Analysis
-
max time kernel
31s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
30-06-2024 21:16
General
-
Target
1a36a2c531315405400c6b37cc84bb816a474e0dd548e81756cba47863d0dd25_NeikiAnalytics.exe
-
Size
74KB
-
MD5
a928a15088d1523d6568c0e6d1ee5d20
-
SHA1
85ab6348c9e8a3930f79edd0ce859bdec6b4e8ff
-
SHA256
1a36a2c531315405400c6b37cc84bb816a474e0dd548e81756cba47863d0dd25
-
SHA512
326205907ae97fe52d2c39ffdc291ce92b76c2960443f948a0638752ba0c71b9f99fb203b43c5e8e5d0e25bb5b2529975c421026d4a3f22514196a681837d01f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPEJ:ymb3NkkiQ3mdBjFIfvTfCD+HlQcJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a36a2c531315405400c6b37cc84bb816a474e0dd548e81756cba47863d0dd25_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1a36a2c531315405400c6b37cc84bb816a474e0dd548e81756cba47863d0dd25_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdjp.exec:\9jdjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flrrxf.exec:\7flrrxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttb.exec:\tbbttb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlrfr.exec:\rrxlrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbh.exec:\bbthbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxllf.exec:\xfxxllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthbn.exec:\tnthbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjd.exec:\ddvjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfxfr.exec:\lxrfxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbh.exec:\tnhbbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbn.exec:\tntnbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjp.exec:\pppjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfrr.exec:\xrrrfrr.exe17⤵
- Executes dropped EXE
-
\??\c:\xxrxllx.exec:\xxrxllx.exe18⤵
- Executes dropped EXE
-
\??\c:\9hbnnb.exec:\9hbnnb.exe19⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe21⤵
- Executes dropped EXE
-
\??\c:\9jpdj.exec:\9jpdj.exe22⤵
- Executes dropped EXE
-
\??\c:\rrrllxx.exec:\rrrllxx.exe23⤵
- Executes dropped EXE
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe24⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe25⤵
- Executes dropped EXE
-
\??\c:\hnbhbh.exec:\hnbhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlxrlx.exec:\fxlxrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\1lfxlrf.exec:\1lfxlrf.exe29⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe30⤵
- Executes dropped EXE
-
\??\c:\hhtbtn.exec:\hhtbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\3pvvv.exec:\3pvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\nnbbth.exec:\nnbbth.exe34⤵
- Executes dropped EXE
-
\??\c:\9hbbhn.exec:\9hbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\3jdjv.exec:\3jdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe38⤵
- Executes dropped EXE
-
\??\c:\3xrxffl.exec:\3xrxffl.exe39⤵
- Executes dropped EXE
-
\??\c:\tbtbth.exec:\tbtbth.exe40⤵
- Executes dropped EXE
-
\??\c:\1hbbnt.exec:\1hbbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe42⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrlxlr.exec:\xxrlxlr.exe44⤵
- Executes dropped EXE
-
\??\c:\llflrrf.exec:\llflrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\llfrllf.exec:\llfrllf.exe46⤵
- Executes dropped EXE
-
\??\c:\bbhtht.exec:\bbhtht.exe47⤵
- Executes dropped EXE
-
\??\c:\hbtbtb.exec:\hbtbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\9nttnb.exec:\9nttnb.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe51⤵
- Executes dropped EXE
-
\??\c:\xfxlllf.exec:\xfxlllf.exe52⤵
- Executes dropped EXE
-
\??\c:\fflxlfx.exec:\fflxlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\ntntnt.exec:\ntntnt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe56⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe57⤵
- Executes dropped EXE
-
\??\c:\dppdp.exec:\dppdp.exe58⤵
- Executes dropped EXE
-
\??\c:\fllfxfl.exec:\fllfxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\nnnbnb.exec:\nnnbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbnnb.exec:\hbbnnb.exe62⤵
- Executes dropped EXE
-
\??\c:\5jvvj.exec:\5jvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\1pjvv.exec:\1pjvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rxffrlx.exec:\rxffrlx.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxlxfx.exec:\ffxlxfx.exe66⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe67⤵
-
\??\c:\9bbnhn.exec:\9bbnhn.exe68⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe69⤵
-
\??\c:\pppvj.exec:\pppvj.exe70⤵
-
\??\c:\lfflrxr.exec:\lfflrxr.exe71⤵
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe72⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe73⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe74⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe75⤵
-
\??\c:\7lxffrr.exec:\7lxffrr.exe76⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe77⤵
-
\??\c:\1ntbhb.exec:\1ntbhb.exe78⤵
-
\??\c:\7ntbtn.exec:\7ntbtn.exe79⤵
-
\??\c:\pppdp.exec:\pppdp.exe80⤵
-
\??\c:\rxrrlxr.exec:\rxrrlxr.exe81⤵
-
\??\c:\7rlrflx.exec:\7rlrflx.exe82⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe83⤵
-
\??\c:\9hbnnt.exec:\9hbnnt.exe84⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe85⤵
-
\??\c:\dpddj.exec:\dpddj.exe86⤵
-
\??\c:\xrlrffr.exec:\xrlrffr.exe87⤵
-
\??\c:\xlflxxf.exec:\xlflxxf.exe88⤵
-
\??\c:\tttbht.exec:\tttbht.exe89⤵
-
\??\c:\jjppj.exec:\jjppj.exe90⤵
-
\??\c:\xxlffff.exec:\xxlffff.exe91⤵
-
\??\c:\xrflrlx.exec:\xrflrlx.exe92⤵
-
\??\c:\frflflx.exec:\frflflx.exe93⤵
-
\??\c:\5hbbnt.exec:\5hbbnt.exe94⤵
-
\??\c:\5tnnnt.exec:\5tnnnt.exe95⤵
-
\??\c:\pjppd.exec:\pjppd.exe96⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe97⤵
-
\??\c:\flrllll.exec:\flrllll.exe98⤵
-
\??\c:\7htbnt.exec:\7htbnt.exe99⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe100⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe101⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe102⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe103⤵
-
\??\c:\9tnbhn.exec:\9tnbhn.exe104⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe105⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe106⤵
-
\??\c:\lxrllfr.exec:\lxrllfr.exe107⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe108⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe109⤵
-
\??\c:\fffrrfx.exec:\fffrrfx.exe110⤵
-
\??\c:\5lxfxfl.exec:\5lxfxfl.exe111⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe112⤵
-
\??\c:\7hbnbn.exec:\7hbnbn.exe113⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe114⤵
-
\??\c:\xrfxlxx.exec:\xrfxlxx.exe115⤵
-
\??\c:\7xrxlrf.exec:\7xrxlrf.exe116⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe117⤵
-
\??\c:\btnthn.exec:\btnthn.exe118⤵
-
\??\c:\7pjpj.exec:\7pjpj.exe119⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe120⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe121⤵
-
\??\c:\3fxflxf.exec:\3fxflxf.exe122⤵
-
\??\c:\flflxfx.exec:\flflxfx.exe123⤵
-
\??\c:\fxxfxlx.exec:\fxxfxlx.exe124⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe125⤵
-
\??\c:\5btbnt.exec:\5btbnt.exe126⤵
-
\??\c:\jdppj.exec:\jdppj.exe127⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe128⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe129⤵
-
\??\c:\1fxlxfx.exec:\1fxlxfx.exe130⤵
-
\??\c:\xlfrllf.exec:\xlfrllf.exe131⤵
-
\??\c:\nnhtbb.exec:\nnhtbb.exe132⤵
-
\??\c:\httbtn.exec:\httbtn.exe133⤵
-
\??\c:\tnnttb.exec:\tnnttb.exe134⤵
-
\??\c:\3dvjp.exec:\3dvjp.exe135⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe136⤵
-
\??\c:\rrrxlxr.exec:\rrrxlxr.exe137⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe138⤵
-
\??\c:\xrfflxl.exec:\xrfflxl.exe139⤵
-
\??\c:\1tnbhb.exec:\1tnbhb.exe140⤵
-
\??\c:\bbntbh.exec:\bbntbh.exe141⤵
-
\??\c:\hhhhth.exec:\hhhhth.exe142⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe143⤵
-
\??\c:\pppdv.exec:\pppdv.exe144⤵
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe145⤵
-
\??\c:\5lllflf.exec:\5lllflf.exe146⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe147⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe148⤵
-
\??\c:\bhhnhn.exec:\bhhnhn.exe149⤵
-
\??\c:\5pvjp.exec:\5pvjp.exe150⤵
-
\??\c:\vppdv.exec:\vppdv.exe151⤵
-
\??\c:\9xllllr.exec:\9xllllr.exe152⤵
-
\??\c:\5lffxlx.exec:\5lffxlx.exe153⤵
-
\??\c:\bbhhhb.exec:\bbhhhb.exe154⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe155⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe156⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe157⤵
-
\??\c:\lffrlrr.exec:\lffrlrr.exe158⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe159⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe160⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe161⤵
-
\??\c:\lllxrxl.exec:\lllxrxl.exe162⤵
-
\??\c:\lffxllx.exec:\lffxllx.exe163⤵
-
\??\c:\tntntn.exec:\tntntn.exe164⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe165⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe166⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe167⤵
-
\??\c:\pdppd.exec:\pdppd.exe168⤵
-
\??\c:\5xffffl.exec:\5xffffl.exe169⤵
-
\??\c:\xfxxflx.exec:\xfxxflx.exe170⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe171⤵
-
\??\c:\hnnhbn.exec:\hnnhbn.exe172⤵
-
\??\c:\9vpvj.exec:\9vpvj.exe173⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe174⤵
-
\??\c:\ffxfxlf.exec:\ffxfxlf.exe175⤵
-
\??\c:\7xxrxxx.exec:\7xxrxxx.exe176⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe177⤵
-
\??\c:\hbttht.exec:\hbttht.exe178⤵
-
\??\c:\3pvpv.exec:\3pvpv.exe179⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe180⤵
-
\??\c:\9rlfrxf.exec:\9rlfrxf.exe181⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe182⤵
-
\??\c:\3bbthn.exec:\3bbthn.exe183⤵
-
\??\c:\hnbnnt.exec:\hnbnnt.exe184⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe185⤵
-
\??\c:\5jvvp.exec:\5jvvp.exe186⤵
-
\??\c:\frfflxf.exec:\frfflxf.exe187⤵
-
\??\c:\hnhntb.exec:\hnhntb.exe188⤵
-
\??\c:\hhtbhn.exec:\hhtbhn.exe189⤵
-
\??\c:\vddvv.exec:\vddvv.exe190⤵
-
\??\c:\pppdj.exec:\pppdj.exe191⤵
-
\??\c:\rrrfrrf.exec:\rrrfrrf.exe192⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe193⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe194⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe195⤵
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe196⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe197⤵
-
\??\c:\xrfllfl.exec:\xrfllfl.exe198⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe199⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe200⤵
-
\??\c:\jppvj.exec:\jppvj.exe201⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe202⤵
-
\??\c:\nbbbbn.exec:\nbbbbn.exe203⤵
-
\??\c:\vjddv.exec:\vjddv.exe204⤵
-
\??\c:\frllrxf.exec:\frllrxf.exe205⤵
-
\??\c:\rfrrflr.exec:\rfrrflr.exe206⤵
-
\??\c:\vjppj.exec:\vjppj.exe207⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe208⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe209⤵
-
\??\c:\bbhnnh.exec:\bbhnnh.exe210⤵
-
\??\c:\dpddj.exec:\dpddj.exe211⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe212⤵
-
\??\c:\flllxfl.exec:\flllxfl.exe213⤵
-
\??\c:\xflrfxx.exec:\xflrfxx.exe214⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe215⤵
-
\??\c:\tnbnbh.exec:\tnbnbh.exe216⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe217⤵
-
\??\c:\ddjpv.exec:\ddjpv.exe218⤵
-
\??\c:\rxlxfxl.exec:\rxlxfxl.exe219⤵
-
\??\c:\9fxfxlx.exec:\9fxfxlx.exe220⤵
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe221⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe222⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe223⤵
-
\??\c:\5pppd.exec:\5pppd.exe224⤵
-
\??\c:\lxffllr.exec:\lxffllr.exe225⤵
-
\??\c:\lxlxllr.exec:\lxlxllr.exe226⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe227⤵
-
\??\c:\7vdvd.exec:\7vdvd.exe228⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe229⤵
-
\??\c:\rrrrxxl.exec:\rrrrxxl.exe230⤵
-
\??\c:\rffxffr.exec:\rffxffr.exe231⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe232⤵
-
\??\c:\nthtbb.exec:\nthtbb.exe233⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe234⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe235⤵
-
\??\c:\lfllxfr.exec:\lfllxfr.exe236⤵
-
\??\c:\xrrxflr.exec:\xrrxflr.exe237⤵
-
\??\c:\7bnhnt.exec:\7bnhnt.exe238⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe239⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe240⤵