Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 10:19
General
-
Target
e6cbef971162d4281117523804676300_NeikiAnalytics.exe
-
Size
90KB
-
MD5
e6cbef971162d4281117523804676300
-
SHA1
50fce3364a69984e8c17c51cdee4e5a5daff29c6
-
SHA256
c1f97d7a011d1cbe5fbcea6ad0934eec76eda7c290a17ea79c67168ff57e015f
-
SHA512
7ee2b5a9c286ea1a31d2fa936a196305dc6cd05f92fdd4c6df0a7e9e4b6fc4b276c0e6bfd6e1183b91de02bd6401ee50dadd4459a2b2c0c7a375846fbed8d8e3
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWpb:8hOmTsF93UYfwC6GIout0fmCiiiXA6ml
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e6cbef971162d4281117523804676300_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e6cbef971162d4281117523804676300_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlfx.exec:\rxrrlfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbh.exec:\hbthbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjp.exec:\1jjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvj.exec:\vdjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrrx.exec:\llfxrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththt.exec:\bththt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtntb.exec:\hbtntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnth.exec:\tttnth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpvd.exec:\3vpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllxfr.exec:\5rllxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnh.exec:\nnbbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpv.exec:\jjdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xllrrf.exec:\5xllrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe17⤵
- Executes dropped EXE
-
\??\c:\7bntbh.exec:\7bntbh.exe18⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe19⤵
- Executes dropped EXE
-
\??\c:\lllrrxf.exec:\lllrrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\9hhhbb.exec:\9hhhbb.exe21⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe22⤵
- Executes dropped EXE
-
\??\c:\llrxxfr.exec:\llrxxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\xxffrrf.exec:\xxffrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe25⤵
- Executes dropped EXE
-
\??\c:\9pvjv.exec:\9pvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrxllx.exec:\fxrxllx.exe27⤵
- Executes dropped EXE
-
\??\c:\3ntbht.exec:\3ntbht.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\rrxfxlx.exec:\rrxfxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxllxl.exec:\lfxllxl.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlxlrr.exec:\fxlxlrr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\3ddpd.exec:\3ddpd.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\lfflrfl.exec:\lfflrfl.exe40⤵
- Executes dropped EXE
-
\??\c:\lllxflr.exec:\lllxflr.exe41⤵
- Executes dropped EXE
-
\??\c:\btthth.exec:\btthth.exe42⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe43⤵
- Executes dropped EXE
-
\??\c:\9vpvd.exec:\9vpvd.exe44⤵
- Executes dropped EXE
-
\??\c:\1jvjv.exec:\1jvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\7rfrxfr.exec:\7rfrxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\5tbbnb.exec:\5tbbnb.exe47⤵
- Executes dropped EXE
-
\??\c:\5ntbhn.exec:\5ntbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\5pvjv.exec:\5pvjv.exe49⤵
- Executes dropped EXE
-
\??\c:\3pvdp.exec:\3pvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\llflrxf.exec:\llflrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\tbnntt.exec:\tbnntt.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbnnt.exec:\hhbnnt.exe53⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe54⤵
- Executes dropped EXE
-
\??\c:\frrxffx.exec:\frrxffx.exe55⤵
- Executes dropped EXE
-
\??\c:\3flrffl.exec:\3flrffl.exe56⤵
- Executes dropped EXE
-
\??\c:\7tthbt.exec:\7tthbt.exe57⤵
- Executes dropped EXE
-
\??\c:\1nnhbh.exec:\1nnhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\5jpjp.exec:\5jpjp.exe59⤵
- Executes dropped EXE
-
\??\c:\9pdvj.exec:\9pdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\7rxlfrl.exec:\7rxlfrl.exe61⤵
- Executes dropped EXE
-
\??\c:\1tntbt.exec:\1tntbt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe63⤵
- Executes dropped EXE
-
\??\c:\1pjvd.exec:\1pjvd.exe64⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\flxlxlr.exec:\flxlxlr.exe66⤵
-
\??\c:\rfrrfrf.exec:\rfrrfrf.exe67⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe68⤵
-
\??\c:\9nnhtt.exec:\9nnhtt.exe69⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe70⤵
-
\??\c:\jjddv.exec:\jjddv.exe71⤵
-
\??\c:\lfflllr.exec:\lfflllr.exe72⤵
-
\??\c:\lllffrl.exec:\lllffrl.exe73⤵
-
\??\c:\7htntb.exec:\7htntb.exe74⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe75⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe76⤵
-
\??\c:\xxlfrrx.exec:\xxlfrrx.exe77⤵
-
\??\c:\hhthnb.exec:\hhthnb.exe78⤵
-
\??\c:\bthhhb.exec:\bthhhb.exe79⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe80⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe81⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe82⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe83⤵
-
\??\c:\5fxfllx.exec:\5fxfllx.exe84⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe85⤵
-
\??\c:\tttnbh.exec:\tttnbh.exe86⤵
-
\??\c:\vpddd.exec:\vpddd.exe87⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe88⤵
-
\??\c:\llxlrfr.exec:\llxlrfr.exe89⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe90⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe91⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe92⤵
-
\??\c:\pppjv.exec:\pppjv.exe93⤵
-
\??\c:\xxfrrll.exec:\xxfrrll.exe94⤵
-
\??\c:\7rrlxrl.exec:\7rrlxrl.exe95⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe96⤵
-
\??\c:\thntbt.exec:\thntbt.exe97⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe98⤵
-
\??\c:\fxxflrx.exec:\fxxflrx.exe99⤵
-
\??\c:\rlfrfff.exec:\rlfrfff.exe100⤵
-
\??\c:\tbbtbh.exec:\tbbtbh.exe101⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe102⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe103⤵
-
\??\c:\5lllrfx.exec:\5lllrfx.exe104⤵
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe105⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe106⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe107⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe108⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe109⤵
-
\??\c:\llrxllx.exec:\llrxllx.exe110⤵
-
\??\c:\htntbb.exec:\htntbb.exe111⤵
-
\??\c:\nbtbbt.exec:\nbtbbt.exe112⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe113⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe114⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe115⤵
-
\??\c:\rfxrfrx.exec:\rfxrfrx.exe116⤵
-
\??\c:\rxffllx.exec:\rxffllx.exe117⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe118⤵
-
\??\c:\3hnthn.exec:\3hnthn.exe119⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe120⤵
-
\??\c:\rfrrxff.exec:\rfrrxff.exe121⤵
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe122⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe123⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe124⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe125⤵
-
\??\c:\vdppv.exec:\vdppv.exe126⤵
-
\??\c:\1xxlrrf.exec:\1xxlrrf.exe127⤵
-
\??\c:\frfxllr.exec:\frfxllr.exe128⤵
-
\??\c:\7tbnhb.exec:\7tbnhb.exe129⤵
-
\??\c:\5jvdv.exec:\5jvdv.exe130⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe131⤵
-
\??\c:\xxxlrrf.exec:\xxxlrrf.exe132⤵
-
\??\c:\fffxrxl.exec:\fffxrxl.exe133⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe134⤵
-
\??\c:\1tttnb.exec:\1tttnb.exe135⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe136⤵
-
\??\c:\1jjvv.exec:\1jjvv.exe137⤵
-
\??\c:\llxflxf.exec:\llxflxf.exe138⤵
-
\??\c:\xrxflrx.exec:\xrxflrx.exe139⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe140⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe141⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe142⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe143⤵
-
\??\c:\9llrfff.exec:\9llrfff.exe144⤵
-
\??\c:\rxfxrfr.exec:\rxfxrfr.exe145⤵
-
\??\c:\tthntn.exec:\tthntn.exe146⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe147⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe148⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe149⤵
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe150⤵
-
\??\c:\fflflxl.exec:\fflflxl.exe151⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe152⤵
-
\??\c:\5nbbbh.exec:\5nbbbh.exe153⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe154⤵
-
\??\c:\xllflxr.exec:\xllflxr.exe155⤵
-
\??\c:\xxfrrfx.exec:\xxfrrfx.exe156⤵
-
\??\c:\tbtbnh.exec:\tbtbnh.exe157⤵
-
\??\c:\btnbth.exec:\btnbth.exe158⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe159⤵
-
\??\c:\vpddj.exec:\vpddj.exe160⤵
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe161⤵
-
\??\c:\9llrlrf.exec:\9llrlrf.exe162⤵
-
\??\c:\btntbn.exec:\btntbn.exe163⤵
-
\??\c:\tbhhth.exec:\tbhhth.exe164⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe165⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe166⤵
-
\??\c:\5ffllff.exec:\5ffllff.exe167⤵
-
\??\c:\bbntnh.exec:\bbntnh.exe168⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe169⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe170⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe171⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe172⤵
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe173⤵
-
\??\c:\bbthth.exec:\bbthth.exe174⤵
-
\??\c:\7nhhth.exec:\7nhhth.exe175⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe176⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe177⤵
-
\??\c:\xffxfrx.exec:\xffxfrx.exe178⤵
-
\??\c:\ffrflrx.exec:\ffrflrx.exe179⤵
-
\??\c:\hhthtt.exec:\hhthtt.exe180⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe181⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe182⤵
-
\??\c:\1jjvd.exec:\1jjvd.exe183⤵
-
\??\c:\nnthbb.exec:\nnthbb.exe184⤵
-
\??\c:\jvppv.exec:\jvppv.exe185⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe186⤵
-
\??\c:\llrrxfr.exec:\llrrxfr.exe187⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe188⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe189⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe190⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe191⤵
-
\??\c:\rfffllf.exec:\rfffllf.exe192⤵
-
\??\c:\vpddj.exec:\vpddj.exe193⤵
-
\??\c:\jddjv.exec:\jddjv.exe194⤵
-
\??\c:\9xlffff.exec:\9xlffff.exe195⤵
-
\??\c:\flxllff.exec:\flxllff.exe196⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe197⤵
-
\??\c:\bhhhtb.exec:\bhhhtb.exe198⤵
-
\??\c:\pppjd.exec:\pppjd.exe199⤵
-
\??\c:\5llxlrr.exec:\5llxlrr.exe200⤵
-
\??\c:\9rxrlrl.exec:\9rxrlrl.exe201⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe202⤵
-
\??\c:\1tntht.exec:\1tntht.exe203⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe204⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe205⤵
-
\??\c:\fxrlffr.exec:\fxrlffr.exe206⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe207⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe208⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe209⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe210⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe211⤵
-
\??\c:\lfrflrf.exec:\lfrflrf.exe212⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe213⤵
-
\??\c:\hbhtnh.exec:\hbhtnh.exe214⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe215⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe216⤵
-
\??\c:\frflxfl.exec:\frflxfl.exe217⤵
-
\??\c:\9xrffll.exec:\9xrffll.exe218⤵
-
\??\c:\1hhhtb.exec:\1hhhtb.exe219⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe220⤵
-
\??\c:\9ddvd.exec:\9ddvd.exe221⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe222⤵
-
\??\c:\rlfxxll.exec:\rlfxxll.exe223⤵
-
\??\c:\lflrllx.exec:\lflrllx.exe224⤵
-
\??\c:\nttnbh.exec:\nttnbh.exe225⤵
-
\??\c:\5hbbhb.exec:\5hbbhb.exe226⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe227⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe228⤵
-
\??\c:\9flrxlx.exec:\9flrxlx.exe229⤵
-
\??\c:\fffxflr.exec:\fffxflr.exe230⤵
-
\??\c:\bnnntb.exec:\bnnntb.exe231⤵
-
\??\c:\5vjjj.exec:\5vjjj.exe232⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe233⤵
-
\??\c:\rlfxfll.exec:\rlfxfll.exe234⤵
-
\??\c:\lfrflfr.exec:\lfrflfr.exe235⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe236⤵
-
\??\c:\1thnnt.exec:\1thnnt.exe237⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe238⤵
-
\??\c:\frllfxf.exec:\frllfxf.exe239⤵
-
\??\c:\lfrxfrr.exec:\lfrxfrr.exe240⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe241⤵