Analysis
-
max time kernel
104s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01-07-2024 03:35
General
-
Target
32881b6f6fb8c5c010918227c9cd06875c12c7f4b465b32a0f9aff362e7c480d_NeikiAnalytics.exe
-
Size
69KB
-
MD5
08471515486ebf2f58a73adb54fd4b10
-
SHA1
fb0dc7dd7835fda830d7cc68c7c1edc2013856a4
-
SHA256
32881b6f6fb8c5c010918227c9cd06875c12c7f4b465b32a0f9aff362e7c480d
-
SHA512
c07e6c567644aba6bfd2cb569dd1fd3ab3644a44197f3f1838702516a98b6abf2cfb6ec05fd428f25e62e1f35e550d0d1fa777831f6878d0c86115509faf47a5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIdiWa:ymb3NkkiQ3mdBjFIFdJ8bViWa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\32881b6f6fb8c5c010918227c9cd06875c12c7f4b465b32a0f9aff362e7c480d_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\32881b6f6fb8c5c010918227c9cd06875c12c7f4b465b32a0f9aff362e7c480d_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnn.exec:\hhtbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrfxlx.exec:\1xrfxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btbnn.exec:\5btbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bttnn.exec:\1bttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlrxff.exec:\9xlrxff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbn.exec:\nhntbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbtb.exec:\nnbbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxllr.exec:\fxrxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnh.exec:\hbtbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbt.exec:\nhttbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhnt.exec:\nbbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpd.exec:\1pdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lllllx.exec:\9lllllx.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxflxl.exec:\lfxflxl.exe18⤵
- Executes dropped EXE
-
\??\c:\btnhbn.exec:\btnhbn.exe19⤵
- Executes dropped EXE
-
\??\c:\hbhbtb.exec:\hbhbtb.exe20⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe21⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\xrlxrff.exec:\xrlxrff.exe23⤵
- Executes dropped EXE
-
\??\c:\1xrrrrx.exec:\1xrrrrx.exe24⤵
- Executes dropped EXE
-
\??\c:\7bnbnt.exec:\7bnbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe27⤵
- Executes dropped EXE
-
\??\c:\9pddj.exec:\9pddj.exe28⤵
- Executes dropped EXE
-
\??\c:\lxlfrrf.exec:\lxlfrrf.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\btnbnn.exec:\btnbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe34⤵
- Executes dropped EXE
-
\??\c:\lfllxxr.exec:\lfllxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe36⤵
- Executes dropped EXE
-
\??\c:\bntbnn.exec:\bntbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\tbtnbn.exec:\tbtnbn.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbbnt.exec:\hhbbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrxxlr.exec:\fxrxxlr.exe41⤵
- Executes dropped EXE
-
\??\c:\lfllrlx.exec:\lfllrlx.exe42⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\3tnhhh.exec:\3tnhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbntt.exec:\hhbntt.exe45⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe46⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\3vjdv.exec:\3vjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\fxlffff.exec:\fxlffff.exe50⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe51⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\btnnbt.exec:\btnnbt.exe53⤵
- Executes dropped EXE
-
\??\c:\1pdjj.exec:\1pdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\5vjjv.exec:\5vjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\5rlxflf.exec:\5rlxflf.exe58⤵
- Executes dropped EXE
-
\??\c:\bhtbbt.exec:\bhtbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\9hhnhb.exec:\9hhnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe62⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe64⤵
- Executes dropped EXE
-
\??\c:\lxfxllr.exec:\lxfxllr.exe65⤵
- Executes dropped EXE
-
\??\c:\7lxlrlr.exec:\7lxlrlr.exe66⤵
-
\??\c:\9xxfrxx.exec:\9xxfrxx.exe67⤵
-
\??\c:\bntthh.exec:\bntthh.exe68⤵
-
\??\c:\bbhntb.exec:\bbhntb.exe69⤵
-
\??\c:\1ddjv.exec:\1ddjv.exe70⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe71⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe72⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe73⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe74⤵
-
\??\c:\3xfrffr.exec:\3xfrffr.exe75⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe76⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe77⤵
-
\??\c:\7hhtnh.exec:\7hhtnh.exe78⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe79⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe80⤵
-
\??\c:\7jpvp.exec:\7jpvp.exe81⤵
-
\??\c:\jddpv.exec:\jddpv.exe82⤵
-
\??\c:\rxflfxf.exec:\rxflfxf.exe83⤵
-
\??\c:\1vvdj.exec:\1vvdj.exe84⤵
-
\??\c:\3dppp.exec:\3dppp.exe85⤵
-
\??\c:\3lfrxrx.exec:\3lfrxrx.exe86⤵
-
\??\c:\rllrflr.exec:\rllrflr.exe87⤵
-
\??\c:\rflrxxf.exec:\rflrxxf.exe88⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe89⤵
-
\??\c:\1bthtt.exec:\1bthtt.exe90⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe91⤵
-
\??\c:\tntthh.exec:\tntthh.exe92⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe93⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe94⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe95⤵
-
\??\c:\3rrxxxf.exec:\3rrxxxf.exe96⤵
-
\??\c:\fflxrfx.exec:\fflxrfx.exe97⤵
-
\??\c:\1xxlflx.exec:\1xxlflx.exe98⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe99⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe100⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe101⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe102⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe103⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe104⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe105⤵
-
\??\c:\frffrrf.exec:\frffrrf.exe106⤵
-
\??\c:\xrflrlr.exec:\xrflrlr.exe107⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe108⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe109⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe110⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe111⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe112⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe113⤵
-
\??\c:\dvppp.exec:\dvppp.exe114⤵
-
\??\c:\xxllrrx.exec:\xxllrrx.exe115⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe116⤵
-
\??\c:\lfxfxff.exec:\lfxfxff.exe117⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe118⤵
-
\??\c:\btttht.exec:\btttht.exe119⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe120⤵
-
\??\c:\dddvp.exec:\dddvp.exe121⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe122⤵
-
\??\c:\9ddpv.exec:\9ddpv.exe123⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe124⤵
-
\??\c:\lfxxllr.exec:\lfxxllr.exe125⤵
-
\??\c:\5fxxffr.exec:\5fxxffr.exe126⤵
-
\??\c:\lrllrrx.exec:\lrllrrx.exe127⤵
-
\??\c:\5hhttn.exec:\5hhttn.exe128⤵
-
\??\c:\3thnhh.exec:\3thnhh.exe129⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe130⤵
-
\??\c:\vpppj.exec:\vpppj.exe131⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe132⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe133⤵
-
\??\c:\xrlxllx.exec:\xrlxllx.exe134⤵
-
\??\c:\rrrflxx.exec:\rrrflxx.exe135⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe136⤵
-
\??\c:\1btbnt.exec:\1btbnt.exe137⤵
-
\??\c:\hhbtbt.exec:\hhbtbt.exe138⤵
-
\??\c:\nhbhhn.exec:\nhbhhn.exe139⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe140⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe141⤵
-
\??\c:\jdddv.exec:\jdddv.exe142⤵
-
\??\c:\xfxrxxf.exec:\xfxrxxf.exe143⤵
-
\??\c:\rrfrlrx.exec:\rrfrlrx.exe144⤵
-
\??\c:\rfxfrlx.exec:\rfxfrlx.exe145⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe146⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe147⤵
-
\??\c:\ppddj.exec:\ppddj.exe148⤵
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe149⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe150⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe151⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe152⤵
-
\??\c:\5ffxxrr.exec:\5ffxxrr.exe153⤵
-
\??\c:\nhhhhb.exec:\nhhhhb.exe154⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe155⤵
-
\??\c:\frrfrfl.exec:\frrfrfl.exe156⤵
-
\??\c:\3hhtbn.exec:\3hhtbn.exe157⤵
-
\??\c:\9pjpp.exec:\9pjpp.exe158⤵
-
\??\c:\vddpj.exec:\vddpj.exe159⤵
-
\??\c:\rlllxfl.exec:\rlllxfl.exe160⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe161⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe162⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe163⤵
-
\??\c:\llrffrr.exec:\llrffrr.exe164⤵
-
\??\c:\tthntt.exec:\tthntt.exe165⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe166⤵
-
\??\c:\1rllllx.exec:\1rllllx.exe167⤵
-
\??\c:\llrlrxr.exec:\llrlrxr.exe168⤵
-
\??\c:\1bthhn.exec:\1bthhn.exe169⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe170⤵
-
\??\c:\rfrlxll.exec:\rfrlxll.exe171⤵
-
\??\c:\bbthnh.exec:\bbthnh.exe172⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe173⤵
-
\??\c:\fffflrf.exec:\fffflrf.exe174⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe175⤵
-
\??\c:\pdppv.exec:\pdppv.exe176⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe177⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe178⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe179⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe180⤵
-
\??\c:\7vppd.exec:\7vppd.exe181⤵
-
\??\c:\7rrxllx.exec:\7rrxllx.exe182⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe183⤵
-
\??\c:\xxrxrrl.exec:\xxrxrrl.exe184⤵
-
\??\c:\nbnbbn.exec:\nbnbbn.exe185⤵
-
\??\c:\nttntn.exec:\nttntn.exe186⤵
-
\??\c:\7vvdp.exec:\7vvdp.exe187⤵
-
\??\c:\lxxrrfl.exec:\lxxrrfl.exe188⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe189⤵
-
\??\c:\7tnttb.exec:\7tnttb.exe190⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe191⤵
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe192⤵
-
\??\c:\bhbhbh.exec:\bhbhbh.exe193⤵
-
\??\c:\7fxxflr.exec:\7fxxflr.exe194⤵
-
\??\c:\vdddp.exec:\vdddp.exe195⤵
-
\??\c:\frxrrll.exec:\frxrrll.exe196⤵
-
\??\c:\5ntthn.exec:\5ntthn.exe197⤵
-
\??\c:\7rrlxxx.exec:\7rrlxxx.exe198⤵
-
\??\c:\rllxfrl.exec:\rllxfrl.exe199⤵
-
\??\c:\dppjd.exec:\dppjd.exe200⤵
-
\??\c:\frfxfrx.exec:\frfxfrx.exe201⤵
-
\??\c:\bbnhht.exec:\bbnhht.exe202⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe203⤵
-
\??\c:\1xfxllr.exec:\1xfxllr.exe204⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe205⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe206⤵
-
\??\c:\djvpp.exec:\djvpp.exe207⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe208⤵
-
\??\c:\dddpj.exec:\dddpj.exe209⤵
-
\??\c:\ppddd.exec:\ppddd.exe210⤵
-
\??\c:\llxfrrf.exec:\llxfrrf.exe211⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe212⤵
-
\??\c:\vddjp.exec:\vddjp.exe213⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe214⤵
-
\??\c:\dddvp.exec:\dddvp.exe215⤵
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe216⤵
-
\??\c:\hbtbht.exec:\hbtbht.exe217⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe218⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe219⤵
-
\??\c:\rxlfrrx.exec:\rxlfrrx.exe220⤵
-
\??\c:\frffllf.exec:\frffllf.exe221⤵
-
\??\c:\bhbbht.exec:\bhbbht.exe222⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe223⤵
-
\??\c:\7vppd.exec:\7vppd.exe224⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe225⤵
-
\??\c:\1rflfrx.exec:\1rflfrx.exe226⤵
-
\??\c:\3tbbth.exec:\3tbbth.exe227⤵
-
\??\c:\7bthnt.exec:\7bthnt.exe228⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe229⤵
-
\??\c:\7btbnt.exec:\7btbnt.exe230⤵
-
\??\c:\3hhbbh.exec:\3hhbbh.exe231⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe232⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe233⤵
-
\??\c:\frrllxx.exec:\frrllxx.exe234⤵
-
\??\c:\lfllrrr.exec:\lfllrrr.exe235⤵
-
\??\c:\nhthhn.exec:\nhthhn.exe236⤵
-
\??\c:\bhhnnb.exec:\bhhnnb.exe237⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe238⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe239⤵
-
\??\c:\xxrfllr.exec:\xxrfllr.exe240⤵