Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 19:12
General
-
Target
037cbcbc174c6497326229b1dcec4c00_NeikiAnalytics.exe
-
Size
55KB
-
MD5
037cbcbc174c6497326229b1dcec4c00
-
SHA1
267b94d48f671a1fa5a9d5f3851c9699964a584c
-
SHA256
9dd42d7142a324afb7d8df6fd3deaac9688cc96ea0cd10d7e325aa08970de53d
-
SHA512
e4cf5f4ec8fce3b380359e971ab2057dfe0a7a0adfd9ddac06ab029d94aef3a3753e74a5f1ee4bf735f80347a865e1178b744d77bbac53d9222456e8e9c77d0c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFk:ymb3NkkiQ3mdBjFIFk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\037cbcbc174c6497326229b1dcec4c00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\037cbcbc174c6497326229b1dcec4c00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnbb.exec:\1btnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvv.exec:\pppvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlxlr.exec:\rrxlxlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnh.exec:\bntnnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjp.exec:\7jpjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppj.exec:\3dppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlrlrr.exec:\1rlrlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrfrrf.exec:\9xrfrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthtt.exec:\nnthtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfflf.exec:\ffxfflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttnn.exec:\nbttnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlrr.exec:\frxrlrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlll.exec:\xxrrlll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe18⤵
- Executes dropped EXE
-
\??\c:\flrfxfl.exec:\flrfxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\hbtnnt.exec:\hbtnnt.exe20⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe22⤵
- Executes dropped EXE
-
\??\c:\llfrxlx.exec:\llfrxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxfxfl.exec:\lfxfxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\ttntnb.exec:\ttntnb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe26⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe27⤵
- Executes dropped EXE
-
\??\c:\3lfrxff.exec:\3lfrxff.exe28⤵
- Executes dropped EXE
-
\??\c:\rrfxlrx.exec:\rrfxlrx.exe29⤵
- Executes dropped EXE
-
\??\c:\htthnt.exec:\htthnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe31⤵
- Executes dropped EXE
-
\??\c:\flfxxrl.exec:\flfxxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\tnhthh.exec:\tnhthh.exe33⤵
- Executes dropped EXE
-
\??\c:\thttbt.exec:\thttbt.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjpd.exec:\ppjpd.exe35⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\tbhtnh.exec:\tbhtnh.exe37⤵
- Executes dropped EXE
-
\??\c:\7thtnt.exec:\7thtnt.exe38⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjvj.exec:\3vjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrrlx.exec:\rlfrrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\bbbnth.exec:\bbbnth.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe43⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlxrxf.exec:\fxlxrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\1hbbhn.exec:\1hbbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\7dvpj.exec:\7dvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\9xrxflx.exec:\9xrxflx.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlxllx.exec:\xxlxllx.exe52⤵
- Executes dropped EXE
-
\??\c:\tthhnb.exec:\tthhnb.exe53⤵
- Executes dropped EXE
-
\??\c:\9nhtbb.exec:\9nhtbb.exe54⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrfxrxf.exec:\xrfxrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\rrlxrxf.exec:\rrlxrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\7lxfrfr.exec:\7lxfrfr.exe62⤵
- Executes dropped EXE
-
\??\c:\rfllrrf.exec:\rfllrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbbbh.exec:\ttbbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\bthhht.exec:\bthhht.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe66⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe67⤵
-
\??\c:\xxxrffl.exec:\xxxrffl.exe68⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe69⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe70⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe71⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe72⤵
-
\??\c:\fflxxlr.exec:\fflxxlr.exe73⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe74⤵
-
\??\c:\hthbht.exec:\hthbht.exe75⤵
-
\??\c:\bhtbbn.exec:\bhtbbn.exe76⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe77⤵
-
\??\c:\dddpv.exec:\dddpv.exe78⤵
-
\??\c:\llrfrxf.exec:\llrfrxf.exe79⤵
-
\??\c:\1bthnb.exec:\1bthnb.exe80⤵
-
\??\c:\nttbnt.exec:\nttbnt.exe81⤵
-
\??\c:\5vjpd.exec:\5vjpd.exe82⤵
-
\??\c:\vppvp.exec:\vppvp.exe83⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe84⤵
-
\??\c:\llrlxlr.exec:\llrlxlr.exe85⤵
-
\??\c:\lfrlrfl.exec:\lfrlrfl.exe86⤵
-
\??\c:\7tbtht.exec:\7tbtht.exe87⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe88⤵
-
\??\c:\5vvdp.exec:\5vvdp.exe89⤵
-
\??\c:\xffxffl.exec:\xffxffl.exe90⤵
-
\??\c:\ffxlffx.exec:\ffxlffx.exe91⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe92⤵
-
\??\c:\btnbbh.exec:\btnbbh.exe93⤵
-
\??\c:\3pppv.exec:\3pppv.exe94⤵
-
\??\c:\ppddd.exec:\ppddd.exe95⤵
-
\??\c:\rffrfxr.exec:\rffrfxr.exe96⤵
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe97⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe98⤵
-
\??\c:\bbnhbn.exec:\bbnhbn.exe99⤵
-
\??\c:\5djjp.exec:\5djjp.exe100⤵
-
\??\c:\9lfrflf.exec:\9lfrflf.exe101⤵
-
\??\c:\xrllrlf.exec:\xrllrlf.exe102⤵
-
\??\c:\7xrrllf.exec:\7xrrllf.exe103⤵
-
\??\c:\nbbnhn.exec:\nbbnhn.exe104⤵
-
\??\c:\3nhhtb.exec:\3nhhtb.exe105⤵
-
\??\c:\5jppv.exec:\5jppv.exe106⤵
-
\??\c:\rrlxrfr.exec:\rrlxrfr.exe107⤵
-
\??\c:\5llrxxl.exec:\5llrxxl.exe108⤵
-
\??\c:\1bbntb.exec:\1bbntb.exe109⤵
-
\??\c:\3bbbth.exec:\3bbbth.exe110⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe111⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe112⤵
-
\??\c:\ffrxxxf.exec:\ffrxxxf.exe113⤵
-
\??\c:\rfrfxfx.exec:\rfrfxfx.exe114⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe115⤵
-
\??\c:\5hbhht.exec:\5hbhht.exe116⤵
-
\??\c:\5vvjp.exec:\5vvjp.exe117⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe118⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe119⤵
-
\??\c:\1lflrxx.exec:\1lflrxx.exe120⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe121⤵
-
\??\c:\7nnntt.exec:\7nnntt.exe122⤵
-
\??\c:\3pddd.exec:\3pddd.exe123⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe124⤵
-
\??\c:\3fxfrfr.exec:\3fxfrfr.exe125⤵
-
\??\c:\nbbnbn.exec:\nbbnbn.exe126⤵
-
\??\c:\5nhntn.exec:\5nhntn.exe127⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe128⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe129⤵
-
\??\c:\7lfrlrl.exec:\7lfrlrl.exe130⤵
-
\??\c:\hnbhnn.exec:\hnbhnn.exe131⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe132⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe133⤵
-
\??\c:\lrrfrxl.exec:\lrrfrxl.exe134⤵
-
\??\c:\5lfrrxf.exec:\5lfrrxf.exe135⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe136⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe137⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe138⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe139⤵
-
\??\c:\rlrfllr.exec:\rlrfllr.exe140⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe141⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe142⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe143⤵
-
\??\c:\1jjpd.exec:\1jjpd.exe144⤵
-
\??\c:\1dppv.exec:\1dppv.exe145⤵
-
\??\c:\7llxfll.exec:\7llxfll.exe146⤵
-
\??\c:\3rrfrrx.exec:\3rrfrrx.exe147⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe148⤵
-
\??\c:\5nbtht.exec:\5nbtht.exe149⤵
-
\??\c:\dvddj.exec:\dvddj.exe150⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe151⤵
-
\??\c:\fxlxllf.exec:\fxlxllf.exe152⤵
-
\??\c:\rlfxlrx.exec:\rlfxlrx.exe153⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe154⤵
-
\??\c:\7thhhh.exec:\7thhhh.exe155⤵
-
\??\c:\3jjpv.exec:\3jjpv.exe156⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe157⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe158⤵
-
\??\c:\rrfxfrr.exec:\rrfxfrr.exe159⤵
-
\??\c:\5hbhbb.exec:\5hbhbb.exe160⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe161⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe162⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe163⤵
-
\??\c:\3xrxffl.exec:\3xrxffl.exe164⤵
-
\??\c:\hthnnb.exec:\hthnnb.exe165⤵
-
\??\c:\5btbbb.exec:\5btbbb.exe166⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe167⤵
-
\??\c:\vdddd.exec:\vdddd.exe168⤵
-
\??\c:\flxllff.exec:\flxllff.exe169⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe170⤵
-
\??\c:\thbnhh.exec:\thbnhh.exe171⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe172⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe173⤵
-
\??\c:\xrlxrff.exec:\xrlxrff.exe174⤵
-
\??\c:\rlxxrfx.exec:\rlxxrfx.exe175⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe176⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe177⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe178⤵
-
\??\c:\llllxfr.exec:\llllxfr.exe179⤵
-
\??\c:\frffrxx.exec:\frffrxx.exe180⤵
-
\??\c:\5hbbnh.exec:\5hbbnh.exe181⤵
-
\??\c:\bbbttb.exec:\bbbttb.exe182⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe183⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe184⤵
-
\??\c:\3lxfxff.exec:\3lxfxff.exe185⤵
-
\??\c:\flxxfff.exec:\flxxfff.exe186⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe187⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe188⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe189⤵
-
\??\c:\1lxlrxl.exec:\1lxlrxl.exe190⤵
-
\??\c:\5bhthb.exec:\5bhthb.exe191⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe192⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe193⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe194⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe195⤵
-
\??\c:\7pddv.exec:\7pddv.exe196⤵
-
\??\c:\pddvj.exec:\pddvj.exe197⤵
-
\??\c:\9lffrxl.exec:\9lffrxl.exe198⤵
-
\??\c:\3lflrxx.exec:\3lflrxx.exe199⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe200⤵
-
\??\c:\5vppj.exec:\5vppj.exe201⤵
-
\??\c:\1jdpp.exec:\1jdpp.exe202⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe203⤵
-
\??\c:\fxxfxlr.exec:\fxxfxlr.exe204⤵
-
\??\c:\3xxlrff.exec:\3xxlrff.exe205⤵
-
\??\c:\7hbhbh.exec:\7hbhbh.exe206⤵
-
\??\c:\tttntb.exec:\tttntb.exe207⤵
-
\??\c:\pvdjv.exec:\pvdjv.exe208⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe209⤵
-
\??\c:\xxrlrfr.exec:\xxrlrfr.exe210⤵
-
\??\c:\fllrflf.exec:\fllrflf.exe211⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe212⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe213⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe214⤵
-
\??\c:\lfrxflx.exec:\lfrxflx.exe215⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe216⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe217⤵
-
\??\c:\5hhtnt.exec:\5hhtnt.exe218⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe219⤵
-
\??\c:\pppvp.exec:\pppvp.exe220⤵
-
\??\c:\flxfxxl.exec:\flxfxxl.exe221⤵
-
\??\c:\1xfflrx.exec:\1xfflrx.exe222⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe223⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe224⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe225⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe226⤵
-
\??\c:\ffxrlxl.exec:\ffxrlxl.exe227⤵
-
\??\c:\rlfflfl.exec:\rlfflfl.exe228⤵
-
\??\c:\5nntbb.exec:\5nntbb.exe229⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe230⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe231⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe232⤵
-
\??\c:\rfxlrfl.exec:\rfxlrfl.exe233⤵
-
\??\c:\rllrflr.exec:\rllrflr.exe234⤵
-
\??\c:\5btnht.exec:\5btnht.exe235⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe236⤵
-
\??\c:\jjddv.exec:\jjddv.exe237⤵
-
\??\c:\fxllflf.exec:\fxllflf.exe238⤵
-
\??\c:\xxrlflx.exec:\xxrlflx.exe239⤵
-
\??\c:\tbthnh.exec:\tbthnh.exe240⤵