Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 23:55
General
-
Target
24c14db11c563a6715feb41d0f82d62ac135f8c34628dd7baa2b6a3d6f912276_NeikiAnalytics.exe
-
Size
213KB
-
MD5
8b2200fc4011363d4c702945f4731970
-
SHA1
7959795a4000946d033829a8290e23980792e94a
-
SHA256
24c14db11c563a6715feb41d0f82d62ac135f8c34628dd7baa2b6a3d6f912276
-
SHA512
82f9fd5b6f00625b805e1268b8791cda2c7fbef1f8ac5f97c63e94f9f29904867a8cef200ad7e84987c4ebbfa0243cde23031e5818efe78f943bc933eeb69ca7
-
SSDEEP
3072:mwZFBG7Gt5LQpL17tCAZbpQvKgMYbKXonUmeWxgFCg/0aDaBRghz:msFY7c5LuBUKbGw/SxhScUDaU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24c14db11c563a6715feb41d0f82d62ac135f8c34628dd7baa2b6a3d6f912276_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24c14db11c563a6715feb41d0f82d62ac135f8c34628dd7baa2b6a3d6f912276_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxlxf.exec:\1rrxlxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnb.exec:\ntnbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppvd.exec:\7ppvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlxf.exec:\rrrxlxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhh.exec:\hbtbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpv.exec:\3vjpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlrxl.exec:\ffxlrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrff.exec:\rxfrrff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbb.exec:\nttnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfllx.exec:\xrlfllx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrflxf.exec:\ffrflxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthtb.exec:\hhthtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxxfxl.exec:\lfxxfxl.exe18⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe19⤵
- Executes dropped EXE
-
\??\c:\1ppvp.exec:\1ppvp.exe20⤵
- Executes dropped EXE
-
\??\c:\3jvvp.exec:\3jvvp.exe21⤵
- Executes dropped EXE
-
\??\c:\1lllrrf.exec:\1lllrrf.exe22⤵
- Executes dropped EXE
-
\??\c:\1btbnb.exec:\1btbnb.exe23⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe24⤵
- Executes dropped EXE
-
\??\c:\3lxffxf.exec:\3lxffxf.exe25⤵
- Executes dropped EXE
-
\??\c:\5lffrxl.exec:\5lffrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\hhbbhn.exec:\hhbbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrxllr.exec:\ffrxllr.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrrrx.exec:\lflrrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\hbnbnb.exec:\hbnbnb.exe30⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe31⤵
- Executes dropped EXE
-
\??\c:\7frrflr.exec:\7frrflr.exe32⤵
- Executes dropped EXE
-
\??\c:\nnhtht.exec:\nnhtht.exe33⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlxrxfx.exec:\rlxrxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbthb.exec:\bbbthb.exe36⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe37⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe39⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\5frxffr.exec:\5frxffr.exe42⤵
- Executes dropped EXE
-
\??\c:\3hbbnh.exec:\3hbbnh.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrxffx.exec:\xxrxffx.exe46⤵
- Executes dropped EXE
-
\??\c:\thnnbh.exec:\thnnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\9jddp.exec:\9jddp.exe48⤵
- Executes dropped EXE
-
\??\c:\5xlflxf.exec:\5xlflxf.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrfxfr.exec:\fxrfxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnntt.exec:\ttnntt.exe51⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe52⤵
- Executes dropped EXE
-
\??\c:\flfffxl.exec:\flfffxl.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe56⤵
- Executes dropped EXE
-
\??\c:\rlffrrx.exec:\rlffrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\9tnnbh.exec:\9tnnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\7pjpd.exec:\7pjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrxlrr.exec:\rrrxlrr.exe61⤵
- Executes dropped EXE
-
\??\c:\9hbhnn.exec:\9hbhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\5djjv.exec:\5djjv.exe63⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\xfrrxxl.exec:\xfrrxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnthn.exec:\hbnthn.exe66⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe67⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe68⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe69⤵
-
\??\c:\7bbbht.exec:\7bbbht.exe70⤵
-
\??\c:\7vdvd.exec:\7vdvd.exe71⤵
-
\??\c:\fxlrllx.exec:\fxlrllx.exe72⤵
-
\??\c:\xlrlllr.exec:\xlrlllr.exe73⤵
-
\??\c:\5bnnbh.exec:\5bnnbh.exe74⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe75⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe76⤵
-
\??\c:\7rfrxfr.exec:\7rfrxfr.exe77⤵
-
\??\c:\ttbhtb.exec:\ttbhtb.exe78⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe79⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe80⤵
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe81⤵
-
\??\c:\rfrxlrx.exec:\rfrxlrx.exe82⤵
-
\??\c:\9nnthn.exec:\9nnthn.exe83⤵
-
\??\c:\1bhhbt.exec:\1bhhbt.exe84⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe85⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe86⤵
-
\??\c:\xlxlxff.exec:\xlxlxff.exe87⤵
-
\??\c:\7hhbnt.exec:\7hhbnt.exe88⤵
-
\??\c:\jjpvp.exec:\jjpvp.exe89⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe90⤵
-
\??\c:\rxrlflf.exec:\rxrlflf.exe91⤵
-
\??\c:\llrfrlf.exec:\llrfrlf.exe92⤵
-
\??\c:\1hbthn.exec:\1hbthn.exe93⤵
-
\??\c:\btnhbn.exec:\btnhbn.exe94⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe95⤵
-
\??\c:\llxlffr.exec:\llxlffr.exe96⤵
-
\??\c:\llfrflr.exec:\llfrflr.exe97⤵
-
\??\c:\bbntbt.exec:\bbntbt.exe98⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe99⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe100⤵
-
\??\c:\rrlxlxf.exec:\rrlxlxf.exe101⤵
-
\??\c:\lllrfxl.exec:\lllrfxl.exe102⤵
-
\??\c:\nnhtnt.exec:\nnhtnt.exe103⤵
-
\??\c:\bbhtbb.exec:\bbhtbb.exe104⤵
-
\??\c:\1dvdd.exec:\1dvdd.exe105⤵
-
\??\c:\7fxxxrx.exec:\7fxxxrx.exe106⤵
-
\??\c:\9lxrrrr.exec:\9lxrrrr.exe107⤵
-
\??\c:\1nnnbh.exec:\1nnnbh.exe108⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe109⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe110⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe111⤵
-
\??\c:\rlxffrl.exec:\rlxffrl.exe112⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe113⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe114⤵
-
\??\c:\dddpp.exec:\dddpp.exe115⤵
-
\??\c:\rrlfxlf.exec:\rrlfxlf.exe116⤵
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe117⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe118⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe119⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe120⤵
-
\??\c:\llxflxf.exec:\llxflxf.exe121⤵
-
\??\c:\lfrfllx.exec:\lfrfllx.exe122⤵
-
\??\c:\3nhnnn.exec:\3nhnnn.exe123⤵
-
\??\c:\pjppd.exec:\pjppd.exe124⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe125⤵
-
\??\c:\xxrxfrr.exec:\xxrxfrr.exe126⤵
-
\??\c:\7rffrrr.exec:\7rffrrr.exe127⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe128⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe129⤵
-
\??\c:\1jppd.exec:\1jppd.exe130⤵
-
\??\c:\7lffllf.exec:\7lffllf.exe131⤵
-
\??\c:\9rffxlx.exec:\9rffxlx.exe132⤵
-
\??\c:\btbhnb.exec:\btbhnb.exe133⤵
-
\??\c:\7htbnn.exec:\7htbnn.exe134⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe135⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe136⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe137⤵
-
\??\c:\rxxllxx.exec:\rxxllxx.exe138⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe139⤵
-
\??\c:\5pddv.exec:\5pddv.exe140⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe141⤵
-
\??\c:\lfxlxxx.exec:\lfxlxxx.exe142⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe143⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe144⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe145⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe146⤵
-
\??\c:\jddvv.exec:\jddvv.exe147⤵
-
\??\c:\9xrfrxr.exec:\9xrfrxr.exe148⤵
-
\??\c:\1flflrx.exec:\1flflrx.exe149⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe150⤵
-
\??\c:\nhthnt.exec:\nhthnt.exe151⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe152⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe153⤵
-
\??\c:\xlrflxx.exec:\xlrflxx.exe154⤵
-
\??\c:\rlxxflx.exec:\rlxxflx.exe155⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe156⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe157⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe158⤵
-
\??\c:\rrlflrx.exec:\rrlflrx.exe159⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe160⤵
-
\??\c:\hbnbtb.exec:\hbnbtb.exe161⤵
-
\??\c:\pppjj.exec:\pppjj.exe162⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe163⤵
-
\??\c:\frlfrxr.exec:\frlfrxr.exe164⤵
-
\??\c:\htbhtn.exec:\htbhtn.exe165⤵
-
\??\c:\tbnnbn.exec:\tbnnbn.exe166⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe167⤵
-
\??\c:\pvppd.exec:\pvppd.exe168⤵
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe169⤵
-
\??\c:\3llrflx.exec:\3llrflx.exe170⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe171⤵
-
\??\c:\dvppp.exec:\dvppp.exe172⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe173⤵
-
\??\c:\3lllflr.exec:\3lllflr.exe174⤵
-
\??\c:\7xxrxxl.exec:\7xxrxxl.exe175⤵
-
\??\c:\hhhnth.exec:\hhhnth.exe176⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe177⤵
-
\??\c:\pppvj.exec:\pppvj.exe178⤵
-
\??\c:\3rfllrf.exec:\3rfllrf.exe179⤵
-
\??\c:\9fxfflf.exec:\9fxfflf.exe180⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe181⤵
-
\??\c:\nhbtbh.exec:\nhbtbh.exe182⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe183⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe184⤵
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe185⤵
-
\??\c:\rrffrfr.exec:\rrffrfr.exe186⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe187⤵
-
\??\c:\btntnt.exec:\btntnt.exe188⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe189⤵
-
\??\c:\7djvp.exec:\7djvp.exe190⤵
-
\??\c:\flflfrf.exec:\flflfrf.exe191⤵
-
\??\c:\3rlrrrf.exec:\3rlrrrf.exe192⤵
-
\??\c:\bntntn.exec:\bntntn.exe193⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe194⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe195⤵
-
\??\c:\lxxxxlx.exec:\lxxxxlx.exe196⤵
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe197⤵
-
\??\c:\bbthth.exec:\bbthth.exe198⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe199⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe200⤵
-
\??\c:\pppdp.exec:\pppdp.exe201⤵
-
\??\c:\lfxxllx.exec:\lfxxllx.exe202⤵
-
\??\c:\rlxrfrf.exec:\rlxrfrf.exe203⤵
-
\??\c:\btbhht.exec:\btbhht.exe204⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe205⤵
-
\??\c:\1jdpj.exec:\1jdpj.exe206⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe207⤵
-
\??\c:\9lxfxxf.exec:\9lxfxxf.exe208⤵
-
\??\c:\frlflrx.exec:\frlflrx.exe209⤵
-
\??\c:\9hbbht.exec:\9hbbht.exe210⤵
-
\??\c:\hhnbhn.exec:\hhnbhn.exe211⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe212⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe213⤵
-
\??\c:\xxrflrf.exec:\xxrflrf.exe214⤵
-
\??\c:\bbtntb.exec:\bbtntb.exe215⤵
-
\??\c:\thbbbt.exec:\thbbbt.exe216⤵
-
\??\c:\5dddj.exec:\5dddj.exe217⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe218⤵
-
\??\c:\frxfllx.exec:\frxfllx.exe219⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe220⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe221⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe222⤵
-
\??\c:\5pjpd.exec:\5pjpd.exe223⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe224⤵
-
\??\c:\9lflrfl.exec:\9lflrfl.exe225⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe226⤵
-
\??\c:\nhbnnt.exec:\nhbnnt.exe227⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe228⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe229⤵
-
\??\c:\lfrxfxl.exec:\lfrxfxl.exe230⤵
-
\??\c:\3nbbhb.exec:\3nbbhb.exe231⤵
-
\??\c:\3nbbnb.exec:\3nbbnb.exe232⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe233⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe234⤵
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe235⤵
-
\??\c:\xlrrlxl.exec:\xlrrlxl.exe236⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe237⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe238⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe239⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe240⤵