Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 10:00
General
-
Target
31d6526738b269c15160dcfc3fd136d5622f7cef0c50611f4cf4e5ec8716933d_NeikiAnalytics.exe
-
Size
141KB
-
MD5
12277aee2204e24c4f61cbafca1ba7c0
-
SHA1
1bebc74c9419303f3ff6edea27120e1f76ee5fc9
-
SHA256
31d6526738b269c15160dcfc3fd136d5622f7cef0c50611f4cf4e5ec8716933d
-
SHA512
63f7eb37ef6d14880428bda4a411cd2eb7ef00671a62df5c23f5d95335e33ed3f848432369fdb781cd75143ddb6bbbaaec3bfc1b249d810f55e4765eb632fb67
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmm8mzuFli55p1502:n3C9BRIG0asYFm71mm8flii2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31d6526738b269c15160dcfc3fd136d5622f7cef0c50611f4cf4e5ec8716933d_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\31d6526738b269c15160dcfc3fd136d5622f7cef0c50611f4cf4e5ec8716933d_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhth.exec:\hbnhth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfrx.exec:\lfxxfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhnn.exec:\tnhhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpd.exec:\ddjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnb.exec:\tnbhnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhn.exec:\hbhbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflfl.exec:\fxlflfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhb.exec:\nhbbhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppv.exec:\jvppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pddd.exec:\9pddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrllr.exec:\lxrrllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnn.exec:\btbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtttb.exec:\nbtttb.exe17⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\5rlllrf.exec:\5rlllrf.exe19⤵
- Executes dropped EXE
-
\??\c:\3thbht.exec:\3thbht.exe20⤵
- Executes dropped EXE
-
\??\c:\nnbnnn.exec:\nnbnnn.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe22⤵
- Executes dropped EXE
-
\??\c:\xrflffl.exec:\xrflffl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxllrrf.exec:\fxllrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\nbnttt.exec:\nbnttt.exe25⤵
- Executes dropped EXE
-
\??\c:\9vvpv.exec:\9vvpv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlflffr.exec:\rlflffr.exe27⤵
- Executes dropped EXE
-
\??\c:\5tthnt.exec:\5tthnt.exe28⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe29⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrrlrx.exec:\lfrrlrx.exe31⤵
- Executes dropped EXE
-
\??\c:\7nnntb.exec:\7nnntb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe34⤵
- Executes dropped EXE
-
\??\c:\thtntn.exec:\thtntn.exe35⤵
- Executes dropped EXE
-
\??\c:\7nttnn.exec:\7nttnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe37⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxffrrx.exec:\lxffrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfrfrx.exec:\rlfrfrx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\1nhbht.exec:\1nhbht.exe42⤵
- Executes dropped EXE
-
\??\c:\3vdpv.exec:\3vdpv.exe43⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe44⤵
- Executes dropped EXE
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\llxlrrf.exec:\llxlrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\nbntbb.exec:\nbntbb.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\5thhnb.exec:\5thhnb.exe52⤵
- Executes dropped EXE
-
\??\c:\nnbnbh.exec:\nnbnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxxxff.exec:\xrxxxff.exe56⤵
- Executes dropped EXE
-
\??\c:\3xfxfrx.exec:\3xfxfrx.exe57⤵
- Executes dropped EXE
-
\??\c:\1bbbhh.exec:\1bbbhh.exe58⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxrllx.exec:\lfxrllx.exe62⤵
- Executes dropped EXE
-
\??\c:\3lxflfl.exec:\3lxflfl.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbbth.exec:\tnbbth.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe66⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe67⤵
-
\??\c:\xflxrlr.exec:\xflxrlr.exe68⤵
-
\??\c:\fxxxfxl.exec:\fxxxfxl.exe69⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe70⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe71⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe72⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe73⤵
-
\??\c:\9xlrlfl.exec:\9xlrlfl.exe74⤵
-
\??\c:\lfrlxxf.exec:\lfrlxxf.exe75⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe76⤵
-
\??\c:\thhtbb.exec:\thhtbb.exe77⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe78⤵
-
\??\c:\3pddd.exec:\3pddd.exe79⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe80⤵
-
\??\c:\rffrrlr.exec:\rffrrlr.exe81⤵
-
\??\c:\lffflfx.exec:\lffflfx.exe82⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe83⤵
-
\??\c:\1nthnb.exec:\1nthnb.exe84⤵
-
\??\c:\9dppp.exec:\9dppp.exe85⤵
-
\??\c:\5vvjd.exec:\5vvjd.exe86⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe87⤵
-
\??\c:\1xlllff.exec:\1xlllff.exe88⤵
-
\??\c:\7lrxrll.exec:\7lrxrll.exe89⤵
-
\??\c:\thnnht.exec:\thnnht.exe90⤵
-
\??\c:\bnthnn.exec:\bnthnn.exe91⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe92⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe93⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe94⤵
-
\??\c:\rrxrxfl.exec:\rrxrxfl.exe95⤵
-
\??\c:\rfrrxff.exec:\rfrrxff.exe96⤵
-
\??\c:\hnthbt.exec:\hnthbt.exe97⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe98⤵
-
\??\c:\jdddj.exec:\jdddj.exe99⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe100⤵
-
\??\c:\fxxlxlf.exec:\fxxlxlf.exe101⤵
-
\??\c:\7xlrrrl.exec:\7xlrrrl.exe102⤵
-
\??\c:\1nnntb.exec:\1nnntb.exe103⤵
-
\??\c:\thbbhh.exec:\thbbhh.exe104⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe105⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe106⤵
-
\??\c:\frfxxll.exec:\frfxxll.exe107⤵
-
\??\c:\3fxxfxx.exec:\3fxxfxx.exe108⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe109⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe110⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe111⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe112⤵
-
\??\c:\9vppj.exec:\9vppj.exe113⤵
-
\??\c:\rllxrfx.exec:\rllxrfx.exe114⤵
-
\??\c:\1ntnhb.exec:\1ntnhb.exe115⤵
-
\??\c:\1htnnb.exec:\1htnnb.exe116⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe117⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe118⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe119⤵
-
\??\c:\1lxxxfl.exec:\1lxxxfl.exe120⤵
-
\??\c:\9xlrxrx.exec:\9xlrxrx.exe121⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe122⤵
-
\??\c:\9bnhnb.exec:\9bnhnb.exe123⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe124⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe125⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe126⤵
-
\??\c:\rxlflfx.exec:\rxlflfx.exe127⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe128⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe129⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe130⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe131⤵
-
\??\c:\rlxxxrr.exec:\rlxxxrr.exe132⤵
-
\??\c:\3frlrrx.exec:\3frlrrx.exe133⤵
-
\??\c:\3hthht.exec:\3hthht.exe134⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe135⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe136⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe137⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe138⤵
-
\??\c:\rlrxrll.exec:\rlrxrll.exe139⤵
-
\??\c:\frxffff.exec:\frxffff.exe140⤵
-
\??\c:\tnttnh.exec:\tnttnh.exe141⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe142⤵
-
\??\c:\djpdv.exec:\djpdv.exe143⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe144⤵
-
\??\c:\rflxxrx.exec:\rflxxrx.exe145⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe146⤵
-
\??\c:\hthntt.exec:\hthntt.exe147⤵
-
\??\c:\5nnnth.exec:\5nnnth.exe148⤵
-
\??\c:\9jddp.exec:\9jddp.exe149⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe150⤵
-
\??\c:\5fxflrf.exec:\5fxflrf.exe151⤵
-
\??\c:\lxlrfrx.exec:\lxlrfrx.exe152⤵
-
\??\c:\5htbhb.exec:\5htbhb.exe153⤵
-
\??\c:\7dppv.exec:\7dppv.exe154⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe155⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe156⤵
-
\??\c:\9rrrrxl.exec:\9rrrrxl.exe157⤵
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe158⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe159⤵
-
\??\c:\9tbhhh.exec:\9tbhhh.exe160⤵
-
\??\c:\jjddp.exec:\jjddp.exe161⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe162⤵
-
\??\c:\5rrlrrx.exec:\5rrlrrx.exe163⤵
-
\??\c:\5xlllfl.exec:\5xlllfl.exe164⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe165⤵
-
\??\c:\tbbhhh.exec:\tbbhhh.exe166⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe167⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe168⤵
-
\??\c:\ddppv.exec:\ddppv.exe169⤵
-
\??\c:\xlxxlff.exec:\xlxxlff.exe170⤵
-
\??\c:\bbtbnb.exec:\bbtbnb.exe171⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe172⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe173⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe174⤵
-
\??\c:\lxllrxf.exec:\lxllrxf.exe175⤵
-
\??\c:\3lffllx.exec:\3lffllx.exe176⤵
-
\??\c:\9hbthn.exec:\9hbthn.exe177⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe178⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe179⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe180⤵
-
\??\c:\5rfrxfr.exec:\5rfrxfr.exe181⤵
-
\??\c:\9xlffxx.exec:\9xlffxx.exe182⤵
-
\??\c:\llfrxfr.exec:\llfrxfr.exe183⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe184⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe185⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe186⤵
-
\??\c:\dvddp.exec:\dvddp.exe187⤵
-
\??\c:\5xllllr.exec:\5xllllr.exe188⤵
-
\??\c:\fxflfff.exec:\fxflfff.exe189⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe190⤵
-
\??\c:\htbnnb.exec:\htbnnb.exe191⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe192⤵
-
\??\c:\pjppp.exec:\pjppp.exe193⤵
-
\??\c:\rlfflll.exec:\rlfflll.exe194⤵
-
\??\c:\lxllrrr.exec:\lxllrrr.exe195⤵
-
\??\c:\hhthnh.exec:\hhthnh.exe196⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe197⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe198⤵
-
\??\c:\1pddd.exec:\1pddd.exe199⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe200⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe201⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe202⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe203⤵
-
\??\c:\xfrrflr.exec:\xfrrflr.exe204⤵
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe205⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe206⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe207⤵
-
\??\c:\1vjjd.exec:\1vjjd.exe208⤵
-
\??\c:\xxlrlxl.exec:\xxlrlxl.exe209⤵
-
\??\c:\lfxlxxf.exec:\lfxlxxf.exe210⤵
-
\??\c:\3pjjp.exec:\3pjjp.exe211⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe212⤵
-
\??\c:\5lflrrf.exec:\5lflrrf.exe213⤵
-
\??\c:\rlrfrrf.exec:\rlrfrrf.exe214⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe215⤵
-
\??\c:\5nhhbb.exec:\5nhhbb.exe216⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe217⤵
-
\??\c:\lfrxrrr.exec:\lfrxrrr.exe218⤵
-
\??\c:\frxlxxf.exec:\frxlxxf.exe219⤵
-
\??\c:\bthntt.exec:\bthntt.exe220⤵
-
\??\c:\3htntt.exec:\3htntt.exe221⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe222⤵
-
\??\c:\1jppp.exec:\1jppp.exe223⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe224⤵
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe225⤵
-
\??\c:\ntbnnt.exec:\ntbnnt.exe226⤵
-
\??\c:\nbbbhb.exec:\nbbbhb.exe227⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe228⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe229⤵
-
\??\c:\lfxffll.exec:\lfxffll.exe230⤵
-
\??\c:\fxlllfl.exec:\fxlllfl.exe231⤵
-
\??\c:\nbnthb.exec:\nbnthb.exe232⤵
-
\??\c:\hthnbb.exec:\hthnbb.exe233⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe234⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe235⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe236⤵
-
\??\c:\3rlrxxl.exec:\3rlrxxl.exe237⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe238⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe239⤵
-
\??\c:\1djjj.exec:\1djjj.exe240⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe241⤵