Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 05:45
General
-
Target
20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe
-
Size
75KB
-
MD5
20c2ae1adf98979e676e81903e75a800
-
SHA1
90a9e1d227a8f2734fce9e66ce95a9d13125c822
-
SHA256
066e197becd04e501bb1faf937568c4b021aaac23b7765ee6b7f911fda05e686
-
SHA512
4bcad320fece15228c96188cebb7d8bfff8f69bc66fdee5138dcd48afc5746b29eb0f882c792528726bd8579e37b30b70a73dacf125fc7cf0eb609d6e22aa8dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1A2:ymb3NkkiQ3mdBjFIsIVbpUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrxfl.exec:\3lfrxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnn.exec:\nnbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlrxf.exec:\llxlrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtn.exec:\hhbbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjvj.exec:\5jjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxrrf.exec:\3rxxrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttn.exec:\ttbttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbt.exec:\htnnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflrf.exec:\fxxflrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlflx.exec:\rrxlflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbt.exec:\nnttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe18⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe19⤵
- Executes dropped EXE
-
\??\c:\lxrlflf.exec:\lxrlflf.exe20⤵
- Executes dropped EXE
-
\??\c:\nthnhb.exec:\nthnhb.exe21⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe22⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\7rrfxfx.exec:\7rrfxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbhbn.exec:\hhbhbn.exe26⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlrfrr.exec:\rrlrfrr.exe32⤵
- Executes dropped EXE
-
\??\c:\1fllrxf.exec:\1fllrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtbnb.exec:\hbtbnb.exe34⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxrflx.exec:\ffxrflx.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\hththn.exec:\hththn.exe39⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\3pjpd.exec:\3pjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe42⤵
- Executes dropped EXE
-
\??\c:\flrrflr.exec:\flrrflr.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxlffl.exec:\lfxlffl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfllrf.exec:\xrfllrf.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe49⤵
- Executes dropped EXE
-
\??\c:\1tntbb.exec:\1tntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\9bthhh.exec:\9bthhh.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe53⤵
- Executes dropped EXE
-
\??\c:\flllffl.exec:\flllffl.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtbnb.exec:\nhtbnb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe58⤵
- Executes dropped EXE
-
\??\c:\7vvpv.exec:\7vvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrlrrfl.exec:\rrlrrfl.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrfllf.exec:\fxrfllf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\7ttbnt.exec:\7ttbnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe65⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe66⤵
-
\??\c:\5llfrxf.exec:\5llfrxf.exe67⤵
-
\??\c:\btthbb.exec:\btthbb.exe68⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe69⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe70⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe71⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe72⤵
-
\??\c:\frxlrrl.exec:\frxlrrl.exe73⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe74⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe75⤵
-
\??\c:\nthtnb.exec:\nthtnb.exe76⤵
-
\??\c:\pppdj.exec:\pppdj.exe77⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe78⤵
-
\??\c:\llxflrr.exec:\llxflrr.exe79⤵
-
\??\c:\7xlrffx.exec:\7xlrffx.exe80⤵
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe81⤵
-
\??\c:\1bhbtt.exec:\1bhbtt.exe82⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe83⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe84⤵
-
\??\c:\rrrxxfr.exec:\rrrxxfr.exe85⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe86⤵
-
\??\c:\nhhtnt.exec:\nhhtnt.exe87⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe88⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe89⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe90⤵
-
\??\c:\xxxfxfr.exec:\xxxfxfr.exe91⤵
-
\??\c:\frrflrr.exec:\frrflrr.exe92⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe93⤵
-
\??\c:\tttnth.exec:\tttnth.exe94⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe95⤵
-
\??\c:\xffxxrr.exec:\xffxxrr.exe96⤵
-
\??\c:\3lflrxf.exec:\3lflrxf.exe97⤵
-
\??\c:\3lxfllf.exec:\3lxfllf.exe98⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe99⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe100⤵
-
\??\c:\9pjpj.exec:\9pjpj.exe101⤵
-
\??\c:\xxrrxxr.exec:\xxrrxxr.exe102⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe103⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe104⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe105⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe106⤵
-
\??\c:\7vppp.exec:\7vppp.exe107⤵
-
\??\c:\rlrxlll.exec:\rlrxlll.exe108⤵
-
\??\c:\rrflxfx.exec:\rrflxfx.exe109⤵
-
\??\c:\3hbtbb.exec:\3hbtbb.exe110⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe111⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe112⤵
-
\??\c:\5frxfxf.exec:\5frxfxf.exe113⤵
-
\??\c:\hhbbtb.exec:\hhbbtb.exe114⤵
-
\??\c:\tthnth.exec:\tthnth.exe115⤵
-
\??\c:\ppppv.exec:\ppppv.exe116⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe117⤵
-
\??\c:\flrrlrl.exec:\flrrlrl.exe118⤵
-
\??\c:\7llrxxl.exec:\7llrxxl.exe119⤵
-
\??\c:\thttnn.exec:\thttnn.exe120⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe121⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe122⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe123⤵
-
\??\c:\fxxrxfr.exec:\fxxrxfr.exe124⤵
-
\??\c:\bbnbnn.exec:\bbnbnn.exe125⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe126⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe127⤵
-
\??\c:\5vvvd.exec:\5vvvd.exe128⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe129⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe130⤵
-
\??\c:\xrfrffl.exec:\xrfrffl.exe131⤵
-
\??\c:\1htbbn.exec:\1htbbn.exe132⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe133⤵
-
\??\c:\3dddj.exec:\3dddj.exe134⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe135⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe136⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe137⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe138⤵
-
\??\c:\5bhntb.exec:\5bhntb.exe139⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe140⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe141⤵
-
\??\c:\3llfllf.exec:\3llfllf.exe142⤵
-
\??\c:\rxxllff.exec:\rxxllff.exe143⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe144⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe145⤵
-
\??\c:\vpppd.exec:\vpppd.exe146⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe147⤵
-
\??\c:\1xxfxrl.exec:\1xxfxrl.exe148⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe149⤵
-
\??\c:\tnbnbn.exec:\tnbnbn.exe150⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe151⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe152⤵
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe153⤵
-
\??\c:\flxflrf.exec:\flxflrf.exe154⤵
-
\??\c:\7nbhtt.exec:\7nbhtt.exe155⤵
-
\??\c:\bbntnb.exec:\bbntnb.exe156⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe157⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe158⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe159⤵
-
\??\c:\5lrlfxf.exec:\5lrlfxf.exe160⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe161⤵
-
\??\c:\btttbh.exec:\btttbh.exe162⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe163⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe164⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe165⤵
-
\??\c:\xflflrx.exec:\xflflrx.exe166⤵
-
\??\c:\thtbnn.exec:\thtbnn.exe167⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe168⤵
-
\??\c:\jddjp.exec:\jddjp.exe169⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe170⤵
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe171⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe172⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe173⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe174⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe175⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe176⤵
-
\??\c:\rlfrfrx.exec:\rlfrfrx.exe177⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe178⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe179⤵
-
\??\c:\7tttnt.exec:\7tttnt.exe180⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe181⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe182⤵
-
\??\c:\fffrxlr.exec:\fffrxlr.exe183⤵
-
\??\c:\xfxllxx.exec:\xfxllxx.exe184⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe185⤵
-
\??\c:\1hhhnt.exec:\1hhhnt.exe186⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe187⤵
-
\??\c:\lllrfll.exec:\lllrfll.exe188⤵
-
\??\c:\xxllrxl.exec:\xxllrxl.exe189⤵
-
\??\c:\3tnhnn.exec:\3tnhnn.exe190⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe191⤵
-
\??\c:\pvjvv.exec:\pvjvv.exe192⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe193⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe194⤵
-
\??\c:\1fxlxfx.exec:\1fxlxfx.exe195⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe196⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe197⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe198⤵
-
\??\c:\ffrxflr.exec:\ffrxflr.exe199⤵
-
\??\c:\5xflflr.exec:\5xflflr.exe200⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe201⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe202⤵
-
\??\c:\pdjpv.exec:\pdjpv.exe203⤵
-
\??\c:\fxllxrl.exec:\fxllxrl.exe204⤵
-
\??\c:\xffrrlf.exec:\xffrrlf.exe205⤵
-
\??\c:\ttnnnt.exec:\ttnnnt.exe206⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe207⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe208⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe209⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe210⤵
-
\??\c:\rlxxrrf.exec:\rlxxrrf.exe211⤵
-
\??\c:\xrfrfll.exec:\xrfrfll.exe212⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe213⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe214⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe215⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe216⤵
-
\??\c:\rlxxfll.exec:\rlxxfll.exe217⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe218⤵
-
\??\c:\7thhhn.exec:\7thhhn.exe219⤵
-
\??\c:\vjppj.exec:\vjppj.exe220⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe221⤵
-
\??\c:\xxffxff.exec:\xxffxff.exe222⤵
-
\??\c:\rlfxrfl.exec:\rlfxrfl.exe223⤵
-
\??\c:\nhtbtb.exec:\nhtbtb.exe224⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe225⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe226⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe227⤵
-
\??\c:\3rrfrfl.exec:\3rrfrfl.exe228⤵
-
\??\c:\fxrrfll.exec:\fxrrfll.exe229⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe230⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe231⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe232⤵
-
\??\c:\ffxrxlr.exec:\ffxrxlr.exe233⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe234⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe235⤵
-
\??\c:\3tbbhh.exec:\3tbbhh.exe236⤵
-
\??\c:\3vppd.exec:\3vppd.exe237⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe238⤵
-
\??\c:\rlflfxl.exec:\rlflfxl.exe239⤵
-
\??\c:\lfrrffx.exec:\lfrrffx.exe240⤵