Analysis
-
max time kernel
149s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 22:32
General
-
Target
142e704ba00d3ffc8fe807fda3ce7bf0_NeikiAnalytics.exe
-
Size
67KB
-
MD5
142e704ba00d3ffc8fe807fda3ce7bf0
-
SHA1
86ae03ec961c73b621e8655d5069f16607ab7dab
-
SHA256
bfe70eb1cbe1850394c36a5f0666ee3b1547a1918ce483f43cc2d8375453d359
-
SHA512
374938b97b7f0d7acc47cc915ba021157c2e480ed8a87e8784ecaea1544afd246db9a93e370fa2526d4a64ee315f91d984f8591a7b19ef24079838bd18569f7d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIz:ymb3NkkiQ3mdBjFIFdJ8bb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\142e704ba00d3ffc8fe807fda3ce7bf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\142e704ba00d3ffc8fe807fda3ce7bf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpp.exec:\vjvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlrr.exec:\ffrrlrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllrx.exec:\fllllrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbh.exec:\bnbbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrrrr.exec:\1rxrrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfrlr.exec:\xflfrlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvd.exec:\jddvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjj.exec:\jvdjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtbt.exec:\btbtbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbbnn.exec:\3hbbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrffx.exec:\xrxrffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbbb.exec:\3tbbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbbh.exec:\hhbbbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppj.exec:\9pppj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxxrx.exec:\rrlxxrx.exe23⤵
- Executes dropped EXE
-
\??\c:\fflffrl.exec:\fflffrl.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe26⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\tnttbt.exec:\tnttbt.exe29⤵
- Executes dropped EXE
-
\??\c:\7bnhbn.exec:\7bnhbn.exe30⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\llllffr.exec:\llllffr.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\5htnnn.exec:\5htnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\9flffff.exec:\9flffff.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\fflxflr.exec:\fflxflr.exe41⤵
- Executes dropped EXE
-
\??\c:\5nbhhb.exec:\5nbhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\fffxffx.exec:\fffxffx.exe45⤵
- Executes dropped EXE
-
\??\c:\tttttn.exec:\tttttn.exe46⤵
- Executes dropped EXE
-
\??\c:\hthnhn.exec:\hthnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\flrrrrl.exec:\flrrrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\bththn.exec:\bththn.exe52⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrflxl.exec:\xlrflxl.exe54⤵
- Executes dropped EXE
-
\??\c:\9lllfff.exec:\9lllfff.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhtnh.exec:\nnhtnh.exe56⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\fflfllr.exec:\fflfllr.exe59⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\nbtthn.exec:\nbtthn.exe61⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe63⤵
- Executes dropped EXE
-
\??\c:\llrlflf.exec:\llrlflf.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe66⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe67⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe68⤵
-
\??\c:\lrxrlff.exec:\lrxrlff.exe69⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe70⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe71⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe72⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe73⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe74⤵
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe75⤵
-
\??\c:\lrxlfxx.exec:\lrxlfxx.exe76⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe77⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe78⤵
-
\??\c:\djvjp.exec:\djvjp.exe79⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe80⤵
-
\??\c:\rlllllr.exec:\rlllllr.exe81⤵
-
\??\c:\llfxffl.exec:\llfxffl.exe82⤵
-
\??\c:\nntnbh.exec:\nntnbh.exe83⤵
-
\??\c:\dpddd.exec:\dpddd.exe84⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe85⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe86⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe87⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe88⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe89⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe90⤵
-
\??\c:\1xxffrx.exec:\1xxffrx.exe91⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe92⤵
-
\??\c:\xlrlffl.exec:\xlrlffl.exe93⤵
-
\??\c:\rflrlrl.exec:\rflrlrl.exe94⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe95⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe96⤵
-
\??\c:\jpddd.exec:\jpddd.exe97⤵
-
\??\c:\djppp.exec:\djppp.exe98⤵
-
\??\c:\lrxflll.exec:\lrxflll.exe99⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe100⤵
-
\??\c:\hbnttn.exec:\hbnttn.exe101⤵
-
\??\c:\vppjd.exec:\vppjd.exe102⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe103⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe104⤵
-
\??\c:\fxfxffx.exec:\fxfxffx.exe105⤵
-
\??\c:\9tbbtt.exec:\9tbbtt.exe106⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe107⤵
-
\??\c:\pdddv.exec:\pdddv.exe108⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe109⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe110⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe111⤵
-
\??\c:\9hnnhn.exec:\9hnnhn.exe112⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe113⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe114⤵
-
\??\c:\rlrfxxx.exec:\rlrfxxx.exe115⤵
-
\??\c:\rlfffff.exec:\rlfffff.exe116⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe117⤵
-
\??\c:\5bhhbh.exec:\5bhhbh.exe118⤵
-
\??\c:\tbbnnb.exec:\tbbnnb.exe119⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe120⤵
-
\??\c:\lllrlxr.exec:\lllrlxr.exe121⤵
-
\??\c:\3llfxxr.exec:\3llfxxr.exe122⤵
-
\??\c:\5hnhbn.exec:\5hnhbn.exe123⤵
-
\??\c:\9nthhn.exec:\9nthhn.exe124⤵
-
\??\c:\ddddv.exec:\ddddv.exe125⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe126⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe127⤵
-
\??\c:\fxxrlfl.exec:\fxxrlfl.exe128⤵
-
\??\c:\1xrrrrl.exec:\1xrrrrl.exe129⤵
-
\??\c:\3tnhbh.exec:\3tnhbh.exe130⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe131⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe132⤵
-
\??\c:\frlllff.exec:\frlllff.exe133⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe134⤵
-
\??\c:\1tbbbh.exec:\1tbbbh.exe135⤵
-
\??\c:\9tbhbn.exec:\9tbhbn.exe136⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe137⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe138⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe139⤵
-
\??\c:\tbtbbb.exec:\tbtbbb.exe140⤵
-
\??\c:\htttnn.exec:\htttnn.exe141⤵
-
\??\c:\vppvp.exec:\vppvp.exe142⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe143⤵
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe144⤵
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe145⤵
-
\??\c:\frxrxxr.exec:\frxrxxr.exe146⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe147⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe148⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe149⤵
-
\??\c:\9llfffx.exec:\9llfffx.exe150⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe151⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe152⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe153⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe154⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe155⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe156⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe157⤵
-
\??\c:\lrllrrl.exec:\lrllrrl.exe158⤵
-
\??\c:\tttnth.exec:\tttnth.exe159⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe160⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe161⤵
-
\??\c:\djjjd.exec:\djjjd.exe162⤵
-
\??\c:\xxffffr.exec:\xxffffr.exe163⤵
-
\??\c:\nbhbtb.exec:\nbhbtb.exe164⤵
-
\??\c:\jjppj.exec:\jjppj.exe165⤵
-
\??\c:\llflxfl.exec:\llflxfl.exe166⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe167⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe168⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe169⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe170⤵
-
\??\c:\llrflxf.exec:\llrflxf.exe171⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe172⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe173⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe174⤵
-
\??\c:\9bbbhn.exec:\9bbbhn.exe175⤵
-
\??\c:\nnnbtn.exec:\nnnbtn.exe176⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe177⤵
-
\??\c:\ntbnnt.exec:\ntbnnt.exe178⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe179⤵
-
\??\c:\5djvp.exec:\5djvp.exe180⤵
-
\??\c:\5rfxffl.exec:\5rfxffl.exe181⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe182⤵
-
\??\c:\7thbhb.exec:\7thbhb.exe183⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe184⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe185⤵
-
\??\c:\7vppj.exec:\7vppj.exe186⤵
-
\??\c:\xflffff.exec:\xflffff.exe187⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe188⤵
-
\??\c:\htnbnn.exec:\htnbnn.exe189⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe190⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe191⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe192⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe193⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe194⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe195⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe196⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe197⤵
-
\??\c:\ffrllfx.exec:\ffrllfx.exe198⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe199⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe200⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe201⤵
-
\??\c:\dppjj.exec:\dppjj.exe202⤵
-
\??\c:\rlfrllf.exec:\rlfrllf.exe203⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe204⤵
-
\??\c:\7nhhnn.exec:\7nhhnn.exe205⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe206⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe207⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe208⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe209⤵
-
\??\c:\5xxxrrl.exec:\5xxxrrl.exe210⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe211⤵
-
\??\c:\djvjj.exec:\djvjj.exe212⤵
-
\??\c:\1jpjp.exec:\1jpjp.exe213⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe214⤵
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe215⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe216⤵
-
\??\c:\9hnnnt.exec:\9hnnnt.exe217⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe218⤵
-
\??\c:\1pjjd.exec:\1pjjd.exe219⤵
-
\??\c:\xrllfll.exec:\xrllfll.exe220⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe221⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe222⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe223⤵
-
\??\c:\xrllxlr.exec:\xrllxlr.exe224⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe225⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe226⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe227⤵
-
\??\c:\fxxrrff.exec:\fxxrrff.exe228⤵
-
\??\c:\1llllff.exec:\1llllff.exe229⤵
-
\??\c:\1thnbb.exec:\1thnbb.exe230⤵
-
\??\c:\1httbh.exec:\1httbh.exe231⤵
-
\??\c:\7djjd.exec:\7djjd.exe232⤵
-
\??\c:\xrlxrrf.exec:\xrlxrrf.exe233⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe234⤵
-
\??\c:\jvppv.exec:\jvppv.exe235⤵
-
\??\c:\rxrlfff.exec:\rxrlfff.exe236⤵
-
\??\c:\9tbnnt.exec:\9tbnnt.exe237⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe238⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe239⤵
-
\??\c:\frrllrx.exec:\frrllrx.exe240⤵
-
\??\c:\lrfxflr.exec:\lrfxflr.exe241⤵