Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 23:57
General
-
Target
24e01108e10e901cabd1f535de443dcdad0b8905c63848c9a7353bc5dbaa9ffa_NeikiAnalytics.exe
-
Size
279KB
-
MD5
8ef64e3d0223ca80c426291b0e2dc390
-
SHA1
f18998e813d8118c9241158f6b4efaa0a7407617
-
SHA256
24e01108e10e901cabd1f535de443dcdad0b8905c63848c9a7353bc5dbaa9ffa
-
SHA512
49a207c0708aa98101d1314f470f510df95f52e4c7af039f7bcbf59d64f96ceb780f4276f61f1b13af143506c8e6a1e4e1f0f11d0643e5d1f37c73142ba40d7d
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7VvemWc:n3C9uYA71kSMun
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24e01108e10e901cabd1f535de443dcdad0b8905c63848c9a7353bc5dbaa9ffa_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24e01108e10e901cabd1f535de443dcdad0b8905c63848c9a7353bc5dbaa9ffa_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrxf.exec:\xrlxrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpj.exec:\3jvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrrrf.exec:\7lrrrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxlrfl.exec:\7fxlrfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbh.exec:\tnbtbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpd.exec:\ddjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxffl.exec:\lxlxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnn.exec:\hhtbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jddp.exec:\1jddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xllxxf.exec:\3xllxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbb.exec:\htttbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbttn.exec:\1nbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfxfff.exec:\3xfxfff.exe17⤵
- Executes dropped EXE
-
\??\c:\xlxlrlr.exec:\xlxlrlr.exe18⤵
- Executes dropped EXE
-
\??\c:\9bnnhh.exec:\9bnnhh.exe19⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe20⤵
- Executes dropped EXE
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\3nnntb.exec:\3nnntb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\lfllrlx.exec:\lfllrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\9lfxffl.exec:\9lfxffl.exe29⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe30⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe32⤵
- Executes dropped EXE
-
\??\c:\3ntbhn.exec:\3ntbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe34⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\9tnnbb.exec:\9tnnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe38⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\rllrrxf.exec:\rllrrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe42⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\7xfxflx.exec:\7xfxflx.exe46⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe47⤵
- Executes dropped EXE
-
\??\c:\5jjpv.exec:\5jjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxfflx.exec:\ffxfflx.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbntt.exec:\nnbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\hbthbb.exec:\hbthbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\3ppdj.exec:\3ppdj.exe53⤵
- Executes dropped EXE
-
\??\c:\7xlfllx.exec:\7xlfllx.exe54⤵
- Executes dropped EXE
-
\??\c:\9btbhn.exec:\9btbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\7ffxllx.exec:\7ffxllx.exe58⤵
- Executes dropped EXE
-
\??\c:\fxllrrr.exec:\fxllrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tnhnbn.exec:\tnhnbn.exe60⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\1djjp.exec:\1djjp.exe62⤵
- Executes dropped EXE
-
\??\c:\fllrrff.exec:\fllrrff.exe63⤵
- Executes dropped EXE
-
\??\c:\9rflrxx.exec:\9rflrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe65⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe66⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe67⤵
-
\??\c:\1rllrxl.exec:\1rllrxl.exe68⤵
-
\??\c:\7xffllr.exec:\7xffllr.exe69⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe70⤵
-
\??\c:\nbhbhn.exec:\nbhbhn.exe71⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe72⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe73⤵
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe74⤵
-
\??\c:\9rllffr.exec:\9rllffr.exe75⤵
-
\??\c:\3httbb.exec:\3httbb.exe76⤵
-
\??\c:\3vjjj.exec:\3vjjj.exe77⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe78⤵
-
\??\c:\3rfxfll.exec:\3rfxfll.exe79⤵
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe80⤵
-
\??\c:\3btbtb.exec:\3btbtb.exe81⤵
-
\??\c:\nhnnth.exec:\nhnnth.exe82⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe83⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe84⤵
-
\??\c:\xfxrxrl.exec:\xfxrxrl.exe85⤵
-
\??\c:\lrlxrrx.exec:\lrlxrrx.exe86⤵
-
\??\c:\5ththn.exec:\5ththn.exe87⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe88⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe89⤵
-
\??\c:\pjppv.exec:\pjppv.exe90⤵
-
\??\c:\7ffrxxl.exec:\7ffrxxl.exe91⤵
-
\??\c:\xrfllxf.exec:\xrfllxf.exe92⤵
-
\??\c:\9nnthn.exec:\9nnthn.exe93⤵
-
\??\c:\pddpj.exec:\pddpj.exe94⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe95⤵
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe96⤵
-
\??\c:\lxfrllx.exec:\lxfrllx.exe97⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe98⤵
-
\??\c:\3htbbn.exec:\3htbbn.exe99⤵
-
\??\c:\jdddj.exec:\jdddj.exe100⤵
-
\??\c:\pdddj.exec:\pdddj.exe101⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe102⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe103⤵
-
\??\c:\tnbhth.exec:\tnbhth.exe104⤵
-
\??\c:\7jvvd.exec:\7jvvd.exe105⤵
-
\??\c:\vvppd.exec:\vvppd.exe106⤵
-
\??\c:\rlflrxl.exec:\rlflrxl.exe107⤵
-
\??\c:\7llrlxr.exec:\7llrlxr.exe108⤵
-
\??\c:\9tnnbb.exec:\9tnnbb.exe109⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe110⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe111⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe112⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe113⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe114⤵
-
\??\c:\xrlflrf.exec:\xrlflrf.exe115⤵
-
\??\c:\5httbb.exec:\5httbb.exe116⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe117⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe118⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe119⤵
-
\??\c:\3lxrxrx.exec:\3lxrxrx.exe120⤵
-
\??\c:\frrrxfx.exec:\frrrxfx.exe121⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe122⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe123⤵
-
\??\c:\5dvjd.exec:\5dvjd.exe124⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe125⤵
-
\??\c:\xfrflrx.exec:\xfrflrx.exe126⤵
-
\??\c:\9lffxlf.exec:\9lffxlf.exe127⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe128⤵
-
\??\c:\tththn.exec:\tththn.exe129⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe130⤵
-
\??\c:\dvddj.exec:\dvddj.exe131⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe132⤵
-
\??\c:\ffrxflx.exec:\ffrxflx.exe133⤵
-
\??\c:\5lfxrrx.exec:\5lfxrrx.exe134⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe135⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe136⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe137⤵
-
\??\c:\jpjvd.exec:\jpjvd.exe138⤵
-
\??\c:\9dvpv.exec:\9dvpv.exe139⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe140⤵
-
\??\c:\rlrxlrx.exec:\rlrxlrx.exe141⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe142⤵
-
\??\c:\nhthtb.exec:\nhthtb.exe143⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe144⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe145⤵
-
\??\c:\flfrflx.exec:\flfrflx.exe146⤵
-
\??\c:\rlrxflx.exec:\rlrxflx.exe147⤵
-
\??\c:\5flrfrf.exec:\5flrfrf.exe148⤵
-
\??\c:\tnhthb.exec:\tnhthb.exe149⤵
-
\??\c:\7thbth.exec:\7thbth.exe150⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe151⤵
-
\??\c:\jppvv.exec:\jppvv.exe152⤵
-
\??\c:\fxlrrxl.exec:\fxlrrxl.exe153⤵
-
\??\c:\lffxfrf.exec:\lffxfrf.exe154⤵
-
\??\c:\lxfflxl.exec:\lxfflxl.exe155⤵
-
\??\c:\7nbtbn.exec:\7nbtbn.exe156⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe157⤵
-
\??\c:\vjddj.exec:\vjddj.exe158⤵
-
\??\c:\pjppp.exec:\pjppp.exe159⤵
-
\??\c:\1rxflrr.exec:\1rxflrr.exe160⤵
-
\??\c:\llxllrr.exec:\llxllrr.exe161⤵
-
\??\c:\thnthb.exec:\thnthb.exe162⤵
-
\??\c:\7nntbh.exec:\7nntbh.exe163⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe164⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe165⤵
-
\??\c:\lxllrrf.exec:\lxllrrf.exe166⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe167⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe168⤵
-
\??\c:\7hbnbn.exec:\7hbnbn.exe169⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe170⤵
-
\??\c:\1dppv.exec:\1dppv.exe171⤵
-
\??\c:\xxrflff.exec:\xxrflff.exe172⤵
-
\??\c:\xxllrrf.exec:\xxllrrf.exe173⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe174⤵
-
\??\c:\nbbhtb.exec:\nbbhtb.exe175⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe176⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe177⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe178⤵
-
\??\c:\rrrlxrr.exec:\rrrlxrr.exe179⤵
-
\??\c:\1lflrxf.exec:\1lflrxf.exe180⤵
-
\??\c:\btnbht.exec:\btnbht.exe181⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe182⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe183⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe184⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe185⤵
-
\??\c:\lfrrlrx.exec:\lfrrlrx.exe186⤵
-
\??\c:\fxxllrr.exec:\fxxllrr.exe187⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe188⤵
-
\??\c:\1httbn.exec:\1httbn.exe189⤵
-
\??\c:\pjddj.exec:\pjddj.exe190⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe191⤵
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe192⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe193⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe194⤵
-
\??\c:\1pdjv.exec:\1pdjv.exe195⤵
-
\??\c:\3flxxxl.exec:\3flxxxl.exe196⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe197⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe198⤵
-
\??\c:\3tbbhn.exec:\3tbbhn.exe199⤵
-
\??\c:\ppddd.exec:\ppddd.exe200⤵
-
\??\c:\xlfxfxf.exec:\xlfxfxf.exe201⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe202⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe203⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe204⤵
-
\??\c:\1bnhhn.exec:\1bnhhn.exe205⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe206⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe207⤵
-
\??\c:\llfflxf.exec:\llfflxf.exe208⤵
-
\??\c:\fffrffr.exec:\fffrffr.exe209⤵
-
\??\c:\nbtbtb.exec:\nbtbtb.exe210⤵
-
\??\c:\9hbhtt.exec:\9hbhtt.exe211⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe212⤵
-
\??\c:\3pjvv.exec:\3pjvv.exe213⤵
-
\??\c:\fxrxllr.exec:\fxrxllr.exe214⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe215⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe216⤵
-
\??\c:\nttbbt.exec:\nttbbt.exe217⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe218⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe219⤵
-
\??\c:\7llrxrx.exec:\7llrxrx.exe220⤵
-
\??\c:\3rxxxxx.exec:\3rxxxxx.exe221⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe222⤵
-
\??\c:\nnhhtb.exec:\nnhhtb.exe223⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe224⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe225⤵
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe226⤵
-
\??\c:\rlrxllx.exec:\rlrxllx.exe227⤵
-
\??\c:\5btbnn.exec:\5btbnn.exe228⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe229⤵
-
\??\c:\pjppv.exec:\pjppv.exe230⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe231⤵
-
\??\c:\rllrrxx.exec:\rllrrxx.exe232⤵
-
\??\c:\xxflrrl.exec:\xxflrrl.exe233⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe234⤵
-
\??\c:\btthnn.exec:\btthnn.exe235⤵
-
\??\c:\pppvd.exec:\pppvd.exe236⤵
-
\??\c:\pjppp.exec:\pjppp.exe237⤵
-
\??\c:\ffrffrl.exec:\ffrffrl.exe238⤵
-
\??\c:\xlflrrf.exec:\xlflrrf.exe239⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe240⤵