Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 22:11
General
-
Target
0f431180be0c7c4357491476ed94d7b0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
0f431180be0c7c4357491476ed94d7b0
-
SHA1
d29a54b7f083747ce10a2aa1d9abbd2b4c631457
-
SHA256
9e7863abb5f571df1ac60202680f845c9234f85da7b98c803c3e927a1393031d
-
SHA512
c6642addb027413ea286b503fb45ce704917718093a6275d5ac6f706ded3506251b3948c9f321b88a1d4fa80b0ecfeec0ab0139bdbcb9dbad8e382f567be36d3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrAP:ymb3NkkiQ3mdBjFIIp9L9QrrAP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f431180be0c7c4357491476ed94d7b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f431180be0c7c4357491476ed94d7b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnn.exec:\btbbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrffr.exec:\llxrffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htnhh.exec:\1htnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlff.exec:\xlxrlff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnt.exec:\tnnhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdv.exec:\7jjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfffx.exec:\fxlfffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthhh.exec:\nhthhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffflxf.exec:\xffflxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbb.exec:\hnhhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvjd.exec:\5pvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xflffx.exec:\1xflffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbttb.exec:\3bbttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnht.exec:\nnnnht.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdv.exec:\9jpdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffll.exec:\fflffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe26⤵
- Executes dropped EXE
-
\??\c:\3pjjd.exec:\3pjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xrrffff.exec:\xrrffff.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\xffllrl.exec:\xffllrl.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrrfrl.exec:\fxrrfrl.exe34⤵
- Executes dropped EXE
-
\??\c:\1nnhnt.exec:\1nnhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\lrxlxxl.exec:\lrxlxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\ffxrrfr.exec:\ffxrrfr.exe41⤵
- Executes dropped EXE
-
\??\c:\hhtntn.exec:\hhtntn.exe42⤵
- Executes dropped EXE
-
\??\c:\1bnnnn.exec:\1bnnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\1dpdj.exec:\1dpdj.exe44⤵
- Executes dropped EXE
-
\??\c:\9llfffx.exec:\9llfffx.exe45⤵
- Executes dropped EXE
-
\??\c:\flffxxx.exec:\flffxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe48⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe50⤵
- Executes dropped EXE
-
\??\c:\7vvvp.exec:\7vvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rrrrxxf.exec:\rrrrxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\5lxxffr.exec:\5lxxffr.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\9jvvj.exec:\9jvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\jpjpp.exec:\jpjpp.exe60⤵
- Executes dropped EXE
-
\??\c:\lxxrlff.exec:\lxxrlff.exe61⤵
- Executes dropped EXE
-
\??\c:\7bnntt.exec:\7bnntt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe63⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe65⤵
- Executes dropped EXE
-
\??\c:\bbtbbt.exec:\bbtbbt.exe66⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe67⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe68⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe69⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe70⤵
-
\??\c:\7nbhhn.exec:\7nbhhn.exe71⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe72⤵
-
\??\c:\3pdpj.exec:\3pdpj.exe73⤵
-
\??\c:\lfrllff.exec:\lfrllff.exe74⤵
-
\??\c:\1ttttt.exec:\1ttttt.exe75⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe76⤵
-
\??\c:\jppvj.exec:\jppvj.exe77⤵
-
\??\c:\lfxlfrf.exec:\lfxlfrf.exe78⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe79⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe80⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe81⤵
-
\??\c:\bnhnbt.exec:\bnhnbt.exe82⤵
-
\??\c:\btthbh.exec:\btthbh.exe83⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe84⤵
-
\??\c:\rflfrrr.exec:\rflfrrr.exe85⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe86⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe87⤵
-
\??\c:\frlxrrx.exec:\frlxrrx.exe88⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe89⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe90⤵
-
\??\c:\ntthnh.exec:\ntthnh.exe91⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe92⤵
-
\??\c:\1dpvp.exec:\1dpvp.exe93⤵
-
\??\c:\rlxxrll.exec:\rlxxrll.exe94⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe95⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe96⤵
-
\??\c:\9djdp.exec:\9djdp.exe97⤵
-
\??\c:\9rffrxr.exec:\9rffrxr.exe98⤵
-
\??\c:\1tbnbt.exec:\1tbnbt.exe99⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe100⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe101⤵
-
\??\c:\5tbhhn.exec:\5tbhhn.exe102⤵
-
\??\c:\jddvp.exec:\jddvp.exe103⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe104⤵
-
\??\c:\frxxrxf.exec:\frxxrxf.exe105⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe106⤵
-
\??\c:\vppjj.exec:\vppjj.exe107⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe108⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe109⤵
-
\??\c:\7htttb.exec:\7htttb.exe110⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe111⤵
-
\??\c:\9pddv.exec:\9pddv.exe112⤵
-
\??\c:\pjppj.exec:\pjppj.exe113⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe114⤵
-
\??\c:\lllffff.exec:\lllffff.exe115⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe116⤵
-
\??\c:\nbnbbb.exec:\nbnbbb.exe117⤵
-
\??\c:\vjddd.exec:\vjddd.exe118⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe119⤵
-
\??\c:\nnthhn.exec:\nnthhn.exe120⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe121⤵
-
\??\c:\djvvj.exec:\djvvj.exe122⤵
-
\??\c:\1rffxlf.exec:\1rffxlf.exe123⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe124⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe125⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe126⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe127⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe128⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe129⤵
-
\??\c:\lflrxll.exec:\lflrxll.exe130⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe131⤵
-
\??\c:\1jjpj.exec:\1jjpj.exe132⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe133⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe134⤵
-
\??\c:\llllflf.exec:\llllflf.exe135⤵
-
\??\c:\hnbbbb.exec:\hnbbbb.exe136⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe137⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe138⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe139⤵
-
\??\c:\flfflxr.exec:\flfflxr.exe140⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe141⤵
-
\??\c:\bhhhtn.exec:\bhhhtn.exe142⤵
-
\??\c:\jdddp.exec:\jdddp.exe143⤵
-
\??\c:\xlxxllf.exec:\xlxxllf.exe144⤵
-
\??\c:\xrrrxrf.exec:\xrrrxrf.exe145⤵
-
\??\c:\9nttbh.exec:\9nttbh.exe146⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe147⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe148⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe149⤵
-
\??\c:\9flfxff.exec:\9flfxff.exe150⤵
-
\??\c:\rrrffff.exec:\rrrffff.exe151⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe152⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe153⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe154⤵
-
\??\c:\pvddv.exec:\pvddv.exe155⤵
-
\??\c:\ffxrlxr.exec:\ffxrlxr.exe156⤵
-
\??\c:\xrrrfrl.exec:\xrrrfrl.exe157⤵
-
\??\c:\5btnhb.exec:\5btnhb.exe158⤵
-
\??\c:\tbnbbn.exec:\tbnbbn.exe159⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe160⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe161⤵
-
\??\c:\lffffff.exec:\lffffff.exe162⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe163⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe164⤵
-
\??\c:\vppdd.exec:\vppdd.exe165⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe166⤵
-
\??\c:\xfxlxll.exec:\xfxlxll.exe167⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe168⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe169⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe170⤵
-
\??\c:\1dvvv.exec:\1dvvv.exe171⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe172⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe173⤵
-
\??\c:\btttnb.exec:\btttnb.exe174⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe175⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe176⤵
-
\??\c:\frxfxxx.exec:\frxfxxx.exe177⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe178⤵
-
\??\c:\rfrrrfx.exec:\rfrrrfx.exe179⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe180⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe181⤵
-
\??\c:\lffrrff.exec:\lffrrff.exe182⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe183⤵
-
\??\c:\vvddv.exec:\vvddv.exe184⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe185⤵
-
\??\c:\hnhbtb.exec:\hnhbtb.exe186⤵
-
\??\c:\9rfxflf.exec:\9rfxflf.exe187⤵
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe188⤵
-
\??\c:\hbhnbt.exec:\hbhnbt.exe189⤵
-
\??\c:\7pdvp.exec:\7pdvp.exe190⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe191⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe192⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe193⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe194⤵
-
\??\c:\xxllffx.exec:\xxllffx.exe195⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe196⤵
-
\??\c:\tbbbnt.exec:\tbbbnt.exe197⤵
-
\??\c:\7pppj.exec:\7pppj.exe198⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe199⤵
-
\??\c:\rxlfflf.exec:\rxlfflf.exe200⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe201⤵
-
\??\c:\djvpj.exec:\djvpj.exe202⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe203⤵
-
\??\c:\9llfffx.exec:\9llfffx.exe204⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe205⤵
-
\??\c:\jppdd.exec:\jppdd.exe206⤵
-
\??\c:\lfxfxlr.exec:\lfxfxlr.exe207⤵
-
\??\c:\5hnnnb.exec:\5hnnnb.exe208⤵
-
\??\c:\thnbtb.exec:\thnbtb.exe209⤵
-
\??\c:\7pdvp.exec:\7pdvp.exe210⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe211⤵
-
\??\c:\7flfffx.exec:\7flfffx.exe212⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe213⤵
-
\??\c:\btttnn.exec:\btttnn.exe214⤵
-
\??\c:\dppvp.exec:\dppvp.exe215⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe216⤵
-
\??\c:\1llfxxr.exec:\1llfxxr.exe217⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe218⤵
-
\??\c:\9bthhh.exec:\9bthhh.exe219⤵
-
\??\c:\vppjd.exec:\vppjd.exe220⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe221⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe222⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe223⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe224⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe225⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe226⤵
-
\??\c:\1rrrrrr.exec:\1rrrrrr.exe227⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe228⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe229⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe230⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe231⤵
-
\??\c:\5xrlffx.exec:\5xrlffx.exe232⤵
-
\??\c:\xllllll.exec:\xllllll.exe233⤵
-
\??\c:\1bhtnn.exec:\1bhtnn.exe234⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe235⤵
-
\??\c:\vpddj.exec:\vpddj.exe236⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe237⤵
-
\??\c:\3llfxxr.exec:\3llfxxr.exe238⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe239⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe240⤵
-
\??\c:\djvvp.exec:\djvvp.exe241⤵