Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 03:00
General
-
Target
7de60b5e7b88211a00e69a09585b4950_NeikiAnalytics.exe
-
Size
965KB
-
MD5
7de60b5e7b88211a00e69a09585b4950
-
SHA1
00dea446b2aa84ce0478d394f7c813c74f8bb76e
-
SHA256
9976bb75ff6a7815946aef4e4b625285545373fd96da73973d47b6b63e9468e6
-
SHA512
3a9d77616068edf5b10f943023aa7673dd3b5689197993680b3e65eda6647183a49ba2429090d896d9fa33085a0bd37aa68b229f43c5a052377294de9320ba9c
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL04iVypNKvzcMwdBS3b3aoqYveXVadBlHD+CURPO6:SgD4bhoqLDqYLagB6Wj1+Cysn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7de60b5e7b88211a00e69a09585b4950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7de60b5e7b88211a00e69a09585b4950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnth.exec:\hnnnth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrxf.exec:\fflxrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnn.exec:\tnbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjjv.exec:\3jjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbbt.exec:\hhtbbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrlflr.exec:\5xrlflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnnbb.exec:\5hnnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnttb.exec:\5tnttb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lllrrr.exec:\5lllrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnbh.exec:\nnhnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvd.exec:\djjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtbt.exec:\nhhtbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrflr.exec:\lllrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe18⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe19⤵
- Executes dropped EXE
-
\??\c:\ttbbnh.exec:\ttbbnh.exe20⤵
- Executes dropped EXE
-
\??\c:\xrrlrfl.exec:\xrrlrfl.exe21⤵
- Executes dropped EXE
-
\??\c:\3ppvp.exec:\3ppvp.exe22⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxffrf.exec:\rlxffrf.exe25⤵
- Executes dropped EXE
-
\??\c:\1djjd.exec:\1djjd.exe26⤵
- Executes dropped EXE
-
\??\c:\rlflxff.exec:\rlflxff.exe27⤵
- Executes dropped EXE
-
\??\c:\ffxlfrf.exec:\ffxlfrf.exe28⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe30⤵
- Executes dropped EXE
-
\??\c:\5rxllfl.exec:\5rxllfl.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe32⤵
- Executes dropped EXE
-
\??\c:\1bhhnt.exec:\1bhhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\3htbnb.exec:\3htbnb.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe35⤵
- Executes dropped EXE
-
\??\c:\llffrxf.exec:\llffrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\nbbnth.exec:\nbbnth.exe37⤵
- Executes dropped EXE
-
\??\c:\1jjpv.exec:\1jjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe40⤵
- Executes dropped EXE
-
\??\c:\9rrfxrf.exec:\9rrfxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\btntth.exec:\btntth.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\3lrrllx.exec:\3lrrllx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhnbt.exec:\nhhnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe46⤵
- Executes dropped EXE
-
\??\c:\9fxfrfl.exec:\9fxfrfl.exe47⤵
- Executes dropped EXE
-
\??\c:\3nnnth.exec:\3nnnth.exe48⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe49⤵
- Executes dropped EXE
-
\??\c:\5lxfllr.exec:\5lxfllr.exe50⤵
- Executes dropped EXE
-
\??\c:\9hhnnn.exec:\9hhnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\9ddjj.exec:\9ddjj.exe52⤵
- Executes dropped EXE
-
\??\c:\fxxxxrf.exec:\fxxxxrf.exe53⤵
- Executes dropped EXE
-
\??\c:\btttnt.exec:\btttnt.exe54⤵
- Executes dropped EXE
-
\??\c:\jvdjp.exec:\jvdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\lxflrlx.exec:\lxflrlx.exe56⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe57⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe58⤵
- Executes dropped EXE
-
\??\c:\lflrflr.exec:\lflrflr.exe59⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xrrxflr.exec:\xrrxflr.exe62⤵
- Executes dropped EXE
-
\??\c:\hnhthh.exec:\hnhthh.exe63⤵
- Executes dropped EXE
-
\??\c:\nnbnbh.exec:\nnbnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\3fxfllx.exec:\3fxfllx.exe65⤵
- Executes dropped EXE
-
\??\c:\rrlxllf.exec:\rrlxllf.exe66⤵
-
\??\c:\btnntb.exec:\btnntb.exe67⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe68⤵
-
\??\c:\3xlrrxf.exec:\3xlrrxf.exe69⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe70⤵
-
\??\c:\vpppd.exec:\vpppd.exe71⤵
-
\??\c:\xxxfrfl.exec:\xxxfrfl.exe72⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe73⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe74⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe75⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe76⤵
-
\??\c:\lfrfxlr.exec:\lfrfxlr.exe77⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe78⤵
-
\??\c:\7xrxrrl.exec:\7xrxrrl.exe79⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe80⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe81⤵
-
\??\c:\fxxxrfr.exec:\fxxxrfr.exe82⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe83⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe84⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe85⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe86⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe87⤵
-
\??\c:\fxrfrfl.exec:\fxrfrfl.exe88⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe89⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe90⤵
-
\??\c:\7xxrxxr.exec:\7xxrxxr.exe91⤵
-
\??\c:\bttttb.exec:\bttttb.exe92⤵
-
\??\c:\7ddjp.exec:\7ddjp.exe93⤵
-
\??\c:\lxlrrfx.exec:\lxlrrfx.exe94⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe95⤵
-
\??\c:\jddvv.exec:\jddvv.exe96⤵
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe97⤵
-
\??\c:\1nnnhb.exec:\1nnnhb.exe98⤵
-
\??\c:\7vvjj.exec:\7vvjj.exe99⤵
-
\??\c:\lrlfxlf.exec:\lrlfxlf.exe100⤵
-
\??\c:\thhnhh.exec:\thhnhh.exe101⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe102⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe103⤵
-
\??\c:\5hbnbb.exec:\5hbnbb.exe104⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe105⤵
-
\??\c:\3lllrxr.exec:\3lllrxr.exe106⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe107⤵
-
\??\c:\vppjj.exec:\vppjj.exe108⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe109⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe110⤵
-
\??\c:\ffflflf.exec:\ffflflf.exe111⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe112⤵
-
\??\c:\dppvj.exec:\dppvj.exe113⤵
-
\??\c:\9rrrlrf.exec:\9rrrlrf.exe114⤵
-
\??\c:\nntbnb.exec:\nntbnb.exe115⤵
-
\??\c:\ddddd.exec:\ddddd.exe116⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe117⤵
-
\??\c:\btntnt.exec:\btntnt.exe118⤵
-
\??\c:\3jddj.exec:\3jddj.exe119⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe120⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe121⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe122⤵
-
\??\c:\3frxrrx.exec:\3frxrrx.exe123⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe124⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe125⤵
-
\??\c:\lllrrxr.exec:\lllrrxr.exe126⤵
-
\??\c:\1hnbth.exec:\1hnbth.exe127⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe128⤵
-
\??\c:\1fflrxl.exec:\1fflrxl.exe129⤵
-
\??\c:\1bhtbh.exec:\1bhtbh.exe130⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe131⤵
-
\??\c:\9rrxxxf.exec:\9rrxxxf.exe132⤵
-
\??\c:\tnntnh.exec:\tnntnh.exe133⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe134⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe135⤵
-
\??\c:\htnbtb.exec:\htnbtb.exe136⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe137⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe138⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe139⤵
-
\??\c:\9rlllrx.exec:\9rlllrx.exe140⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe141⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe142⤵
-
\??\c:\frlxffl.exec:\frlxffl.exe143⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe144⤵
-
\??\c:\vvppj.exec:\vvppj.exe145⤵
-
\??\c:\xxxfffl.exec:\xxxfffl.exe146⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe147⤵
-
\??\c:\bnnbnn.exec:\bnnbnn.exe148⤵
-
\??\c:\rlflffr.exec:\rlflffr.exe149⤵
-
\??\c:\bththn.exec:\bththn.exe150⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe151⤵
-
\??\c:\rrrfllr.exec:\rrrfllr.exe152⤵
-
\??\c:\fxrfrff.exec:\fxrfrff.exe153⤵
-
\??\c:\htttnt.exec:\htttnt.exe154⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe155⤵
-
\??\c:\fxxlrfx.exec:\fxxlrfx.exe156⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe157⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe158⤵
-
\??\c:\1rrrrrf.exec:\1rrrrrf.exe159⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe160⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe161⤵
-
\??\c:\fflrxrl.exec:\fflrxrl.exe162⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe163⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe164⤵
-
\??\c:\rllrllr.exec:\rllrllr.exe165⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe166⤵
-
\??\c:\jvppv.exec:\jvppv.exe167⤵
-
\??\c:\flrlxxl.exec:\flrlxxl.exe168⤵
-
\??\c:\7nhnbh.exec:\7nhnbh.exe169⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe170⤵
-
\??\c:\lxxlfxf.exec:\lxxlfxf.exe171⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe172⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe173⤵
-
\??\c:\xxlrffr.exec:\xxlrffr.exe174⤵
-
\??\c:\1fffxlr.exec:\1fffxlr.exe175⤵
-
\??\c:\btthnb.exec:\btthnb.exe176⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe177⤵
-
\??\c:\rllrxfl.exec:\rllrxfl.exe178⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe179⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe180⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe181⤵
-
\??\c:\9bthhh.exec:\9bthhh.exe182⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe183⤵
-
\??\c:\rlxlfrx.exec:\rlxlfrx.exe184⤵
-
\??\c:\1ntbhn.exec:\1ntbhn.exe185⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe186⤵
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe187⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe188⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe189⤵
-
\??\c:\xffxlxl.exec:\xffxlxl.exe190⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe191⤵
-
\??\c:\jjddv.exec:\jjddv.exe192⤵
-
\??\c:\xxlrflr.exec:\xxlrflr.exe193⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe194⤵
-
\??\c:\dvppd.exec:\dvppd.exe195⤵
-
\??\c:\ffflrrx.exec:\ffflrrx.exe196⤵
-
\??\c:\3bbnnt.exec:\3bbnnt.exe197⤵
-
\??\c:\3jpdp.exec:\3jpdp.exe198⤵
-
\??\c:\7llrffr.exec:\7llrffr.exe199⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe200⤵
-
\??\c:\3pvjp.exec:\3pvjp.exe201⤵
-
\??\c:\3rxflrx.exec:\3rxflrx.exe202⤵
-
\??\c:\1hhhth.exec:\1hhhth.exe203⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe204⤵
-
\??\c:\lrfxfrf.exec:\lrfxfrf.exe205⤵
-
\??\c:\7hbbnt.exec:\7hbbnt.exe206⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe207⤵
-
\??\c:\xxfrfrf.exec:\xxfrfrf.exe208⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe209⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe210⤵
-
\??\c:\xrrfrfx.exec:\xrrfrfx.exe211⤵
-
\??\c:\btnntb.exec:\btnntb.exe212⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe213⤵
-
\??\c:\xfxlrlf.exec:\xfxlrlf.exe214⤵
-
\??\c:\1thhtb.exec:\1thhtb.exe215⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe216⤵
-
\??\c:\pjppd.exec:\pjppd.exe217⤵
-
\??\c:\7frrffr.exec:\7frrffr.exe218⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe219⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe220⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe221⤵
-
\??\c:\1ttbth.exec:\1ttbth.exe222⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe223⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe224⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe225⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe226⤵
-
\??\c:\xxxfxlx.exec:\xxxfxlx.exe227⤵
-
\??\c:\1bbnbh.exec:\1bbnbh.exe228⤵
-
\??\c:\7ppvp.exec:\7ppvp.exe229⤵
-
\??\c:\lxllxff.exec:\lxllxff.exe230⤵
-
\??\c:\btntnt.exec:\btntnt.exe231⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe232⤵
-
\??\c:\rrrrxrx.exec:\rrrrxrx.exe233⤵
-
\??\c:\bnntbn.exec:\bnntbn.exe234⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe235⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe236⤵
-
\??\c:\bhntnb.exec:\bhntnb.exe237⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe238⤵
-
\??\c:\fflrflf.exec:\fflrflf.exe239⤵
-
\??\c:\7xlrlrx.exec:\7xlrlrx.exe240⤵