xrlxlll.exe171⤵
-
\??\c:\tbnbht.exec:\tbnbht.exe172⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe173⤵
-
\??\c:\9thntb.exec:\9thntb.exe174⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe175⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe176⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe177⤵
-
\??\c:\lrrxxxx.exec:\lrrxxxx.exe178⤵
-
\??\c:\xfxrxrx.exec:\xfxrxrx.exe179⤵
-
\??\c:\rflffff.exec:\rflffff.exe180⤵
-
\??\c:\3hbttt.exec:\3hbttt.exe181⤵
-
\??\c:\nhnnbt.exec:\nhnnbt.exe182⤵
-
\??\c:\5nbbhn.exec:\5nbbhn.exe183⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe184⤵
-
\??\c:\vjppj.exec:\vjppj.exe185⤵
-
\??\c:\3xxrrll.exec:\3xxrrll.exe186⤵
-
\??\c:\frxrffr.exec:\frxrffr.exe187⤵
-
\??\c:\7bhtnh.exec:\7bhtnh.exe188⤵
-
\??\c:\bhhtth.exec:\bhhtth.exe189⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe190⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe191⤵
-
\??\c:\lxrxrlr.exec:\lxrxrlr.exe192⤵
-
\??\c:\frlxllr.exec:\frlxllr.exe193⤵
-
\??\c:\1thnbb.exec:\1thnbb.exe194⤵
-
\??\c:\5nbbhb.exec:\5nbbhb.exe195⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe196⤵
-
\??\c:\pjppd.exec:\pjppd.exe197⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe198⤵
-
\??\c:\lrxfflx.exec:\lrxfflx.exe199⤵
-
\??\c:\7xfxrfr.exec:\7xfxrfr.exe200⤵
-
\??\c:\xfrxxxx.exec:\xfrxxxx.exe201⤵
-
\??\c:\nnttbt.exec:\nnttbt.exe202⤵
-
\??\c:\thbhht.exec:\thbhht.exe203⤵
-
\??\c:\pddpv.exec:\pddpv.exe204⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe205⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe206⤵
-
\??\c:\xllrflx.exec:\xllrflx.exe207⤵
-
\??\c:\tbhbth.exec:\tbhbth.exe208⤵
-
\??\c:\tbbnth.exec:\tbbnth.exe209⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe210⤵
-
\??\c:\jddjv.exec:\jddjv.exe211⤵
-
\??\c:\lxrxxrl.exec:\lxrxxrl.exe212⤵
-
\??\c:\rlrflfx.exec:\rlrflfx.exe213⤵
-
\??\c:\lfrrllr.exec:\lfrrllr.exe214⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe215⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe216⤵
-
\??\c:\9vddd.exec:\9vddd.exe217⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe218⤵
-
\??\c:\rfffxxl.exec:\rfffxxl.exe219⤵
-
\??\c:\xxrrlxx.exec:\xxrrlxx.exe220⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe221⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe222⤵
-
\??\c:\xfrlfxf.exec:\xfrlfxf.exe223⤵
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe224⤵
-
\??\c:\3ntbnn.exec:\3ntbnn.exe225⤵
-
\??\c:\7hnnnh.exec:\7hnnnh.exe226⤵
-
\??\c:\5bbhbn.exec:\5bbhbn.exe227⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe228⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe229⤵
-
\??\c:\lllrxlx.exec:\lllrxlx.exe230⤵
-
\??\c:\frrxlrx.exec:\frrxlrx.exe231⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe232⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe233⤵
-
\??\c:\5btthb.exec:\5btthb.exe234⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe235⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe236⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe237⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe238⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe239⤵
-
\??\c:\7xlxlrf.exec:\7xlxlrf.exe240⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe241⤵