Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 20:38
General
-
Target
09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe
-
Size
348KB
-
MD5
09e448d6acaaa3714663ecb28531a590
-
SHA1
6fcdd4207baba52bdaefae47abd5afc68e80190d
-
SHA256
b145a74f7cf04b6d3a8a8489d6b0c08eab9e23b867cca2a8ea2dbc304d7b972a
-
SHA512
9d4bc69eb176e04e0dc2dbc980c18b3aaadbb53bb7c5554c0e87f3c9b48f52686ef0cf2e5d02c31dd899b4b7851d76d1c000c89f110540f32721c23c90f3ee54
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31TeMN7E1DCqkj5ad427ykS9WOCUyTAoqt:n3C9BRo7MlrWKo+lS0Le4xRSAoq7mjKz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntnb.exec:\ttntnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdj.exec:\ddvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxllx.exec:\rlrxllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthn.exec:\bbtthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvd.exec:\pjvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrflf.exec:\flfrflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbbn.exec:\bhtbbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpv.exec:\5dvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthh.exec:\tnbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbh.exec:\hbthbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjp.exec:\9jdjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbh.exec:\tnttbh.exe17⤵
- Executes dropped EXE
-
\??\c:\3djpv.exec:\3djpv.exe18⤵
- Executes dropped EXE
-
\??\c:\fxflxfl.exec:\fxflxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe20⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe21⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe22⤵
- Executes dropped EXE
-
\??\c:\lxlxflr.exec:\lxlxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\7ntttb.exec:\7ntttb.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlflxrx.exec:\xlflxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\htntnt.exec:\htntnt.exe28⤵
- Executes dropped EXE
-
\??\c:\9dvpv.exec:\9dvpv.exe29⤵
- Executes dropped EXE
-
\??\c:\xxlrlrl.exec:\xxlrlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhtnt.exec:\hhhtnt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe32⤵
- Executes dropped EXE
-
\??\c:\9fxfrrf.exec:\9fxfrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\7xfflfl.exec:\7xfflfl.exe34⤵
- Executes dropped EXE
-
\??\c:\btttht.exec:\btttht.exe35⤵
- Executes dropped EXE
-
\??\c:\5jddv.exec:\5jddv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\xrflrrf.exec:\xrflrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxflxr.exec:\fxxflxr.exe42⤵
- Executes dropped EXE
-
\??\c:\rrflllr.exec:\rrflllr.exe43⤵
- Executes dropped EXE
-
\??\c:\7htbhn.exec:\7htbhn.exe44⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\5jvpv.exec:\5jvpv.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrfrxx.exec:\rlrfrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxxffl.exec:\xrxxffl.exe48⤵
- Executes dropped EXE
-
\??\c:\nttnnb.exec:\nttnnb.exe49⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\flrrfxx.exec:\flrrfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxffxf.exec:\fxxffxf.exe53⤵
- Executes dropped EXE
-
\??\c:\1hbhnt.exec:\1hbhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\nnbbhn.exec:\nnbbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\3vjpv.exec:\3vjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe57⤵
- Executes dropped EXE
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\rlflrrx.exec:\rlflrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe62⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe63⤵
- Executes dropped EXE
-
\??\c:\lxllllx.exec:\lxllllx.exe64⤵
- Executes dropped EXE
-
\??\c:\frffrlf.exec:\frffrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe66⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe67⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe68⤵
-
\??\c:\lxfxfff.exec:\lxfxfff.exe69⤵
-
\??\c:\1tnttn.exec:\1tnttn.exe70⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe71⤵
-
\??\c:\rlfrxxf.exec:\rlfrxxf.exe72⤵
-
\??\c:\tntttb.exec:\tntttb.exe73⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe74⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe75⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe76⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe77⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe78⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe79⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe80⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe81⤵
-
\??\c:\ffrrxrl.exec:\ffrrxrl.exe82⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe83⤵
-
\??\c:\vppvv.exec:\vppvv.exe84⤵
-
\??\c:\3jvvj.exec:\3jvvj.exe85⤵
-
\??\c:\1lrrrrf.exec:\1lrrrrf.exe86⤵
-
\??\c:\7bntbn.exec:\7bntbn.exe87⤵
-
\??\c:\5tbttb.exec:\5tbttb.exe88⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe89⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe90⤵
-
\??\c:\3rlffff.exec:\3rlffff.exe91⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe92⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe93⤵
-
\??\c:\3dddj.exec:\3dddj.exe94⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe95⤵
-
\??\c:\rlrxlll.exec:\rlrxlll.exe96⤵
-
\??\c:\5hthhb.exec:\5hthhb.exe97⤵
-
\??\c:\pppjp.exec:\pppjp.exe98⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe99⤵
-
\??\c:\fxrxllr.exec:\fxrxllr.exe100⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe101⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe102⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe103⤵
-
\??\c:\3lfxllx.exec:\3lfxllx.exe104⤵
-
\??\c:\llllrfl.exec:\llllrfl.exe105⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe106⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe107⤵
-
\??\c:\xxxxfrx.exec:\xxxxfrx.exe108⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe109⤵
-
\??\c:\btthtb.exec:\btthtb.exe110⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe111⤵
-
\??\c:\djpvj.exec:\djpvj.exe112⤵
-
\??\c:\5frxxxf.exec:\5frxxxf.exe113⤵
-
\??\c:\hhtbth.exec:\hhtbth.exe114⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe115⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe116⤵
-
\??\c:\ffrrxrf.exec:\ffrrxrf.exe117⤵
-
\??\c:\llflllx.exec:\llflllx.exe118⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe119⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe120⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe121⤵
-
\??\c:\frflllf.exec:\frflllf.exe122⤵
-
\??\c:\tnthnt.exec:\tnthnt.exe123⤵
-
\??\c:\pjddp.exec:\pjddp.exe124⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe125⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe126⤵
-
\??\c:\lflrxfr.exec:\lflrxfr.exe127⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe128⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe129⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe130⤵
-
\??\c:\rllxrlr.exec:\rllxrlr.exe131⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe132⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe133⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe134⤵
-
\??\c:\5xrrrrx.exec:\5xrrrrx.exe135⤵
-
\??\c:\9frxffl.exec:\9frxffl.exe136⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe137⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe138⤵
-
\??\c:\pjddj.exec:\pjddj.exe139⤵
-
\??\c:\5rfxffl.exec:\5rfxffl.exe140⤵
-
\??\c:\nnbnnn.exec:\nnbnnn.exe141⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe142⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe143⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe144⤵
-
\??\c:\xrxfllr.exec:\xrxfllr.exe145⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe146⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe147⤵
-
\??\c:\frlfrrx.exec:\frlfrrx.exe148⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe149⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe150⤵
-
\??\c:\3lrfffx.exec:\3lrfffx.exe151⤵
-
\??\c:\rffrxfr.exec:\rffrxfr.exe152⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe153⤵
-
\??\c:\9bbhnt.exec:\9bbhnt.exe154⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe155⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe156⤵
-
\??\c:\lfflxfx.exec:\lfflxfx.exe157⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe158⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe159⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe160⤵
-
\??\c:\rfrxlrr.exec:\rfrxlrr.exe161⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe162⤵
-
\??\c:\nbbhnt.exec:\nbbhnt.exe163⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe164⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe165⤵
-
\??\c:\rrflflx.exec:\rrflflx.exe166⤵
-
\??\c:\bbnbtn.exec:\bbnbtn.exe167⤵
-
\??\c:\thbnth.exec:\thbnth.exe168⤵
-
\??\c:\vpddp.exec:\vpddp.exe169⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe170⤵
-
\??\c:\rxrlfxx.exec:\rxrlfxx.exe171⤵
-
\??\c:\7bbnnt.exec:\7bbnnt.exe172⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe173⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe174⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe175⤵
-
\??\c:\1fxffll.exec:\1fxffll.exe176⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe177⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe178⤵
-
\??\c:\9vdjv.exec:\9vdjv.exe179⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe180⤵
-
\??\c:\7fllrxf.exec:\7fllrxf.exe181⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe182⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe183⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe184⤵
-
\??\c:\1rffllr.exec:\1rffllr.exe185⤵
-
\??\c:\xrlrlff.exec:\xrlrlff.exe186⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe187⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe188⤵
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe189⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe190⤵
-
\??\c:\1ntthn.exec:\1ntthn.exe191⤵
-
\??\c:\htntnt.exec:\htntnt.exe192⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe193⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe194⤵
-
\??\c:\xxfllll.exec:\xxfllll.exe195⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe196⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe197⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe198⤵
-
\??\c:\7xllrrr.exec:\7xllrrr.exe199⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe200⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe201⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe202⤵
-
\??\c:\9xrfrrf.exec:\9xrfrrf.exe203⤵
-
\??\c:\bnbbbn.exec:\bnbbbn.exe204⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe205⤵
-
\??\c:\djpvd.exec:\djpvd.exe206⤵
-
\??\c:\jdppd.exec:\jdppd.exe207⤵
-
\??\c:\xrrxxrx.exec:\xrrxxrx.exe208⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe209⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe210⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe211⤵
-
\??\c:\xlfxfxf.exec:\xlfxfxf.exe212⤵
-
\??\c:\3xlxrrx.exec:\3xlxrrx.exe213⤵
-
\??\c:\3nnhhh.exec:\3nnhhh.exe214⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe215⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe216⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe217⤵
-
\??\c:\1lrrffl.exec:\1lrrffl.exe218⤵
-
\??\c:\5tnntb.exec:\5tnntb.exe219⤵
-
\??\c:\9hthbn.exec:\9hthbn.exe220⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe221⤵
-
\??\c:\7rxfllx.exec:\7rxfllx.exe222⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe223⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe224⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe225⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe226⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe227⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe228⤵
-
\??\c:\7thntt.exec:\7thntt.exe229⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe230⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe231⤵
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe232⤵
-
\??\c:\1fxflrx.exec:\1fxflrx.exe233⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe234⤵
-
\??\c:\dvppd.exec:\dvppd.exe235⤵
-
\??\c:\xrffxxl.exec:\xrffxxl.exe236⤵
-
\??\c:\1lrxrfl.exec:\1lrxrfl.exe237⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe238⤵
-
\??\c:\7nbhhh.exec:\7nbhhh.exe239⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe240⤵