Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 15:30
General
-
Target
9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
9f36cba1e2229a267117063f837dcee0
-
SHA1
b91582059302d36e4db32ca63c463283619510ba
-
SHA256
dc7db52111af0fd58d64e58947db9c09ead0e2f1565893a94cae34a70a947478
-
SHA512
6daaa9d656a22c056fb356072f51a4ef2d5c25cd66f4447f9bb2ac587dc2f30996620dc16de3cb47a8b98dad03305935bcad0736d6098bdf05469857476cea4f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK2:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffl.exec:\lflfffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbhn.exec:\ttnbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrrx.exec:\llffrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxlrr.exec:\xlrxlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtbb.exec:\ntbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddp.exec:\3dddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxfllx.exec:\frxfllx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlxxx.exec:\9frlxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhnhn.exec:\3hhnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\9vpjj.exec:\9vpjj.exe18⤵
- Executes dropped EXE
-
\??\c:\5llxfxf.exec:\5llxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe20⤵
- Executes dropped EXE
-
\??\c:\5hbhhn.exec:\5hbhhn.exe21⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe22⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrxfff.exec:\fxrxfff.exe24⤵
- Executes dropped EXE
-
\??\c:\1nhhbh.exec:\1nhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe26⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\rffflrx.exec:\rffflrx.exe28⤵
- Executes dropped EXE
-
\??\c:\hhhbth.exec:\hhhbth.exe29⤵
- Executes dropped EXE
-
\??\c:\1bttbb.exec:\1bttbb.exe30⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe31⤵
- Executes dropped EXE
-
\??\c:\1rflrfr.exec:\1rflrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\9rflrfl.exec:\9rflrfl.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxrffl.exec:\xrxrffl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe39⤵
- Executes dropped EXE
-
\??\c:\htbhbn.exec:\htbhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\3jddd.exec:\3jddd.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe45⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe46⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\7rfllxl.exec:\7rfllxl.exe48⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\7rlrllr.exec:\7rlrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\thbntt.exec:\thbntt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\9dvpp.exec:\9dvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\5jjpv.exec:\5jjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlxllr.exec:\lxlxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\7hhthn.exec:\7hhthn.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnttb.exec:\tnnttb.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\5lxxllx.exec:\5lxxllx.exe65⤵
- Executes dropped EXE
-
\??\c:\7rrrxfl.exec:\7rrrxfl.exe66⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe67⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe68⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe69⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe70⤵
-
\??\c:\7frrffr.exec:\7frrffr.exe71⤵
-
\??\c:\5nhthb.exec:\5nhthb.exe72⤵
-
\??\c:\3btnbb.exec:\3btnbb.exe73⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe74⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe75⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe76⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe77⤵
-
\??\c:\3tnbnn.exec:\3tnbnn.exe78⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe79⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe80⤵
-
\??\c:\xfrlxlr.exec:\xfrlxlr.exe81⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe82⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe83⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe84⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe85⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe86⤵
-
\??\c:\lflrflr.exec:\lflrflr.exe87⤵
-
\??\c:\lfxrlrf.exec:\lfxrlrf.exe88⤵
-
\??\c:\5nntbt.exec:\5nntbt.exe89⤵
-
\??\c:\9tbhtt.exec:\9tbhtt.exe90⤵
-
\??\c:\1nhhnn.exec:\1nhhnn.exe91⤵
-
\??\c:\1pppv.exec:\1pppv.exe92⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe93⤵
-
\??\c:\lfrfxxl.exec:\lfrfxxl.exe94⤵
-
\??\c:\1xlllrf.exec:\1xlllrf.exe95⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe96⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe97⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe98⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe99⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe100⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe101⤵
-
\??\c:\frrrxxr.exec:\frrrxxr.exe102⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe103⤵
-
\??\c:\1tnbtb.exec:\1tnbtb.exe104⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe105⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe106⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe107⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe108⤵
-
\??\c:\rllrffx.exec:\rllrffx.exe109⤵
-
\??\c:\nbbhnb.exec:\nbbhnb.exe110⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe111⤵
-
\??\c:\5vpvj.exec:\5vpvj.exe112⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe113⤵
-
\??\c:\xrlxllf.exec:\xrlxllf.exe114⤵
-
\??\c:\rrrfxfr.exec:\rrrfxfr.exe115⤵
-
\??\c:\lffxffl.exec:\lffxffl.exe116⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe117⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe118⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe119⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe120⤵
-
\??\c:\fllllrr.exec:\fllllrr.exe121⤵
-
\??\c:\fxrxxff.exec:\fxrxxff.exe122⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe123⤵
-
\??\c:\5dppd.exec:\5dppd.exe124⤵
-
\??\c:\ppddj.exec:\ppddj.exe125⤵
-
\??\c:\rrlxflx.exec:\rrlxflx.exe126⤵
-
\??\c:\xrrrxrx.exec:\xrrrxrx.exe127⤵
-
\??\c:\5hbhbh.exec:\5hbhbh.exe128⤵
-
\??\c:\3tnnbb.exec:\3tnnbb.exe129⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe130⤵
-
\??\c:\7pjvv.exec:\7pjvv.exe131⤵
-
\??\c:\pdppp.exec:\pdppp.exe132⤵
-
\??\c:\xlxxxfr.exec:\xlxxxfr.exe133⤵
-
\??\c:\ffxxlrr.exec:\ffxxlrr.exe134⤵
-
\??\c:\nbhbnh.exec:\nbhbnh.exe135⤵
-
\??\c:\bnbtbt.exec:\bnbtbt.exe136⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe137⤵
-
\??\c:\jjddj.exec:\jjddj.exe138⤵
-
\??\c:\llrxffr.exec:\llrxffr.exe139⤵
-
\??\c:\rlxxllf.exec:\rlxxllf.exe140⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe141⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe142⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe143⤵
-
\??\c:\7vppv.exec:\7vppv.exe144⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe145⤵
-
\??\c:\xrxxlfr.exec:\xrxxlfr.exe146⤵
-
\??\c:\flllrxr.exec:\flllrxr.exe147⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe148⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe149⤵
-
\??\c:\vjppd.exec:\vjppd.exe150⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe151⤵
-
\??\c:\rllxxfx.exec:\rllxxfx.exe152⤵
-
\??\c:\fffrxll.exec:\fffrxll.exe153⤵
-
\??\c:\thbnbn.exec:\thbnbn.exe154⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe155⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe156⤵
-
\??\c:\dpddj.exec:\dpddj.exe157⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe158⤵
-
\??\c:\9rlrxlx.exec:\9rlrxlx.exe159⤵
-
\??\c:\3rrxrlx.exec:\3rrxrlx.exe160⤵
-
\??\c:\1thnnt.exec:\1thnnt.exe161⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe162⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe163⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe164⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe165⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe166⤵
-
\??\c:\xrxfxxx.exec:\xrxfxxx.exe167⤵
-
\??\c:\thnttn.exec:\thnttn.exe168⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe169⤵
-
\??\c:\9dppd.exec:\9dppd.exe170⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe171⤵
-
\??\c:\llxrrrl.exec:\llxrrrl.exe172⤵
-
\??\c:\1rxflrf.exec:\1rxflrf.exe173⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe174⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe175⤵
-
\??\c:\djddp.exec:\djddp.exe176⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe177⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe178⤵
-
\??\c:\1xxfrxf.exec:\1xxfrxf.exe179⤵
-
\??\c:\frlflfl.exec:\frlflfl.exe180⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe181⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe182⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe183⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe184⤵
-
\??\c:\xlrrflr.exec:\xlrrflr.exe185⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe186⤵
-
\??\c:\7bnbht.exec:\7bnbht.exe187⤵
-
\??\c:\nbbhht.exec:\nbbhht.exe188⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe189⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe190⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe191⤵
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe192⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe193⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe194⤵
-
\??\c:\thtthb.exec:\thtthb.exe195⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe196⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe197⤵
-
\??\c:\rrxrrfx.exec:\rrxrrfx.exe198⤵
-
\??\c:\7fxfflr.exec:\7fxfflr.exe199⤵
-
\??\c:\htnttb.exec:\htnttb.exe200⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe201⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe202⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe203⤵
-
\??\c:\xlrfrlx.exec:\xlrfrlx.exe204⤵
-
\??\c:\ffxrxrl.exec:\ffxrxrl.exe205⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe206⤵
-
\??\c:\bthttb.exec:\bthttb.exe207⤵
-
\??\c:\jdppv.exec:\jdppv.exe208⤵
-
\??\c:\xlxfffr.exec:\xlxfffr.exe209⤵
-
\??\c:\9ffxffr.exec:\9ffxffr.exe210⤵
-
\??\c:\3nhbnt.exec:\3nhbnt.exe211⤵
-
\??\c:\thnntt.exec:\thnntt.exe212⤵
-
\??\c:\7ddpp.exec:\7ddpp.exe213⤵
-
\??\c:\pdppj.exec:\pdppj.exe214⤵
-
\??\c:\xrxxxxl.exec:\xrxxxxl.exe215⤵
-
\??\c:\1rffrxx.exec:\1rffrxx.exe216⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe217⤵
-
\??\c:\bhbhbh.exec:\bhbhbh.exe218⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe219⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe220⤵
-
\??\c:\lffrxfr.exec:\lffrxfr.exe221⤵
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe222⤵
-
\??\c:\7frffll.exec:\7frffll.exe223⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe224⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe225⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe226⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe227⤵
-
\??\c:\fxrxlxl.exec:\fxrxlxl.exe228⤵
-
\??\c:\xlxflxf.exec:\xlxflxf.exe229⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe230⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe231⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe232⤵
-
\??\c:\1ppvd.exec:\1ppvd.exe233⤵
-
\??\c:\llfflrx.exec:\llfflrx.exe234⤵
-
\??\c:\1xxxffl.exec:\1xxxffl.exe235⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe236⤵
-
\??\c:\1thbhh.exec:\1thbhh.exe237⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe238⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe239⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe240⤵