Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
21-05-2024 11:30
General
-
Target
406a73a43b1bd20699afe0e081f2459bf11896ce744488cf8751eb23ff50e90f_NeikiAnalytics.exe
-
Size
483KB
-
MD5
907616ada4f07f5f4695a1a139d9a480
-
SHA1
7da2114aedf9066435bd78e68bc2ec91e395ee16
-
SHA256
406a73a43b1bd20699afe0e081f2459bf11896ce744488cf8751eb23ff50e90f
-
SHA512
5eec2adda27b1f5be57202f0776ed233daf57ccf2499d85d29acbe3c5a952db9472ecec3be7c821109dc4ee8d7740010e8a23d7430a50b4f5a70db95b590c883
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizji:q7Tc2NYHUrAwqzck
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\406a73a43b1bd20699afe0e081f2459bf11896ce744488cf8751eb23ff50e90f_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\406a73a43b1bd20699afe0e081f2459bf11896ce744488cf8751eb23ff50e90f_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrl.exec:\xrflrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pppv.exec:\3pppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxff.exec:\xlrlxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtb.exec:\hbnbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrflr.exec:\rrlrflr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bntbt.exec:\3bntbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxlfl.exec:\llxxlfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlllf.exec:\fxrlllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbhnt.exec:\1bbhnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfrxrx.exec:\5lfrxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lllrrr.exec:\7lllrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpv.exec:\9pvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxxxx.exec:\frlxxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppvd.exec:\3ppvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddd.exec:\dpddd.exe17⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe18⤵
- Executes dropped EXE
-
\??\c:\xlxxffr.exec:\xlxxffr.exe19⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe21⤵
- Executes dropped EXE
-
\??\c:\bbtntb.exec:\bbtntb.exe22⤵
- Executes dropped EXE
-
\??\c:\1jjpv.exec:\1jjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\flffrxf.exec:\flffrxf.exe24⤵
- Executes dropped EXE
-
\??\c:\nbbhtt.exec:\nbbhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\ffflfxl.exec:\ffflfxl.exe26⤵
- Executes dropped EXE
-
\??\c:\9ddpv.exec:\9ddpv.exe27⤵
- Executes dropped EXE
-
\??\c:\fffllfr.exec:\fffllfr.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe29⤵
- Executes dropped EXE
-
\??\c:\1fllrrr.exec:\1fllrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\bhbbhb.exec:\bhbbhb.exe31⤵
- Executes dropped EXE
-
\??\c:\3pdvp.exec:\3pdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\7xffllr.exec:\7xffllr.exe33⤵
- Executes dropped EXE
-
\??\c:\1btnbb.exec:\1btnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxlxlrl.exec:\xxlxlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\htbnbt.exec:\htbnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhhnh.exec:\hbhhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xlxfllx.exec:\xlxfllx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe41⤵
- Executes dropped EXE
-
\??\c:\7jjpv.exec:\7jjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\7lxfllx.exec:\7lxfllx.exe43⤵
- Executes dropped EXE
-
\??\c:\nbhnhn.exec:\nbhnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbntb.exec:\ttbntb.exe45⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\lxlxxxl.exec:\lxlxxxl.exe47⤵
- Executes dropped EXE
-
\??\c:\9nbbhh.exec:\9nbbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\frlfrrf.exec:\frlfrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe52⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\9lrrrrr.exec:\9lrrrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\xlrrrfl.exec:\xlrrrfl.exe55⤵
- Executes dropped EXE
-
\??\c:\nbtntt.exec:\nbtntt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe57⤵
- Executes dropped EXE
-
\??\c:\5lxxffl.exec:\5lxxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\ttbbhb.exec:\ttbbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\pdvdd.exec:\pdvdd.exe60⤵
- Executes dropped EXE
-
\??\c:\xlflrxx.exec:\xlflrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\1rflrxl.exec:\1rflrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\7htbbb.exec:\7htbbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe64⤵
- Executes dropped EXE
-
\??\c:\5xfxxrx.exec:\5xfxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\5bbbnb.exec:\5bbbnb.exe66⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe67⤵
-
\??\c:\dpddj.exec:\dpddj.exe68⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe69⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe70⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe71⤵
-
\??\c:\jvppj.exec:\jvppj.exe72⤵
-
\??\c:\xlrxfll.exec:\xlrxfll.exe73⤵
-
\??\c:\tntthh.exec:\tntthh.exe74⤵
-
\??\c:\9jppv.exec:\9jppv.exe75⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe76⤵
-
\??\c:\1hbbnn.exec:\1hbbnn.exe77⤵
-
\??\c:\ntbtth.exec:\ntbtth.exe78⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe79⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe80⤵
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe81⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe82⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe83⤵
-
\??\c:\5lrlrrx.exec:\5lrlrrx.exe84⤵
-
\??\c:\rxxlxfx.exec:\rxxlxfx.exe85⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe86⤵
-
\??\c:\djjvp.exec:\djjvp.exe87⤵
-
\??\c:\5frxlrf.exec:\5frxlrf.exe88⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe89⤵
-
\??\c:\3hthhn.exec:\3hthhn.exe90⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe91⤵
-
\??\c:\3rflrrf.exec:\3rflrrf.exe92⤵
-
\??\c:\1bhhhn.exec:\1bhhhn.exe93⤵
-
\??\c:\tttnbh.exec:\tttnbh.exe94⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe95⤵
-
\??\c:\1frxfrx.exec:\1frxfrx.exe96⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe97⤵
-
\??\c:\tnthbb.exec:\tnthbb.exe98⤵
-
\??\c:\jddjp.exec:\jddjp.exe99⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe100⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe101⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe102⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe103⤵
-
\??\c:\fxrxfxl.exec:\fxrxfxl.exe104⤵
-
\??\c:\hbbhtt.exec:\hbbhtt.exe105⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe106⤵
-
\??\c:\llxlfrf.exec:\llxlfrf.exe107⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe108⤵
-
\??\c:\5nhnhh.exec:\5nhnhh.exe109⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe110⤵
-
\??\c:\fxxlflf.exec:\fxxlflf.exe111⤵
-
\??\c:\tttbth.exec:\tttbth.exe112⤵
-
\??\c:\9nhhtt.exec:\9nhhtt.exe113⤵
-
\??\c:\vppvp.exec:\vppvp.exe114⤵
-
\??\c:\1lffrfr.exec:\1lffrfr.exe115⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe116⤵
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe117⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe118⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe119⤵
-
\??\c:\pppvj.exec:\pppvj.exe120⤵
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe121⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe122⤵
-
\??\c:\1pddj.exec:\1pddj.exe123⤵
-
\??\c:\fxrlflr.exec:\fxrlflr.exe124⤵
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe125⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe126⤵
-
\??\c:\5pjjp.exec:\5pjjp.exe127⤵
-
\??\c:\rlffrrx.exec:\rlffrrx.exe128⤵
-
\??\c:\7xlxxxx.exec:\7xlxxxx.exe129⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe130⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe131⤵
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe132⤵
-
\??\c:\3rrxffl.exec:\3rrxffl.exe133⤵
-
\??\c:\nttnht.exec:\nttnht.exe134⤵
-
\??\c:\pjddd.exec:\pjddd.exe135⤵
-
\??\c:\frxxfff.exec:\frxxfff.exe136⤵
-
\??\c:\xfxffxx.exec:\xfxffxx.exe137⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe138⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe139⤵
-
\??\c:\rrrffrl.exec:\rrrffrl.exe140⤵
-
\??\c:\1btbnn.exec:\1btbnn.exe141⤵
-
\??\c:\htbbhb.exec:\htbbhb.exe142⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe143⤵
-
\??\c:\rrflxfl.exec:\rrflxfl.exe144⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe145⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe146⤵
-
\??\c:\9djdv.exec:\9djdv.exe147⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe148⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe149⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe150⤵
-
\??\c:\rfllfxr.exec:\rfllfxr.exe151⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe152⤵
-
\??\c:\7hhhhb.exec:\7hhhhb.exe153⤵
-
\??\c:\3jvvj.exec:\3jvvj.exe154⤵
-
\??\c:\lrfrffl.exec:\lrfrffl.exe155⤵
-
\??\c:\9xlxllr.exec:\9xlxllr.exe156⤵
-
\??\c:\hbnhnt.exec:\hbnhnt.exe157⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe158⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe159⤵
-
\??\c:\frllllx.exec:\frllllx.exe160⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe161⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe162⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe163⤵
-
\??\c:\fllxffr.exec:\fllxffr.exe164⤵
-
\??\c:\htnntt.exec:\htnntt.exe165⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe166⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe167⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe168⤵
-
\??\c:\hthbbt.exec:\hthbbt.exe169⤵
-
\??\c:\tbhnbb.exec:\tbhnbb.exe170⤵
-
\??\c:\vvppp.exec:\vvppp.exe171⤵
-
\??\c:\llxxlll.exec:\llxxlll.exe172⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe173⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe174⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe175⤵
-
\??\c:\rlxrlfr.exec:\rlxrlfr.exe176⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe177⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe178⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe179⤵
-
\??\c:\7rllllr.exec:\7rllllr.exe180⤵
-
\??\c:\tttnbh.exec:\tttnbh.exe181⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe182⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe183⤵
-
\??\c:\7frrlxr.exec:\7frrlxr.exe184⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe185⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe186⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe187⤵
-
\??\c:\xfxfxxf.exec:\xfxfxxf.exe188⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe189⤵
-
\??\c:\bbthth.exec:\bbthth.exe190⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe191⤵
-
\??\c:\lffrffr.exec:\lffrffr.exe192⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe193⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe194⤵
-
\??\c:\djvpp.exec:\djvpp.exe195⤵
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe196⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe197⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe198⤵
-
\??\c:\9ddjj.exec:\9ddjj.exe199⤵
-
\??\c:\rlllxlx.exec:\rlllxlx.exe200⤵
-
\??\c:\3rllxxl.exec:\3rllxxl.exe201⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe202⤵
-
\??\c:\9nbthh.exec:\9nbthh.exe203⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe204⤵
-
\??\c:\ffxffff.exec:\ffxffff.exe205⤵
-
\??\c:\3nbbtn.exec:\3nbbtn.exe206⤵
-
\??\c:\hbtnbn.exec:\hbtnbn.exe207⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe208⤵
-
\??\c:\fflxrrf.exec:\fflxrrf.exe209⤵
-
\??\c:\rrffrfx.exec:\rrffrfx.exe210⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe211⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe212⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe213⤵
-
\??\c:\xrrxrrl.exec:\xrrxrrl.exe214⤵
-
\??\c:\nbntbt.exec:\nbntbt.exe215⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe216⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe217⤵
-
\??\c:\fxlxxlf.exec:\fxlxxlf.exe218⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe219⤵
-
\??\c:\nnhbth.exec:\nnhbth.exe220⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe221⤵
-
\??\c:\llflflx.exec:\llflflx.exe222⤵
-
\??\c:\rxlrlrx.exec:\rxlrlrx.exe223⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe224⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe225⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe226⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe227⤵
-
\??\c:\ntthbn.exec:\ntthbn.exe228⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe229⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe230⤵
-
\??\c:\1lxxrxl.exec:\1lxxrxl.exe231⤵
-
\??\c:\9hnntt.exec:\9hnntt.exe232⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe233⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe234⤵
-
\??\c:\rxxffll.exec:\rxxffll.exe235⤵
-
\??\c:\ffrxffr.exec:\ffrxffr.exe236⤵
-
\??\c:\5htthn.exec:\5htthn.exe237⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe238⤵
-
\??\c:\1frlxfl.exec:\1frlxfl.exe239⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe240⤵