Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
01-07-2024 14:17
General
-
Target
57d8a826b9abf3ffce55ceccc115cee834d43b0a2286975d0685526a7cf8465e_NeikiAnalytics.exe
-
Size
164KB
-
MD5
48980abad55cb02a25a723a4344d25e0
-
SHA1
1468663d38d9db614f08dbaae273fb4ea9acfa5e
-
SHA256
57d8a826b9abf3ffce55ceccc115cee834d43b0a2286975d0685526a7cf8465e
-
SHA512
d7b3030bf00bdb8c4138d3641b944230e81f8f90f78c5d909d6f4f65b1de4f8573f5b16612bb3f8c2a966c95b5dbf9cb1fd31abf60de74ecee5af9b49c93c8cb
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPJFk:xcm4FmowdHoSgWrXF5lpKGYV0wh6Je
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\57d8a826b9abf3ffce55ceccc115cee834d43b0a2286975d0685526a7cf8465e_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\57d8a826b9abf3ffce55ceccc115cee834d43b0a2286975d0685526a7cf8465e_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxflr.exec:\lfxxflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhtt.exec:\htbhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvvj.exec:\7dvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thnnt.exec:\5thnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbbb.exec:\tttbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvj.exec:\jvjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxfrx.exec:\1xrxfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bntnb.exec:\5bntnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjp.exec:\7pdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrllrr.exec:\9lrllrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxllr.exec:\fxlxllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbh.exec:\ttnnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbb.exec:\hhtnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflfl.exec:\rlxflfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\bhhbbh.exec:\bhhbbh.exe18⤵
- Executes dropped EXE
-
\??\c:\bbthhh.exec:\bbthhh.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe20⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe21⤵
- Executes dropped EXE
-
\??\c:\xrrlxlf.exec:\xrrlxlf.exe22⤵
- Executes dropped EXE
-
\??\c:\5xlxfxf.exec:\5xlxfxf.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhbhn.exec:\nnhbhn.exe24⤵
- Executes dropped EXE
-
\??\c:\1bntbb.exec:\1bntbb.exe25⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxrxff.exec:\xrxrxff.exe27⤵
- Executes dropped EXE
-
\??\c:\rfflxxf.exec:\rfflxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\btntth.exec:\btntth.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtnnt.exec:\nhtnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrxrrf.exec:\xxrxrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\5lffffl.exec:\5lffffl.exe34⤵
- Executes dropped EXE
-
\??\c:\9bhnbt.exec:\9bhnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\nhnbnt.exec:\nhnbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\3vvjp.exec:\3vvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\3rlxlrf.exec:\3rlxlrf.exe38⤵
- Executes dropped EXE
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhbhh.exec:\bnhbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe43⤵
- Executes dropped EXE
-
\??\c:\9vjpj.exec:\9vjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\3jdjp.exec:\3jdjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrflxx.exec:\rfrflxx.exe46⤵
- Executes dropped EXE
-
\??\c:\rrrrfxf.exec:\rrrrfxf.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\9nbbhh.exec:\9nbbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\hbnbbb.exec:\hbnbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe52⤵
- Executes dropped EXE
-
\??\c:\7llxllf.exec:\7llxllf.exe53⤵
- Executes dropped EXE
-
\??\c:\3rlrlrf.exec:\3rlrlrf.exe54⤵
- Executes dropped EXE
-
\??\c:\5lflrxr.exec:\5lflrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\tnbhhn.exec:\tnbhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe57⤵
- Executes dropped EXE
-
\??\c:\3pjdd.exec:\3pjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe59⤵
- Executes dropped EXE
-
\??\c:\ththnn.exec:\ththnn.exe60⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe61⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe62⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe63⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe65⤵
- Executes dropped EXE
-
\??\c:\rfrrffl.exec:\rfrrffl.exe66⤵
-
\??\c:\rlflrfr.exec:\rlflrfr.exe67⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe68⤵
-
\??\c:\ddddp.exec:\ddddp.exe69⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe70⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe71⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe72⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe73⤵
-
\??\c:\lxrlrlr.exec:\lxrlrlr.exe74⤵
-
\??\c:\7httbh.exec:\7httbh.exe75⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe76⤵
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe77⤵
-
\??\c:\7frrllr.exec:\7frrllr.exe78⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe79⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe80⤵
-
\??\c:\3rlfrlr.exec:\3rlfrlr.exe81⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe82⤵
-
\??\c:\9bttbb.exec:\9bttbb.exe83⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe84⤵
-
\??\c:\rflrfxl.exec:\rflrfxl.exe85⤵
-
\??\c:\5nthtb.exec:\5nthtb.exe86⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe87⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe88⤵
-
\??\c:\xlfflrr.exec:\xlfflrr.exe89⤵
-
\??\c:\tnhtth.exec:\tnhtth.exe90⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe91⤵
-
\??\c:\vpddj.exec:\vpddj.exe92⤵
-
\??\c:\7lfflrf.exec:\7lfflrf.exe93⤵
-
\??\c:\9rlrllr.exec:\9rlrllr.exe94⤵
-
\??\c:\hbtbbh.exec:\hbtbbh.exe95⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe96⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe97⤵
-
\??\c:\5xllxrx.exec:\5xllxrx.exe98⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe99⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe100⤵
-
\??\c:\1nhhth.exec:\1nhhth.exe101⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe102⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe103⤵
-
\??\c:\lllxxxf.exec:\lllxxxf.exe104⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe105⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe106⤵
-
\??\c:\dvddv.exec:\dvddv.exe107⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe108⤵
-
\??\c:\fffrllx.exec:\fffrllx.exe109⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe110⤵
-
\??\c:\hhntnb.exec:\hhntnb.exe111⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe112⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe113⤵
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe114⤵
-
\??\c:\3thtnt.exec:\3thtnt.exe115⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe116⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe117⤵
-
\??\c:\rlrxrrx.exec:\rlrxrrx.exe118⤵
-
\??\c:\lfxlxxf.exec:\lfxlxxf.exe119⤵
-
\??\c:\9hhnhn.exec:\9hhnhn.exe120⤵
-
\??\c:\9hbntt.exec:\9hbntt.exe121⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe122⤵
-
\??\c:\9lrxllr.exec:\9lrxllr.exe123⤵
-
\??\c:\frxlxxf.exec:\frxlxxf.exe124⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe125⤵
-
\??\c:\btbntt.exec:\btbntt.exe126⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe127⤵
-
\??\c:\jddjj.exec:\jddjj.exe128⤵
-
\??\c:\7rffflr.exec:\7rffflr.exe129⤵
-
\??\c:\bnbntn.exec:\bnbntn.exe130⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe131⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe132⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe133⤵
-
\??\c:\7rrllrr.exec:\7rrllrr.exe134⤵
-
\??\c:\5tnbnn.exec:\5tnbnn.exe135⤵
-
\??\c:\hththn.exec:\hththn.exe136⤵
-
\??\c:\1vpdj.exec:\1vpdj.exe137⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe138⤵
-
\??\c:\lfrflrf.exec:\lfrflrf.exe139⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe140⤵
-
\??\c:\thbhht.exec:\thbhht.exe141⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe142⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe143⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe144⤵
-
\??\c:\frxxrlf.exec:\frxxrlf.exe145⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe146⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe147⤵
-
\??\c:\ddpvv.exec:\ddpvv.exe148⤵
-
\??\c:\rfllxrf.exec:\rfllxrf.exe149⤵
-
\??\c:\xlfrrfl.exec:\xlfrrfl.exe150⤵
-
\??\c:\tththn.exec:\tththn.exe151⤵
-
\??\c:\7hhttn.exec:\7hhttn.exe152⤵
-
\??\c:\ppppj.exec:\ppppj.exe153⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe154⤵
-
\??\c:\rffxrxf.exec:\rffxrxf.exe155⤵
-
\??\c:\lfxllrr.exec:\lfxllrr.exe156⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe157⤵
-
\??\c:\3htttb.exec:\3htttb.exe158⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe159⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe160⤵
-
\??\c:\frxxflr.exec:\frxxflr.exe161⤵
-
\??\c:\rxfxfff.exec:\rxfxfff.exe162⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe163⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe164⤵
-
\??\c:\9jddj.exec:\9jddj.exe165⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe166⤵
-
\??\c:\rrrrfrl.exec:\rrrrfrl.exe167⤵
-
\??\c:\rlrxlfl.exec:\rlrxlfl.exe168⤵
-
\??\c:\htbttn.exec:\htbttn.exe169⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe170⤵
-
\??\c:\lxfffxf.exec:\lxfffxf.exe171⤵
-
\??\c:\5xrlrxl.exec:\5xrlrxl.exe172⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe173⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe174⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe175⤵
-
\??\c:\jddjv.exec:\jddjv.exe176⤵
-
\??\c:\1fflrrf.exec:\1fflrrf.exe177⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe178⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe179⤵
-
\??\c:\1rxfllf.exec:\1rxfllf.exe180⤵
-
\??\c:\rflxffl.exec:\rflxffl.exe181⤵
-
\??\c:\3htbnn.exec:\3htbnn.exe182⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe183⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe184⤵
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe185⤵
-
\??\c:\lxlxlfl.exec:\lxlxlfl.exe186⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe187⤵
-
\??\c:\bnthnt.exec:\bnthnt.exe188⤵
-
\??\c:\1pvdd.exec:\1pvdd.exe189⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe190⤵
-
\??\c:\xllrrff.exec:\xllrrff.exe191⤵
-
\??\c:\1rfxrrr.exec:\1rfxrrr.exe192⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe193⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe194⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe195⤵
-
\??\c:\lxxrxrx.exec:\lxxrxrx.exe196⤵
-
\??\c:\fxfrfll.exec:\fxfrfll.exe197⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe198⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe199⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe200⤵
-
\??\c:\pdddj.exec:\pdddj.exe201⤵
-
\??\c:\xrxrxfr.exec:\xrxrxfr.exe202⤵
-
\??\c:\9rrrlll.exec:\9rrrlll.exe203⤵
-
\??\c:\3nnhnn.exec:\3nnhnn.exe204⤵
-
\??\c:\hbthnh.exec:\hbthnh.exe205⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe206⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe207⤵
-
\??\c:\ffrxflr.exec:\ffrxflr.exe208⤵
-
\??\c:\5fxxxrx.exec:\5fxxxrx.exe209⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe210⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe211⤵
-
\??\c:\7vjpv.exec:\7vjpv.exe212⤵
-
\??\c:\xxllllx.exec:\xxllllx.exe213⤵
-
\??\c:\xxlxfrx.exec:\xxlxfrx.exe214⤵
-
\??\c:\ttnhtb.exec:\ttnhtb.exe215⤵
-
\??\c:\nbnbhn.exec:\nbnbhn.exe216⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe217⤵
-
\??\c:\xlxrrll.exec:\xlxrrll.exe218⤵
-
\??\c:\rllrfrx.exec:\rllrfrx.exe219⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe220⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe221⤵
-
\??\c:\vvpdd.exec:\vvpdd.exe222⤵
-
\??\c:\9pdjp.exec:\9pdjp.exe223⤵
-
\??\c:\1flxxfl.exec:\1flxxfl.exe224⤵
-
\??\c:\xfxlxrr.exec:\xfxlxrr.exe225⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe226⤵
-
\??\c:\hhbhtb.exec:\hhbhtb.exe227⤵
-
\??\c:\vppdj.exec:\vppdj.exe228⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe229⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe230⤵
-
\??\c:\9xllrrx.exec:\9xllrrx.exe231⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe232⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe233⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe234⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe235⤵
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe236⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe237⤵
-
\??\c:\1hthht.exec:\1hthht.exe238⤵
-
\??\c:\7jpvv.exec:\7jpvv.exe239⤵
-
\??\c:\pppjd.exec:\pppjd.exe240⤵