Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21-05-2024 20:38
General
-
Target
09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe
-
Size
95KB
-
MD5
09f37fda7b8df6367968cb640f4d8b00
-
SHA1
204428adf66673ade1ea8b79abb0655e5fa38aca
-
SHA256
a0049debd0cb677baaf88a056f42a0b46f09717997b4bca0f535fcbfb5b97983
-
SHA512
a85b26632fa69b1397c70a78f2d691908199946b9feaf5e06c37ca4d555487ed8007aaac22fed7d6597f7b24a85229336804394704cee0a4d2312442d40608d5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2CC:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gwy5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfrrfx.exec:\5rfrrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhn.exec:\bbtbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbt.exec:\ttthbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffrf.exec:\rrlffrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjj.exec:\7pjjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxxr.exec:\rlfrxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbbh.exec:\tbtbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjv.exec:\dddjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flffxx.exec:\3flffxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtnh.exec:\hnhtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddp.exec:\ppddp.exe17⤵
- Executes dropped EXE
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe18⤵
- Executes dropped EXE
-
\??\c:\5nntnt.exec:\5nntnt.exe19⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe21⤵
- Executes dropped EXE
-
\??\c:\xrllrxr.exec:\xrllrxr.exe22⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\7tbhtt.exec:\7tbhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\llfrfrf.exec:\llfrfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\tbttbt.exec:\tbttbt.exe27⤵
- Executes dropped EXE
-
\??\c:\bttbhh.exec:\bttbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe30⤵
- Executes dropped EXE
-
\??\c:\frlxrll.exec:\frlxrll.exe31⤵
- Executes dropped EXE
-
\??\c:\nnnbth.exec:\nnnbth.exe32⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe33⤵
- Executes dropped EXE
-
\??\c:\rllrxfl.exec:\rllrxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhtbb.exec:\tnhtbb.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe37⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe38⤵
- Executes dropped EXE
-
\??\c:\5rllllx.exec:\5rllllx.exe39⤵
- Executes dropped EXE
-
\??\c:\9hhhtt.exec:\9hhhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbbtb.exec:\hhbbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxffrxx.exec:\lxffrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\htntnn.exec:\htntnn.exe45⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe46⤵
- Executes dropped EXE
-
\??\c:\jjdpp.exec:\jjdpp.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\xllxfxx.exec:\xllxfxx.exe49⤵
- Executes dropped EXE
-
\??\c:\lflrlrx.exec:\lflrlrx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhbhth.exec:\hhbhth.exe51⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe53⤵
- Executes dropped EXE
-
\??\c:\llflflx.exec:\llflflx.exe54⤵
- Executes dropped EXE
-
\??\c:\lfrlflx.exec:\lfrlflx.exe55⤵
- Executes dropped EXE
-
\??\c:\5bbhnt.exec:\5bbhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe57⤵
- Executes dropped EXE
-
\??\c:\5lffllf.exec:\5lffllf.exe58⤵
- Executes dropped EXE
-
\??\c:\lfxfxfx.exec:\lfxfxfx.exe59⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe60⤵
- Executes dropped EXE
-
\??\c:\9hhtnb.exec:\9hhtnb.exe61⤵
- Executes dropped EXE
-
\??\c:\1ddjd.exec:\1ddjd.exe62⤵
- Executes dropped EXE
-
\??\c:\dppvd.exec:\dppvd.exe63⤵
- Executes dropped EXE
-
\??\c:\lffxlrf.exec:\lffxlrf.exe64⤵
- Executes dropped EXE
-
\??\c:\lfflxll.exec:\lfflxll.exe65⤵
- Executes dropped EXE
-
\??\c:\3bbtnt.exec:\3bbtnt.exe66⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe67⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe68⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe69⤵
-
\??\c:\xxlrfrf.exec:\xxlrfrf.exe70⤵
-
\??\c:\3xrrxfr.exec:\3xrrxfr.exe71⤵
-
\??\c:\5ttntb.exec:\5ttntb.exe72⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe73⤵
-
\??\c:\7vjpp.exec:\7vjpp.exe74⤵
-
\??\c:\fxrlrxl.exec:\fxrlrxl.exe75⤵
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe76⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe77⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe78⤵
-
\??\c:\vpddp.exec:\vpddp.exe79⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe80⤵
-
\??\c:\ffrxlfr.exec:\ffrxlfr.exe81⤵
-
\??\c:\5lfxflx.exec:\5lfxflx.exe82⤵
-
\??\c:\1xxlxfl.exec:\1xxlxfl.exe83⤵
-
\??\c:\tbbnbn.exec:\tbbnbn.exe84⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe85⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe86⤵
-
\??\c:\dddjp.exec:\dddjp.exe87⤵
-
\??\c:\xfllffx.exec:\xfllffx.exe88⤵
-
\??\c:\xrflxxl.exec:\xrflxxl.exe89⤵
-
\??\c:\bbhtbb.exec:\bbhtbb.exe90⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe91⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe92⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe93⤵
-
\??\c:\djvjj.exec:\djvjj.exe94⤵
-
\??\c:\rllxfxl.exec:\rllxfxl.exe95⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe96⤵
-
\??\c:\9hbnbh.exec:\9hbnbh.exe97⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe98⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe99⤵
-
\??\c:\3ffrlrx.exec:\3ffrlrx.exe100⤵
-
\??\c:\xxlxrlf.exec:\xxlxrlf.exe101⤵
-
\??\c:\tbbhbh.exec:\tbbhbh.exe102⤵
-
\??\c:\9bthtb.exec:\9bthtb.exe103⤵
-
\??\c:\pvppj.exec:\pvppj.exe104⤵
-
\??\c:\vppjd.exec:\vppjd.exe105⤵
-
\??\c:\5llxlrf.exec:\5llxlrf.exe106⤵
-
\??\c:\hbttbn.exec:\hbttbn.exe107⤵
-
\??\c:\tttbht.exec:\tttbht.exe108⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe109⤵
-
\??\c:\5jjvp.exec:\5jjvp.exe110⤵
-
\??\c:\rrlflxr.exec:\rrlflxr.exe111⤵
-
\??\c:\frrxfxf.exec:\frrxfxf.exe112⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe113⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe114⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe115⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe116⤵
-
\??\c:\ffrrfxl.exec:\ffrrfxl.exe117⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe118⤵
-
\??\c:\3nhthn.exec:\3nhthn.exe119⤵
-
\??\c:\dddjp.exec:\dddjp.exe120⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe121⤵
-
\??\c:\7rllflr.exec:\7rllflr.exe122⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe123⤵
-
\??\c:\1bbhtt.exec:\1bbhtt.exe124⤵
-
\??\c:\hnbhht.exec:\hnbhht.exe125⤵
-
\??\c:\vpddp.exec:\vpddp.exe126⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe127⤵
-
\??\c:\xlflxxf.exec:\xlflxxf.exe128⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe129⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe130⤵
-
\??\c:\tthnht.exec:\tthnht.exe131⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe132⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe133⤵
-
\??\c:\frfllrf.exec:\frfllrf.exe134⤵
-
\??\c:\llrfrrl.exec:\llrfrrl.exe135⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe136⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe137⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe138⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe139⤵
-
\??\c:\rlffxll.exec:\rlffxll.exe140⤵
-
\??\c:\9rrxrrr.exec:\9rrxrrr.exe141⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe142⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe143⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe144⤵
-
\??\c:\jvddd.exec:\jvddd.exe145⤵
-
\??\c:\xxxflrl.exec:\xxxflrl.exe146⤵
-
\??\c:\fxffllf.exec:\fxffllf.exe147⤵
-
\??\c:\5hbhnn.exec:\5hbhnn.exe148⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe149⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe150⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe151⤵
-
\??\c:\rrlrlrx.exec:\rrlrlrx.exe152⤵
-
\??\c:\xrfrflx.exec:\xrfrflx.exe153⤵
-
\??\c:\bthntt.exec:\bthntt.exe154⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe155⤵
-
\??\c:\dvppv.exec:\dvppv.exe156⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe157⤵
-
\??\c:\5xrxrrx.exec:\5xrxrrx.exe158⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe159⤵
-
\??\c:\1nnbbh.exec:\1nnbbh.exe160⤵
-
\??\c:\7hbhtt.exec:\7hbhtt.exe161⤵
-
\??\c:\9vpjp.exec:\9vpjp.exe162⤵
-
\??\c:\rfllrrf.exec:\rfllrrf.exe163⤵
-
\??\c:\3fxxrrf.exec:\3fxxrrf.exe164⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe165⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe166⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe167⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe168⤵
-
\??\c:\rrrfxlx.exec:\rrrfxlx.exe169⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe170⤵
-
\??\c:\nbhthn.exec:\nbhthn.exe171⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe172⤵
-
\??\c:\9xlxxll.exec:\9xlxxll.exe173⤵
-
\??\c:\lfrfxlf.exec:\lfrfxlf.exe174⤵
-
\??\c:\3bntht.exec:\3bntht.exe175⤵
-
\??\c:\bnbbnt.exec:\bnbbnt.exe176⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe177⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe178⤵
-
\??\c:\fxfflrf.exec:\fxfflrf.exe179⤵
-
\??\c:\lfxfffl.exec:\lfxfffl.exe180⤵
-
\??\c:\5nhnbh.exec:\5nhnbh.exe181⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe182⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe183⤵
-
\??\c:\rrrfxrf.exec:\rrrfxrf.exe184⤵
-
\??\c:\3rxrlff.exec:\3rxrlff.exe185⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe186⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe187⤵
-
\??\c:\rlxlfll.exec:\rlxlfll.exe188⤵
-
\??\c:\hnhnnt.exec:\hnhnnt.exe189⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe190⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe191⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe192⤵
-
\??\c:\1rrxrrl.exec:\1rrxrrl.exe193⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe194⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe195⤵
-
\??\c:\flrlrlr.exec:\flrlrlr.exe196⤵
-
\??\c:\nnnthn.exec:\nnnthn.exe197⤵
-
\??\c:\9thntt.exec:\9thntt.exe198⤵
-
\??\c:\9djjv.exec:\9djjv.exe199⤵
-
\??\c:\ppppj.exec:\ppppj.exe200⤵
-
\??\c:\lfxlffr.exec:\lfxlffr.exe201⤵
-
\??\c:\rrxrflx.exec:\rrxrflx.exe202⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe203⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe204⤵
-
\??\c:\pjddd.exec:\pjddd.exe205⤵
-
\??\c:\xxflrxf.exec:\xxflrxf.exe206⤵
-
\??\c:\7xrxffl.exec:\7xrxffl.exe207⤵
-
\??\c:\htbbnt.exec:\htbbnt.exe208⤵
-
\??\c:\3btbhh.exec:\3btbhh.exe209⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe210⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe211⤵
-
\??\c:\llflxfx.exec:\llflxfx.exe212⤵
-
\??\c:\rrfrflx.exec:\rrfrflx.exe213⤵
-
\??\c:\9bntnn.exec:\9bntnn.exe214⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe215⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe216⤵
-
\??\c:\1jvjd.exec:\1jvjd.exe217⤵
-
\??\c:\3rrxfll.exec:\3rrxfll.exe218⤵
-
\??\c:\rrlrllx.exec:\rrlrllx.exe219⤵
-
\??\c:\5tnnbb.exec:\5tnnbb.exe220⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe221⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe222⤵
-
\??\c:\rrxrxrx.exec:\rrxrxrx.exe223⤵
-
\??\c:\lrfflff.exec:\lrfflff.exe224⤵
-
\??\c:\tbbbht.exec:\tbbbht.exe225⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe226⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe227⤵
-
\??\c:\9dddp.exec:\9dddp.exe228⤵
-
\??\c:\7llrfxl.exec:\7llrfxl.exe229⤵
-
\??\c:\3llxlll.exec:\3llxlll.exe230⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe231⤵
-
\??\c:\1nnnbh.exec:\1nnnbh.exe232⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe233⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe234⤵
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe235⤵
-
\??\c:\llxfrxr.exec:\llxfrxr.exe236⤵
-
\??\c:\tbbnth.exec:\tbbnth.exe237⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe238⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe239⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe240⤵