Analysis
-
max time kernel
75s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
01-07-2024 12:30
General
-
Target
5275b72dd94be854a84b4f459ecdeb0eaef34e8eb98129851ecd47b26094b72a_NeikiAnalytics.exe
-
Size
106KB
-
MD5
d62550fade1871016b8574dc0ea5dc60
-
SHA1
80bc06c7bbfe780d0de1a96504a7545e383f6e49
-
SHA256
5275b72dd94be854a84b4f459ecdeb0eaef34e8eb98129851ecd47b26094b72a
-
SHA512
45160dbe60de01ac982e79d0120e974ff41c7d6578dffddc92efeef67635145df91a11f9b6387f28b6f570f3508479a9f58dacac73704a61af59969c699374ee
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJN75:ymb3NkkiQ3mdBjFo5KDe88g1fD75
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5275b72dd94be854a84b4f459ecdeb0eaef34e8eb98129851ecd47b26094b72a_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5275b72dd94be854a84b4f459ecdeb0eaef34e8eb98129851ecd47b26094b72a_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjjv.exec:\3pjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnth.exec:\nhtnth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vppp.exec:\9vppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrrr.exec:\fxxlrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrrl.exec:\ffrrrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnt.exec:\bhnnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnnbb.exec:\5tnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdp.exec:\dvvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffffr.exec:\fxffffr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthnt.exec:\hnthnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntb.exec:\hbnntb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjvp.exec:\1pjvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdpv.exec:\dpdpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxflr.exec:\xrfxflr.exe17⤵
- Executes dropped EXE
-
\??\c:\lflxrxl.exec:\lflxrxl.exe18⤵
- Executes dropped EXE
-
\??\c:\xxrlrfr.exec:\xxrlrfr.exe19⤵
- Executes dropped EXE
-
\??\c:\7tntbh.exec:\7tntbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe21⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\3lfrlxl.exec:\3lfrlxl.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxxrx.exec:\rlfxxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\nhbntt.exec:\nhbntt.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvjj.exec:\vjvjj.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxffrxl.exec:\fxffrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\lrlxflf.exec:\lrlxflf.exe30⤵
- Executes dropped EXE
-
\??\c:\nntnth.exec:\nntnth.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtbtb.exec:\hhtbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\llllrrr.exec:\llllrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\xfrrrrx.exec:\xfrrrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\xfxllrl.exec:\xfxllrl.exe38⤵
- Executes dropped EXE
-
\??\c:\hnttbh.exec:\hnttbh.exe39⤵
- Executes dropped EXE
-
\??\c:\bbhttn.exec:\bbhttn.exe40⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe41⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\llrxrxr.exec:\llrxrxr.exe44⤵
- Executes dropped EXE
-
\??\c:\1rrxrrf.exec:\1rrxrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\1rrxrrl.exec:\1rrxrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbtht.exec:\tnbtht.exe47⤵
- Executes dropped EXE
-
\??\c:\btbhbh.exec:\btbhbh.exe48⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe50⤵
- Executes dropped EXE
-
\??\c:\5fxlflx.exec:\5fxlflx.exe51⤵
- Executes dropped EXE
-
\??\c:\thbhtb.exec:\thbhtb.exe52⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe54⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\frlrxlr.exec:\frlrxlr.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\1lxfxxr.exec:\1lxfxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxlrflr.exec:\fxlrflr.exe64⤵
- Executes dropped EXE
-
\??\c:\7bhtth.exec:\7bhtth.exe65⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe66⤵
-
\??\c:\lfxlflx.exec:\lfxlflx.exe67⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe68⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe69⤵
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe70⤵
-
\??\c:\1thtbh.exec:\1thtbh.exe71⤵
-
\??\c:\xrflrxl.exec:\xrflrxl.exe72⤵
-
\??\c:\fxlflrx.exec:\fxlflrx.exe73⤵
-
\??\c:\hnhbbn.exec:\hnhbbn.exe74⤵
-
\??\c:\pjppj.exec:\pjppj.exe75⤵
-
\??\c:\lflrxxl.exec:\lflrxxl.exe76⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe77⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe78⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe79⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe80⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe81⤵
-
\??\c:\3jpdp.exec:\3jpdp.exe82⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe83⤵
-
\??\c:\lrrlfll.exec:\lrrlfll.exe84⤵
-
\??\c:\llrrrxr.exec:\llrrrxr.exe85⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe86⤵
-
\??\c:\3hthbb.exec:\3hthbb.exe87⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe88⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe89⤵
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe90⤵
-
\??\c:\xxlflrf.exec:\xxlflrf.exe91⤵
-
\??\c:\hhbhbn.exec:\hhbhbn.exe92⤵
-
\??\c:\3hbbnn.exec:\3hbbnn.exe93⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe94⤵
-
\??\c:\llflxfl.exec:\llflxfl.exe95⤵
-
\??\c:\7xlrllx.exec:\7xlrllx.exe96⤵
-
\??\c:\nnthnt.exec:\nnthnt.exe97⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe98⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe99⤵
-
\??\c:\ffflrfl.exec:\ffflrfl.exe100⤵
-
\??\c:\lfrrflr.exec:\lfrrflr.exe101⤵
-
\??\c:\htbntn.exec:\htbntn.exe102⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe103⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe104⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe105⤵
-
\??\c:\xrrrxrl.exec:\xrrrxrl.exe106⤵
-
\??\c:\rrxxlll.exec:\rrxxlll.exe107⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe108⤵
-
\??\c:\9hthtt.exec:\9hthtt.exe109⤵
-
\??\c:\3ppjp.exec:\3ppjp.exe110⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe111⤵
-
\??\c:\rrrrrrf.exec:\rrrrrrf.exe112⤵
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe113⤵
-
\??\c:\nnthnh.exec:\nnthnh.exe114⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe115⤵
-
\??\c:\jddjp.exec:\jddjp.exe116⤵
-
\??\c:\1xrfxfl.exec:\1xrfxfl.exe117⤵
-
\??\c:\xfxllfr.exec:\xfxllfr.exe118⤵
-
\??\c:\hbnhbh.exec:\hbnhbh.exe119⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe120⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe121⤵
-
\??\c:\7jjvd.exec:\7jjvd.exe122⤵
-
\??\c:\7llrrfr.exec:\7llrrfr.exe123⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe124⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe125⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe126⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe127⤵
-
\??\c:\xrxrxlx.exec:\xrxrxlx.exe128⤵
-
\??\c:\flllfrr.exec:\flllfrr.exe129⤵
-
\??\c:\5ttbnt.exec:\5ttbnt.exe130⤵
-
\??\c:\tnhhth.exec:\tnhhth.exe131⤵
-
\??\c:\vvddj.exec:\vvddj.exe132⤵
-
\??\c:\llllrxl.exec:\llllrxl.exe133⤵
-
\??\c:\ffxlfrl.exec:\ffxlfrl.exe134⤵
-
\??\c:\7tnhhh.exec:\7tnhhh.exe135⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe136⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe137⤵
-
\??\c:\xrrxfrf.exec:\xrrxfrf.exe138⤵
-
\??\c:\rrrrfrl.exec:\rrrrfrl.exe139⤵
-
\??\c:\tbttht.exec:\tbttht.exe140⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe141⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe142⤵
-
\??\c:\dvppd.exec:\dvppd.exe143⤵
-
\??\c:\fxflrfl.exec:\fxflrfl.exe144⤵
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe145⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe146⤵
-
\??\c:\1httnt.exec:\1httnt.exe147⤵
-
\??\c:\vddjj.exec:\vddjj.exe148⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe149⤵
-
\??\c:\ffllflx.exec:\ffllflx.exe150⤵
-
\??\c:\llxlrxl.exec:\llxlrxl.exe151⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe152⤵
-
\??\c:\htbtbn.exec:\htbtbn.exe153⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe154⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe155⤵
-
\??\c:\7xlrxlx.exec:\7xlrxlx.exe156⤵
-
\??\c:\rrrxlxr.exec:\rrrxlxr.exe157⤵
-
\??\c:\nthtnt.exec:\nthtnt.exe158⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe159⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe160⤵
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe161⤵
-
\??\c:\3rxxffl.exec:\3rxxffl.exe162⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe163⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe164⤵
-
\??\c:\1pvvj.exec:\1pvvj.exe165⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe166⤵
-
\??\c:\1rlrfrf.exec:\1rlrfrf.exe167⤵
-
\??\c:\rrfrfrx.exec:\rrfrfrx.exe168⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe169⤵
-
\??\c:\hbntbt.exec:\hbntbt.exe170⤵
-
\??\c:\vpddp.exec:\vpddp.exe171⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe172⤵
-
\??\c:\xxrfrrl.exec:\xxrfrrl.exe173⤵
-
\??\c:\fxxlffx.exec:\fxxlffx.exe174⤵
-
\??\c:\tbhnbh.exec:\tbhnbh.exe175⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe176⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe177⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe178⤵
-
\??\c:\rrfxlrf.exec:\rrfxlrf.exe179⤵
-
\??\c:\fxfrflx.exec:\fxfrflx.exe180⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe181⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe182⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe183⤵
-
\??\c:\llfrflf.exec:\llfrflf.exe184⤵
-
\??\c:\rlxlxfl.exec:\rlxlxfl.exe185⤵
-
\??\c:\ttbhnb.exec:\ttbhnb.exe186⤵
-
\??\c:\bttthh.exec:\bttthh.exe187⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe188⤵
-
\??\c:\rlxfxlf.exec:\rlxfxlf.exe189⤵
-
\??\c:\1bnbtb.exec:\1bnbtb.exe190⤵
-
\??\c:\ttthtt.exec:\ttthtt.exe191⤵
-
\??\c:\dddpv.exec:\dddpv.exe192⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe193⤵
-
\??\c:\9lfrffr.exec:\9lfrffr.exe194⤵
-
\??\c:\xlrrrrf.exec:\xlrrrrf.exe195⤵
-
\??\c:\nnntht.exec:\nnntht.exe196⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe197⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe198⤵
-
\??\c:\9rffrfr.exec:\9rffrfr.exe199⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe200⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe201⤵
-
\??\c:\nnhttt.exec:\nnhttt.exe202⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe203⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe204⤵
-
\??\c:\1lffxfl.exec:\1lffxfl.exe205⤵
-
\??\c:\fflrllx.exec:\fflrllx.exe206⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe207⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe208⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe209⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe210⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe211⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe212⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe213⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe214⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe215⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe216⤵
-
\??\c:\xrrfxxl.exec:\xrrfxxl.exe217⤵
-
\??\c:\bhhtbh.exec:\bhhtbh.exe218⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe219⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe220⤵
-
\??\c:\9rxfrlx.exec:\9rxfrlx.exe221⤵
-
\??\c:\llfrfll.exec:\llfrfll.exe222⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe223⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe224⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe225⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe226⤵
-
\??\c:\xrrxlxf.exec:\xrrxlxf.exe227⤵
-
\??\c:\lfrlrff.exec:\lfrlrff.exe228⤵
-
\??\c:\hhtbnt.exec:\hhtbnt.exe229⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe230⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe231⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe232⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe233⤵
-
\??\c:\rrfxrrf.exec:\rrfxrrf.exe234⤵
-
\??\c:\bhbtth.exec:\bhbtth.exe235⤵
-
\??\c:\7bhhnb.exec:\7bhhnb.exe236⤵
-
\??\c:\pppdv.exec:\pppdv.exe237⤵
-
\??\c:\ppppj.exec:\ppppj.exe238⤵
-
\??\c:\vjddd.exec:\vjddd.exe239⤵
-
\??\c:\lflxrxf.exec:\lflxrxf.exe240⤵