Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 23:32
General
-
Target
24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe
-
Size
68KB
-
MD5
24ac2341375c9550d2984281bcf9b990
-
SHA1
0e668d664789425b19ca905fe6032c55649938c2
-
SHA256
f94084549bd8f903a0a2f65cd9b20dfcf6d7cf0b2a611a37e721d16aae58d912
-
SHA512
f502e52e898f1d4086892c0b73d120f579eacef148a086f1d43ed72f5680708b033bb2ebe63c182b88ad616384807d9a9e120232c088c191d2b833ab81eec3e5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89r:ymb3NkkiQ3mdBjFIvl358nLA89r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24ac2341375c9550d2984281bcf9b990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3flfxxr.exec:\3flfxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrlfx.exec:\lrrrlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhhh.exec:\3bnhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbh.exec:\tbhhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjj.exec:\5ppjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlff.exec:\xlrrlff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhb.exec:\hbhhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjd.exec:\5vpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfff.exec:\xfllfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxlrxr.exec:\ffxlrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntnh.exec:\bnntnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfff.exec:\rlllfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrx.exec:\rfffxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhbb.exec:\1nhhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhthn.exec:\9nhthn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxfll.exec:\fxxxfll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnnn.exec:\thbnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxxx.exec:\flrfxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrxrrl.exec:\ffrxrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\7pjjj.exec:\7pjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\rfflxff.exec:\rfflxff.exe29⤵
- Executes dropped EXE
-
\??\c:\tbnnnn.exec:\tbnnnn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfrlr.exec:\rllfrlr.exe32⤵
- Executes dropped EXE
-
\??\c:\3bbtnn.exec:\3bbtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe34⤵
- Executes dropped EXE
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbtth.exec:\hbbtth.exe36⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\rrlxxxx.exec:\rrlxxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\rrfrlfx.exec:\rrfrlfx.exe40⤵
- Executes dropped EXE
-
\??\c:\7hhbtb.exec:\7hhbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xllllrl.exec:\xllllrl.exe44⤵
- Executes dropped EXE
-
\??\c:\bbbhhb.exec:\bbbhhb.exe45⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe46⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe47⤵
- Executes dropped EXE
-
\??\c:\lflffxx.exec:\lflffxx.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe49⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe52⤵
- Executes dropped EXE
-
\??\c:\ffffffl.exec:\ffffffl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnbtt.exec:\tnnbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe55⤵
- Executes dropped EXE
-
\??\c:\3jvvp.exec:\3jvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhhht.exec:\nnhhht.exe59⤵
- Executes dropped EXE
-
\??\c:\htnhhh.exec:\htnhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe62⤵
- Executes dropped EXE
-
\??\c:\9xlxllr.exec:\9xlxllr.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbhtn.exec:\hnbhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\nhbhbt.exec:\nhbhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe66⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe67⤵
-
\??\c:\lfllfxf.exec:\lfllfxf.exe68⤵
-
\??\c:\7xrfrfx.exec:\7xrfrfx.exe69⤵
-
\??\c:\nthbnh.exec:\nthbnh.exe70⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe71⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe72⤵
-
\??\c:\lrxxrxx.exec:\lrxxrxx.exe73⤵
-
\??\c:\htbtth.exec:\htbtth.exe74⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe75⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe76⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe77⤵
-
\??\c:\ffffrxx.exec:\ffffrxx.exe78⤵
-
\??\c:\lflrflr.exec:\lflrflr.exe79⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe80⤵
-
\??\c:\3tbtbb.exec:\3tbtbb.exe81⤵
-
\??\c:\pjppv.exec:\pjppv.exe82⤵
-
\??\c:\9pjvv.exec:\9pjvv.exe83⤵
-
\??\c:\xxxrfrx.exec:\xxxrfrx.exe84⤵
-
\??\c:\xxllflf.exec:\xxllflf.exe85⤵
-
\??\c:\5nnhhh.exec:\5nnhhh.exe86⤵
-
\??\c:\vvddd.exec:\vvddd.exe87⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe88⤵
-
\??\c:\xfrxfxf.exec:\xfrxfxf.exe89⤵
-
\??\c:\ttnbbn.exec:\ttnbbn.exe90⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe91⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe92⤵
-
\??\c:\fxfxrff.exec:\fxfxrff.exe93⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe94⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe95⤵
-
\??\c:\ddddv.exec:\ddddv.exe96⤵
-
\??\c:\7xxxrxx.exec:\7xxxrxx.exe97⤵
-
\??\c:\xfllrrf.exec:\xfllrrf.exe98⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe99⤵
-
\??\c:\nhnbhb.exec:\nhnbhb.exe100⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe101⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe102⤵
-
\??\c:\xfrllrr.exec:\xfrllrr.exe103⤵
-
\??\c:\7bhthh.exec:\7bhthh.exe104⤵
-
\??\c:\djpvp.exec:\djpvp.exe105⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe106⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe107⤵
-
\??\c:\rxxlrfx.exec:\rxxlrfx.exe108⤵
-
\??\c:\hnnnnh.exec:\hnnnnh.exe109⤵
-
\??\c:\htttbt.exec:\htttbt.exe110⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe111⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe112⤵
-
\??\c:\frxxffl.exec:\frxxffl.exe113⤵
-
\??\c:\xxrrfff.exec:\xxrrfff.exe114⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe115⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe116⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe117⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe118⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe119⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe120⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe121⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe122⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe123⤵
-
\??\c:\lrxxrxr.exec:\lrxxrxr.exe124⤵
-
\??\c:\xfffffx.exec:\xfffffx.exe125⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe126⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe127⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe128⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe129⤵
-
\??\c:\bhbnnn.exec:\bhbnnn.exe130⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe131⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe132⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe133⤵
-
\??\c:\3ffxxff.exec:\3ffxxff.exe134⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe135⤵
-
\??\c:\7bbbbt.exec:\7bbbbt.exe136⤵
-
\??\c:\dppjj.exec:\dppjj.exe137⤵
-
\??\c:\3dddp.exec:\3dddp.exe138⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe139⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe140⤵
-
\??\c:\lxrlllf.exec:\lxrlllf.exe141⤵
-
\??\c:\5htnbn.exec:\5htnbn.exe142⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe143⤵
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe144⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe145⤵
-
\??\c:\xllllxx.exec:\xllllxx.exe146⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe147⤵
-
\??\c:\xllfxxl.exec:\xllfxxl.exe148⤵
-
\??\c:\nnntnt.exec:\nnntnt.exe149⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe150⤵
-
\??\c:\xlffxlf.exec:\xlffxlf.exe151⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe152⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe153⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe154⤵
-
\??\c:\rrrxlrl.exec:\rrrxlrl.exe155⤵
-
\??\c:\btttnh.exec:\btttnh.exe156⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe157⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe158⤵
-
\??\c:\rfxxrfl.exec:\rfxxrfl.exe159⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe160⤵
-
\??\c:\7frlrrx.exec:\7frlrrx.exe161⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe162⤵
-
\??\c:\lrrllff.exec:\lrrllff.exe163⤵
-
\??\c:\9fflfrx.exec:\9fflfrx.exe164⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe165⤵
-
\??\c:\jddpp.exec:\jddpp.exe166⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe167⤵
-
\??\c:\xlrrrll.exec:\xlrrrll.exe168⤵
-
\??\c:\3nttnh.exec:\3nttnh.exe169⤵
-
\??\c:\1tnbtb.exec:\1tnbtb.exe170⤵
-
\??\c:\vjppv.exec:\vjppv.exe171⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe172⤵
-
\??\c:\xlrrlrr.exec:\xlrrlrr.exe173⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe174⤵
-
\??\c:\9bbhtt.exec:\9bbhtt.exe175⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe176⤵
-
\??\c:\lflllxl.exec:\lflllxl.exe177⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe178⤵
-
\??\c:\1hnnhn.exec:\1hnnhn.exe179⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe180⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe181⤵
-
\??\c:\rlllflx.exec:\rlllflx.exe182⤵
-
\??\c:\hnhhht.exec:\hnhhht.exe183⤵
-
\??\c:\thhthb.exec:\thhthb.exe184⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe185⤵
-
\??\c:\xllflrr.exec:\xllflrr.exe186⤵
-
\??\c:\ffxxfxf.exec:\ffxxfxf.exe187⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe188⤵
-
\??\c:\pdddp.exec:\pdddp.exe189⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe190⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe191⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe192⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe193⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe194⤵
-
\??\c:\flrrlff.exec:\flrrlff.exe195⤵
-
\??\c:\5lrrxff.exec:\5lrrxff.exe196⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe197⤵
-
\??\c:\hbnttn.exec:\hbnttn.exe198⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe199⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe200⤵
-
\??\c:\9lfxxxr.exec:\9lfxxxr.exe201⤵
-
\??\c:\7tnnhb.exec:\7tnnhb.exe202⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe203⤵
-
\??\c:\7jvjd.exec:\7jvjd.exe204⤵
-
\??\c:\pddvp.exec:\pddvp.exe205⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe206⤵
-
\??\c:\9lxxrxf.exec:\9lxxrxf.exe207⤵
-
\??\c:\7bhbnt.exec:\7bhbnt.exe208⤵
-
\??\c:\dvddv.exec:\dvddv.exe209⤵
-
\??\c:\flflrrr.exec:\flflrrr.exe210⤵
-
\??\c:\xxflxfl.exec:\xxflxfl.exe211⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe212⤵
-
\??\c:\9dddd.exec:\9dddd.exe213⤵
-
\??\c:\9xrlrrl.exec:\9xrlrrl.exe214⤵
-
\??\c:\frxlfff.exec:\frxlfff.exe215⤵
-
\??\c:\3bbhnt.exec:\3bbhnt.exe216⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe217⤵
-
\??\c:\pjddv.exec:\pjddv.exe218⤵
-
\??\c:\rrrflxx.exec:\rrrflxx.exe219⤵
-
\??\c:\rlrlrlx.exec:\rlrlrlx.exe220⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe221⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe222⤵
-
\??\c:\dpppd.exec:\dpppd.exe223⤵
-
\??\c:\xxrrllf.exec:\xxrrllf.exe224⤵
-
\??\c:\rfllflr.exec:\rfllflr.exe225⤵
-
\??\c:\tbttnt.exec:\tbttnt.exe226⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe227⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe228⤵
-
\??\c:\rxllllx.exec:\rxllllx.exe229⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe230⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe231⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe232⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe233⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe234⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe235⤵
-
\??\c:\5ppvj.exec:\5ppvj.exe236⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe237⤵
-
\??\c:\jddvd.exec:\jddvd.exe238⤵
-
\??\c:\xlfxlrl.exec:\xlfxlrl.exe239⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe240⤵
-
\??\c:\pdddv.exec:\pdddv.exe241⤵