Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 01:47
General
-
Target
7102099956b6b4f7d2029291f66b46f0_NeikiAnalytics.exe
-
Size
67KB
-
MD5
7102099956b6b4f7d2029291f66b46f0
-
SHA1
fe1affcb4485ef98af4d35c495f6beb1a47199ef
-
SHA256
5aaa295c7588b0d31d5ee1af087278e4fc28ee473194c315fa286b81a55a6b55
-
SHA512
5acec558a8f0bbc4f19f1f10126d6306ebefb1c79d28fa0ebcf23b728f340a029f3d9fa1350655b36b5acae87802ac40a961d0e9c9ec4f91325ef06236527f5e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIV+:ymb3NkkiQ3mdBjFIFdJ8bE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7102099956b6b4f7d2029291f66b46f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7102099956b6b4f7d2029291f66b46f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvjd.exec:\5pvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttth.exec:\tnttth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxlr.exec:\lrrxxlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbt.exec:\bthtbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrlxx.exec:\rrxrlxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbn.exec:\tbhhbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrffx.exec:\rfxrffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnbt.exec:\tnnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbttb.exec:\9tbttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjp.exec:\jdvjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrxl.exec:\xlflrxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbtbn.exec:\3nbtbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jppj.exec:\3jppj.exe17⤵
- Executes dropped EXE
-
\??\c:\lrrflxf.exec:\lrrflxf.exe18⤵
- Executes dropped EXE
-
\??\c:\nntbhb.exec:\nntbhb.exe19⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe20⤵
- Executes dropped EXE
-
\??\c:\dpvdj.exec:\dpvdj.exe21⤵
- Executes dropped EXE
-
\??\c:\rxllrrl.exec:\rxllrrl.exe22⤵
- Executes dropped EXE
-
\??\c:\nttnnh.exec:\nttnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\nhttnb.exec:\nhttnb.exe25⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrrrllx.exec:\xrrrllx.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnbnt.exec:\bnnbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe32⤵
- Executes dropped EXE
-
\??\c:\1dvvd.exec:\1dvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\7rxxlxx.exec:\7rxxlxx.exe35⤵
- Executes dropped EXE
-
\??\c:\3frfllx.exec:\3frfllx.exe36⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbtbh.exec:\ntbtbh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe40⤵
- Executes dropped EXE
-
\??\c:\lfxllxf.exec:\lfxllxf.exe41⤵
- Executes dropped EXE
-
\??\c:\hnhhnh.exec:\hnhhnh.exe42⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe44⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxfllx.exec:\lfxfllx.exe46⤵
- Executes dropped EXE
-
\??\c:\xxffxfx.exec:\xxffxfx.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhbhh.exec:\nhhbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\5lxfflx.exec:\5lxfflx.exe52⤵
- Executes dropped EXE
-
\??\c:\flxfrrx.exec:\flxfrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\tbthbn.exec:\tbthbn.exe54⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe55⤵
- Executes dropped EXE
-
\??\c:\3dppj.exec:\3dppj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrxxfr.exec:\xxrxxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\9frffrx.exec:\9frffrx.exe58⤵
- Executes dropped EXE
-
\??\c:\9bhtnb.exec:\9bhtnb.exe59⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe61⤵
- Executes dropped EXE
-
\??\c:\lxfxxxf.exec:\lxfxxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\5lxfffr.exec:\5lxfffr.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe64⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe66⤵
-
\??\c:\lffrxfx.exec:\lffrxfx.exe67⤵
-
\??\c:\rfrlrll.exec:\rfrlrll.exe68⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe69⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe70⤵
-
\??\c:\5rlrflx.exec:\5rlrflx.exe71⤵
-
\??\c:\lxffllr.exec:\lxffllr.exe72⤵
-
\??\c:\btnnth.exec:\btnnth.exe73⤵
-
\??\c:\bbnbht.exec:\bbnbht.exe74⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe75⤵
-
\??\c:\lfffllx.exec:\lfffllx.exe76⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe77⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe78⤵
-
\??\c:\9dpjj.exec:\9dpjj.exe79⤵
-
\??\c:\3frrrlx.exec:\3frrrlx.exe80⤵
-
\??\c:\fxxflrr.exec:\fxxflrr.exe81⤵
-
\??\c:\nhbtht.exec:\nhbtht.exe82⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe83⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe84⤵
-
\??\c:\3vppv.exec:\3vppv.exe85⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe86⤵
-
\??\c:\rlrrffl.exec:\rlrrffl.exe87⤵
-
\??\c:\bnbhtb.exec:\bnbhtb.exe88⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe89⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe90⤵
-
\??\c:\rxrflxl.exec:\rxrflxl.exe91⤵
-
\??\c:\rlfllfr.exec:\rlfllfr.exe92⤵
-
\??\c:\tnhhnb.exec:\tnhhnb.exe93⤵
-
\??\c:\1pppp.exec:\1pppp.exe94⤵
-
\??\c:\hthbth.exec:\hthbth.exe95⤵
-
\??\c:\9nbhtt.exec:\9nbhtt.exe96⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe97⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe98⤵
-
\??\c:\9lxfffl.exec:\9lxfffl.exe99⤵
-
\??\c:\tbnbnn.exec:\tbnbnn.exe100⤵
-
\??\c:\btthbh.exec:\btthbh.exe101⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe102⤵
-
\??\c:\5xllxrl.exec:\5xllxrl.exe103⤵
-
\??\c:\tntbnh.exec:\tntbnh.exe104⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe105⤵
-
\??\c:\jddvv.exec:\jddvv.exe106⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe107⤵
-
\??\c:\lxllffr.exec:\lxllffr.exe108⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe109⤵
-
\??\c:\bhbbnt.exec:\bhbbnt.exe110⤵
-
\??\c:\jpjvd.exec:\jpjvd.exe111⤵
-
\??\c:\1pdjj.exec:\1pdjj.exe112⤵
-
\??\c:\fxllrxf.exec:\fxllrxf.exe113⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe114⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe115⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe116⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe117⤵
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe118⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe119⤵
-
\??\c:\bhbbhh.exec:\bhbbhh.exe120⤵
-
\??\c:\pddpp.exec:\pddpp.exe121⤵
-
\??\c:\jppjv.exec:\jppjv.exe122⤵
-
\??\c:\xxflxrx.exec:\xxflxrx.exe123⤵
-
\??\c:\hbhbth.exec:\hbhbth.exe124⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe125⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe126⤵
-
\??\c:\xxxffxx.exec:\xxxffxx.exe127⤵
-
\??\c:\ttbnnn.exec:\ttbnnn.exe128⤵
-
\??\c:\nbthnb.exec:\nbthnb.exe129⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe130⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe131⤵
-
\??\c:\3xfxfff.exec:\3xfxfff.exe132⤵
-
\??\c:\ffxrflx.exec:\ffxrflx.exe133⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe134⤵
-
\??\c:\btbntn.exec:\btbntn.exe135⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe136⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe137⤵
-
\??\c:\5rrxlrf.exec:\5rrxlrf.exe138⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe139⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe140⤵
-
\??\c:\7pdjj.exec:\7pdjj.exe141⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe142⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe143⤵
-
\??\c:\xxrflxr.exec:\xxrflxr.exe144⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe145⤵
-
\??\c:\7nnhnn.exec:\7nnhnn.exe146⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe147⤵
-
\??\c:\fxrlflr.exec:\fxrlflr.exe148⤵
-
\??\c:\rfffxfl.exec:\rfffxfl.exe149⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe150⤵
-
\??\c:\7tnnnn.exec:\7tnnnn.exe151⤵
-
\??\c:\hthnth.exec:\hthnth.exe152⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe153⤵
-
\??\c:\dpddv.exec:\dpddv.exe154⤵
-
\??\c:\lrfxrll.exec:\lrfxrll.exe155⤵
-
\??\c:\rrrxxrl.exec:\rrrxxrl.exe156⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe157⤵
-
\??\c:\nhbtnb.exec:\nhbtnb.exe158⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe159⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe160⤵
-
\??\c:\llrfxlr.exec:\llrfxlr.exe161⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe162⤵
-
\??\c:\ntntnh.exec:\ntntnh.exe163⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe164⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe165⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe166⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe167⤵
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe168⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe169⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe170⤵
-
\??\c:\jdppv.exec:\jdppv.exe171⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe172⤵
-
\??\c:\1xrxllf.exec:\1xrxllf.exe173⤵
-
\??\c:\bthntb.exec:\bthntb.exe174⤵
-
\??\c:\3nhhnb.exec:\3nhhnb.exe175⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe176⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe177⤵
-
\??\c:\rlfxxrx.exec:\rlfxxrx.exe178⤵
-
\??\c:\ntnntn.exec:\ntnntn.exe179⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe180⤵
-
\??\c:\pvddv.exec:\pvddv.exe181⤵
-
\??\c:\xlxlxxl.exec:\xlxlxxl.exe182⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe183⤵
-
\??\c:\5httbb.exec:\5httbb.exe184⤵
-
\??\c:\nbthbt.exec:\nbthbt.exe185⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe186⤵
-
\??\c:\lxfffrr.exec:\lxfffrr.exe187⤵
-
\??\c:\9lfxrfx.exec:\9lfxrfx.exe188⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe189⤵
-
\??\c:\pvddp.exec:\pvddp.exe190⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe191⤵
-
\??\c:\rrllxfx.exec:\rrllxfx.exe192⤵
-
\??\c:\tntttt.exec:\tntttt.exe193⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe194⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe195⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe196⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe197⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe198⤵
-
\??\c:\9btntb.exec:\9btntb.exe199⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe200⤵
-
\??\c:\7djvj.exec:\7djvj.exe201⤵
-
\??\c:\xxxfxxf.exec:\xxxfxxf.exe202⤵
-
\??\c:\llrlfxf.exec:\llrlfxf.exe203⤵
-
\??\c:\ntntbb.exec:\ntntbb.exe204⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe205⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe206⤵
-
\??\c:\djjjv.exec:\djjjv.exe207⤵
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe208⤵
-
\??\c:\frrllfx.exec:\frrllfx.exe209⤵
-
\??\c:\nbhttt.exec:\nbhttt.exe210⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe211⤵
-
\??\c:\jpddj.exec:\jpddj.exe212⤵
-
\??\c:\rrrrlfl.exec:\rrrrlfl.exe213⤵
-
\??\c:\lxlllrf.exec:\lxlllrf.exe214⤵
-
\??\c:\1hbhhh.exec:\1hbhhh.exe215⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe216⤵
-
\??\c:\5dvjd.exec:\5dvjd.exe217⤵
-
\??\c:\xxrfrrl.exec:\xxrfrrl.exe218⤵
-
\??\c:\3llllxl.exec:\3llllxl.exe219⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe220⤵
-
\??\c:\bbbnhh.exec:\bbbnhh.exe221⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe222⤵
-
\??\c:\3rfllrr.exec:\3rfllrr.exe223⤵
-
\??\c:\flfrllr.exec:\flfrllr.exe224⤵
-
\??\c:\5rxfrrx.exec:\5rxfrrx.exe225⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe226⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe227⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe228⤵
-
\??\c:\xxffxxx.exec:\xxffxxx.exe229⤵
-
\??\c:\rxrflxf.exec:\rxrflxf.exe230⤵
-
\??\c:\9tnbhh.exec:\9tnbhh.exe231⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe232⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe233⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe234⤵
-
\??\c:\lxrffrf.exec:\lxrffrf.exe235⤵
-
\??\c:\xfrllxf.exec:\xfrllxf.exe236⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe237⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe238⤵
-
\??\c:\7vvjp.exec:\7vvjp.exe239⤵
-
\??\c:\pddjj.exec:\pddjj.exe240⤵