Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 01:11
General
-
Target
6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe
-
Size
198KB
-
MD5
6a0404e563719322ea443844d1f284a0
-
SHA1
5d5274516355b03b983a44585e2cd0cd85e9a420
-
SHA256
7f0b0feb9025081fc8c0e187b38319f06b20c0d6364168236fd18713583276c1
-
SHA512
c38d9dbb17f765f9bde7d90a1cee4e699ce84be68785cd4438e998292aefdba9c1a5f2b7032f9d00840ac3e63ea15f27b3c02eda8515e67c66e67279adc2a9ce
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIZ:xcm4FmowdHoS3WV28HCddWhRO1Lc9Z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnnh.exec:\7btnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbbhh.exec:\1hbbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpv.exec:\jpvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnb.exec:\nhnnnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlflfl.exec:\frlflfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhnt.exec:\nbnhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbtbb.exec:\9nbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fllrlr.exec:\7fllrlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxfxf.exec:\lflxfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnb.exec:\nnbbnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdd.exec:\pjvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlllll.exec:\3xlllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnnt.exec:\5ntnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbttn.exec:\1nbttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjpv.exec:\5pjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxfffl.exec:\lfxfffl.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbtbt.exec:\tnbtbt.exe19⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe20⤵
- Executes dropped EXE
-
\??\c:\3vdvv.exec:\3vdvv.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrxffr.exec:\fxrxffr.exe22⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrxffl.exec:\xlrxffl.exe25⤵
- Executes dropped EXE
-
\??\c:\5bnhhb.exec:\5bnhhb.exe26⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe27⤵
- Executes dropped EXE
-
\??\c:\llllrfl.exec:\llllrfl.exe28⤵
- Executes dropped EXE
-
\??\c:\xllffxl.exec:\xllffxl.exe29⤵
- Executes dropped EXE
-
\??\c:\1htbnt.exec:\1htbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe31⤵
- Executes dropped EXE
-
\??\c:\llxrlfl.exec:\llxrlfl.exe32⤵
- Executes dropped EXE
-
\??\c:\frllrxf.exec:\frllrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\nnbhtb.exec:\nnbhtb.exe34⤵
- Executes dropped EXE
-
\??\c:\3thnnn.exec:\3thnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe36⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\llxflfl.exec:\llxflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe40⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxflxr.exec:\lfxflxr.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnnnh.exec:\nhnnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\rlffrrx.exec:\rlffrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\1nbhhn.exec:\1nbhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\5bnttt.exec:\5bnttt.exe49⤵
- Executes dropped EXE
-
\??\c:\jvpdj.exec:\jvpdj.exe50⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe51⤵
- Executes dropped EXE
-
\??\c:\7lfrlrx.exec:\7lfrlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xrlxlll.exec:\xrlxlll.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhbh.exec:\hbnhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\9nbbbb.exec:\9nbbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe56⤵
- Executes dropped EXE
-
\??\c:\lxllffl.exec:\lxllffl.exe57⤵
- Executes dropped EXE
-
\??\c:\frxflff.exec:\frxflff.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\bnhtnb.exec:\bnhtnb.exe60⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe61⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe62⤵
- Executes dropped EXE
-
\??\c:\xllfxxf.exec:\xllfxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\7nbbhh.exec:\7nbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe65⤵
- Executes dropped EXE
-
\??\c:\5jvjj.exec:\5jvjj.exe66⤵
-
\??\c:\rffflll.exec:\rffflll.exe67⤵
-
\??\c:\xrffrrf.exec:\xrffrrf.exe68⤵
-
\??\c:\7thhtn.exec:\7thhtn.exe69⤵
-
\??\c:\dppvp.exec:\dppvp.exe70⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe71⤵
-
\??\c:\rfllfll.exec:\rfllfll.exe72⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe73⤵
-
\??\c:\nhthnb.exec:\nhthnb.exe74⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe75⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe76⤵
-
\??\c:\flxrlfl.exec:\flxrlfl.exe77⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe78⤵
-
\??\c:\tbtbhb.exec:\tbtbhb.exe79⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe80⤵
-
\??\c:\xlxfrxl.exec:\xlxfrxl.exe81⤵
-
\??\c:\9xrrfrx.exec:\9xrrfrx.exe82⤵
-
\??\c:\3btthb.exec:\3btthb.exe83⤵
-
\??\c:\pddjp.exec:\pddjp.exe84⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe85⤵
-
\??\c:\rlxxrll.exec:\rlxxrll.exe86⤵
-
\??\c:\7rrlxrx.exec:\7rrlxrx.exe87⤵
-
\??\c:\9nbttn.exec:\9nbttn.exe88⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe89⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe90⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe91⤵
-
\??\c:\httnnh.exec:\httnnh.exe92⤵
-
\??\c:\bththb.exec:\bththb.exe93⤵
-
\??\c:\1djpp.exec:\1djpp.exe94⤵
-
\??\c:\ffllfrr.exec:\ffllfrr.exe95⤵
-
\??\c:\1xrxlfl.exec:\1xrxlfl.exe96⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe97⤵
-
\??\c:\vpddd.exec:\vpddd.exe98⤵
-
\??\c:\pdppp.exec:\pdppp.exe99⤵
-
\??\c:\lxxlrfx.exec:\lxxlrfx.exe100⤵
-
\??\c:\lxxxllr.exec:\lxxxllr.exe101⤵
-
\??\c:\hbthhn.exec:\hbthhn.exe102⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe103⤵
-
\??\c:\jdppp.exec:\jdppp.exe104⤵
-
\??\c:\rfrxfxf.exec:\rfrxfxf.exe105⤵
-
\??\c:\lxffrrf.exec:\lxffrrf.exe106⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe107⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe108⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe109⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe110⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe111⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe112⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe113⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe114⤵
-
\??\c:\xfflrlx.exec:\xfflrlx.exe115⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe116⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe117⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe118⤵
-
\??\c:\5frlrxf.exec:\5frlrxf.exe119⤵
-
\??\c:\rxxxrff.exec:\rxxxrff.exe120⤵
-
\??\c:\thbbnh.exec:\thbbnh.exe121⤵
-
\??\c:\3bnnbb.exec:\3bnnbb.exe122⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe123⤵
-
\??\c:\xrfllll.exec:\xrfllll.exe124⤵
-
\??\c:\lxxxxrx.exec:\lxxxxrx.exe125⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe126⤵
-
\??\c:\7ttttn.exec:\7ttttn.exe127⤵
-
\??\c:\pddvp.exec:\pddvp.exe128⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe129⤵
-
\??\c:\lxxxxrl.exec:\lxxxxrl.exe130⤵
-
\??\c:\rlflllr.exec:\rlflllr.exe131⤵
-
\??\c:\1hhnhn.exec:\1hhnhn.exe132⤵
-
\??\c:\5thnbh.exec:\5thnbh.exe133⤵
-
\??\c:\3pdjd.exec:\3pdjd.exe134⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe135⤵
-
\??\c:\fxlrrfl.exec:\fxlrrfl.exe136⤵
-
\??\c:\5nhtnn.exec:\5nhtnn.exe137⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe138⤵
-
\??\c:\3vjvv.exec:\3vjvv.exe139⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe140⤵
-
\??\c:\rfrrxfl.exec:\rfrrxfl.exe141⤵
-
\??\c:\rlflxxr.exec:\rlflxxr.exe142⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe143⤵
-
\??\c:\1tbhhh.exec:\1tbhhh.exe144⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe145⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe146⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe147⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe148⤵
-
\??\c:\1hhhnh.exec:\1hhhnh.exe149⤵
-
\??\c:\djvvd.exec:\djvvd.exe150⤵
-
\??\c:\rxllrlx.exec:\rxllrlx.exe151⤵
-
\??\c:\xxlxllr.exec:\xxlxllr.exe152⤵
-
\??\c:\3nhhtb.exec:\3nhhtb.exe153⤵
-
\??\c:\pdddp.exec:\pdddp.exe154⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe155⤵
-
\??\c:\lfffrrf.exec:\lfffrrf.exe156⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe157⤵
-
\??\c:\1tbthn.exec:\1tbthn.exe158⤵
-
\??\c:\jpppd.exec:\jpppd.exe159⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe160⤵
-
\??\c:\llxrffl.exec:\llxrffl.exe161⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe162⤵
-
\??\c:\7ttbtt.exec:\7ttbtt.exe163⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe164⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe165⤵
-
\??\c:\3dddj.exec:\3dddj.exe166⤵
-
\??\c:\rlrflxl.exec:\rlrflxl.exe167⤵
-
\??\c:\ntnnhn.exec:\ntnnhn.exe168⤵
-
\??\c:\3thhbt.exec:\3thhbt.exe169⤵
-
\??\c:\pddvp.exec:\pddvp.exe170⤵
-
\??\c:\xxfxrlx.exec:\xxfxrlx.exe171⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe172⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe173⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe174⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe175⤵
-
\??\c:\lfrxlxf.exec:\lfrxlxf.exe176⤵
-
\??\c:\7xrlrxx.exec:\7xrlrxx.exe177⤵
-
\??\c:\3htntn.exec:\3htntn.exe178⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe179⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe180⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe181⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe182⤵
-
\??\c:\lxffllx.exec:\lxffllx.exe183⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe184⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe185⤵
-
\??\c:\pjddj.exec:\pjddj.exe186⤵
-
\??\c:\pddvp.exec:\pddvp.exe187⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe188⤵
-
\??\c:\1rlrrrr.exec:\1rlrrrr.exe189⤵
-
\??\c:\1thhhn.exec:\1thhhn.exe190⤵
-
\??\c:\1hnnth.exec:\1hnnth.exe191⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe192⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe193⤵
-
\??\c:\xlllrrr.exec:\xlllrrr.exe194⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe195⤵
-
\??\c:\thbthn.exec:\thbthn.exe196⤵
-
\??\c:\dppvp.exec:\dppvp.exe197⤵
-
\??\c:\jdppv.exec:\jdppv.exe198⤵
-
\??\c:\3xflfxl.exec:\3xflfxl.exe199⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe200⤵
-
\??\c:\nbtthh.exec:\nbtthh.exe201⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe202⤵
-
\??\c:\pppdd.exec:\pppdd.exe203⤵
-
\??\c:\9jppj.exec:\9jppj.exe204⤵
-
\??\c:\lfxfrlr.exec:\lfxfrlr.exe205⤵
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe206⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe207⤵
-
\??\c:\bnnnnb.exec:\bnnnnb.exe208⤵
-
\??\c:\jddvp.exec:\jddvp.exe209⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe210⤵
-
\??\c:\lrxrxxx.exec:\lrxrxxx.exe211⤵
-
\??\c:\9rfxrlr.exec:\9rfxrlr.exe212⤵
-
\??\c:\thhnhb.exec:\thhnhb.exe213⤵
-
\??\c:\htttnn.exec:\htttnn.exe214⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe215⤵
-
\??\c:\vjjpv.exec:\vjjpv.exe216⤵
-
\??\c:\frrlfrx.exec:\frrlfrx.exe217⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe218⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe219⤵
-
\??\c:\pdppd.exec:\pdppd.exe220⤵
-
\??\c:\pjddj.exec:\pjddj.exe221⤵
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe222⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe223⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe224⤵
-
\??\c:\tntthb.exec:\tntthb.exe225⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe226⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe227⤵
-
\??\c:\xlfflrx.exec:\xlfflrx.exe228⤵
-
\??\c:\xrflllr.exec:\xrflllr.exe229⤵
-
\??\c:\3ttnbb.exec:\3ttnbb.exe230⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe231⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe232⤵
-
\??\c:\jdddd.exec:\jdddd.exe233⤵
-
\??\c:\flllfff.exec:\flllfff.exe234⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe235⤵
-
\??\c:\nhhtth.exec:\nhhtth.exe236⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe237⤵
-
\??\c:\1jdpj.exec:\1jdpj.exe238⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe239⤵
-
\??\c:\xrffflx.exec:\xrffflx.exe240⤵