Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
21-05-2024 11:24
General
-
Target
3f8793cc4d9c90b236b10c79209638a99a997fc243ec8e5f4d9825d721339427_NeikiAnalytics.exe
-
Size
72KB
-
MD5
0ceabfd083f145e8ec4effcef1a8ca80
-
SHA1
328ddcfea411bb426508e8c3da2a44f50d1c6c15
-
SHA256
3f8793cc4d9c90b236b10c79209638a99a997fc243ec8e5f4d9825d721339427
-
SHA512
ef44dede8d7bd46fb9519c8556a5bdc4d0b2d5a2e16fb18284a4194c1ac9e4adb1bcf2b925e870564657d4c87aaf2a3fd28bf0cf281bade2c82027212c09930b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJ3:ymb3NkkiQ3mdBjFIwsDhbNF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f8793cc4d9c90b236b10c79209638a99a997fc243ec8e5f4d9825d721339427_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3f8793cc4d9c90b236b10c79209638a99a997fc243ec8e5f4d9825d721339427_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllllr.exec:\lfllllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntb.exec:\hbhntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnt.exec:\hbntnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrxf.exec:\rlflrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbtn.exec:\nttbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvdd.exec:\9jvdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlfr.exec:\fxfrlfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nthbb.exec:\5nthbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtt.exec:\tnnhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lflllr.exec:\5lflllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrxrx.exec:\xllrxrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbht.exec:\tnbbht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe17⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxxlxl.exec:\rrxxlxl.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbhbb.exec:\nhbhbb.exe20⤵
- Executes dropped EXE
-
\??\c:\9ntttn.exec:\9ntttn.exe21⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\5djvv.exec:\5djvv.exe23⤵
- Executes dropped EXE
-
\??\c:\5lxflrf.exec:\5lxflrf.exe24⤵
- Executes dropped EXE
-
\??\c:\xfrrrlf.exec:\xfrrrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\3httth.exec:\3httth.exe27⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxrlff.exec:\xlxrlff.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxrxrx.exec:\lxxrxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\3lfrflx.exec:\3lfrflx.exe34⤵
- Executes dropped EXE
-
\??\c:\5tbbbb.exec:\5tbbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\5jvdp.exec:\5jvdp.exe38⤵
- Executes dropped EXE
-
\??\c:\xlllrrx.exec:\xlllrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\1fxxlll.exec:\1fxxlll.exe40⤵
- Executes dropped EXE
-
\??\c:\tthbnt.exec:\tthbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxxrxf.exec:\ffxxrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbnnb.exec:\tnbnnb.exe47⤵
- Executes dropped EXE
-
\??\c:\3xlflrx.exec:\3xlflrx.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlrffr.exec:\xrlrffr.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfrflx.exec:\fxfrflx.exe50⤵
- Executes dropped EXE
-
\??\c:\nnbnbb.exec:\nnbnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe52⤵
- Executes dropped EXE
-
\??\c:\9vvpv.exec:\9vvpv.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\xlxxfrf.exec:\xlxxfrf.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrxlrx.exec:\rrrxlrx.exe56⤵
- Executes dropped EXE
-
\??\c:\9nbbhh.exec:\9nbbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\hbthhn.exec:\hbthhn.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe60⤵
- Executes dropped EXE
-
\??\c:\5lrlrrx.exec:\5lrlrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\5flxrxr.exec:\5flxrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\ttnbnn.exec:\ttnbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\bhhnnb.exec:\bhhnnb.exe64⤵
- Executes dropped EXE
-
\??\c:\7pdpp.exec:\7pdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe66⤵
-
\??\c:\llfrfxl.exec:\llfrfxl.exe67⤵
-
\??\c:\xrfrllf.exec:\xrfrllf.exe68⤵
-
\??\c:\9bthbh.exec:\9bthbh.exe69⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe70⤵
-
\??\c:\7ppvp.exec:\7ppvp.exe71⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe72⤵
-
\??\c:\xlrxllf.exec:\xlrxllf.exe73⤵
-
\??\c:\7fxflrx.exec:\7fxflrx.exe74⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe75⤵
-
\??\c:\bbnhhn.exec:\bbnhhn.exe76⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe77⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe78⤵
-
\??\c:\rrrllfx.exec:\rrrllfx.exe79⤵
-
\??\c:\xrllxlr.exec:\xrllxlr.exe80⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe81⤵
-
\??\c:\1bbtbh.exec:\1bbtbh.exe82⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe83⤵
-
\??\c:\pppvd.exec:\pppvd.exe84⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe85⤵
-
\??\c:\frrxlrx.exec:\frrxlrx.exe86⤵
-
\??\c:\9bnntn.exec:\9bnntn.exe87⤵
-
\??\c:\ntbhnh.exec:\ntbhnh.exe88⤵
-
\??\c:\1dddd.exec:\1dddd.exe89⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe90⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe91⤵
-
\??\c:\5lxxlff.exec:\5lxxlff.exe92⤵
-
\??\c:\thtttn.exec:\thtttn.exe93⤵
-
\??\c:\7nbbhh.exec:\7nbbhh.exe94⤵
-
\??\c:\vdppp.exec:\vdppp.exe95⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe96⤵
-
\??\c:\fxffxrx.exec:\fxffxrx.exe97⤵
-
\??\c:\1rxlrll.exec:\1rxlrll.exe98⤵
-
\??\c:\lxlffxf.exec:\lxlffxf.exe99⤵
-
\??\c:\7hnnnb.exec:\7hnnnb.exe100⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe101⤵
-
\??\c:\1djjj.exec:\1djjj.exe102⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe103⤵
-
\??\c:\rflxxxx.exec:\rflxxxx.exe104⤵
-
\??\c:\xlxrxrr.exec:\xlxrxrr.exe105⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe106⤵
-
\??\c:\thnbhb.exec:\thnbhb.exe107⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe108⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe109⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe110⤵
-
\??\c:\rxfxxxl.exec:\rxfxxxl.exe111⤵
-
\??\c:\9lrrrll.exec:\9lrrrll.exe112⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe113⤵
-
\??\c:\tbnbhb.exec:\tbnbhb.exe114⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe115⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe116⤵
-
\??\c:\1jppp.exec:\1jppp.exe117⤵
-
\??\c:\lxllrff.exec:\lxllrff.exe118⤵
-
\??\c:\rxrrxlr.exec:\rxrrxlr.exe119⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe120⤵
-
\??\c:\httbhn.exec:\httbhn.exe121⤵
-
\??\c:\nhbhnh.exec:\nhbhnh.exe122⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe123⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe124⤵
-
\??\c:\9frlfxx.exec:\9frlfxx.exe125⤵
-
\??\c:\1xfxfrr.exec:\1xfxfrr.exe126⤵
-
\??\c:\9hbhnh.exec:\9hbhnh.exe127⤵
-
\??\c:\3hnttn.exec:\3hnttn.exe128⤵
-
\??\c:\bhbnnn.exec:\bhbnnn.exe129⤵
-
\??\c:\pddjv.exec:\pddjv.exe130⤵
-
\??\c:\1dppv.exec:\1dppv.exe131⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe132⤵
-
\??\c:\7rrrrrr.exec:\7rrrrrr.exe133⤵
-
\??\c:\rflffff.exec:\rflffff.exe134⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe135⤵
-
\??\c:\5bhbht.exec:\5bhbht.exe136⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe137⤵
-
\??\c:\jpppv.exec:\jpppv.exe138⤵
-
\??\c:\dppjj.exec:\dppjj.exe139⤵
-
\??\c:\3rxrxrr.exec:\3rxrxrr.exe140⤵
-
\??\c:\lrfxfxx.exec:\lrfxfxx.exe141⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe142⤵
-
\??\c:\5ttnth.exec:\5ttnth.exe143⤵
-
\??\c:\nbhtbt.exec:\nbhtbt.exe144⤵
-
\??\c:\3jjvv.exec:\3jjvv.exe145⤵
-
\??\c:\3pvvp.exec:\3pvvp.exe146⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe147⤵
-
\??\c:\xfllxrr.exec:\xfllxrr.exe148⤵
-
\??\c:\1lrxrrr.exec:\1lrxrrr.exe149⤵
-
\??\c:\9bnhnh.exec:\9bnhnh.exe150⤵
-
\??\c:\hbnhht.exec:\hbnhht.exe151⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe152⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe153⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe154⤵
-
\??\c:\3frllff.exec:\3frllff.exe155⤵
-
\??\c:\1xlrrrr.exec:\1xlrrrr.exe156⤵
-
\??\c:\lffllfl.exec:\lffllfl.exe157⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe158⤵
-
\??\c:\1bbbbh.exec:\1bbbbh.exe159⤵
-
\??\c:\vpddj.exec:\vpddj.exe160⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe161⤵
-
\??\c:\7fflflr.exec:\7fflflr.exe162⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe163⤵
-
\??\c:\xrlxrxr.exec:\xrlxrxr.exe164⤵
-
\??\c:\nntbnb.exec:\nntbnb.exe165⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe166⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe167⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe168⤵
-
\??\c:\5xlrffl.exec:\5xlrffl.exe169⤵
-
\??\c:\frfffxf.exec:\frfffxf.exe170⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe171⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe172⤵
-
\??\c:\thnbhh.exec:\thnbhh.exe173⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe174⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe175⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe176⤵
-
\??\c:\7ffflrf.exec:\7ffflrf.exe177⤵
-
\??\c:\lxlrxrr.exec:\lxlrxrr.exe178⤵
-
\??\c:\thtntt.exec:\thtntt.exe179⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe180⤵
-
\??\c:\bntntt.exec:\bntntt.exe181⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe182⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe183⤵
-
\??\c:\rfxrlrr.exec:\rfxrlrr.exe184⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe185⤵
-
\??\c:\xlrxfll.exec:\xlrxfll.exe186⤵
-
\??\c:\tbnhnb.exec:\tbnhnb.exe187⤵
-
\??\c:\nhnbbh.exec:\nhnbbh.exe188⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe189⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe190⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe191⤵
-
\??\c:\lxxffll.exec:\lxxffll.exe192⤵
-
\??\c:\rlrxxrr.exec:\rlrxxrr.exe193⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe194⤵
-
\??\c:\5nbhhn.exec:\5nbhhn.exe195⤵
-
\??\c:\1nhtbb.exec:\1nhtbb.exe196⤵
-
\??\c:\9dpvv.exec:\9dpvv.exe197⤵
-
\??\c:\dvddj.exec:\dvddj.exe198⤵
-
\??\c:\5xffxrr.exec:\5xffxrr.exe199⤵
-
\??\c:\fxfflrx.exec:\fxfflrx.exe200⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe201⤵
-
\??\c:\btnnth.exec:\btnnth.exe202⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe203⤵
-
\??\c:\jvppp.exec:\jvppp.exe204⤵
-
\??\c:\rlfrflf.exec:\rlfrflf.exe205⤵
-
\??\c:\xlxffxx.exec:\xlxffxx.exe206⤵
-
\??\c:\llxlllr.exec:\llxlllr.exe207⤵
-
\??\c:\nbbbhb.exec:\nbbbhb.exe208⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe209⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe210⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe211⤵
-
\??\c:\7lrlrlr.exec:\7lrlrlr.exe212⤵
-
\??\c:\xrrrxrx.exec:\xrrrxrx.exe213⤵
-
\??\c:\7xlllrx.exec:\7xlllrx.exe214⤵
-
\??\c:\5hbntb.exec:\5hbntb.exe215⤵
-
\??\c:\7tnhnt.exec:\7tnhnt.exe216⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe217⤵
-
\??\c:\xlflfrx.exec:\xlflfrx.exe218⤵
-
\??\c:\lffflfl.exec:\lffflfl.exe219⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe220⤵
-
\??\c:\ttttbt.exec:\ttttbt.exe221⤵
-
\??\c:\9jvjp.exec:\9jvjp.exe222⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe223⤵
-
\??\c:\lrlrfxf.exec:\lrlrfxf.exe224⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe225⤵
-
\??\c:\lxlxrfx.exec:\lxlxrfx.exe226⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe227⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe228⤵
-
\??\c:\xrflflf.exec:\xrflflf.exe229⤵
-
\??\c:\9hbnnt.exec:\9hbnnt.exe230⤵
-
\??\c:\1nhnnb.exec:\1nhnnb.exe231⤵
-
\??\c:\jvppd.exec:\jvppd.exe232⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe233⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe234⤵
-
\??\c:\rrrxfrf.exec:\rrrxfrf.exe235⤵
-
\??\c:\9xrxrfl.exec:\9xrxrfl.exe236⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe237⤵
-
\??\c:\1thhnn.exec:\1thhnn.exe238⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe239⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe240⤵