Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 13:00
General
-
Target
2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe
-
Size
58KB
-
MD5
2ccea5b6d5917c0196f2c1d48f4ea330
-
SHA1
526168feb91211244d52c37632b796b002d71244
-
SHA256
53d735060eac315659542f46c2fdebb960aaec6a53fe584a0d71caa563d6ed59
-
SHA512
0343397b10ddfd26e2b468031c51cc5ae897aef2b80edc4f40aed970a71d014f50d1056005e58294ac318cbf3f08f1c00741ad9fefd07f66c719cf0d80cbc7be
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIm2hb:ymb3NkkiQ3mdBjFIsIrhb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjv.exec:\7vvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllfl.exec:\llrllfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbnn.exec:\tnnbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxlxl.exec:\rlrxlxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbhb.exec:\bnhbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rflxxl.exec:\9rflxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnt.exec:\nnnbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrffxx.exec:\rxrffxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbntn.exec:\htbntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbtn.exec:\7nbbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe18⤵
- Executes dropped EXE
-
\??\c:\9htbnn.exec:\9htbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe20⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe21⤵
- Executes dropped EXE
-
\??\c:\5fxxffr.exec:\5fxxffr.exe22⤵
- Executes dropped EXE
-
\??\c:\7thhnt.exec:\7thhnt.exe23⤵
- Executes dropped EXE
-
\??\c:\1pjvv.exec:\1pjvv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnthn.exec:\bnnthn.exe27⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlffrx.exec:\fxlffrx.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\tttbnn.exec:\tttbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe33⤵
- Executes dropped EXE
-
\??\c:\9rrrlrf.exec:\9rrrlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbhnb.exec:\hbbhnb.exe36⤵
- Executes dropped EXE
-
\??\c:\5pjpd.exec:\5pjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe39⤵
- Executes dropped EXE
-
\??\c:\llrfrxf.exec:\llrfrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhtbn.exec:\nhhtbn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\rrflrxl.exec:\rrflrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe46⤵
- Executes dropped EXE
-
\??\c:\9hhntt.exec:\9hhntt.exe47⤵
- Executes dropped EXE
-
\??\c:\5nhhnb.exec:\5nhhnb.exe48⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\7xxlxfr.exec:\7xxlxfr.exe51⤵
- Executes dropped EXE
-
\??\c:\9tnbnh.exec:\9tnbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrxllr.exec:\rlrxllr.exe55⤵
- Executes dropped EXE
-
\??\c:\xflffxf.exec:\xflffxf.exe56⤵
- Executes dropped EXE
-
\??\c:\5nnntt.exec:\5nnntt.exe57⤵
- Executes dropped EXE
-
\??\c:\hnnbnn.exec:\hnnbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\5lrlxrf.exec:\5lrlxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1nntbb.exec:\1nntbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe65⤵
- Executes dropped EXE
-
\??\c:\frffflf.exec:\frffflf.exe66⤵
-
\??\c:\ffxlrxr.exec:\ffxlrxr.exe67⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe68⤵
-
\??\c:\vddpp.exec:\vddpp.exe69⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe70⤵
-
\??\c:\xrlxxxl.exec:\xrlxxxl.exe71⤵
-
\??\c:\lfflllf.exec:\lfflllf.exe72⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe73⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe74⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe75⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe76⤵
-
\??\c:\5rlrxxl.exec:\5rlrxxl.exe77⤵
-
\??\c:\xlflxrl.exec:\xlflxrl.exe78⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe79⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe80⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe81⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe82⤵
-
\??\c:\llflxrf.exec:\llflxrf.exe83⤵
-
\??\c:\3hbhth.exec:\3hbhth.exe84⤵
-
\??\c:\3thbth.exec:\3thbth.exe85⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe86⤵
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe87⤵
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe88⤵
-
\??\c:\3thnnt.exec:\3thnnt.exe89⤵
-
\??\c:\tbhbhb.exec:\tbhbhb.exe90⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe91⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe92⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe93⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe94⤵
-
\??\c:\nthhhb.exec:\nthhhb.exe95⤵
-
\??\c:\dddpd.exec:\dddpd.exe96⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe97⤵
-
\??\c:\rlfrxrf.exec:\rlfrxrf.exe98⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe99⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe100⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe101⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe102⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe103⤵
-
\??\c:\rrxllfr.exec:\rrxllfr.exe104⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe105⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe106⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe107⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe108⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe109⤵
-
\??\c:\lrlfrfx.exec:\lrlfrfx.exe110⤵
-
\??\c:\3hhtbb.exec:\3hhtbb.exe111⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe112⤵
-
\??\c:\9vppd.exec:\9vppd.exe113⤵
-
\??\c:\xxxfrxf.exec:\xxxfrxf.exe114⤵
-
\??\c:\fxflrxf.exec:\fxflrxf.exe115⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe116⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe117⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe118⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe119⤵
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe120⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe121⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe122⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe123⤵
-
\??\c:\5thnbb.exec:\5thnbb.exe124⤵
-
\??\c:\vddpp.exec:\vddpp.exe125⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe126⤵
-
\??\c:\lllxxlf.exec:\lllxxlf.exe127⤵
-
\??\c:\ffxxffr.exec:\ffxxffr.exe128⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe129⤵
-
\??\c:\9bthhn.exec:\9bthhn.exe130⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe131⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe132⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe133⤵
-
\??\c:\bthntt.exec:\bthntt.exe134⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe135⤵
-
\??\c:\pddjv.exec:\pddjv.exe136⤵
-
\??\c:\xfflfrx.exec:\xfflfrx.exe137⤵
-
\??\c:\xrlxflr.exec:\xrlxflr.exe138⤵
-
\??\c:\ntntnt.exec:\ntntnt.exe139⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe140⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe141⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe142⤵
-
\??\c:\xrffxxl.exec:\xrffxxl.exe143⤵
-
\??\c:\rlxxrxl.exec:\rlxxrxl.exe144⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe145⤵
-
\??\c:\3hnbtb.exec:\3hnbtb.exe146⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe147⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe148⤵
-
\??\c:\xlfllrf.exec:\xlfllrf.exe149⤵
-
\??\c:\lfxxllr.exec:\lfxxllr.exe150⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe151⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe152⤵
-
\??\c:\5jdjj.exec:\5jdjj.exe153⤵
-
\??\c:\djjdj.exec:\djjdj.exe154⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe155⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe156⤵
-
\??\c:\xrrrlxf.exec:\xrrrlxf.exe157⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe158⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe159⤵
-
\??\c:\5ppdj.exec:\5ppdj.exe160⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe161⤵
-
\??\c:\lllrxfr.exec:\lllrxfr.exe162⤵
-
\??\c:\lxfrfxx.exec:\lxfrfxx.exe163⤵
-
\??\c:\7bbhnn.exec:\7bbhnn.exe164⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe165⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe166⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe167⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe168⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe169⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe170⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe171⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe172⤵
-
\??\c:\9lxxflr.exec:\9lxxflr.exe173⤵
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe174⤵
-
\??\c:\9btnbh.exec:\9btnbh.exe175⤵
-
\??\c:\9hntbb.exec:\9hntbb.exe176⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe177⤵
-
\??\c:\pjddj.exec:\pjddj.exe178⤵
-
\??\c:\fxxfrxr.exec:\fxxfrxr.exe179⤵
-
\??\c:\fxxxllf.exec:\fxxxllf.exe180⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe181⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe182⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe183⤵
-
\??\c:\dvppd.exec:\dvppd.exe184⤵
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe185⤵
-
\??\c:\xlllxlx.exec:\xlllxlx.exe186⤵
-
\??\c:\3tnbnt.exec:\3tnbnt.exe187⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe188⤵
-
\??\c:\rfxrxlr.exec:\rfxrxlr.exe189⤵
-
\??\c:\llxxxfx.exec:\llxxxfx.exe190⤵
-
\??\c:\5hbhnb.exec:\5hbhnb.exe191⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe192⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe193⤵
-
\??\c:\tbbbhb.exec:\tbbbhb.exe194⤵
-
\??\c:\tthntb.exec:\tthntb.exe195⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe196⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe197⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe198⤵
-
\??\c:\xxlfrxr.exec:\xxlfrxr.exe199⤵
-
\??\c:\1xrxffl.exec:\1xrxffl.exe200⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe201⤵
-
\??\c:\5bttnt.exec:\5bttnt.exe202⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe203⤵
-
\??\c:\vppvd.exec:\vppvd.exe204⤵
-
\??\c:\lllxllf.exec:\lllxllf.exe205⤵
-
\??\c:\rxlfrlr.exec:\rxlfrlr.exe206⤵
-
\??\c:\hhbnth.exec:\hhbnth.exe207⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe208⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe209⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe210⤵
-
\??\c:\xrfxlxl.exec:\xrfxlxl.exe211⤵
-
\??\c:\rfxxllr.exec:\rfxxllr.exe212⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe213⤵
-
\??\c:\btntht.exec:\btntht.exe214⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe215⤵
-
\??\c:\xxlxlrr.exec:\xxlxlrr.exe216⤵
-
\??\c:\rrlrffl.exec:\rrlrffl.exe217⤵
-
\??\c:\3bnttb.exec:\3bnttb.exe218⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe219⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe220⤵
-
\??\c:\1xrlxxl.exec:\1xrlxxl.exe221⤵
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe222⤵
-
\??\c:\thnntn.exec:\thnntn.exe223⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe224⤵
-
\??\c:\pppdj.exec:\pppdj.exe225⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe226⤵
-
\??\c:\rxllrfr.exec:\rxllrfr.exe227⤵
-
\??\c:\9xrxrrf.exec:\9xrxrrf.exe228⤵
-
\??\c:\5tntbh.exec:\5tntbh.exe229⤵
-
\??\c:\7vvjp.exec:\7vvjp.exe230⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe231⤵
-
\??\c:\rlfflxf.exec:\rlfflxf.exe232⤵
-
\??\c:\llflxxl.exec:\llflxxl.exe233⤵
-
\??\c:\nttntn.exec:\nttntn.exe234⤵
-
\??\c:\3nhbnn.exec:\3nhbnn.exe235⤵
-
\??\c:\vpddp.exec:\vpddp.exe236⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe237⤵
-
\??\c:\xrrflrf.exec:\xrrflrf.exe238⤵
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe239⤵
-
\??\c:\lfxfrfl.exec:\lfxfrfl.exe240⤵