Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 10:37
General
-
Target
ead32d5c78a0754c3fe61a24369fe500_NeikiAnalytics.exe
-
Size
94KB
-
MD5
ead32d5c78a0754c3fe61a24369fe500
-
SHA1
e36f372ae49e71616e4b5cec7049ae9b8be25458
-
SHA256
41a50754da5c6b2d7623f4ffa77fc5e6c630270103a1ebcfacfcc6f3155d5c96
-
SHA512
63b2a349f107b2715f89cd5ae63c1d96dbc2a58adab902684808eb7c2622f5129aef21612af4416e6beed4a2cdaa0578efeda4bf4542e126d77307c48907b713
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQ/:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ead32d5c78a0754c3fe61a24369fe500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ead32d5c78a0754c3fe61a24369fe500_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlrfr.exec:\llxlrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflxxx.exec:\3rflxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhtbn.exec:\5bhtbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjv.exec:\vjpjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfll.exec:\xxrxfll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbbb.exec:\bhtbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbnn.exec:\nhbbnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvdj.exec:\5pvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjp.exec:\pdpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrflx.exec:\xrfrflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbtn.exec:\tbnbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvvd.exec:\7jvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflxf.exec:\rrfflxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlllx.exec:\lfrlllx.exe17⤵
- Executes dropped EXE
-
\??\c:\3nhhtt.exec:\3nhhtt.exe18⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe19⤵
- Executes dropped EXE
-
\??\c:\lfrxllf.exec:\lfrxllf.exe20⤵
- Executes dropped EXE
-
\??\c:\1hbhtb.exec:\1hbhtb.exe21⤵
- Executes dropped EXE
-
\??\c:\7jdpv.exec:\7jdpv.exe22⤵
- Executes dropped EXE
-
\??\c:\5pdpd.exec:\5pdpd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlrfrl.exec:\xxlrfrl.exe24⤵
- Executes dropped EXE
-
\??\c:\tbbnbn.exec:\tbbnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\3lffrrx.exec:\3lffrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\7fllrxl.exec:\7fllrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\9ntnbb.exec:\9ntnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\7pjpp.exec:\7pjpp.exe35⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxlxrx.exec:\ffxlxrx.exe37⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe38⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\3jjdd.exec:\3jjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe41⤵
- Executes dropped EXE
-
\??\c:\5fflllr.exec:\5fflllr.exe42⤵
- Executes dropped EXE
-
\??\c:\3fxxfrx.exec:\3fxxfrx.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe44⤵
- Executes dropped EXE
-
\??\c:\bhthhb.exec:\bhthhb.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxxfrx.exec:\ffxxfrx.exe48⤵
- Executes dropped EXE
-
\??\c:\9xrlrrf.exec:\9xrlrrf.exe49⤵
- Executes dropped EXE
-
\??\c:\3bbhhh.exec:\3bbhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrxlfr.exec:\rlrxlfr.exe54⤵
- Executes dropped EXE
-
\??\c:\9rlxlrr.exec:\9rlxlrr.exe55⤵
- Executes dropped EXE
-
\??\c:\hbttht.exec:\hbttht.exe56⤵
- Executes dropped EXE
-
\??\c:\9tnthn.exec:\9tnthn.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvjj.exec:\pjvjj.exe58⤵
- Executes dropped EXE
-
\??\c:\ffxxxfl.exec:\ffxxxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\fllllfl.exec:\fllllfl.exe60⤵
- Executes dropped EXE
-
\??\c:\9nhbhn.exec:\9nhbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe62⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe63⤵
- Executes dropped EXE
-
\??\c:\fflllll.exec:\fflllll.exe64⤵
- Executes dropped EXE
-
\??\c:\lfrfrxr.exec:\lfrfrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe66⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe67⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe68⤵
-
\??\c:\1jpdv.exec:\1jpdv.exe69⤵
-
\??\c:\rflrxfr.exec:\rflrxfr.exe70⤵
-
\??\c:\5bntbn.exec:\5bntbn.exe71⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe72⤵
-
\??\c:\1btttn.exec:\1btttn.exe73⤵
-
\??\c:\djjpj.exec:\djjpj.exe74⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe75⤵
-
\??\c:\rlflllf.exec:\rlflllf.exe76⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe77⤵
-
\??\c:\nnbhnh.exec:\nnbhnh.exe78⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe79⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe80⤵
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe81⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe82⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe83⤵
-
\??\c:\9tnbnt.exec:\9tnbnt.exe84⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe85⤵
-
\??\c:\lxxllxr.exec:\lxxllxr.exe86⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe87⤵
-
\??\c:\1bbttb.exec:\1bbttb.exe88⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe89⤵
-
\??\c:\dvppv.exec:\dvppv.exe90⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe91⤵
-
\??\c:\tbnbtn.exec:\tbnbtn.exe92⤵
-
\??\c:\btbthn.exec:\btbthn.exe93⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe94⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe95⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe96⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe97⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe98⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe99⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe100⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe101⤵
-
\??\c:\9rfrrrr.exec:\9rfrrrr.exe102⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe103⤵
-
\??\c:\xxlrfxl.exec:\xxlrfxl.exe104⤵
-
\??\c:\1tnbhn.exec:\1tnbhn.exe105⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe106⤵
-
\??\c:\jjppv.exec:\jjppv.exe107⤵
-
\??\c:\dvppj.exec:\dvppj.exe108⤵
-
\??\c:\xllxffx.exec:\xllxffx.exe109⤵
-
\??\c:\7lrrflx.exec:\7lrrflx.exe110⤵
-
\??\c:\5xrffrr.exec:\5xrffrr.exe111⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe112⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe113⤵
-
\??\c:\ffrflll.exec:\ffrflll.exe114⤵
-
\??\c:\hhhnbh.exec:\hhhnbh.exe115⤵
-
\??\c:\7hbnbt.exec:\7hbnbt.exe116⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe117⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe118⤵
-
\??\c:\frlrxxl.exec:\frlrxxl.exe119⤵
-
\??\c:\rllllll.exec:\rllllll.exe120⤵
-
\??\c:\1tnbtb.exec:\1tnbtb.exe121⤵
-
\??\c:\9tnttn.exec:\9tnttn.exe122⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe123⤵
-
\??\c:\jddvj.exec:\jddvj.exe124⤵
-
\??\c:\1rffrxf.exec:\1rffrxf.exe125⤵
-
\??\c:\rrxrxxl.exec:\rrxrxxl.exe126⤵
-
\??\c:\xxlrfrx.exec:\xxlrfrx.exe127⤵
-
\??\c:\nbnhnt.exec:\nbnhnt.exe128⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe129⤵
-
\??\c:\7vddp.exec:\7vddp.exe130⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe131⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe132⤵
-
\??\c:\rlfflfl.exec:\rlfflfl.exe133⤵
-
\??\c:\5xllllr.exec:\5xllllr.exe134⤵
-
\??\c:\1htbhh.exec:\1htbhh.exe135⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe136⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe137⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe138⤵
-
\??\c:\pjddj.exec:\pjddj.exe139⤵
-
\??\c:\rlxfflr.exec:\rlxfflr.exe140⤵
-
\??\c:\llfllrl.exec:\llfllrl.exe141⤵
-
\??\c:\bntttb.exec:\bntttb.exe142⤵
-
\??\c:\nbnhht.exec:\nbnhht.exe143⤵
-
\??\c:\5jddd.exec:\5jddd.exe144⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe145⤵
-
\??\c:\lxflxxf.exec:\lxflxxf.exe146⤵
-
\??\c:\xxflrrf.exec:\xxflrrf.exe147⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe148⤵
-
\??\c:\3nhbtb.exec:\3nhbtb.exe149⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe150⤵
-
\??\c:\dpddj.exec:\dpddj.exe151⤵
-
\??\c:\5dvdp.exec:\5dvdp.exe152⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe153⤵
-
\??\c:\rlrrxrx.exec:\rlrrxrx.exe154⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe155⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe156⤵
-
\??\c:\btntbh.exec:\btntbh.exe157⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe158⤵
-
\??\c:\3djjj.exec:\3djjj.exe159⤵
-
\??\c:\fxllrlx.exec:\fxllrlx.exe160⤵
-
\??\c:\ttnbbt.exec:\ttnbbt.exe161⤵
-
\??\c:\7nthnb.exec:\7nthnb.exe162⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe163⤵
-
\??\c:\1xffrlf.exec:\1xffrlf.exe164⤵
-
\??\c:\frxrxfx.exec:\frxrxfx.exe165⤵
-
\??\c:\1dppj.exec:\1dppj.exe166⤵
-
\??\c:\7vvjj.exec:\7vvjj.exe167⤵
-
\??\c:\5lfflrr.exec:\5lfflrr.exe168⤵
-
\??\c:\1ntbhb.exec:\1ntbhb.exe169⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe170⤵
-
\??\c:\5pvdj.exec:\5pvdj.exe171⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe172⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe173⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe174⤵
-
\??\c:\xxxlfxf.exec:\xxxlfxf.exe175⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe176⤵
-
\??\c:\pppdj.exec:\pppdj.exe177⤵
-
\??\c:\fflflxl.exec:\fflflxl.exe178⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe179⤵
-
\??\c:\3htntb.exec:\3htntb.exe180⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe181⤵
-
\??\c:\pdppj.exec:\pdppj.exe182⤵
-
\??\c:\rlrrrfr.exec:\rlrrrfr.exe183⤵
-
\??\c:\3ddjp.exec:\3ddjp.exe184⤵
-
\??\c:\5fxlrfl.exec:\5fxlrfl.exe185⤵
-
\??\c:\nhtntb.exec:\nhtntb.exe186⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe187⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe188⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe189⤵
-
\??\c:\9llffff.exec:\9llffff.exe190⤵
-
\??\c:\7rlrxxf.exec:\7rlrxxf.exe191⤵
-
\??\c:\thttbh.exec:\thttbh.exe192⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe193⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe194⤵
-
\??\c:\1dddj.exec:\1dddj.exe195⤵
-
\??\c:\llxfxxf.exec:\llxfxxf.exe196⤵
-
\??\c:\nbtnnt.exec:\nbtnnt.exe197⤵
-
\??\c:\bththh.exec:\bththh.exe198⤵
-
\??\c:\7ntnbh.exec:\7ntnbh.exe199⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe200⤵
-
\??\c:\fxrxffl.exec:\fxrxffl.exe201⤵
-
\??\c:\llrxlll.exec:\llrxlll.exe202⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe203⤵
-
\??\c:\thtbhn.exec:\thtbhn.exe204⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe205⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe206⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe207⤵
-
\??\c:\flrllxf.exec:\flrllxf.exe208⤵
-
\??\c:\rlxfrfr.exec:\rlxfrfr.exe209⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe210⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe211⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe212⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe213⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe214⤵
-
\??\c:\xxxflrf.exec:\xxxflrf.exe215⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe216⤵
-
\??\c:\nbbbnb.exec:\nbbbnb.exe217⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe218⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe219⤵
-
\??\c:\1rxfflx.exec:\1rxfflx.exe220⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe221⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe222⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe223⤵
-
\??\c:\djjdd.exec:\djjdd.exe224⤵
-
\??\c:\vvppv.exec:\vvppv.exe225⤵
-
\??\c:\7rrxlrf.exec:\7rrxlrf.exe226⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe227⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe228⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe229⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe230⤵
-
\??\c:\rxllffr.exec:\rxllffr.exe231⤵
-
\??\c:\rrxxflr.exec:\rrxxflr.exe232⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe233⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe234⤵
-
\??\c:\3vpvd.exec:\3vpvd.exe235⤵
-
\??\c:\xxxfffl.exec:\xxxfffl.exe236⤵
-
\??\c:\fffxrxr.exec:\fffxrxr.exe237⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe238⤵
-
\??\c:\djdpv.exec:\djdpv.exe239⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe240⤵
-
\??\c:\flxxlrx.exec:\flxxlrx.exe241⤵