Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
22-05-2024 03:44
General
-
Target
1614baf5d631dc31a7244c693bdeeee0_NeikiAnalytics.exe
-
Size
72KB
-
MD5
1614baf5d631dc31a7244c693bdeeee0
-
SHA1
fd1fc3e17e6d6f1e4d06ea724fa9831b64b26938
-
SHA256
c0491f22c5cea33513e4e3c5f7ace1fe948aeee444b6b5abdfee2cba3ca9cbe1
-
SHA512
9fe4715205076c1f6fdcce91cb7c1680dacda874b77e374bf86413988a2e841526b458db5ce0c2bc2c1f5111799999c33c7f64f42685e30af4ec82612930f2a0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKwU:ymb3NkkiQ3mdBjFIjeKU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1614baf5d631dc31a7244c693bdeeee0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1614baf5d631dc31a7244c693bdeeee0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdj.exec:\jvvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flxrfr.exec:\9flxrfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrxxf.exec:\frxrxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhh.exec:\hhhbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbb.exec:\bnttbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvp.exec:\dvjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrrx.exec:\xlflrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfffxf.exec:\lxfffxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhnn.exec:\3bhhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbt.exec:\hbntbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxfxx.exec:\lfrxfxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrrxx.exec:\flxrrxx.exe17⤵
- Executes dropped EXE
-
\??\c:\5rfrxrx.exec:\5rfrxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\9hthnn.exec:\9hthnn.exe19⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe20⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe21⤵
- Executes dropped EXE
-
\??\c:\xxfrfff.exec:\xxfrfff.exe22⤵
- Executes dropped EXE
-
\??\c:\3fxxlfl.exec:\3fxxlfl.exe23⤵
- Executes dropped EXE
-
\??\c:\bhtnbh.exec:\bhtnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\nntnbn.exec:\nntnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\9pvvv.exec:\9pvvv.exe26⤵
- Executes dropped EXE
-
\??\c:\9vvjj.exec:\9vvjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lrfxrll.exec:\lrfxrll.exe28⤵
- Executes dropped EXE
-
\??\c:\7lrrxrx.exec:\7lrrxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe30⤵
- Executes dropped EXE
-
\??\c:\hbnttn.exec:\hbnttn.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\3pddj.exec:\3pddj.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\rflflfl.exec:\rflflfl.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxfllx.exec:\xrxfllx.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrlflx.exec:\ffrlflx.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\1nbttn.exec:\1nbttn.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe40⤵
- Executes dropped EXE
-
\??\c:\7dvvj.exec:\7dvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\llxflrf.exec:\llxflrf.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxfllr.exec:\lfxfllr.exe43⤵
- Executes dropped EXE
-
\??\c:\tthnbh.exec:\tthnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\5ttbnb.exec:\5ttbnb.exe46⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\7jjpp.exec:\7jjpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxrxfr.exec:\lfxrxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe51⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhtt.exec:\hbhhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\5nhhnt.exec:\5nhhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\3jddj.exec:\3jddj.exe56⤵
- Executes dropped EXE
-
\??\c:\lflrlrr.exec:\lflrlrr.exe57⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe59⤵
- Executes dropped EXE
-
\??\c:\htbttb.exec:\htbttb.exe60⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\7vvpp.exec:\7vvpp.exe62⤵
- Executes dropped EXE
-
\??\c:\pvjpv.exec:\pvjpv.exe63⤵
- Executes dropped EXE
-
\??\c:\jvdjv.exec:\jvdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\1rxflrx.exec:\1rxflrx.exe65⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe66⤵
-
\??\c:\fxlxrfl.exec:\fxlxrfl.exe67⤵
-
\??\c:\5bhntb.exec:\5bhntb.exe68⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe69⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe70⤵
-
\??\c:\7jddj.exec:\7jddj.exe71⤵
-
\??\c:\flrfxfx.exec:\flrfxfx.exe72⤵
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe73⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe74⤵
-
\??\c:\bntthn.exec:\bntthn.exe75⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe76⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe77⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe78⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe79⤵
-
\??\c:\rrxflrf.exec:\rrxflrf.exe80⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe81⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe82⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe83⤵
-
\??\c:\5ppvp.exec:\5ppvp.exe84⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe85⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe86⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe87⤵
-
\??\c:\rlfflfr.exec:\rlfflfr.exe88⤵
-
\??\c:\3fxrxxf.exec:\3fxrxxf.exe89⤵
-
\??\c:\5ntbbh.exec:\5ntbbh.exe90⤵
-
\??\c:\1bnhnh.exec:\1bnhnh.exe91⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe92⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe93⤵
-
\??\c:\pjppj.exec:\pjppj.exe94⤵
-
\??\c:\xrffrlx.exec:\xrffrlx.exe95⤵
-
\??\c:\5rflllx.exec:\5rflllx.exe96⤵
-
\??\c:\frllrxl.exec:\frllrxl.exe97⤵
-
\??\c:\ttnntb.exec:\ttnntb.exe98⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe99⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe100⤵
-
\??\c:\5lxrffl.exec:\5lxrffl.exe101⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe102⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe103⤵
-
\??\c:\nbbbnh.exec:\nbbbnh.exe104⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe105⤵
-
\??\c:\djvjj.exec:\djvjj.exe106⤵
-
\??\c:\xxxllfx.exec:\xxxllfx.exe107⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe108⤵
-
\??\c:\3xllrrf.exec:\3xllrrf.exe109⤵
-
\??\c:\nbnbbn.exec:\nbnbbn.exe110⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe111⤵
-
\??\c:\7thntt.exec:\7thntt.exe112⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe113⤵
-
\??\c:\jvddp.exec:\jvddp.exe114⤵
-
\??\c:\frxlffx.exec:\frxlffx.exe115⤵
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe116⤵
-
\??\c:\xfrflfr.exec:\xfrflfr.exe117⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe118⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe119⤵
-
\??\c:\7hbhtb.exec:\7hbhtb.exe120⤵
-
\??\c:\3pjpj.exec:\3pjpj.exe121⤵
-
\??\c:\dvddj.exec:\dvddj.exe122⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe123⤵
-
\??\c:\3pddd.exec:\3pddd.exe124⤵
-
\??\c:\lllxrxl.exec:\lllxrxl.exe125⤵
-
\??\c:\rrrrxfr.exec:\rrrrxfr.exe126⤵
-
\??\c:\9fxfxxr.exec:\9fxfxxr.exe127⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe128⤵
-
\??\c:\1tnthn.exec:\1tnthn.exe129⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe130⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe131⤵
-
\??\c:\djvpp.exec:\djvpp.exe132⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe133⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe134⤵
-
\??\c:\xxlxfxl.exec:\xxlxfxl.exe135⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe136⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe137⤵
-
\??\c:\bntbnh.exec:\bntbnh.exe138⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe139⤵
-
\??\c:\7pvvj.exec:\7pvvj.exe140⤵
-
\??\c:\lxxxfff.exec:\lxxxfff.exe141⤵
-
\??\c:\9rflxfr.exec:\9rflxfr.exe142⤵
-
\??\c:\httnnn.exec:\httnnn.exe143⤵
-
\??\c:\hnnhbn.exec:\hnnhbn.exe144⤵
-
\??\c:\hthbht.exec:\hthbht.exe145⤵
-
\??\c:\bbhtnb.exec:\bbhtnb.exe146⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe147⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe148⤵
-
\??\c:\vppjp.exec:\vppjp.exe149⤵
-
\??\c:\5xlfxxx.exec:\5xlfxxx.exe150⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe151⤵
-
\??\c:\1rflxrr.exec:\1rflxrr.exe152⤵
-
\??\c:\7htthh.exec:\7htthh.exe153⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe154⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe155⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe156⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe157⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe158⤵
-
\??\c:\rrffxfx.exec:\rrffxfx.exe159⤵
-
\??\c:\3xxlxxx.exec:\3xxlxxx.exe160⤵
-
\??\c:\1fxfrrf.exec:\1fxfrrf.exe161⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe162⤵
-
\??\c:\nhttth.exec:\nhttth.exe163⤵
-
\??\c:\5nhhhn.exec:\5nhhhn.exe164⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe165⤵
-
\??\c:\jdppj.exec:\jdppj.exe166⤵
-
\??\c:\dvddd.exec:\dvddd.exe167⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe168⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe169⤵
-
\??\c:\7frllrr.exec:\7frllrr.exe170⤵
-
\??\c:\xrfrffl.exec:\xrfrffl.exe171⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe172⤵
-
\??\c:\nthttn.exec:\nthttn.exe173⤵
-
\??\c:\9httbb.exec:\9httbb.exe174⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe175⤵
-
\??\c:\3nhbbh.exec:\3nhbbh.exe176⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe177⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe178⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe179⤵
-
\??\c:\lffxffl.exec:\lffxffl.exe180⤵
-
\??\c:\ffxflrf.exec:\ffxflrf.exe181⤵
-
\??\c:\1rlxlrf.exec:\1rlxlrf.exe182⤵
-
\??\c:\lxlxlrf.exec:\lxlxlrf.exe183⤵
-
\??\c:\bnbbnb.exec:\bnbbnb.exe184⤵
-
\??\c:\bbtbbb.exec:\bbtbbb.exe185⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe186⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe187⤵
-
\??\c:\vdppv.exec:\vdppv.exe188⤵
-
\??\c:\dpddv.exec:\dpddv.exe189⤵
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe190⤵
-
\??\c:\fxflffr.exec:\fxflffr.exe191⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe192⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe193⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe194⤵
-
\??\c:\9ttntb.exec:\9ttntb.exe195⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe196⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe197⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe198⤵
-
\??\c:\3jddj.exec:\3jddj.exe199⤵
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe200⤵
-
\??\c:\7rllrrx.exec:\7rllrrx.exe201⤵
-
\??\c:\tttbth.exec:\tttbth.exe202⤵
-
\??\c:\3hhtnn.exec:\3hhtnn.exe203⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe204⤵
-
\??\c:\vpddp.exec:\vpddp.exe205⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe206⤵
-
\??\c:\pjddj.exec:\pjddj.exe207⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe208⤵
-
\??\c:\5xxfrfx.exec:\5xxfrfx.exe209⤵
-
\??\c:\1xffrxl.exec:\1xffrxl.exe210⤵
-
\??\c:\9xrfffr.exec:\9xrfffr.exe211⤵
-
\??\c:\hhhttn.exec:\hhhttn.exe212⤵
-
\??\c:\3thntb.exec:\3thntb.exe213⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe214⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe215⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe216⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe217⤵
-
\??\c:\xrrlrrf.exec:\xrrlrrf.exe218⤵
-
\??\c:\rllxrrf.exec:\rllxrrf.exe219⤵
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe220⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe221⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe222⤵
-
\??\c:\3hbtbh.exec:\3hbtbh.exe223⤵
-
\??\c:\hbtnth.exec:\hbtnth.exe224⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe225⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe226⤵
-
\??\c:\dpddp.exec:\dpddp.exe227⤵
-
\??\c:\7frrfxr.exec:\7frrfxr.exe228⤵
-
\??\c:\7xlrflr.exec:\7xlrflr.exe229⤵
-
\??\c:\7xfxflr.exec:\7xfxflr.exe230⤵
-
\??\c:\1bbhbt.exec:\1bbhbt.exe231⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe232⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe233⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe234⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe235⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe236⤵
-
\??\c:\xlfllrl.exec:\xlfllrl.exe237⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe238⤵
-
\??\c:\lxrrrlr.exec:\lxrrrlr.exe239⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe240⤵