Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30-06-2024 20:24
General
-
Target
16c798ee99790be5a24645ea1a14f3e9a2d7835a253c085fea89c173b80276fc_NeikiAnalytics.exe
-
Size
76KB
-
MD5
3b3d8e43476a370704dd3d0d6b6d2c10
-
SHA1
646befb1eed9f96228437ea587f382f7b47b19f5
-
SHA256
16c798ee99790be5a24645ea1a14f3e9a2d7835a253c085fea89c173b80276fc
-
SHA512
7603a732850deb0798cd827f58e6e5d3bce0c89d78001e44a408d58eb8bff0ff7f0cb698e0fb8ec198170fa1e6cd497946f25fca980f732c9f2d93910e3a8e94
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7GTi3ldDg:ymb3NkkiQ3mdBjFIWYBg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16c798ee99790be5a24645ea1a14f3e9a2d7835a253c085fea89c173b80276fc_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\16c798ee99790be5a24645ea1a14f3e9a2d7835a253c085fea89c173b80276fc_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxxf.exec:\rxllxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnb.exec:\bntnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjj.exec:\3dpjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllxxr.exec:\3rllxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhnt.exec:\btnhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnnt.exec:\hnhnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdv.exec:\pppdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrffl.exec:\xxrrffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxfrf.exec:\xxlxfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbh.exec:\nhtbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvv.exec:\vvjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxflfx.exec:\7rxflfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxrrf.exec:\xxlxrrf.exe17⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe18⤵
- Executes dropped EXE
-
\??\c:\9bhnhb.exec:\9bhnhb.exe19⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe20⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe21⤵
- Executes dropped EXE
-
\??\c:\xlfxflr.exec:\xlfxflr.exe22⤵
- Executes dropped EXE
-
\??\c:\3xxfrxl.exec:\3xxfrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\tthbnt.exec:\tthbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnhnb.exec:\bbnhnb.exe25⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe26⤵
- Executes dropped EXE
-
\??\c:\5pjpp.exec:\5pjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\xxlxllr.exec:\xxlxllr.exe28⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe29⤵
- Executes dropped EXE
-
\??\c:\7bnbhh.exec:\7bnbhh.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\xxfrrlr.exec:\xxfrrlr.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe34⤵
- Executes dropped EXE
-
\??\c:\3hnhtt.exec:\3hnhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\llllrrf.exec:\llllrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrxrfx.exec:\xxrxrfx.exe39⤵
- Executes dropped EXE
-
\??\c:\bntnht.exec:\bntnht.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbnbt.exec:\nnbnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjjdj.exec:\vjjdj.exe42⤵
- Executes dropped EXE
-
\??\c:\3jjpp.exec:\3jjpp.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\flrxrrf.exec:\flrxrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\7hbhtb.exec:\7hbhtb.exe48⤵
- Executes dropped EXE
-
\??\c:\5jvjp.exec:\5jvjp.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\1dpvv.exec:\1dpvv.exe51⤵
- Executes dropped EXE
-
\??\c:\rxlflll.exec:\rxlflll.exe52⤵
- Executes dropped EXE
-
\??\c:\lllxrlf.exec:\lllxrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\7hbttb.exec:\7hbttb.exe54⤵
- Executes dropped EXE
-
\??\c:\btntnt.exec:\btntnt.exe55⤵
- Executes dropped EXE
-
\??\c:\3bhhnh.exec:\3bhhnh.exe56⤵
- Executes dropped EXE
-
\??\c:\9vvdv.exec:\9vvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\fflrlrf.exec:\fflrlrf.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxflrl.exec:\ffxflrl.exe60⤵
- Executes dropped EXE
-
\??\c:\nnhbtn.exec:\nnhbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\bbthtt.exec:\bbthtt.exe62⤵
- Executes dropped EXE
-
\??\c:\ttbhtb.exec:\ttbhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\flxxflx.exec:\flxxflx.exe66⤵
-
\??\c:\3bnttb.exec:\3bnttb.exe67⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe68⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe69⤵
-
\??\c:\jjddp.exec:\jjddp.exe70⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe71⤵
-
\??\c:\fxflxfr.exec:\fxflxfr.exe72⤵
-
\??\c:\7frrflf.exec:\7frrflf.exe73⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe74⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe75⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe76⤵
-
\??\c:\1lxxflx.exec:\1lxxflx.exe77⤵
-
\??\c:\rlfxflx.exec:\rlfxflx.exe78⤵
-
\??\c:\7ntbtn.exec:\7ntbtn.exe79⤵
-
\??\c:\7ttbht.exec:\7ttbht.exe80⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe81⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe82⤵
-
\??\c:\jjddd.exec:\jjddd.exe83⤵
-
\??\c:\rrffrxl.exec:\rrffrxl.exe84⤵
-
\??\c:\fxlrfrf.exec:\fxlrfrf.exe85⤵
-
\??\c:\hhbbht.exec:\hhbbht.exe86⤵
-
\??\c:\btnhnt.exec:\btnhnt.exe87⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe88⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe89⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe90⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe91⤵
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe92⤵
-
\??\c:\frfrxlx.exec:\frfrxlx.exe93⤵
-
\??\c:\hnbhhh.exec:\hnbhhh.exe94⤵
-
\??\c:\1nhnhh.exec:\1nhnhh.exe95⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe96⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe97⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe98⤵
-
\??\c:\pppjp.exec:\pppjp.exe99⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe100⤵
-
\??\c:\rlrxfrx.exec:\rlrxfrx.exe101⤵
-
\??\c:\thtnbh.exec:\thtnbh.exe102⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe103⤵
-
\??\c:\btbnhn.exec:\btbnhn.exe104⤵
-
\??\c:\dvppv.exec:\dvppv.exe105⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe106⤵
-
\??\c:\3fffxll.exec:\3fffxll.exe107⤵
-
\??\c:\lrfrrff.exec:\lrfrrff.exe108⤵
-
\??\c:\tbnnth.exec:\tbnnth.exe109⤵
-
\??\c:\pvpvd.exec:\pvpvd.exe110⤵
-
\??\c:\1xllrxl.exec:\1xllrxl.exe111⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe112⤵
-
\??\c:\tbbnnh.exec:\tbbnnh.exe113⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe114⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe115⤵
-
\??\c:\lrxrrll.exec:\lrxrrll.exe116⤵
-
\??\c:\tttthn.exec:\tttthn.exe117⤵
-
\??\c:\tbnhnn.exec:\tbnhnn.exe118⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe119⤵
-
\??\c:\xflrlrr.exec:\xflrlrr.exe120⤵
-
\??\c:\9rrlrfl.exec:\9rrlrfl.exe121⤵
-
\??\c:\7nntht.exec:\7nntht.exe122⤵
-
\??\c:\djjdd.exec:\djjdd.exe123⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe124⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe125⤵
-
\??\c:\5nthnb.exec:\5nthnb.exe126⤵
-
\??\c:\djdvd.exec:\djdvd.exe127⤵
-
\??\c:\tbhbht.exec:\tbhbht.exe128⤵
-
\??\c:\llrfrrr.exec:\llrfrrr.exe129⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe130⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe131⤵
-
\??\c:\pjddp.exec:\pjddp.exe132⤵
-
\??\c:\tttbtn.exec:\tttbtn.exe133⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe134⤵
-
\??\c:\lrrfxff.exec:\lrrfxff.exe135⤵
-
\??\c:\7lrxrxl.exec:\7lrxrxl.exe136⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe137⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe138⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe139⤵
-
\??\c:\xrflffl.exec:\xrflffl.exe140⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe141⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe142⤵
-
\??\c:\lllfxfx.exec:\lllfxfx.exe143⤵
-
\??\c:\nthnbn.exec:\nthnbn.exe144⤵
-
\??\c:\flrlxrr.exec:\flrlxrr.exe145⤵
-
\??\c:\rrfrffx.exec:\rrfrffx.exe146⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe147⤵
-
\??\c:\vjddj.exec:\vjddj.exe148⤵
-
\??\c:\5xlrlrx.exec:\5xlrlrx.exe149⤵
-
\??\c:\5hhttn.exec:\5hhttn.exe150⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe151⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe152⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe153⤵
-
\??\c:\7bhtbt.exec:\7bhtbt.exe154⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe155⤵
-
\??\c:\3xxflff.exec:\3xxflff.exe156⤵
-
\??\c:\1frlfrx.exec:\1frlfrx.exe157⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe158⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe159⤵
-
\??\c:\ddddp.exec:\ddddp.exe160⤵
-
\??\c:\llrfrxl.exec:\llrfrxl.exe161⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe162⤵
-
\??\c:\5pjpj.exec:\5pjpj.exe163⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe164⤵
-
\??\c:\ffrfxfr.exec:\ffrfxfr.exe165⤵
-
\??\c:\nthtnb.exec:\nthtnb.exe166⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe167⤵
-
\??\c:\9fxxlrl.exec:\9fxxlrl.exe168⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe169⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe170⤵
-
\??\c:\jddjv.exec:\jddjv.exe171⤵
-
\??\c:\ffxlrxf.exec:\ffxlrxf.exe172⤵
-
\??\c:\9ttbtt.exec:\9ttbtt.exe173⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe174⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe175⤵
-
\??\c:\rxxfxrx.exec:\rxxfxrx.exe176⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe177⤵
-
\??\c:\vddvv.exec:\vddvv.exe178⤵
-
\??\c:\9rxlxrl.exec:\9rxlxrl.exe179⤵
-
\??\c:\hthbbn.exec:\hthbbn.exe180⤵
-
\??\c:\ffxlflx.exec:\ffxlflx.exe181⤵
-
\??\c:\hhthnb.exec:\hhthnb.exe182⤵
-
\??\c:\vppjp.exec:\vppjp.exe183⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe184⤵
-
\??\c:\3xllrrf.exec:\3xllrrf.exe185⤵
-
\??\c:\3hbbnh.exec:\3hbbnh.exe186⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe187⤵
-
\??\c:\rffxlrl.exec:\rffxlrl.exe188⤵
-
\??\c:\9bttht.exec:\9bttht.exe189⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe190⤵
-
\??\c:\1ddpd.exec:\1ddpd.exe191⤵
-
\??\c:\rrlxxfl.exec:\rrlxxfl.exe192⤵
-
\??\c:\xlrfxfx.exec:\xlrfxfx.exe193⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe194⤵
-
\??\c:\5tthtb.exec:\5tthtb.exe195⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe196⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe197⤵
-
\??\c:\ppddv.exec:\ppddv.exe198⤵
-
\??\c:\llxffrx.exec:\llxffrx.exe199⤵
-
\??\c:\rlxfrfl.exec:\rlxfrfl.exe200⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe201⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe202⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe203⤵
-
\??\c:\xfflrll.exec:\xfflrll.exe204⤵
-
\??\c:\rrrxxff.exec:\rrrxxff.exe205⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe206⤵
-
\??\c:\bbntth.exec:\bbntth.exe207⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe208⤵
-
\??\c:\vvppd.exec:\vvppd.exe209⤵
-
\??\c:\rrxfrrr.exec:\rrxfrrr.exe210⤵
-
\??\c:\fxlrflf.exec:\fxlrflf.exe211⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe212⤵
-
\??\c:\nntnbh.exec:\nntnbh.exe213⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe214⤵
-
\??\c:\7jdjv.exec:\7jdjv.exe215⤵
-
\??\c:\xrrfrrr.exec:\xrrfrrr.exe216⤵
-
\??\c:\bhbbnn.exec:\bhbbnn.exe217⤵
-
\??\c:\nntnbh.exec:\nntnbh.exe218⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe219⤵
-
\??\c:\9dpjj.exec:\9dpjj.exe220⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe221⤵
-
\??\c:\xrxxlrx.exec:\xrxxlrx.exe222⤵
-
\??\c:\lfxrfrf.exec:\lfxrfrf.exe223⤵
-
\??\c:\9nhhbh.exec:\9nhhbh.exe224⤵
-
\??\c:\bbthtb.exec:\bbthtb.exe225⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe226⤵
-
\??\c:\pppvd.exec:\pppvd.exe227⤵
-
\??\c:\frllxxl.exec:\frllxxl.exe228⤵
-
\??\c:\rrxlflf.exec:\rrxlflf.exe229⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe230⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe231⤵
-
\??\c:\9pvdp.exec:\9pvdp.exe232⤵
-
\??\c:\9dpjj.exec:\9dpjj.exe233⤵
-
\??\c:\xxrlffr.exec:\xxrlffr.exe234⤵
-
\??\c:\fxlflxf.exec:\fxlflxf.exe235⤵
-
\??\c:\tbbbbt.exec:\tbbbbt.exe236⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe237⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe238⤵
-
\??\c:\7rllxxf.exec:\7rllxxf.exe239⤵
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe240⤵