Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24-05-2024 05:07
General
-
Target
afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe
-
Size
74KB
-
MD5
afae590fee0f526a31fff02dd6ddfb80
-
SHA1
d6d5b7165f94e65e41526f890f7375f36527c946
-
SHA256
4d3c1495196558a78676b376ac9a4dde2dc92c685170b4bade09206d8bf24f65
-
SHA512
2c68b79a803cd76ff366257520df50ee8192326e87d07177b34f28c9893e7342dc006e911942ebc2076d90a2d56e61723c8845a1b050aa60fb87e7ff403110e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5TEom:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCqJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\afae590fee0f526a31fff02dd6ddfb80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7dppd.exec:\7dppd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfllr.exec:\xlxfllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthb.exec:\thtthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnbnt.exec:\9bnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tntht.exec:\9tntht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfllr.exec:\xrxfllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnntt.exec:\7tnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhn.exec:\tnhhhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjjp.exec:\1vjjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddp.exec:\jvddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlrrxf.exec:\7xlrrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\5btbnt.exec:\5btbnt.exe19⤵
- Executes dropped EXE
-
\??\c:\jjpdp.exec:\jjpdp.exe20⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe21⤵
- Executes dropped EXE
-
\??\c:\xfrfxxr.exec:\xfrfxxr.exe22⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\nhttbn.exec:\nhttbn.exe24⤵
- Executes dropped EXE
-
\??\c:\nbtnbh.exec:\nbtnbh.exe25⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxxflr.exec:\xfxxflr.exe27⤵
- Executes dropped EXE
-
\??\c:\7lffllr.exec:\7lffllr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe30⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe31⤵
- Executes dropped EXE
-
\??\c:\lffrxxl.exec:\lffrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe33⤵
- Executes dropped EXE
-
\??\c:\3lrrffl.exec:\3lrrffl.exe34⤵
- Executes dropped EXE
-
\??\c:\hnntth.exec:\hnntth.exe35⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlflff.exec:\lxlflff.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbhth.exec:\hbbhth.exe40⤵
- Executes dropped EXE
-
\??\c:\5hhhtt.exec:\5hhhtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\3frrrrf.exec:\3frrrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnhnt.exec:\hbnhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlrrffl.exec:\rlrrffl.exe50⤵
- Executes dropped EXE
-
\??\c:\9lxrxfl.exec:\9lxrxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbnnt.exec:\hbbnnt.exe53⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\rflrxff.exec:\rflrxff.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlfrrf.exec:\fxlfrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrflxf.exec:\fxrflxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe59⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe60⤵
- Executes dropped EXE
-
\??\c:\9pjpv.exec:\9pjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\7ppvd.exec:\7ppvd.exe62⤵
- Executes dropped EXE
-
\??\c:\1fxlllr.exec:\1fxlllr.exe63⤵
- Executes dropped EXE
-
\??\c:\5xxxffr.exec:\5xxxffr.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbbbt.exec:\bbbbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe66⤵
-
\??\c:\9htbhh.exec:\9htbhh.exe67⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe68⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe69⤵
-
\??\c:\frfrxxf.exec:\frfrxxf.exe70⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe71⤵
-
\??\c:\bbthbt.exec:\bbthbt.exe72⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe73⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe74⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe75⤵
-
\??\c:\9frrxlf.exec:\9frrxlf.exe76⤵
-
\??\c:\rrffrrl.exec:\rrffrrl.exe77⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe78⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe79⤵
-
\??\c:\pjddd.exec:\pjddd.exe80⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe81⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe82⤵
-
\??\c:\5lxflfl.exec:\5lxflfl.exe83⤵
-
\??\c:\rrflxxf.exec:\rrflxxf.exe84⤵
-
\??\c:\3hhntt.exec:\3hhntt.exe85⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe86⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe87⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe88⤵
-
\??\c:\xrflxrf.exec:\xrflxrf.exe89⤵
-
\??\c:\rllrffl.exec:\rllrffl.exe90⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe91⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe92⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe93⤵
-
\??\c:\7vjdd.exec:\7vjdd.exe94⤵
-
\??\c:\vjddd.exec:\vjddd.exe95⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe96⤵
-
\??\c:\5flrrrf.exec:\5flrrrf.exe97⤵
-
\??\c:\5bthtt.exec:\5bthtt.exe98⤵
-
\??\c:\pppvd.exec:\pppvd.exe99⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe100⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe101⤵
-
\??\c:\rllrfrl.exec:\rllrfrl.exe102⤵
-
\??\c:\9bhhtt.exec:\9bhhtt.exe103⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe104⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe105⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe106⤵
-
\??\c:\vpppd.exec:\vpppd.exe107⤵
-
\??\c:\frlrrfl.exec:\frlrrfl.exe108⤵
-
\??\c:\9lflrxx.exec:\9lflrxx.exe109⤵
-
\??\c:\btnttb.exec:\btnttb.exe110⤵
-
\??\c:\7vppd.exec:\7vppd.exe111⤵
-
\??\c:\7jvdp.exec:\7jvdp.exe112⤵
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe113⤵
-
\??\c:\fflfxrx.exec:\fflfxrx.exe114⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe115⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe116⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe117⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe118⤵
-
\??\c:\xxlllrf.exec:\xxlllrf.exe119⤵
-
\??\c:\9fxlxfx.exec:\9fxlxfx.exe120⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe121⤵
-
\??\c:\nhtbhb.exec:\nhtbhb.exe122⤵
-
\??\c:\htbthb.exec:\htbthb.exe123⤵
-
\??\c:\jdppd.exec:\jdppd.exe124⤵
-
\??\c:\vvddd.exec:\vvddd.exe125⤵
-
\??\c:\rrlrffl.exec:\rrlrffl.exe126⤵
-
\??\c:\9rfrxfr.exec:\9rfrxfr.exe127⤵
-
\??\c:\9nhbhn.exec:\9nhbhn.exe128⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe129⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe130⤵
-
\??\c:\1xlrflr.exec:\1xlrflr.exe131⤵
-
\??\c:\lxlrfff.exec:\lxlrfff.exe132⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe133⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe134⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe135⤵
-
\??\c:\dvddd.exec:\dvddd.exe136⤵
-
\??\c:\rllrlff.exec:\rllrlff.exe137⤵
-
\??\c:\frxfflf.exec:\frxfflf.exe138⤵
-
\??\c:\9tbbhb.exec:\9tbbhb.exe139⤵
-
\??\c:\3thbbb.exec:\3thbbb.exe140⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe141⤵
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe142⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe143⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe144⤵
-
\??\c:\5nbhtt.exec:\5nbhtt.exe145⤵
-
\??\c:\3bbnbh.exec:\3bbnbh.exe146⤵
-
\??\c:\jdppv.exec:\jdppv.exe147⤵
-
\??\c:\jvddp.exec:\jvddp.exe148⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe149⤵
-
\??\c:\fxfrrxr.exec:\fxfrrxr.exe150⤵
-
\??\c:\1tbbnh.exec:\1tbbnh.exe151⤵
-
\??\c:\7bnnnn.exec:\7bnnnn.exe152⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe153⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe154⤵
-
\??\c:\lfffffr.exec:\lfffffr.exe155⤵
-
\??\c:\1xrxxxf.exec:\1xrxxxf.exe156⤵
-
\??\c:\5rllrxl.exec:\5rllrxl.exe157⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe158⤵
-
\??\c:\1hhnnt.exec:\1hhnnt.exe159⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe160⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe161⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe162⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe163⤵
-
\??\c:\1bhntt.exec:\1bhntt.exe164⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe165⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe166⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe167⤵
-
\??\c:\9rlrrxl.exec:\9rlrrxl.exe168⤵
-
\??\c:\1lfllrx.exec:\1lfllrx.exe169⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe170⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe171⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe172⤵
-
\??\c:\vvppv.exec:\vvppv.exe173⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe174⤵
-
\??\c:\rllrxrx.exec:\rllrxrx.exe175⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe176⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe177⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe178⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe179⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe180⤵
-
\??\c:\dvddp.exec:\dvddp.exe181⤵
-
\??\c:\3lrxllx.exec:\3lrxllx.exe182⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe183⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe184⤵
-
\??\c:\9httnn.exec:\9httnn.exe185⤵
-
\??\c:\9pddj.exec:\9pddj.exe186⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe187⤵
-
\??\c:\1djdj.exec:\1djdj.exe188⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe189⤵
-
\??\c:\fxlxxxf.exec:\fxlxxxf.exe190⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe191⤵
-
\??\c:\7tntbn.exec:\7tntbn.exe192⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe193⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe194⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe195⤵
-
\??\c:\1lffflf.exec:\1lffflf.exe196⤵
-
\??\c:\lrflfxf.exec:\lrflfxf.exe197⤵
-
\??\c:\1btthb.exec:\1btthb.exe198⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe199⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe200⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe201⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe202⤵
-
\??\c:\rlllrxf.exec:\rlllrxf.exe203⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe204⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe205⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe206⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe207⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe208⤵
-
\??\c:\5xlffxl.exec:\5xlffxl.exe209⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe210⤵
-
\??\c:\3lrfffx.exec:\3lrfffx.exe211⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe212⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe213⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe214⤵
-
\??\c:\jvppv.exec:\jvppv.exe215⤵
-
\??\c:\9rllrrx.exec:\9rllrrx.exe216⤵
-
\??\c:\lfffrll.exec:\lfffrll.exe217⤵
-
\??\c:\3bbbhh.exec:\3bbbhh.exe218⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe219⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe220⤵
-
\??\c:\jvddd.exec:\jvddd.exe221⤵
-
\??\c:\1lflllx.exec:\1lflllx.exe222⤵
-
\??\c:\3bhhnn.exec:\3bhhnn.exe223⤵
-
\??\c:\pjddp.exec:\pjddp.exe224⤵
-
\??\c:\1vdjj.exec:\1vdjj.exe225⤵
-
\??\c:\lxflrxx.exec:\lxflrxx.exe226⤵
-
\??\c:\fxrxlrx.exec:\fxrxlrx.exe227⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe228⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe229⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe230⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe231⤵
-
\??\c:\7frrrrf.exec:\7frrrrf.exe232⤵
-
\??\c:\3fxfrxr.exec:\3fxfrxr.exe233⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe234⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe235⤵
-
\??\c:\9hnhnn.exec:\9hnhnn.exe236⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe237⤵
-
\??\c:\pdppp.exec:\pdppp.exe238⤵
-
\??\c:\xrxllxf.exec:\xrxllxf.exe239⤵
-
\??\c:\9flxfll.exec:\9flxfll.exe240⤵