Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 06:21
General
-
Target
0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe
-
Size
70KB
-
MD5
1488de7775fdcf49c50f2fee54027730
-
SHA1
3cdeecdf8b8d06c2c3ade21a9cb0f0154adfdff0
-
SHA256
0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad
-
SHA512
ce56818471e9499ac8deb7d828eb8711f8275d578d447897bbf3ad5db1514a9c460c0cf66458f3389cf1597c31cb6d202b168cea425e9fdc617a3757cc2f5d35
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgyYrv:ymb3NkkiQ3mdBjFo73thYD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhnt.exec:\5bbhnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdd.exec:\vvpdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbn.exec:\hbttbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnt.exec:\bthnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llrlxf.exec:\5llrlxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbnth.exec:\7bbnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnhb.exec:\tbnnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffffl.exec:\ffffffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxfxr.exec:\xflxfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnhn.exec:\nnbnhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflxfr.exec:\xfflxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnb.exec:\ttnbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtbh.exec:\thbtbh.exe17⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe18⤵
- Executes dropped EXE
-
\??\c:\xrrfxlx.exec:\xrrfxlx.exe19⤵
- Executes dropped EXE
-
\??\c:\9nnnbt.exec:\9nnnbt.exe20⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe22⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrxflr.exec:\xrrxflr.exe24⤵
- Executes dropped EXE
-
\??\c:\9bhntn.exec:\9bhntn.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe26⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe27⤵
- Executes dropped EXE
-
\??\c:\xrlfxlr.exec:\xrlfxlr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe29⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\5fxxllx.exec:\5fxxllx.exe32⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe33⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe34⤵
- Executes dropped EXE
-
\??\c:\7dpvd.exec:\7dpvd.exe35⤵
- Executes dropped EXE
-
\??\c:\9llrlrf.exec:\9llrlrf.exe36⤵
-
\??\c:\9rfxlrx.exec:\9rfxlrx.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe38⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe39⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\9fxfflx.exec:\9fxfflx.exe42⤵
- Executes dropped EXE
-
\??\c:\bnnhhn.exec:\bnnhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe44⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrffrx.exec:\rfrffrx.exe46⤵
- Executes dropped EXE
-
\??\c:\frxrrll.exec:\frxrrll.exe47⤵
- Executes dropped EXE
-
\??\c:\3hbnbn.exec:\3hbnbn.exe48⤵
- Executes dropped EXE
-
\??\c:\9ppdp.exec:\9ppdp.exe49⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe50⤵
- Executes dropped EXE
-
\??\c:\5fxxlrf.exec:\5fxxlrf.exe51⤵
- Executes dropped EXE
-
\??\c:\3rfxrrl.exec:\3rfxrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\hhbtnb.exec:\hhbtnb.exe53⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\rlxflxl.exec:\rlxflxl.exe55⤵
- Executes dropped EXE
-
\??\c:\lflxlrl.exec:\lflxlrl.exe56⤵
- Executes dropped EXE
-
\??\c:\7flxfff.exec:\7flxfff.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvdv.exec:\vvvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\flrlrxl.exec:\flrlrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\lllfrfl.exec:\lllfrfl.exe62⤵
- Executes dropped EXE
-
\??\c:\9tbhtt.exec:\9tbhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhbbh.exec:\tnhbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe66⤵
- Executes dropped EXE
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe67⤵
-
\??\c:\rxrffrf.exec:\rxrffrf.exe68⤵
-
\??\c:\nbhthn.exec:\nbhthn.exe69⤵
-
\??\c:\hhntht.exec:\hhntht.exe70⤵
-
\??\c:\jddjv.exec:\jddjv.exe71⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe72⤵
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe73⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe74⤵
-
\??\c:\3tthtt.exec:\3tthtt.exe75⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe76⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe77⤵
-
\??\c:\7xrlxxr.exec:\7xrlxxr.exe78⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe79⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe80⤵
-
\??\c:\btthnt.exec:\btthnt.exe81⤵
-
\??\c:\5jpdj.exec:\5jpdj.exe82⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe83⤵
-
\??\c:\xxrxfrl.exec:\xxrxfrl.exe84⤵
-
\??\c:\rrflllx.exec:\rrflllx.exe85⤵
-
\??\c:\9lfrlrf.exec:\9lfrlrf.exe86⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe87⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe88⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe89⤵
-
\??\c:\flrxlff.exec:\flrxlff.exe90⤵
-
\??\c:\hhbhht.exec:\hhbhht.exe91⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe92⤵
-
\??\c:\9djpv.exec:\9djpv.exe93⤵
-
\??\c:\pjddv.exec:\pjddv.exe94⤵
-
\??\c:\5xfrxlx.exec:\5xfrxlx.exe95⤵
-
\??\c:\3lrrxrr.exec:\3lrrxrr.exe96⤵
-
\??\c:\5nbhnh.exec:\5nbhnh.exe97⤵
-
\??\c:\ttthth.exec:\ttthth.exe98⤵
-
\??\c:\5jddv.exec:\5jddv.exe99⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe100⤵
-
\??\c:\fxxfrfr.exec:\fxxfrfr.exe101⤵
-
\??\c:\3bbhth.exec:\3bbhth.exe102⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe103⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe104⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe105⤵
-
\??\c:\lxrxrxr.exec:\lxrxrxr.exe106⤵
-
\??\c:\llffxxf.exec:\llffxxf.exe107⤵
-
\??\c:\hbnbbb.exec:\hbnbbb.exe108⤵
-
\??\c:\tnhbbh.exec:\tnhbbh.exe109⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe110⤵
-
\??\c:\vppvd.exec:\vppvd.exe111⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe112⤵
-
\??\c:\lllflrl.exec:\lllflrl.exe113⤵
-
\??\c:\ffxlfrf.exec:\ffxlfrf.exe114⤵
-
\??\c:\tnhntb.exec:\tnhntb.exe115⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe116⤵
-
\??\c:\dddjj.exec:\dddjj.exe117⤵
-
\??\c:\rrfxllx.exec:\rrfxllx.exe118⤵
-
\??\c:\xxfxlxf.exec:\xxfxlxf.exe119⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe120⤵
-
\??\c:\9ntnbh.exec:\9ntnbh.exe121⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe122⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe123⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe124⤵
-
\??\c:\lfxrlxr.exec:\lfxrlxr.exe125⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe126⤵
-
\??\c:\tbttbn.exec:\tbttbn.exe127⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe128⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe129⤵
-
\??\c:\flrflfl.exec:\flrflfl.exe130⤵
-
\??\c:\bhbtbb.exec:\bhbtbb.exe131⤵
-
\??\c:\5bbbnh.exec:\5bbbnh.exe132⤵
-
\??\c:\bnhnth.exec:\bnhnth.exe133⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe134⤵
-
\??\c:\frllrxf.exec:\frllrxf.exe135⤵
-
\??\c:\xlrfrxx.exec:\xlrfrxx.exe136⤵
-
\??\c:\3fxxrfx.exec:\3fxxrfx.exe137⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe138⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe139⤵
-
\??\c:\3dpdd.exec:\3dpdd.exe140⤵
-
\??\c:\rrrxfll.exec:\rrrxfll.exe141⤵
-
\??\c:\fxlxllr.exec:\fxlxllr.exe142⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe143⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe144⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe145⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe146⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe147⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe148⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe149⤵
-
\??\c:\5tbttb.exec:\5tbttb.exe150⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe151⤵
-
\??\c:\3vddj.exec:\3vddj.exe152⤵
-
\??\c:\lxlfxxf.exec:\lxlfxxf.exe153⤵
-
\??\c:\1rlfxfx.exec:\1rlfxfx.exe154⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe155⤵
-
\??\c:\1hnbtb.exec:\1hnbtb.exe156⤵
-
\??\c:\1pjvj.exec:\1pjvj.exe157⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe158⤵
-
\??\c:\xrlxrfl.exec:\xrlxrfl.exe159⤵
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe160⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe161⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe162⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe163⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe164⤵
-
\??\c:\vppdd.exec:\vppdd.exe165⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe166⤵
-
\??\c:\xrllflx.exec:\xrllflx.exe167⤵
-
\??\c:\nhhtbn.exec:\nhhtbn.exe168⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe169⤵
-
\??\c:\pddpv.exec:\pddpv.exe170⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe171⤵
-
\??\c:\xlfrrrx.exec:\xlfrrrx.exe172⤵
-
\??\c:\lfxlxxf.exec:\lfxlxxf.exe173⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe174⤵
-
\??\c:\tnnbnb.exec:\tnnbnb.exe175⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe176⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe177⤵
-
\??\c:\1rxfllf.exec:\1rxfllf.exe178⤵
-
\??\c:\3llxrxx.exec:\3llxrxx.exe179⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe180⤵
-
\??\c:\bbhbtb.exec:\bbhbtb.exe181⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe182⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe183⤵
-
\??\c:\xfrrrxr.exec:\xfrrrxr.exe184⤵
-
\??\c:\lfxrflx.exec:\lfxrflx.exe185⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe186⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe187⤵
-
\??\c:\5dpvp.exec:\5dpvp.exe188⤵
-
\??\c:\xxrxrrf.exec:\xxrxrrf.exe189⤵
-
\??\c:\7frrffl.exec:\7frrffl.exe190⤵
-
\??\c:\bhtbnt.exec:\bhtbnt.exe191⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe192⤵
-
\??\c:\xrfflrl.exec:\xrfflrl.exe193⤵
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe194⤵
-
\??\c:\5nhnbh.exec:\5nhnbh.exe195⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe196⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe197⤵
-
\??\c:\xxxrxfl.exec:\xxxrxfl.exe198⤵
-
\??\c:\llxlflx.exec:\llxlflx.exe199⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe200⤵
-
\??\c:\1bttbb.exec:\1bttbb.exe201⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe202⤵
-
\??\c:\9xrrlrx.exec:\9xrrlrx.exe203⤵
-
\??\c:\1rfxlrl.exec:\1rfxlrl.exe204⤵
-
\??\c:\3htnbh.exec:\3htnbh.exe205⤵
-
\??\c:\3bhhnb.exec:\3bhhnb.exe206⤵
-
\??\c:\bnnhnt.exec:\bnnhnt.exe207⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe208⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe209⤵
-
\??\c:\rrllrrx.exec:\rrllrrx.exe210⤵
-
\??\c:\9rlrffl.exec:\9rlrffl.exe211⤵
-
\??\c:\5tnbtb.exec:\5tnbtb.exe212⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe213⤵
-
\??\c:\3jddj.exec:\3jddj.exe214⤵
-
\??\c:\xrfflrf.exec:\xrfflrf.exe215⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe216⤵
-
\??\c:\nnhbnt.exec:\nnhbnt.exe217⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe218⤵
-
\??\c:\jjddd.exec:\jjddd.exe219⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe220⤵
-
\??\c:\1xrxlrx.exec:\1xrxlrx.exe221⤵
-
\??\c:\frxlrrx.exec:\frxlrrx.exe222⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe223⤵
-
\??\c:\btbnbb.exec:\btbnbb.exe224⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe225⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe226⤵
-
\??\c:\rfxrrxx.exec:\rfxrrxx.exe227⤵
-
\??\c:\llfrlrl.exec:\llfrlrl.exe228⤵
-
\??\c:\bhtbbt.exec:\bhtbbt.exe229⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe230⤵
-
\??\c:\7pvdp.exec:\7pvdp.exe231⤵
-
\??\c:\1vdpv.exec:\1vdpv.exe232⤵
-
\??\c:\rlflxrx.exec:\rlflxrx.exe233⤵
-
\??\c:\5xlrflf.exec:\5xlrflf.exe234⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe235⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe236⤵
-
\??\c:\1djvd.exec:\1djvd.exe237⤵
-
\??\c:\dddjp.exec:\dddjp.exe238⤵
-
\??\c:\1fxxxfl.exec:\1fxxxfl.exe239⤵
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe240⤵
-
\??\c:\7nnhth.exec:\7nnhth.exe241⤵