Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 12:41
General
-
Target
4cf292b0df810581c0863705d8f9d0a4ef13b08ca456578327033acef1028eb1_NeikiAnalytics.exe
-
Size
61KB
-
MD5
ca532b8560b6fea5ec26248d2e5bc8f0
-
SHA1
1b37ae385043044b487c41b61e9ef831613507de
-
SHA256
4cf292b0df810581c0863705d8f9d0a4ef13b08ca456578327033acef1028eb1
-
SHA512
76bd380f8d2e7abf0c0730718eb871da8be3a21cf711e52c82b3d20249e4e4295ba64ad6c19c9432cf519cf5cd420839a5cd46447af8f6043fcc399f3f1e4f9f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bV:ymb3NkkiQ3mdBjFIugW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4cf292b0df810581c0863705d8f9d0a4ef13b08ca456578327033acef1028eb1_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4cf292b0df810581c0863705d8f9d0a4ef13b08ca456578327033acef1028eb1_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbhh.exec:\tntbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthn.exec:\tnhthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlfl.exec:\ffrxlfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlxfr.exec:\3lxlxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhb.exec:\thhbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbb.exec:\bthtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfflx.exec:\rlxfflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflrlr.exec:\llflrlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxfrf.exec:\xxlxfrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxrx.exec:\xxrfxrx.exe17⤵
- Executes dropped EXE
-
\??\c:\btntnt.exec:\btntnt.exe18⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe19⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\9lxflxf.exec:\9lxflxf.exe21⤵
- Executes dropped EXE
-
\??\c:\rfrrxfr.exec:\rfrrxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\bbtntb.exec:\bbtntb.exe23⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\5rfxxxx.exec:\5rfxxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\5xxflrl.exec:\5xxflrl.exe27⤵
- Executes dropped EXE
-
\??\c:\nhthbt.exec:\nhthbt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrrffl.exec:\ffrrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\bhttbn.exec:\bhttbn.exe33⤵
- Executes dropped EXE
-
\??\c:\7tntbh.exec:\7tntbh.exe34⤵
- Executes dropped EXE
-
\??\c:\7lflflx.exec:\7lflflx.exe35⤵
- Executes dropped EXE
-
\??\c:\3xllrlr.exec:\3xllrlr.exe36⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\1pjvv.exec:\1pjvv.exe39⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\llflxfl.exec:\llflxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhttbn.exec:\nhttbn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\frfxlrr.exec:\frfxlrr.exe47⤵
- Executes dropped EXE
-
\??\c:\lxlllrl.exec:\lxlllrl.exe48⤵
- Executes dropped EXE
-
\??\c:\btbnhn.exec:\btbnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbhtn.exec:\hbbhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\lfffrxl.exec:\lfffrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe55⤵
- Executes dropped EXE
-
\??\c:\3hhnbb.exec:\3hhnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe58⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe59⤵
- Executes dropped EXE
-
\??\c:\lllrlrf.exec:\lllrlrf.exe60⤵
- Executes dropped EXE
-
\??\c:\7frxxxl.exec:\7frxxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\1xxfrrl.exec:\1xxfrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\7tnbht.exec:\7tnbht.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe64⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe65⤵
- Executes dropped EXE
-
\??\c:\xlfflrx.exec:\xlfflrx.exe66⤵
-
\??\c:\xrflxfx.exec:\xrflxfx.exe67⤵
-
\??\c:\frxxlfl.exec:\frxxlfl.exe68⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe69⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe70⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe71⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe72⤵
-
\??\c:\lfxlrxf.exec:\lfxlrxf.exe73⤵
-
\??\c:\llfrrrl.exec:\llfrrrl.exe74⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe75⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe76⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe77⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe78⤵
-
\??\c:\fllrfrl.exec:\fllrfrl.exe79⤵
-
\??\c:\rlflrrr.exec:\rlflrrr.exe80⤵
-
\??\c:\ttttth.exec:\ttttth.exe81⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe82⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe83⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe84⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe85⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe86⤵
-
\??\c:\lffxxfl.exec:\lffxxfl.exe87⤵
-
\??\c:\7hnnhh.exec:\7hnnhh.exe88⤵
-
\??\c:\hhnbht.exec:\hhnbht.exe89⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe90⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe91⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe92⤵
-
\??\c:\lfxllrx.exec:\lfxllrx.exe93⤵
-
\??\c:\btttbt.exec:\btttbt.exe94⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe95⤵
-
\??\c:\xrxlrxr.exec:\xrxlrxr.exe96⤵
-
\??\c:\rlrlrxf.exec:\rlrlrxf.exe97⤵
-
\??\c:\3nntbb.exec:\3nntbb.exe98⤵
-
\??\c:\btbhht.exec:\btbhht.exe99⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe100⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe101⤵
-
\??\c:\3rrxlrf.exec:\3rrxlrf.exe102⤵
-
\??\c:\xlrxlxf.exec:\xlrxlxf.exe103⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe104⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe105⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe106⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe107⤵
-
\??\c:\lxflrxf.exec:\lxflrxf.exe108⤵
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe109⤵
-
\??\c:\htbtbh.exec:\htbtbh.exe110⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe111⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe112⤵
-
\??\c:\7vppv.exec:\7vppv.exe113⤵
-
\??\c:\xxrxflr.exec:\xxrxflr.exe114⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe115⤵
-
\??\c:\xrxxlfl.exec:\xrxxlfl.exe116⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe117⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe118⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe119⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe120⤵
-
\??\c:\xrlllfr.exec:\xrlllfr.exe121⤵
-
\??\c:\rxfxflx.exec:\rxfxflx.exe122⤵
-
\??\c:\7bbtbb.exec:\7bbtbb.exe123⤵
-
\??\c:\7ttbnn.exec:\7ttbnn.exe124⤵
-
\??\c:\3xxlxfr.exec:\3xxlxfr.exe125⤵
-
\??\c:\flfrxrx.exec:\flfrxrx.exe126⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe127⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe128⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe129⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe130⤵
-
\??\c:\rlfrflr.exec:\rlfrflr.exe131⤵
-
\??\c:\frxxlfr.exec:\frxxlfr.exe132⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe133⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe134⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe135⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe136⤵
-
\??\c:\ffrrxlr.exec:\ffrrxlr.exe137⤵
-
\??\c:\flffrxf.exec:\flffrxf.exe138⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe139⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe140⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe141⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe142⤵
-
\??\c:\1lxfxff.exec:\1lxfxff.exe143⤵
-
\??\c:\rrlfxff.exec:\rrlfxff.exe144⤵
-
\??\c:\hhbnhb.exec:\hhbnhb.exe145⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe146⤵
-
\??\c:\vjvdp.exec:\vjvdp.exe147⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe148⤵
-
\??\c:\9flfxff.exec:\9flfxff.exe149⤵
-
\??\c:\rxrlrff.exec:\rxrlrff.exe150⤵
-
\??\c:\htnthh.exec:\htnthh.exe151⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe152⤵
-
\??\c:\dpvdj.exec:\dpvdj.exe153⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe154⤵
-
\??\c:\5xrfxxl.exec:\5xrfxxl.exe155⤵
-
\??\c:\1xrrrxf.exec:\1xrrrxf.exe156⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe157⤵
-
\??\c:\5htbbh.exec:\5htbbh.exe158⤵
-
\??\c:\httbnn.exec:\httbnn.exe159⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe160⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe161⤵
-
\??\c:\3fxxxfl.exec:\3fxxxfl.exe162⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe163⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe164⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe165⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe166⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe167⤵
-
\??\c:\rfrxflr.exec:\rfrxflr.exe168⤵
-
\??\c:\1rfffxx.exec:\1rfffxx.exe169⤵
-
\??\c:\bhnbhb.exec:\bhnbhb.exe170⤵
-
\??\c:\1nhntt.exec:\1nhntt.exe171⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe172⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe173⤵
-
\??\c:\lrlllfr.exec:\lrlllfr.exe174⤵
-
\??\c:\lfrxxfr.exec:\lfrxxfr.exe175⤵
-
\??\c:\5nnthb.exec:\5nnthb.exe176⤵
-
\??\c:\7nhhnt.exec:\7nhhnt.exe177⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe178⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe179⤵
-
\??\c:\rllxxxx.exec:\rllxxxx.exe180⤵
-
\??\c:\3lxflrf.exec:\3lxflrf.exe181⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe182⤵
-
\??\c:\3tnntn.exec:\3tnntn.exe183⤵
-
\??\c:\7tthnt.exec:\7tthnt.exe184⤵
-
\??\c:\djjdd.exec:\djjdd.exe185⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe186⤵
-
\??\c:\flrrlfl.exec:\flrrlfl.exe187⤵
-
\??\c:\flxxrll.exec:\flxxrll.exe188⤵
-
\??\c:\rlrfffl.exec:\rlrfffl.exe189⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe190⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe191⤵
-
\??\c:\jdppv.exec:\jdppv.exe192⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe193⤵
-
\??\c:\lffrrll.exec:\lffrrll.exe194⤵
-
\??\c:\rlxxrxl.exec:\rlxxrxl.exe195⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe196⤵
-
\??\c:\nnnnht.exec:\nnnnht.exe197⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe198⤵
-
\??\c:\7dppp.exec:\7dppp.exe199⤵
-
\??\c:\7llrxxx.exec:\7llrxxx.exe200⤵
-
\??\c:\xrflllr.exec:\xrflllr.exe201⤵
-
\??\c:\bnnnbn.exec:\bnnnbn.exe202⤵
-
\??\c:\httttt.exec:\httttt.exe203⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe204⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe205⤵
-
\??\c:\fflxrfx.exec:\fflxrfx.exe206⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe207⤵
-
\??\c:\xlxrxxx.exec:\xlxrxxx.exe208⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe209⤵
-
\??\c:\hthnnt.exec:\hthnnt.exe210⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe211⤵
-
\??\c:\jdddj.exec:\jdddj.exe212⤵
-
\??\c:\5lffllx.exec:\5lffllx.exe213⤵
-
\??\c:\jpjvv.exec:\jpjvv.exe214⤵
-
\??\c:\fxlffrr.exec:\fxlffrr.exe215⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe216⤵
-
\??\c:\bhbhhb.exec:\bhbhhb.exe217⤵
-
\??\c:\vddvj.exec:\vddvj.exe218⤵
-
\??\c:\3jddd.exec:\3jddd.exe219⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe220⤵
-
\??\c:\fxlxrrr.exec:\fxlxrrr.exe221⤵
-
\??\c:\5xrflxr.exec:\5xrflxr.exe222⤵
-
\??\c:\3bbnbh.exec:\3bbnbh.exe223⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe224⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe225⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe226⤵
-
\??\c:\5xllxxx.exec:\5xllxxx.exe227⤵
-
\??\c:\rllxxff.exec:\rllxxff.exe228⤵
-
\??\c:\9bnbhh.exec:\9bnbhh.exe229⤵
-
\??\c:\nthtnt.exec:\nthtnt.exe230⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe231⤵
-
\??\c:\dddpd.exec:\dddpd.exe232⤵
-
\??\c:\xrrrrxr.exec:\xrrrrxr.exe233⤵
-
\??\c:\xlrlxfl.exec:\xlrlxfl.exe234⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe235⤵
-
\??\c:\9thttt.exec:\9thttt.exe236⤵
-
\??\c:\1ttttt.exec:\1ttttt.exe237⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe238⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe239⤵
-
\??\c:\frlffrf.exec:\frlffrf.exe240⤵