Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 23:37
General
-
Target
26661faea8740ed592e68d921dff59f0_NeikiAnalytics.exe
-
Size
149KB
-
MD5
26661faea8740ed592e68d921dff59f0
-
SHA1
6329907014582ba2d8940ff2412baf3f793bb132
-
SHA256
b3a32c071d8022b13c4dd0f5be97b7041340b244df58d383c8cd47c5a1ee2793
-
SHA512
a77666aa969edd9000fde56a4c234169816ce30ff485132550a1e92b4b32971218b6cf8da114ef8ee91f7698a88cd307b76d0c61dcb801cd6b38faf22d00d644
-
SSDEEP
3072:khOmTsF93UYfwC6GIoutpYcvrqrE66kropO6BWlPFH4tb:kcm4FmowdHoSphraHcpOFltH4tb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\26661faea8740ed592e68d921dff59f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\26661faea8740ed592e68d921dff59f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlffff.exec:\lrlffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlffx.exec:\lxxlffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnn.exec:\tnbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjd.exec:\jpdjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxxxr.exec:\xfrxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvp.exec:\ppjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrrlf.exec:\xlfrrlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrffr.exec:\xxxrffr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbtt.exec:\nthbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxfx.exec:\lflfxfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhb.exec:\tnnhhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fffffx.exec:\3fffffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntbb.exec:\tbntbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntht.exec:\bhntht.exe23⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\flfrxxx.exec:\flfrxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\7ntbhh.exec:\7ntbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\3vdpj.exec:\3vdpj.exe27⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\btttht.exec:\btttht.exe29⤵
- Executes dropped EXE
-
\??\c:\xrffxrr.exec:\xrffxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\llflffx.exec:\llflffx.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbbbb.exec:\tnbbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\rrffrfl.exec:\rrffrfl.exe33⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\9vddj.exec:\9vddj.exe35⤵
- Executes dropped EXE
-
\??\c:\fffxxfx.exec:\fffxxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrxxxl.exec:\xxrxxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hnbhnn.exec:\hnbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe39⤵
- Executes dropped EXE
-
\??\c:\frrxxfx.exec:\frrxxfx.exe40⤵
- Executes dropped EXE
-
\??\c:\nttthh.exec:\nttthh.exe41⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrrlrf.exec:\lrrrlrf.exe43⤵
- Executes dropped EXE
-
\??\c:\7htntt.exec:\7htntt.exe44⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe45⤵
- Executes dropped EXE
-
\??\c:\3lrlxrf.exec:\3lrlxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\5ttnhb.exec:\5ttnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe48⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\rrlxxrf.exec:\rrlxxrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhhbh.exec:\nbhhbh.exe51⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\lfffxxf.exec:\lfffxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\lrxlfrl.exec:\lrxlfrl.exe54⤵
- Executes dropped EXE
-
\??\c:\5hhtnh.exec:\5hhtnh.exe55⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\xxxfrlx.exec:\xxxfrlx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe60⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe64⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe65⤵
- Executes dropped EXE
-
\??\c:\xfflxlx.exec:\xfflxlx.exe66⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe67⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe68⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe69⤵
-
\??\c:\lrrrlff.exec:\lrrrlff.exe70⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe71⤵
-
\??\c:\djjdv.exec:\djjdv.exe72⤵
-
\??\c:\xrrfxxl.exec:\xrrfxxl.exe73⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe74⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe75⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe76⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe77⤵
-
\??\c:\fffxlrr.exec:\fffxlrr.exe78⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe79⤵
-
\??\c:\hhbttb.exec:\hhbttb.exe80⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe81⤵
-
\??\c:\7rxrrrr.exec:\7rxrrrr.exe82⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe83⤵
-
\??\c:\bbttth.exec:\bbttth.exe84⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe85⤵
-
\??\c:\lrffxrl.exec:\lrffxrl.exe86⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe87⤵
-
\??\c:\bhbtnb.exec:\bhbtnb.exe88⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe89⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe90⤵
-
\??\c:\vddvp.exec:\vddvp.exe91⤵
-
\??\c:\rfrlllf.exec:\rfrlllf.exe92⤵
-
\??\c:\5lrllfx.exec:\5lrllfx.exe93⤵
-
\??\c:\nbbbnb.exec:\nbbbnb.exe94⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe95⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe96⤵
-
\??\c:\rrfrxlf.exec:\rrfrxlf.exe97⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe98⤵
-
\??\c:\7vvvp.exec:\7vvvp.exe99⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe100⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe101⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe102⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe103⤵
-
\??\c:\9xffrxx.exec:\9xffrxx.exe104⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe105⤵
-
\??\c:\pvppd.exec:\pvppd.exe106⤵
-
\??\c:\1lxrlll.exec:\1lxrlll.exe107⤵
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe108⤵
-
\??\c:\tntntb.exec:\tntntb.exe109⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe110⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe111⤵
-
\??\c:\frrxlrx.exec:\frrxlrx.exe112⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe113⤵
-
\??\c:\pvddj.exec:\pvddj.exe114⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe115⤵
-
\??\c:\hhbbtb.exec:\hhbbtb.exe116⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe117⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe118⤵
-
\??\c:\xlfllrx.exec:\xlfllrx.exe119⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe120⤵
-
\??\c:\vdddd.exec:\vdddd.exe121⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe122⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe123⤵
-
\??\c:\vvppp.exec:\vvppp.exe124⤵
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe125⤵
-
\??\c:\htntnh.exec:\htntnh.exe126⤵
-
\??\c:\jpddv.exec:\jpddv.exe127⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe128⤵
-
\??\c:\rffxlxl.exec:\rffxlxl.exe129⤵
-
\??\c:\7bhnbh.exec:\7bhnbh.exe130⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe131⤵
-
\??\c:\xflrlxl.exec:\xflrlxl.exe132⤵
-
\??\c:\nbnbbn.exec:\nbnbbn.exe133⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe134⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe135⤵
-
\??\c:\3rrlfff.exec:\3rrlfff.exe136⤵
-
\??\c:\bnntbt.exec:\bnntbt.exe137⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe138⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe139⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe140⤵
-
\??\c:\ttthbt.exec:\ttthbt.exe141⤵
-
\??\c:\frfrlrl.exec:\frfrlrl.exe142⤵
-
\??\c:\rxrxxfr.exec:\rxrxxfr.exe143⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe144⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe145⤵
-
\??\c:\flrrrxx.exec:\flrrrxx.exe146⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe147⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe148⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe149⤵
-
\??\c:\xrrxxxl.exec:\xrrxxxl.exe150⤵
-
\??\c:\7hhhhn.exec:\7hhhhn.exe151⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe152⤵
-
\??\c:\flfxrrf.exec:\flfxrrf.exe153⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe154⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe155⤵
-
\??\c:\fxxffxx.exec:\fxxffxx.exe156⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe157⤵
-
\??\c:\dppdv.exec:\dppdv.exe158⤵
-
\??\c:\rrxxfxx.exec:\rrxxfxx.exe159⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe160⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe161⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe162⤵
-
\??\c:\lrrrrxr.exec:\lrrrrxr.exe163⤵
-
\??\c:\rxxfxrf.exec:\rxxfxrf.exe164⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe165⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe166⤵
-
\??\c:\lrrrflr.exec:\lrrrflr.exe167⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe168⤵
-
\??\c:\7pppj.exec:\7pppj.exe169⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe170⤵
-
\??\c:\3flflll.exec:\3flflll.exe171⤵
-
\??\c:\xxflfll.exec:\xxflfll.exe172⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe173⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe174⤵
-
\??\c:\jjppd.exec:\jjppd.exe175⤵
-
\??\c:\1ffffff.exec:\1ffffff.exe176⤵
-
\??\c:\fflfxxl.exec:\fflfxxl.exe177⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe178⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe179⤵
-
\??\c:\fflllff.exec:\fflllff.exe180⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe181⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe182⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe183⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe184⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe185⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe186⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe187⤵
-
\??\c:\9ffxxxr.exec:\9ffxxxr.exe188⤵
-
\??\c:\tbtntt.exec:\tbtntt.exe189⤵
-
\??\c:\7rxxflr.exec:\7rxxflr.exe190⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe191⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe192⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe193⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe194⤵
-
\??\c:\flrfxll.exec:\flrfxll.exe195⤵
-
\??\c:\nntttb.exec:\nntttb.exe196⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe197⤵
-
\??\c:\jvppd.exec:\jvppd.exe198⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe199⤵
-
\??\c:\vpddj.exec:\vpddj.exe200⤵
-
\??\c:\3dvdv.exec:\3dvdv.exe201⤵
-
\??\c:\ddppj.exec:\ddppj.exe202⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe203⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe204⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe205⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe206⤵
-
\??\c:\rrxffxf.exec:\rrxffxf.exe207⤵
-
\??\c:\lrfffxx.exec:\lrfffxx.exe208⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe209⤵
-
\??\c:\vpppp.exec:\vpppp.exe210⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe211⤵
-
\??\c:\xxxlxlr.exec:\xxxlxlr.exe212⤵
-
\??\c:\rrrrlfx.exec:\rrrrlfx.exe213⤵
-
\??\c:\9nnhnt.exec:\9nnhnt.exe214⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe215⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe216⤵
-
\??\c:\rfrfflf.exec:\rfrfflf.exe217⤵
-
\??\c:\fxlffxf.exec:\fxlffxf.exe218⤵
-
\??\c:\7hhtnt.exec:\7hhtnt.exe219⤵
-
\??\c:\jpdpj.exec:\jpdpj.exe220⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe221⤵
-
\??\c:\pvppp.exec:\pvppp.exe222⤵
-
\??\c:\1fxrfrf.exec:\1fxrfrf.exe223⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe224⤵
-
\??\c:\tbtbtn.exec:\tbtbtn.exe225⤵
-
\??\c:\djdpd.exec:\djdpd.exe226⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe227⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe228⤵
-
\??\c:\3bthtn.exec:\3bthtn.exe229⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe230⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe231⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe232⤵
-
\??\c:\7llfxxf.exec:\7llfxxf.exe233⤵
-
\??\c:\xlrrxxr.exec:\xlrrxxr.exe234⤵
-
\??\c:\5bbhnb.exec:\5bbhnb.exe235⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe236⤵
-
\??\c:\rlxfrrf.exec:\rlxfrrf.exe237⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe238⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe239⤵
-
\??\c:\dppvv.exec:\dppvv.exe240⤵
-
\??\c:\rrlrllf.exec:\rrlrllf.exe241⤵