Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 03:51
General
-
Target
17a879b03076531eb5b4d727e97f41e0_NeikiAnalytics.exe
-
Size
107KB
-
MD5
17a879b03076531eb5b4d727e97f41e0
-
SHA1
87a934717665f3e4ed6712bbd6eec7050cb4928c
-
SHA256
5b238a3ba55d8c5d40ccea94a09cee393d3700cf1f46799bc921c72cdd234f92
-
SHA512
09e5a5ee40a1693e274c9e9b9787843ea14ed37ac3e6328c4b882dd8c731f3d08ad698e990c5eee701f55a4c26ff388d092b362fc0d20379a64c34d3080d7f07
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66krop7Bcgw:kcm4FmowdHoSphraHcp7yV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Users\Admin\AppData\Local\Temp\3846235125\zmstage.exeC:\Users\Admin\AppData\Local\Temp\3846235125\zmstage.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\17a879b03076531eb5b4d727e97f41e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\17a879b03076531eb5b4d727e97f41e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxlxr.exec:\3rfxlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnt.exec:\btbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhn.exec:\hbbnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdpd.exec:\ppdpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvp.exec:\5dvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxlrx.exec:\xrfxlrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrrx.exec:\lfflrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhntt.exec:\nhhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhhn.exec:\3nhhhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjj.exec:\7djjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvd.exec:\pvjvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxrfl.exec:\xflxrfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnh.exec:\hhtbnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe17⤵
- Executes dropped EXE
-
\??\c:\1vddd.exec:\1vddd.exe18⤵
- Executes dropped EXE
-
\??\c:\rrlrxfr.exec:\rrlrxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\5xrxxfr.exec:\5xrxxfr.exe20⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe21⤵
- Executes dropped EXE
-
\??\c:\1jpjp.exec:\1jpjp.exe22⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe23⤵
- Executes dropped EXE
-
\??\c:\rllrxxf.exec:\rllrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxlxxf.exec:\rlxlxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe26⤵
- Executes dropped EXE
-
\??\c:\hnthhb.exec:\hnthhb.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrlxlrl.exec:\xrlxlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrflxf.exec:\lfrflxf.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnbhb.exec:\ntnbhb.exe31⤵
- Executes dropped EXE
-
\??\c:\thbhnn.exec:\thbhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe34⤵
- Executes dropped EXE
-
\??\c:\ffrfxxr.exec:\ffrfxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffrrf.exec:\fxffrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrfxll.exec:\lxrfxll.exe37⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe38⤵
- Executes dropped EXE
-
\??\c:\9nthbn.exec:\9nthbn.exe39⤵
- Executes dropped EXE
-
\??\c:\9tttbb.exec:\9tttbb.exe40⤵
- Executes dropped EXE
-
\??\c:\3dpdj.exec:\3dpdj.exe41⤵
- Executes dropped EXE
-
\??\c:\1jvdd.exec:\1jvdd.exe42⤵
- Executes dropped EXE
-
\??\c:\lfflxlf.exec:\lfflxlf.exe43⤵
- Executes dropped EXE
-
\??\c:\5lxxffl.exec:\5lxxffl.exe44⤵
- Executes dropped EXE
-
\??\c:\rlflxfr.exec:\rlflxfr.exe45⤵
- Executes dropped EXE
-
\??\c:\9hbnnh.exec:\9hbnnh.exe46⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe47⤵
- Executes dropped EXE
-
\??\c:\1tnhbh.exec:\1tnhbh.exe48⤵
- Executes dropped EXE
-
\??\c:\1hthbb.exec:\1hthbb.exe49⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxffrx.exec:\lrxffrx.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlfrxl.exec:\xxlfrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnbhb.exec:\nnnbhb.exe55⤵
- Executes dropped EXE
-
\??\c:\htbhtt.exec:\htbhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe57⤵
- Executes dropped EXE
-
\??\c:\5vjvd.exec:\5vjvd.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrxflx.exec:\rlrxflx.exe60⤵
- Executes dropped EXE
-
\??\c:\rfrxxff.exec:\rfrxxff.exe61⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe62⤵
- Executes dropped EXE
-
\??\c:\btthhh.exec:\btthhh.exe63⤵
- Executes dropped EXE
-
\??\c:\7nhthb.exec:\7nhthb.exe64⤵
- Executes dropped EXE
-
\??\c:\1hhtnb.exec:\1hhtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe66⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe67⤵
-
\??\c:\rfrflxf.exec:\rfrflxf.exe68⤵
-
\??\c:\xxrxlfl.exec:\xxrxlfl.exe69⤵
-
\??\c:\1hhbnt.exec:\1hhbnt.exe70⤵
-
\??\c:\1hhntt.exec:\1hhntt.exe71⤵
-
\??\c:\1ttbhn.exec:\1ttbhn.exe72⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe73⤵
-
\??\c:\jvddj.exec:\jvddj.exe74⤵
-
\??\c:\thnthh.exec:\thnthh.exe75⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe76⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe77⤵
-
\??\c:\rlrlrxl.exec:\rlrlrxl.exe78⤵
-
\??\c:\frlrxrx.exec:\frlrxrx.exe79⤵
-
\??\c:\nbtnbh.exec:\nbtnbh.exe80⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe81⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe82⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe83⤵
-
\??\c:\3lllrrx.exec:\3lllrrx.exe84⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe85⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe86⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe87⤵
-
\??\c:\vpppd.exec:\vpppd.exe88⤵
-
\??\c:\pddvj.exec:\pddvj.exe89⤵
-
\??\c:\xxxxxxl.exec:\xxxxxxl.exe90⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe91⤵
-
\??\c:\rrlrxxl.exec:\rrlrxxl.exe92⤵
-
\??\c:\bhtbhh.exec:\bhtbhh.exe93⤵
-
\??\c:\thhhtb.exec:\thhhtb.exe94⤵
-
\??\c:\vppjv.exec:\vppjv.exe95⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe96⤵
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe97⤵
-
\??\c:\3llxxfl.exec:\3llxxfl.exe98⤵
-
\??\c:\bnnntn.exec:\bnnntn.exe99⤵
-
\??\c:\btntbh.exec:\btntbh.exe100⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe101⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe102⤵
-
\??\c:\9vpdp.exec:\9vpdp.exe103⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe104⤵
-
\??\c:\llrlxrf.exec:\llrlxrf.exe105⤵
-
\??\c:\llrxlrr.exec:\llrxlrr.exe106⤵
-
\??\c:\hhntnh.exec:\hhntnh.exe107⤵
-
\??\c:\3ttthh.exec:\3ttthh.exe108⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe109⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe110⤵
-
\??\c:\xrrflxl.exec:\xrrflxl.exe111⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe112⤵
-
\??\c:\bbnbhn.exec:\bbnbhn.exe113⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe114⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe115⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe116⤵
-
\??\c:\jjppv.exec:\jjppv.exe117⤵
-
\??\c:\3fflrxf.exec:\3fflrxf.exe118⤵
-
\??\c:\fxlxffl.exec:\fxlxffl.exe119⤵
-
\??\c:\5xfxfff.exec:\5xfxfff.exe120⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe121⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe122⤵
-
\??\c:\dvddj.exec:\dvddj.exe123⤵
-
\??\c:\9jjvd.exec:\9jjvd.exe124⤵
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe125⤵
-
\??\c:\3xlffxx.exec:\3xlffxx.exe126⤵
-
\??\c:\3xllrlr.exec:\3xllrlr.exe127⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe128⤵
-
\??\c:\bthhbt.exec:\bthhbt.exe129⤵
-
\??\c:\3htttt.exec:\3htttt.exe130⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe131⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe132⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe133⤵
-
\??\c:\xrrrrxf.exec:\xrrrrxf.exe134⤵
-
\??\c:\5lffllr.exec:\5lffllr.exe135⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe136⤵
-
\??\c:\7nhhhn.exec:\7nhhhn.exe137⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe138⤵
-
\??\c:\1pjpd.exec:\1pjpd.exe139⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe140⤵
-
\??\c:\lxlrflr.exec:\lxlrflr.exe141⤵
-
\??\c:\1llxlrx.exec:\1llxlrx.exe142⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe143⤵
-
\??\c:\3tnhnn.exec:\3tnhnn.exe144⤵
-
\??\c:\nntbbn.exec:\nntbbn.exe145⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe146⤵
-
\??\c:\jpppd.exec:\jpppd.exe147⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe148⤵
-
\??\c:\lxrxxrf.exec:\lxrxxrf.exe149⤵
-
\??\c:\5lxfflf.exec:\5lxfflf.exe150⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe151⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe152⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe153⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe154⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe155⤵
-
\??\c:\frfxfxl.exec:\frfxfxl.exe156⤵
-
\??\c:\rrfxrrx.exec:\rrfxrrx.exe157⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe158⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe159⤵
-
\??\c:\1hhthh.exec:\1hhthh.exe160⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe161⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe162⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe163⤵
-
\??\c:\rfxxfll.exec:\rfxxfll.exe164⤵
-
\??\c:\7lrrlrx.exec:\7lrrlrx.exe165⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe166⤵
-
\??\c:\hbnhht.exec:\hbnhht.exe167⤵
-
\??\c:\5dppv.exec:\5dppv.exe168⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe169⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe170⤵
-
\??\c:\rlflrlr.exec:\rlflrlr.exe171⤵
-
\??\c:\rlxrffl.exec:\rlxrffl.exe172⤵
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe173⤵
-
\??\c:\nnbbnb.exec:\nnbbnb.exe174⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe175⤵
-
\??\c:\7pdjv.exec:\7pdjv.exe176⤵
-
\??\c:\1djdv.exec:\1djdv.exe177⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe178⤵
-
\??\c:\1rlrxrf.exec:\1rlrxrf.exe179⤵
-
\??\c:\9hbnnn.exec:\9hbnnn.exe180⤵
-
\??\c:\hthnnh.exec:\hthnnh.exe181⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe182⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe183⤵
-
\??\c:\pppdv.exec:\pppdv.exe184⤵
-
\??\c:\fxfflrf.exec:\fxfflrf.exe185⤵
-
\??\c:\5xrfxxl.exec:\5xrfxxl.exe186⤵
-
\??\c:\3lxxlxl.exec:\3lxxlxl.exe187⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe188⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe189⤵
-
\??\c:\bbhbht.exec:\bbhbht.exe190⤵
-
\??\c:\7vjdj.exec:\7vjdj.exe191⤵
-
\??\c:\9jjpd.exec:\9jjpd.exe192⤵
-
\??\c:\3xllxll.exec:\3xllxll.exe193⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe194⤵
-
\??\c:\lllxxfr.exec:\lllxxfr.exe195⤵
-
\??\c:\nbnthn.exec:\nbnthn.exe196⤵
-
\??\c:\hntnth.exec:\hntnth.exe197⤵
-
\??\c:\bbhhbt.exec:\bbhhbt.exe198⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe199⤵
-
\??\c:\jdppj.exec:\jdppj.exe200⤵
-
\??\c:\ffxxfxf.exec:\ffxxfxf.exe201⤵
-
\??\c:\5xrxflx.exec:\5xrxflx.exe202⤵
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe203⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe204⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe205⤵
-
\??\c:\hhhhbn.exec:\hhhhbn.exe206⤵
-
\??\c:\3pddj.exec:\3pddj.exe207⤵
-
\??\c:\5pdvj.exec:\5pdvj.exe208⤵
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe209⤵
-
\??\c:\lrrflfl.exec:\lrrflfl.exe210⤵
-
\??\c:\9llxxlx.exec:\9llxxlx.exe211⤵
-
\??\c:\9nhbhb.exec:\9nhbhb.exe212⤵
-
\??\c:\btbntt.exec:\btbntt.exe213⤵
-
\??\c:\nhbtbh.exec:\nhbtbh.exe214⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe215⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe216⤵
-
\??\c:\3rffrlx.exec:\3rffrlx.exe217⤵
-
\??\c:\rlfxllr.exec:\rlfxllr.exe218⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe219⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe220⤵
-
\??\c:\djddp.exec:\djddp.exe221⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe222⤵
-
\??\c:\fxfrrfl.exec:\fxfrrfl.exe223⤵
-
\??\c:\rxfrfxl.exec:\rxfrfxl.exe224⤵
-
\??\c:\3tnbth.exec:\3tnbth.exe225⤵
-
\??\c:\hnbhbn.exec:\hnbhbn.exe226⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe227⤵
-
\??\c:\dppjd.exec:\dppjd.exe228⤵
-
\??\c:\5jddv.exec:\5jddv.exe229⤵
-
\??\c:\3fflxlr.exec:\3fflxlr.exe230⤵
-
\??\c:\frfrflr.exec:\frfrflr.exe231⤵
-
\??\c:\3hthhn.exec:\3hthhn.exe232⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe233⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe234⤵
-
\??\c:\3vppd.exec:\3vppd.exe235⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe236⤵
-
\??\c:\xrlfrxr.exec:\xrlfrxr.exe237⤵
-
\??\c:\bbbnth.exec:\bbbnth.exe238⤵
-
\??\c:\bhtbhn.exec:\bhtbhn.exe239⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe240⤵