Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 22:36
General
-
Target
9a62a0ccd45f982cf5b209edbdaf95b0_NeikiAnalytics.exe
-
Size
104KB
-
MD5
9a62a0ccd45f982cf5b209edbdaf95b0
-
SHA1
02147364589cc3a4b695917d21ffffcf3dd22290
-
SHA256
814f7e860930a870ceb30d639347536be923f20e8931ddc7c8d47e02f611865c
-
SHA512
7790478fc663a7dd0baa30bd24538a2173d0d52d7c87ac5779f1952def3352eeb17fe6dc20cbb115b31e2f417337994cda097583d863de40a7b1618c8e7314e2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJNS:ymb3NkkiQ3mdBjFo5KDe88g1fDS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a62a0ccd45f982cf5b209edbdaf95b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9a62a0ccd45f982cf5b209edbdaf95b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvjp.exec:\7dvjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrxrxr.exec:\3lrxrxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhttn.exec:\bhhttn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvj.exec:\vdpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbt.exec:\bbthbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvd.exec:\1dvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxrrl.exec:\ffrxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbtb.exec:\5tnbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvj.exec:\7ddvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnh.exec:\hhtnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdd.exec:\ppvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxlfx.exec:\rrfxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhtnn.exec:\hhhtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe17⤵
- Executes dropped EXE
-
\??\c:\frfflxx.exec:\frfflxx.exe18⤵
- Executes dropped EXE
-
\??\c:\tntbhb.exec:\tntbhb.exe19⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe20⤵
- Executes dropped EXE
-
\??\c:\xxlfrfl.exec:\xxlfrfl.exe21⤵
- Executes dropped EXE
-
\??\c:\llfrlrf.exec:\llfrlrf.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbtht.exec:\tnbtht.exe23⤵
- Executes dropped EXE
-
\??\c:\pvpvd.exec:\pvpvd.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\7flxffl.exec:\7flxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe27⤵
- Executes dropped EXE
-
\??\c:\hbtntb.exec:\hbtntb.exe28⤵
- Executes dropped EXE
-
\??\c:\5rlrxxl.exec:\5rlrxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\bhtbbt.exec:\bhtbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\9dvdj.exec:\9dvdj.exe32⤵
- Executes dropped EXE
-
\??\c:\3frllfx.exec:\3frllfx.exe33⤵
- Executes dropped EXE
-
\??\c:\5btnnn.exec:\5btnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\1rlxflf.exec:\1rlxflf.exe37⤵
- Executes dropped EXE
-
\??\c:\flxrrrl.exec:\flxrrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe39⤵
- Executes dropped EXE
-
\??\c:\5vpvp.exec:\5vpvp.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\lflxffx.exec:\lflxffx.exe42⤵
- Executes dropped EXE
-
\??\c:\3fflrxx.exec:\3fflrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\9hhthn.exec:\9hhthn.exe44⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpdj.exec:\ddpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\hhhttt.exec:\hhhttt.exe49⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\lflxlxr.exec:\lflxlxr.exe51⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\1tnbnb.exec:\1tnbnb.exe53⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe54⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe55⤵
- Executes dropped EXE
-
\??\c:\1xrxlrf.exec:\1xrxlrf.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbnbn.exec:\hbbnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\vdpdj.exec:\vdpdj.exe61⤵
- Executes dropped EXE
-
\??\c:\xffxrrx.exec:\xffxrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\llfrflr.exec:\llfrflr.exe63⤵
- Executes dropped EXE
-
\??\c:\nbhhbh.exec:\nbhhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe66⤵
-
\??\c:\rxxrffr.exec:\rxxrffr.exe67⤵
-
\??\c:\7lflflx.exec:\7lflflx.exe68⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe69⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe70⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe71⤵
-
\??\c:\5flfrfr.exec:\5flfrfr.exe72⤵
-
\??\c:\lrflxxr.exec:\lrflxxr.exe73⤵
-
\??\c:\9hthbt.exec:\9hthbt.exe74⤵
-
\??\c:\1nbbhh.exec:\1nbbhh.exe75⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe76⤵
-
\??\c:\rrfrffl.exec:\rrfrffl.exe77⤵
-
\??\c:\xrfrxlx.exec:\xrfrxlx.exe78⤵
-
\??\c:\5thnhh.exec:\5thnhh.exe79⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe80⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe81⤵
-
\??\c:\vppdp.exec:\vppdp.exe82⤵
-
\??\c:\llrlxrf.exec:\llrlxrf.exe83⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe84⤵
-
\??\c:\ntbnht.exec:\ntbnht.exe85⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe86⤵
-
\??\c:\7jjpj.exec:\7jjpj.exe87⤵
-
\??\c:\3rllxfr.exec:\3rllxfr.exe88⤵
-
\??\c:\tthbth.exec:\tthbth.exe89⤵
-
\??\c:\hhnbhh.exec:\hhnbhh.exe90⤵
-
\??\c:\9djpv.exec:\9djpv.exe91⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe92⤵
-
\??\c:\rxxrfxl.exec:\rxxrfxl.exe93⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe94⤵
-
\??\c:\ntbhbn.exec:\ntbhbn.exe95⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe96⤵
-
\??\c:\5rlflfl.exec:\5rlflfl.exe97⤵
-
\??\c:\frfrrrx.exec:\frfrrrx.exe98⤵
-
\??\c:\3hbntt.exec:\3hbntt.exe99⤵
-
\??\c:\ddddp.exec:\ddddp.exe100⤵
-
\??\c:\jpddj.exec:\jpddj.exe101⤵
-
\??\c:\rlfrrlx.exec:\rlfrrlx.exe102⤵
-
\??\c:\xfxflfx.exec:\xfxflfx.exe103⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe104⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe105⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe106⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe107⤵
-
\??\c:\rfxllrf.exec:\rfxllrf.exe108⤵
-
\??\c:\lrxlxfx.exec:\lrxlxfx.exe109⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe110⤵
-
\??\c:\7nnhnt.exec:\7nnhnt.exe111⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe112⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe113⤵
-
\??\c:\xxlxrfr.exec:\xxlxrfr.exe114⤵
-
\??\c:\flrrfxl.exec:\flrrfxl.exe115⤵
-
\??\c:\9nnnth.exec:\9nnnth.exe116⤵
-
\??\c:\1tthtb.exec:\1tthtb.exe117⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe118⤵
-
\??\c:\flxrxrr.exec:\flxrxrr.exe119⤵
-
\??\c:\7lflrxx.exec:\7lflrxx.exe120⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe121⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe122⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe123⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe124⤵
-
\??\c:\xrrlrlr.exec:\xrrlrlr.exe125⤵
-
\??\c:\1bbhbn.exec:\1bbhbn.exe126⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe127⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe128⤵
-
\??\c:\vvddj.exec:\vvddj.exe129⤵
-
\??\c:\flxxxlf.exec:\flxxxlf.exe130⤵
-
\??\c:\xrrxrlx.exec:\xrrxrlx.exe131⤵
-
\??\c:\3hhbtn.exec:\3hhbtn.exe132⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe133⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe134⤵
-
\??\c:\rllllrf.exec:\rllllrf.exe135⤵
-
\??\c:\rrxxrlf.exec:\rrxxrlf.exe136⤵
-
\??\c:\nnnhbh.exec:\nnnhbh.exe137⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe138⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe139⤵
-
\??\c:\lxfrrll.exec:\lxfrrll.exe140⤵
-
\??\c:\9rlrflx.exec:\9rlrflx.exe141⤵
-
\??\c:\nnhtnt.exec:\nnhtnt.exe142⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe143⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe144⤵
-
\??\c:\llxxllf.exec:\llxxllf.exe145⤵
-
\??\c:\rlrxlxl.exec:\rlrxlxl.exe146⤵
-
\??\c:\1nnhbn.exec:\1nnhbn.exe147⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe148⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe149⤵
-
\??\c:\9rlrxfr.exec:\9rlrxfr.exe150⤵
-
\??\c:\lfxfffl.exec:\lfxfffl.exe151⤵
-
\??\c:\5htnnh.exec:\5htnnh.exe152⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe153⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe154⤵
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe155⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe156⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe157⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe158⤵
-
\??\c:\5fxxllf.exec:\5fxxllf.exe159⤵
-
\??\c:\9frfxlx.exec:\9frfxlx.exe160⤵
-
\??\c:\9tnbnt.exec:\9tnbnt.exe161⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe162⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe163⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe164⤵
-
\??\c:\xlffxxx.exec:\xlffxxx.exe165⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe166⤵
-
\??\c:\bthbtb.exec:\bthbtb.exe167⤵
-
\??\c:\pddjd.exec:\pddjd.exe168⤵
-
\??\c:\9xlrffr.exec:\9xlrffr.exe169⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe170⤵
-
\??\c:\7nnbhn.exec:\7nnbhn.exe171⤵
-
\??\c:\pjddd.exec:\pjddd.exe172⤵
-
\??\c:\5xxxxfr.exec:\5xxxxfr.exe173⤵
-
\??\c:\xxxrrfl.exec:\xxxrrfl.exe174⤵
-
\??\c:\5bbtbb.exec:\5bbtbb.exe175⤵
-
\??\c:\rlrxrxf.exec:\rlrxrxf.exe176⤵
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe177⤵
-
\??\c:\ntthth.exec:\ntthth.exe178⤵
-
\??\c:\7bnhbt.exec:\7bnhbt.exe179⤵
-
\??\c:\7vjjp.exec:\7vjjp.exe180⤵
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe181⤵
-
\??\c:\fffrllf.exec:\fffrllf.exe182⤵
-
\??\c:\bbhbbn.exec:\bbhbbn.exe183⤵
-
\??\c:\nnhhtn.exec:\nnhhtn.exe184⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe185⤵
-
\??\c:\xxrlrfl.exec:\xxrlrfl.exe186⤵
-
\??\c:\7llrlfr.exec:\7llrlfr.exe187⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe188⤵
-
\??\c:\bhntbn.exec:\bhntbn.exe189⤵
-
\??\c:\1dvjp.exec:\1dvjp.exe190⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe191⤵
-
\??\c:\xrrflxr.exec:\xrrflxr.exe192⤵
-
\??\c:\1llfxrf.exec:\1llfxrf.exe193⤵
-
\??\c:\bntbtt.exec:\bntbtt.exe194⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe195⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe196⤵
-
\??\c:\xrlxrxl.exec:\xrlxrxl.exe197⤵
-
\??\c:\5rlxlxl.exec:\5rlxlxl.exe198⤵
-
\??\c:\hnthhb.exec:\hnthhb.exe199⤵
-
\??\c:\5jjjd.exec:\5jjjd.exe200⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe201⤵
-
\??\c:\frrlrlr.exec:\frrlrlr.exe202⤵
-
\??\c:\9htttt.exec:\9htttt.exe203⤵
-
\??\c:\bhttbb.exec:\bhttbb.exe204⤵
-
\??\c:\1vppd.exec:\1vppd.exe205⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe206⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe207⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe208⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe209⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe210⤵
-
\??\c:\dddpj.exec:\dddpj.exe211⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe212⤵
-
\??\c:\ffxlrfr.exec:\ffxlrfr.exe213⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe214⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe215⤵
-
\??\c:\xlrxxlr.exec:\xlrxxlr.exe216⤵
-
\??\c:\lrrlfrr.exec:\lrrlfrr.exe217⤵
-
\??\c:\hhthbb.exec:\hhthbb.exe218⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe219⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe220⤵
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe221⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe222⤵
-
\??\c:\nnnnbn.exec:\nnnnbn.exe223⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe224⤵
-
\??\c:\llflxll.exec:\llflxll.exe225⤵
-
\??\c:\xxlfflx.exec:\xxlfflx.exe226⤵
-
\??\c:\tbthht.exec:\tbthht.exe227⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe228⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe229⤵
-
\??\c:\lfrxffr.exec:\lfrxffr.exe230⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe231⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe232⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe233⤵
-
\??\c:\9dvjd.exec:\9dvjd.exe234⤵
-
\??\c:\lrrlfxx.exec:\lrrlfxx.exe235⤵
-
\??\c:\xlflxlf.exec:\xlflxlf.exe236⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe237⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe238⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe239⤵
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe240⤵