Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 16:36
General
-
Target
eda32fa8507878b463aa129e1758e4f0_NeikiAnalytics.exe
-
Size
88KB
-
MD5
eda32fa8507878b463aa129e1758e4f0
-
SHA1
e132422db030d64fad1c34077a2deb6770ce249e
-
SHA256
37d759a04d0c876cb85e6822c0cefb7a0255aab825fda5472805badc503eb6ac
-
SHA512
8c66d517acd005d55c81953fe523ad3087fab9ea0d375163473740e7a45481c8f5b71b3b34d3ec7ace741c15ebc151e68ad848efc37d357f14e7a89cdfe6272b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1grORPfr0k890Ce:ymb3NkkiQ3mdBjFoLk8Pk890Ce
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eda32fa8507878b463aa129e1758e4f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\eda32fa8507878b463aa129e1758e4f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhbbt.exec:\3bhbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnt.exec:\nbnnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxxrx.exec:\rrrxxrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbttn.exec:\5nbttn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpd.exec:\pddpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvv.exec:\jjjvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfff.exec:\rlllfff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbt.exec:\nnbbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxfxx.exec:\5lfxfxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhbh.exec:\bhhhbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjj.exec:\jddjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9httnt.exec:\9httnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdvv.exec:\5pdvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe24⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe25⤵
- Executes dropped EXE
-
\??\c:\llrrffr.exec:\llrrffr.exe26⤵
- Executes dropped EXE
-
\??\c:\tbbbbn.exec:\tbbbbn.exe27⤵
- Executes dropped EXE
-
\??\c:\7djvv.exec:\7djvv.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\9llllrr.exec:\9llllrr.exe30⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrfrxx.exec:\fxrfrxx.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe36⤵
- Executes dropped EXE
-
\??\c:\rrfxffx.exec:\rrfxffx.exe37⤵
- Executes dropped EXE
-
\??\c:\fxflllr.exec:\fxflllr.exe38⤵
- Executes dropped EXE
-
\??\c:\nthbhn.exec:\nthbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe40⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\7jpdv.exec:\7jpdv.exe42⤵
- Executes dropped EXE
-
\??\c:\7xfxxrr.exec:\7xfxxrr.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\5rlfrxl.exec:\5rlfrxl.exe47⤵
- Executes dropped EXE
-
\??\c:\3hbbbh.exec:\3hbbbh.exe48⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe50⤵
- Executes dropped EXE
-
\??\c:\llllxff.exec:\llllxff.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhnnb.exec:\hhhnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrllfx.exec:\xlrllfx.exe54⤵
- Executes dropped EXE
-
\??\c:\xlffxxx.exec:\xlffxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\3hnnnn.exec:\3hnnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe57⤵
- Executes dropped EXE
-
\??\c:\lflrxfx.exec:\lflrxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\llfflll.exec:\llfflll.exe59⤵
- Executes dropped EXE
-
\??\c:\nnbhnh.exec:\nnbhnh.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbnth.exec:\tnbnth.exe61⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe62⤵
- Executes dropped EXE
-
\??\c:\rlffrxr.exec:\rlffrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xrllfrl.exec:\xrllfrl.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe66⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe67⤵
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe68⤵
-
\??\c:\3xllxxf.exec:\3xllxxf.exe69⤵
-
\??\c:\3bbbbn.exec:\3bbbbn.exe70⤵
-
\??\c:\1thnnb.exec:\1thnnb.exe71⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe72⤵
-
\??\c:\xxxrxxr.exec:\xxxrxxr.exe73⤵
-
\??\c:\xxrrlrr.exec:\xxrrlrr.exe74⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe75⤵
-
\??\c:\pvddv.exec:\pvddv.exe76⤵
-
\??\c:\3rxxllf.exec:\3rxxllf.exe77⤵
-
\??\c:\ntnttn.exec:\ntnttn.exe78⤵
-
\??\c:\pjddv.exec:\pjddv.exe79⤵
-
\??\c:\vppjv.exec:\vppjv.exe80⤵
-
\??\c:\lrllxxr.exec:\lrllxxr.exe81⤵
-
\??\c:\fxflfll.exec:\fxflfll.exe82⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe83⤵
-
\??\c:\9djjj.exec:\9djjj.exe84⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe85⤵
-
\??\c:\llrxxfx.exec:\llrxxfx.exe86⤵
-
\??\c:\9rxfrll.exec:\9rxfrll.exe87⤵
-
\??\c:\hnhtth.exec:\hnhtth.exe88⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe89⤵
-
\??\c:\ffxlrfl.exec:\ffxlrfl.exe90⤵
-
\??\c:\rlrfrrx.exec:\rlrfrrx.exe91⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe92⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe93⤵
-
\??\c:\fflfffx.exec:\fflfffx.exe94⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe95⤵
-
\??\c:\5ntnnn.exec:\5ntnnn.exe96⤵
-
\??\c:\1jppd.exec:\1jppd.exe97⤵
-
\??\c:\xrffxxr.exec:\xrffxxr.exe98⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe99⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe100⤵
-
\??\c:\vppjd.exec:\vppjd.exe101⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe102⤵
-
\??\c:\lflfxrr.exec:\lflfxrr.exe103⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe104⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe105⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe106⤵
-
\??\c:\3rxrllf.exec:\3rxrllf.exe107⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe108⤵
-
\??\c:\ntnbbb.exec:\ntnbbb.exe109⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe110⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe111⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe112⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe113⤵
-
\??\c:\tnntnt.exec:\tnntnt.exe114⤵
-
\??\c:\hbhhht.exec:\hbhhht.exe115⤵
-
\??\c:\djvjj.exec:\djvjj.exe116⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe117⤵
-
\??\c:\lllflff.exec:\lllflff.exe118⤵
-
\??\c:\jddpj.exec:\jddpj.exe119⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe120⤵
-
\??\c:\lrrrlxf.exec:\lrrrlxf.exe121⤵
-
\??\c:\rxfffll.exec:\rxfffll.exe122⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe123⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe124⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe125⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe126⤵
-
\??\c:\frxxlll.exec:\frxxlll.exe127⤵
-
\??\c:\fxlrlrf.exec:\fxlrlrf.exe128⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe129⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe130⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe131⤵
-
\??\c:\frxrlrr.exec:\frxrlrr.exe132⤵
-
\??\c:\7xxxxfr.exec:\7xxxxfr.exe133⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe134⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe135⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe136⤵
-
\??\c:\rfrxxlx.exec:\rfrxxlx.exe137⤵
-
\??\c:\5rrxxxl.exec:\5rrxxxl.exe138⤵
-
\??\c:\5hhhbb.exec:\5hhhbb.exe139⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe140⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe141⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe142⤵
-
\??\c:\lxxrrfx.exec:\lxxrrfx.exe143⤵
-
\??\c:\3nnttt.exec:\3nnttt.exe144⤵
-
\??\c:\5bhnnn.exec:\5bhnnn.exe145⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe146⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe147⤵
-
\??\c:\lfffxfx.exec:\lfffxfx.exe148⤵
-
\??\c:\5rfxlfr.exec:\5rfxlfr.exe149⤵
-
\??\c:\bhnnbh.exec:\bhnnbh.exe150⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe151⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe152⤵
-
\??\c:\vvddv.exec:\vvddv.exe153⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe154⤵
-
\??\c:\rflfxff.exec:\rflfxff.exe155⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe156⤵
-
\??\c:\jjddv.exec:\jjddv.exe157⤵
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe158⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe159⤵
-
\??\c:\7pjjp.exec:\7pjjp.exe160⤵
-
\??\c:\7vddd.exec:\7vddd.exe161⤵
-
\??\c:\fffxxrl.exec:\fffxxrl.exe162⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe163⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe164⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe165⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe166⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe167⤵
-
\??\c:\lrlffxx.exec:\lrlffxx.exe168⤵
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe169⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe170⤵
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe171⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe172⤵
-
\??\c:\5jppj.exec:\5jppj.exe173⤵
-
\??\c:\hbhhth.exec:\hbhhth.exe174⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe175⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe176⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe177⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe178⤵
-
\??\c:\jddvd.exec:\jddvd.exe179⤵
-
\??\c:\flxxlrr.exec:\flxxlrr.exe180⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe181⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe182⤵
-
\??\c:\pdddp.exec:\pdddp.exe183⤵
-
\??\c:\xxlllxf.exec:\xxlllxf.exe184⤵
-
\??\c:\rfrfrrx.exec:\rfrfrrx.exe185⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe186⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe187⤵
-
\??\c:\vppjd.exec:\vppjd.exe188⤵
-
\??\c:\1llfflf.exec:\1llfflf.exe189⤵
-
\??\c:\lrffrrf.exec:\lrffrrf.exe190⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe191⤵
-
\??\c:\xllffrr.exec:\xllffrr.exe192⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe193⤵
-
\??\c:\7nhhtb.exec:\7nhhtb.exe194⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe195⤵
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe196⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe197⤵
-
\??\c:\jdddp.exec:\jdddp.exe198⤵
-
\??\c:\3lrrrrx.exec:\3lrrrrx.exe199⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe200⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe201⤵
-
\??\c:\7xfllxf.exec:\7xfllxf.exe202⤵
-
\??\c:\lxllllf.exec:\lxllllf.exe203⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe204⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe205⤵
-
\??\c:\9ddvp.exec:\9ddvp.exe206⤵
-
\??\c:\7lffxff.exec:\7lffxff.exe207⤵
-
\??\c:\ffrlrff.exec:\ffrlrff.exe208⤵
-
\??\c:\1bhhbb.exec:\1bhhbb.exe209⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe210⤵
-
\??\c:\7bnhhh.exec:\7bnhhh.exe211⤵
-
\??\c:\djjdj.exec:\djjdj.exe212⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe213⤵
-
\??\c:\9xllrxl.exec:\9xllrxl.exe214⤵
-
\??\c:\7lxrlrx.exec:\7lxrlrx.exe215⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe216⤵
-
\??\c:\9jppp.exec:\9jppp.exe217⤵
-
\??\c:\5pdpp.exec:\5pdpp.exe218⤵
-
\??\c:\rlxrrll.exec:\rlxrrll.exe219⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe220⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe221⤵
-
\??\c:\1nnnbh.exec:\1nnnbh.exe222⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe223⤵
-
\??\c:\jjddd.exec:\jjddd.exe224⤵
-
\??\c:\lrflfxx.exec:\lrflfxx.exe225⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe226⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe227⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe228⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe229⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe230⤵
-
\??\c:\ffflfll.exec:\ffflfll.exe231⤵
-
\??\c:\bttttt.exec:\bttttt.exe232⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe233⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe234⤵
-
\??\c:\rrrrflf.exec:\rrrrflf.exe235⤵
-
\??\c:\xffffff.exec:\xffffff.exe236⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe237⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe238⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe239⤵
-
\??\c:\lfrlflf.exec:\lfrlflf.exe240⤵
-
\??\c:\tnnhbn.exec:\tnnhbn.exe241⤵