Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 01:03
General
-
Target
12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe
-
Size
441KB
-
MD5
12fe4659700f67a4d6813a77feeb3ed0
-
SHA1
5f4daa79699e0861a2c93ddb9113edcc4609cc1b
-
SHA256
a1b9907c04cfc85c546b3678e93a9045c19268aa60502284f3512a1afa2de094
-
SHA512
8aefa8907d3583e9cf8c5f57858c7decb92c0ea114a58e9f29b8bc3d8e386b3687338960700bceb59004cfa69d29e158b162365bd4b10926ee4edd59d89cbe55
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluw:UrR/nPV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnntt.exec:\5nnntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffllx.exec:\3lffllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflxfx.exec:\1fflxfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrffl.exec:\fxrrffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrff.exec:\lfxfrff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lffllr.exec:\1lffllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbh.exec:\tnbbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxllr.exec:\frlxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjp.exec:\vppjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxfx.exec:\rlxlxfx.exe17⤵
- Executes dropped EXE
-
\??\c:\1dvdj.exec:\1dvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\1rxflll.exec:\1rxflll.exe19⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe20⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe22⤵
- Executes dropped EXE
-
\??\c:\frrlrfr.exec:\frrlrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\9btthh.exec:\9btthh.exe24⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe26⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe27⤵
- Executes dropped EXE
-
\??\c:\hhthtt.exec:\hhthtt.exe28⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\9fxxfll.exec:\9fxxfll.exe31⤵
- Executes dropped EXE
-
\??\c:\3pvpv.exec:\3pvpv.exe32⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\7btnbb.exec:\7btnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\xrllffr.exec:\xrllffr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrllxfl.exec:\xrllxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrxllx.exec:\rfrxllx.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\1hhbhh.exec:\1hhbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrxllx.exec:\rfrxllx.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxxfrfx.exec:\xxxfrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbhn.exec:\nhhbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxllf.exec:\fxrxllf.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\bthttn.exec:\bthttn.exe52⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe53⤵
- Executes dropped EXE
-
\??\c:\frrffrr.exec:\frrffrr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe56⤵
- Executes dropped EXE
-
\??\c:\7vjpj.exec:\7vjpj.exe57⤵
- Executes dropped EXE
-
\??\c:\tnntbt.exec:\tnntbt.exe58⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe61⤵
- Executes dropped EXE
-
\??\c:\1nttbb.exec:\1nttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1nttbh.exec:\1nttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe64⤵
- Executes dropped EXE
-
\??\c:\7lxlrxl.exec:\7lxlrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\btnbht.exec:\btnbht.exe66⤵
-
\??\c:\thbntt.exec:\thbntt.exe67⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe68⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe69⤵
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe70⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe71⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe72⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe73⤵
-
\??\c:\xxlrxfx.exec:\xxlrxfx.exe74⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe75⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe76⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe77⤵
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe78⤵
-
\??\c:\3rfrflr.exec:\3rfrflr.exe79⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe80⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe81⤵
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe82⤵
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe83⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe84⤵
-
\??\c:\dddjv.exec:\dddjv.exe85⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe86⤵
-
\??\c:\3hhntb.exec:\3hhntb.exe87⤵
-
\??\c:\pvppp.exec:\pvppp.exe88⤵
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe89⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe90⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe91⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe92⤵
-
\??\c:\7lflrrf.exec:\7lflrrf.exe93⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe94⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe95⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe96⤵
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe97⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe98⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe99⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe100⤵
-
\??\c:\frllxxf.exec:\frllxxf.exe101⤵
-
\??\c:\ttthnn.exec:\ttthnn.exe102⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe103⤵
-
\??\c:\vppvp.exec:\vppvp.exe104⤵
-
\??\c:\5lxxxfl.exec:\5lxxxfl.exe105⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe106⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe107⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe108⤵
-
\??\c:\llfflxr.exec:\llfflxr.exe109⤵
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe110⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe111⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe112⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe113⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe114⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe115⤵
-
\??\c:\3ththn.exec:\3ththn.exe116⤵
-
\??\c:\dddjd.exec:\dddjd.exe117⤵
-
\??\c:\xxlrllr.exec:\xxlrllr.exe118⤵
-
\??\c:\5bthbn.exec:\5bthbn.exe119⤵
-
\??\c:\9hbntb.exec:\9hbntb.exe120⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe121⤵
-
\??\c:\lffrxfl.exec:\lffrxfl.exe122⤵
-
\??\c:\fffrlrx.exec:\fffrlrx.exe123⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe124⤵
-
\??\c:\5vjpd.exec:\5vjpd.exe125⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe126⤵
-
\??\c:\5xrxlrr.exec:\5xrxlrr.exe127⤵
-
\??\c:\bthntb.exec:\bthntb.exe128⤵
-
\??\c:\tnbtbn.exec:\tnbtbn.exe129⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe130⤵
-
\??\c:\lfxlxfr.exec:\lfxlxfr.exe131⤵
-
\??\c:\frllxxr.exec:\frllxxr.exe132⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe133⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe134⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe135⤵
-
\??\c:\9xfxlrf.exec:\9xfxlrf.exe136⤵
-
\??\c:\bbbhhn.exec:\bbbhhn.exe137⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe138⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe139⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe140⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe141⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe142⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe143⤵
-
\??\c:\ffflrrx.exec:\ffflrrx.exe144⤵
-
\??\c:\xrrxlrl.exec:\xrrxlrl.exe145⤵
-
\??\c:\btnthn.exec:\btnthn.exe146⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe147⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe148⤵
-
\??\c:\7xrrxxx.exec:\7xrrxxx.exe149⤵
-
\??\c:\hbhhtn.exec:\hbhhtn.exe150⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe151⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe152⤵
-
\??\c:\9flxlxf.exec:\9flxlxf.exe153⤵
-
\??\c:\3ffflrf.exec:\3ffflrf.exe154⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe155⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe156⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe157⤵
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe158⤵
-
\??\c:\7nntht.exec:\7nntht.exe159⤵
-
\??\c:\hhtbth.exec:\hhtbth.exe160⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe161⤵
-
\??\c:\rllfrfr.exec:\rllfrfr.exe162⤵
-
\??\c:\xlfrxfr.exec:\xlfrxfr.exe163⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe164⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe165⤵
-
\??\c:\7llrfrf.exec:\7llrfrf.exe166⤵
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe167⤵
-
\??\c:\nnnhnt.exec:\nnnhnt.exe168⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe169⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe170⤵
-
\??\c:\xxffxxl.exec:\xxffxxl.exe171⤵
-
\??\c:\9bthnt.exec:\9bthnt.exe172⤵
-
\??\c:\btnttb.exec:\btnttb.exe173⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe174⤵
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe175⤵
-
\??\c:\frrrrrx.exec:\frrrrrx.exe176⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe177⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe178⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe179⤵
-
\??\c:\lxrrflx.exec:\lxrrflx.exe180⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe181⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe182⤵
-
\??\c:\3jpvp.exec:\3jpvp.exe183⤵
-
\??\c:\1dvdd.exec:\1dvdd.exe184⤵
-
\??\c:\3xxfxlx.exec:\3xxfxlx.exe185⤵
-
\??\c:\9hbnhn.exec:\9hbnhn.exe186⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe187⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe188⤵
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe189⤵
-
\??\c:\1xflrxl.exec:\1xflrxl.exe190⤵
-
\??\c:\htthbb.exec:\htthbb.exe191⤵
-
\??\c:\9vdjd.exec:\9vdjd.exe192⤵
-
\??\c:\1rllffl.exec:\1rllffl.exe193⤵
-
\??\c:\lffrffl.exec:\lffrffl.exe194⤵
-
\??\c:\thhbhh.exec:\thhbhh.exe195⤵
-
\??\c:\dddjp.exec:\dddjp.exe196⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe197⤵
-
\??\c:\9xxflxr.exec:\9xxflxr.exe198⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe199⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe200⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe201⤵
-
\??\c:\lffxfrl.exec:\lffxfrl.exe202⤵
-
\??\c:\3rfrrxf.exec:\3rfrrxf.exe203⤵
-
\??\c:\3bttbh.exec:\3bttbh.exe204⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe205⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe206⤵
-
\??\c:\xrfflxf.exec:\xrfflxf.exe207⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe208⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe209⤵
-
\??\c:\3vpdj.exec:\3vpdj.exe210⤵
-
\??\c:\xrflrfl.exec:\xrflrfl.exe211⤵
-
\??\c:\7thnbb.exec:\7thnbb.exe212⤵
-
\??\c:\1dppv.exec:\1dppv.exe213⤵
-
\??\c:\5jvpd.exec:\5jvpd.exe214⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe215⤵
-
\??\c:\7ttbtb.exec:\7ttbtb.exe216⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe217⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe218⤵
-
\??\c:\llflflx.exec:\llflflx.exe219⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe220⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe221⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe222⤵
-
\??\c:\rlllllf.exec:\rlllllf.exe223⤵
-
\??\c:\lfffrlx.exec:\lfffrlx.exe224⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe225⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe226⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe227⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe228⤵
-
\??\c:\lfxxxrf.exec:\lfxxxrf.exe229⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe230⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe231⤵
-
\??\c:\pjddj.exec:\pjddj.exe232⤵
-
\??\c:\xlffrlx.exec:\xlffrlx.exe233⤵
-
\??\c:\hhnthn.exec:\hhnthn.exe234⤵
-
\??\c:\3tnnnt.exec:\3tnnnt.exe235⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe236⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe237⤵
-
\??\c:\1lxrxxf.exec:\1lxrxxf.exe238⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe239⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe240⤵