Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
21-05-2024 20:41
General
-
Target
0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
0a81d6de9a73518776e3c141cd3f17e0
-
SHA1
00583453fc75b583c5dca7a87887fa6f4e1bb345
-
SHA256
f67e3022b39d951607d0f7ad6047d931091f9e1dfb8851ac98bc7142d0e51fcd
-
SHA512
ca528e304bf1e7cb4608ef52064b464acae017baf5fae7d1c2fd8966eba5cd5baadedf355f67bb02a80c7c4bf303b8fad8885d610fc8644c42bc37dfd5aae42f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wk:ymb3NkkiQ3mdBjFILmT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhnt.exec:\7hbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbhh.exec:\5nbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfx.exec:\xrflxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbt.exec:\bbbbbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbnn.exec:\9btbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrffl.exec:\7xrrffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhh.exec:\hhtbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthh.exec:\bbnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjj.exec:\7vjjj.exe17⤵
- Executes dropped EXE
-
\??\c:\xxxfffr.exec:\xxxfffr.exe18⤵
- Executes dropped EXE
-
\??\c:\htnnbh.exec:\htnnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nthnnh.exec:\nthnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxfrrx.exec:\lrxfrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhttb.exec:\tbhttb.exe28⤵
- Executes dropped EXE
-
\??\c:\7pdvv.exec:\7pdvv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrrffl.exec:\rfrrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhtht.exec:\hbhtht.exe32⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxflrrl.exec:\fxflrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe36⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\1lllrrf.exec:\1lllrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\bbhnnn.exec:\bbhnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\5bttnh.exec:\5bttnh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\frffrrf.exec:\frffrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\9rxlfrr.exec:\9rxlfrr.exe48⤵
- Executes dropped EXE
-
\??\c:\bhhnhb.exec:\bhhnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\1ddjj.exec:\1ddjj.exe51⤵
- Executes dropped EXE
-
\??\c:\llrxfrl.exec:\llrxfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxllxx.exec:\lrxllxx.exe53⤵
- Executes dropped EXE
-
\??\c:\9thtbn.exec:\9thtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrfflrl.exec:\xrfflrl.exe57⤵
- Executes dropped EXE
-
\??\c:\ffrxflr.exec:\ffrxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\5hbhnn.exec:\5hbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\9ddjp.exec:\9ddjp.exe60⤵
- Executes dropped EXE
-
\??\c:\5dvdd.exec:\5dvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\3bbtnb.exec:\3bbtnb.exe63⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe65⤵
- Executes dropped EXE
-
\??\c:\9rlrrxf.exec:\9rlrrxf.exe66⤵
-
\??\c:\xrxflrl.exec:\xrxflrl.exe67⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe68⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe69⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe70⤵
-
\??\c:\vvddd.exec:\vvddd.exe71⤵
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe72⤵
-
\??\c:\5xxfrxl.exec:\5xxfrxl.exe73⤵
-
\??\c:\3tthhb.exec:\3tthhb.exe74⤵
-
\??\c:\thttbh.exec:\thttbh.exe75⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe76⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe77⤵
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe78⤵
-
\??\c:\tnttht.exec:\tnttht.exe79⤵
-
\??\c:\hhhhth.exec:\hhhhth.exe80⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe81⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe82⤵
-
\??\c:\lxffrxx.exec:\lxffrxx.exe83⤵
-
\??\c:\3rxxflr.exec:\3rxxflr.exe84⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe85⤵
-
\??\c:\9ttnth.exec:\9ttnth.exe86⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe87⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe88⤵
-
\??\c:\fffffxl.exec:\fffffxl.exe89⤵
-
\??\c:\ttnbbn.exec:\ttnbbn.exe90⤵
-
\??\c:\nbthtt.exec:\nbthtt.exe91⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe92⤵
-
\??\c:\rrrrlxr.exec:\rrrrlxr.exe93⤵
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe94⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe95⤵
-
\??\c:\7bbbth.exec:\7bbbth.exe96⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe97⤵
-
\??\c:\5lrxflr.exec:\5lrxflr.exe98⤵
-
\??\c:\3lxlrfl.exec:\3lxlrfl.exe99⤵
-
\??\c:\bhbnhn.exec:\bhbnhn.exe100⤵
-
\??\c:\1ttnbh.exec:\1ttnbh.exe101⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe102⤵
-
\??\c:\5lfxllr.exec:\5lfxllr.exe103⤵
-
\??\c:\1fxllrf.exec:\1fxllrf.exe104⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe105⤵
-
\??\c:\3hnbnb.exec:\3hnbnb.exe106⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe107⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe108⤵
-
\??\c:\frxfrxl.exec:\frxfrxl.exe109⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe110⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe111⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe112⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe113⤵
-
\??\c:\lrxxrff.exec:\lrxxrff.exe114⤵
-
\??\c:\fflrlrx.exec:\fflrlrx.exe115⤵
-
\??\c:\hnhhth.exec:\hnhhth.exe116⤵
-
\??\c:\dpppv.exec:\dpppv.exe117⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe118⤵
-
\??\c:\lrxrlfl.exec:\lrxrlfl.exe119⤵
-
\??\c:\fxrfxxf.exec:\fxrfxxf.exe120⤵
-
\??\c:\1bntbh.exec:\1bntbh.exe121⤵
-
\??\c:\3jppp.exec:\3jppp.exe122⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe123⤵
-
\??\c:\rfflrxl.exec:\rfflrxl.exe124⤵
-
\??\c:\9rxffxl.exec:\9rxffxl.exe125⤵
-
\??\c:\hhbtbt.exec:\hhbtbt.exe126⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe127⤵
-
\??\c:\xxxxlxr.exec:\xxxxlxr.exe128⤵
-
\??\c:\7xrfxxl.exec:\7xrfxxl.exe129⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe130⤵
-
\??\c:\5nbhth.exec:\5nbhth.exe131⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe132⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe133⤵
-
\??\c:\9fxrflx.exec:\9fxrflx.exe134⤵
-
\??\c:\3tttbh.exec:\3tttbh.exe135⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe136⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe137⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe138⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe139⤵
-
\??\c:\3frxllr.exec:\3frxllr.exe140⤵
-
\??\c:\9ntbnb.exec:\9ntbnb.exe141⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe142⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe143⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe144⤵
-
\??\c:\llrxrrl.exec:\llrxrrl.exe145⤵
-
\??\c:\ttbhbh.exec:\ttbhbh.exe146⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe147⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe148⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe149⤵
-
\??\c:\9llrflx.exec:\9llrflx.exe150⤵
-
\??\c:\rlrfrfx.exec:\rlrfrfx.exe151⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe152⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe153⤵
-
\??\c:\9jjjp.exec:\9jjjp.exe154⤵
-
\??\c:\xfxllfx.exec:\xfxllfx.exe155⤵
-
\??\c:\lxllrxf.exec:\lxllrxf.exe156⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe157⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe158⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe159⤵
-
\??\c:\rlfrxlx.exec:\rlfrxlx.exe160⤵
-
\??\c:\7xllrrl.exec:\7xllrrl.exe161⤵
-
\??\c:\tbnbnn.exec:\tbnbnn.exe162⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe163⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe164⤵
-
\??\c:\fxxxfxl.exec:\fxxxfxl.exe165⤵
-
\??\c:\7ffxfff.exec:\7ffxfff.exe166⤵
-
\??\c:\bhtnnh.exec:\bhtnnh.exe167⤵
-
\??\c:\hbtnnb.exec:\hbtnnb.exe168⤵
-
\??\c:\5pddv.exec:\5pddv.exe169⤵
-
\??\c:\fxxffff.exec:\fxxffff.exe170⤵
-
\??\c:\9llxlxl.exec:\9llxlxl.exe171⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe172⤵
-
\??\c:\dvddv.exec:\dvddv.exe173⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe174⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe175⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe176⤵
-
\??\c:\5pppd.exec:\5pppd.exe177⤵
-
\??\c:\1xrlxxl.exec:\1xrlxxl.exe178⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe179⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe180⤵
-
\??\c:\lfllrxl.exec:\lfllrxl.exe181⤵
-
\??\c:\9htbhn.exec:\9htbhn.exe182⤵
-
\??\c:\bnhbbn.exec:\bnhbbn.exe183⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe184⤵
-
\??\c:\1pdpd.exec:\1pdpd.exe185⤵
-
\??\c:\3rfllfr.exec:\3rfllfr.exe186⤵
-
\??\c:\xlrrlfl.exec:\xlrrlfl.exe187⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe188⤵
-
\??\c:\btnthn.exec:\btnthn.exe189⤵
-
\??\c:\dpddp.exec:\dpddp.exe190⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe191⤵
-
\??\c:\llflxfx.exec:\llflxfx.exe192⤵
-
\??\c:\xlrxxrr.exec:\xlrxxrr.exe193⤵
-
\??\c:\hbhthh.exec:\hbhthh.exe194⤵
-
\??\c:\1bbttb.exec:\1bbttb.exe195⤵
-
\??\c:\vpddp.exec:\vpddp.exe196⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe197⤵
-
\??\c:\lxrxllr.exec:\lxrxllr.exe198⤵
-
\??\c:\xfxxrlr.exec:\xfxxrlr.exe199⤵
-
\??\c:\hthhbt.exec:\hthhbt.exe200⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe201⤵
-
\??\c:\djpjp.exec:\djpjp.exe202⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe203⤵
-
\??\c:\1xxfflx.exec:\1xxfflx.exe204⤵
-
\??\c:\3xffrrf.exec:\3xffrrf.exe205⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe206⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe207⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe208⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe209⤵
-
\??\c:\9rlxffr.exec:\9rlxffr.exe210⤵
-
\??\c:\1tbttt.exec:\1tbttt.exe211⤵
-
\??\c:\9bttbb.exec:\9bttbb.exe212⤵
-
\??\c:\5jppd.exec:\5jppd.exe213⤵
-
\??\c:\1ddjd.exec:\1ddjd.exe214⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe215⤵
-
\??\c:\rfrrffl.exec:\rfrrffl.exe216⤵
-
\??\c:\btnntb.exec:\btnntb.exe217⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe218⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe219⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe220⤵
-
\??\c:\rlfflrl.exec:\rlfflrl.exe221⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe222⤵
-
\??\c:\tttnht.exec:\tttnht.exe223⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe224⤵
-
\??\c:\pvppv.exec:\pvppv.exe225⤵
-
\??\c:\7ffrrxf.exec:\7ffrrxf.exe226⤵
-
\??\c:\xfllrfl.exec:\xfllrfl.exe227⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe228⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe229⤵
-
\??\c:\djjdd.exec:\djjdd.exe230⤵
-
\??\c:\vvppv.exec:\vvppv.exe231⤵
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe232⤵
-
\??\c:\rlrxxxr.exec:\rlrxxxr.exe233⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe234⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe235⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe236⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe237⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe238⤵
-
\??\c:\xrflxlr.exec:\xrflxlr.exe239⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe240⤵