Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
23-05-2024 20:27
General
-
Target
001255e39835181199cc0a49c80ca310_NeikiAnalytics.exe
-
Size
306KB
-
MD5
001255e39835181199cc0a49c80ca310
-
SHA1
41e0091cac7cc59df8d72c289715e3257dc57315
-
SHA256
d76d5b7e95195b6c35383c975f2f28a7d7dc8017c6b368cb68e023e6e8fd0af5
-
SHA512
81bf949083a0fa6e4ed16340c25ff530391877ab646c5604797416601e44f7f3d77fc0e9660ced2d2965475c2fd0dd7402101f60ecabfb8893d0db720e3b2eca
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohDLS0k+sLiiBVS0ILlMcGGW7sRCl9eMZ:n3C9BRo/AIuunS3+sOiBVSXxMxTsm9eO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\001255e39835181199cc0a49c80ca310_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\001255e39835181199cc0a49c80ca310_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttn.exec:\hnbttn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdjp.exec:\5jdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rlrxfr.exec:\5rlrxfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpv.exec:\vddpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbtt.exec:\1tnbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvjj.exec:\9dvjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxlrf.exec:\3llxlrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnthb.exec:\7bnthb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llflrx.exec:\5llflrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbn.exec:\hbnbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvvv.exec:\7dvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntb.exec:\nhnntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdp.exec:\pvvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\tthnbn.exec:\tthnbn.exe19⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe20⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe22⤵
- Executes dropped EXE
-
\??\c:\7rlrrrl.exec:\7rlrrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\9htnnn.exec:\9htnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\xxfrflx.exec:\xxfrflx.exe26⤵
- Executes dropped EXE
-
\??\c:\nnbhnn.exec:\nnbhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1lrrflr.exec:\1lrrflr.exe28⤵
- Executes dropped EXE
-
\??\c:\llrlxxr.exec:\llrlxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lxlrrxr.exec:\lxlrrxr.exe31⤵
- Executes dropped EXE
-
\??\c:\1htbhh.exec:\1htbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\3vjjv.exec:\3vjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\bbbtht.exec:\bbbtht.exe35⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lfllrrr.exec:\lfllrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\3jddj.exec:\3jddj.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxllrl.exec:\xlxllrl.exe43⤵
- Executes dropped EXE
-
\??\c:\3flxxlf.exec:\3flxxlf.exe44⤵
- Executes dropped EXE
-
\??\c:\1ntthb.exec:\1ntthb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\1lxxlrf.exec:\1lxxlrf.exe48⤵
- Executes dropped EXE
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe51⤵
- Executes dropped EXE
-
\??\c:\7pvvj.exec:\7pvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrxlxr.exec:\xxrxlxr.exe53⤵
- Executes dropped EXE
-
\??\c:\bbntht.exec:\bbntht.exe54⤵
- Executes dropped EXE
-
\??\c:\thtthh.exec:\thtthh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrfrfr.exec:\xrrfrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\rxrrrlr.exec:\rxrrrlr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\9xxflrl.exec:\9xxflrl.exe62⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe63⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe65⤵
- Executes dropped EXE
-
\??\c:\rlfxllx.exec:\rlfxllx.exe66⤵
-
\??\c:\9hbhhn.exec:\9hbhhn.exe67⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe68⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe69⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe70⤵
-
\??\c:\9xxxlrl.exec:\9xxxlrl.exe71⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe72⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe73⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe74⤵
-
\??\c:\llfrffx.exec:\llfrffx.exe75⤵
-
\??\c:\ttbnhn.exec:\ttbnhn.exe76⤵
-
\??\c:\9bnnht.exec:\9bnnht.exe77⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe78⤵
-
\??\c:\9xflxfr.exec:\9xflxfr.exe79⤵
-
\??\c:\nhthnb.exec:\nhthnb.exe80⤵
-
\??\c:\btnthh.exec:\btnthh.exe81⤵
-
\??\c:\ppppd.exec:\ppppd.exe82⤵
-
\??\c:\rllrrfx.exec:\rllrrfx.exe83⤵
-
\??\c:\1lrrlrf.exec:\1lrrlrf.exe84⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe85⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe86⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe87⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe88⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe89⤵
-
\??\c:\ddppv.exec:\ddppv.exe90⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe91⤵
-
\??\c:\1xrxlrx.exec:\1xrxlrx.exe92⤵
-
\??\c:\nbntbt.exec:\nbntbt.exe93⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe94⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe95⤵
-
\??\c:\xrffrxr.exec:\xrffrxr.exe96⤵
-
\??\c:\fxrflrx.exec:\fxrflrx.exe97⤵
-
\??\c:\7nbnhh.exec:\7nbnhh.exe98⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe99⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe100⤵
-
\??\c:\xxrfrxx.exec:\xxrfrxx.exe101⤵
-
\??\c:\nnbhht.exec:\nnbhht.exe102⤵
-
\??\c:\nhthnh.exec:\nhthnh.exe103⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe104⤵
-
\??\c:\1pddp.exec:\1pddp.exe105⤵
-
\??\c:\rlrfrfr.exec:\rlrfrfr.exe106⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe107⤵
-
\??\c:\nhbhnb.exec:\nhbhnb.exe108⤵
-
\??\c:\5pvjj.exec:\5pvjj.exe109⤵
-
\??\c:\fxxxflr.exec:\fxxxflr.exe110⤵
-
\??\c:\9lrflll.exec:\9lrflll.exe111⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe112⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe113⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe114⤵
-
\??\c:\7lxfflf.exec:\7lxfflf.exe115⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe116⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe117⤵
-
\??\c:\5dpdj.exec:\5dpdj.exe118⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe119⤵
-
\??\c:\frlxxxf.exec:\frlxxxf.exe120⤵
-
\??\c:\3bbnbn.exec:\3bbnbn.exe121⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe122⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe123⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe124⤵
-
\??\c:\llfrrxr.exec:\llfrrxr.exe125⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe126⤵
-
\??\c:\bbntnb.exec:\bbntnb.exe127⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe128⤵
-
\??\c:\dddvj.exec:\dddvj.exe129⤵
-
\??\c:\9rlrxlx.exec:\9rlrxlx.exe130⤵
-
\??\c:\7rxfrxr.exec:\7rxfrxr.exe131⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe132⤵
-
\??\c:\nhthnb.exec:\nhthnb.exe133⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe134⤵
-
\??\c:\xrflffr.exec:\xrflffr.exe135⤵
-
\??\c:\ffxrlll.exec:\ffxrlll.exe136⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe137⤵
-
\??\c:\1pjvv.exec:\1pjvv.exe138⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe139⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe140⤵
-
\??\c:\hnhtnn.exec:\hnhtnn.exe141⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe142⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe143⤵
-
\??\c:\xxrfrfx.exec:\xxrfrfx.exe144⤵
-
\??\c:\ttbtbn.exec:\ttbtbn.exe145⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe146⤵
-
\??\c:\vvppj.exec:\vvppj.exe147⤵
-
\??\c:\xxlflff.exec:\xxlflff.exe148⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe149⤵
-
\??\c:\5hbhtt.exec:\5hbhtt.exe150⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe151⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe152⤵
-
\??\c:\lrlxfrr.exec:\lrlxfrr.exe153⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe154⤵
-
\??\c:\7bbhth.exec:\7bbhth.exe155⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe156⤵
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe157⤵
-
\??\c:\1htntb.exec:\1htntb.exe158⤵
-
\??\c:\bbtthn.exec:\bbtthn.exe159⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe160⤵
-
\??\c:\7fxrflx.exec:\7fxrflx.exe161⤵
-
\??\c:\xxfllrx.exec:\xxfllrx.exe162⤵
-
\??\c:\5hbhth.exec:\5hbhth.exe163⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe164⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe165⤵
-
\??\c:\fxrxllx.exec:\fxrxllx.exe166⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe167⤵
-
\??\c:\hhnntn.exec:\hhnntn.exe168⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe169⤵
-
\??\c:\frflfrl.exec:\frflfrl.exe170⤵
-
\??\c:\7nbhtb.exec:\7nbhtb.exe171⤵
-
\??\c:\hbhntb.exec:\hbhntb.exe172⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe173⤵
-
\??\c:\rlxlrxr.exec:\rlxlrxr.exe174⤵
-
\??\c:\ttnntn.exec:\ttnntn.exe175⤵
-
\??\c:\1btnnh.exec:\1btnnh.exe176⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe177⤵
-
\??\c:\3lrxxlr.exec:\3lrxxlr.exe178⤵
-
\??\c:\btnthh.exec:\btnthh.exe179⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe180⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe181⤵
-
\??\c:\9rffflx.exec:\9rffflx.exe182⤵
-
\??\c:\ffxlxxl.exec:\ffxlxxl.exe183⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe184⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe185⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe186⤵
-
\??\c:\xlrxrll.exec:\xlrxrll.exe187⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe188⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe189⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe190⤵
-
\??\c:\5lrlrxf.exec:\5lrlrxf.exe191⤵
-
\??\c:\hnhnnt.exec:\hnhnnt.exe192⤵
-
\??\c:\tbnhnt.exec:\tbnhnt.exe193⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe194⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe195⤵
-
\??\c:\rfrfxfx.exec:\rfrfxfx.exe196⤵
-
\??\c:\nhhhbn.exec:\nhhhbn.exe197⤵
-
\??\c:\tbhhtn.exec:\tbhhtn.exe198⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe199⤵
-
\??\c:\fxlrxlf.exec:\fxlrxlf.exe200⤵
-
\??\c:\xfxfxfr.exec:\xfxfxfr.exe201⤵
-
\??\c:\7tnthn.exec:\7tnthn.exe202⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe203⤵
-
\??\c:\frrflrf.exec:\frrflrf.exe204⤵
-
\??\c:\rrflfrx.exec:\rrflfrx.exe205⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe206⤵
-
\??\c:\tnhnth.exec:\tnhnth.exe207⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe208⤵
-
\??\c:\5xllfrl.exec:\5xllfrl.exe209⤵
-
\??\c:\fflrflx.exec:\fflrflx.exe210⤵
-
\??\c:\bnhhht.exec:\bnhhht.exe211⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe212⤵
-
\??\c:\rrfrxrx.exec:\rrfrxrx.exe213⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe214⤵
-
\??\c:\5ttnhn.exec:\5ttnhn.exe215⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe216⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe217⤵
-
\??\c:\flrflxx.exec:\flrflxx.exe218⤵
-
\??\c:\nbbhnh.exec:\nbbhnh.exe219⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe220⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe221⤵
-
\??\c:\llxxrxl.exec:\llxxrxl.exe222⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe223⤵
-
\??\c:\1hhhtt.exec:\1hhhtt.exe224⤵
-
\??\c:\1dpdv.exec:\1dpdv.exe225⤵
-
\??\c:\3lflrrx.exec:\3lflrrx.exe226⤵
-
\??\c:\xrxflrf.exec:\xrxflrf.exe227⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe228⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe229⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe230⤵
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe231⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe232⤵
-
\??\c:\hbntnb.exec:\hbntnb.exe233⤵
-
\??\c:\jppjv.exec:\jppjv.exe234⤵
-
\??\c:\3lflrxl.exec:\3lflrxl.exe235⤵
-
\??\c:\5rrrxxx.exec:\5rrrxxx.exe236⤵
-
\??\c:\nnbnbh.exec:\nnbnbh.exe237⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe238⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe239⤵
-
\??\c:\fxxlrxr.exec:\fxxlrxr.exe240⤵
-
\??\c:\5nhnnn.exec:\5nhnnn.exe241⤵