Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
18-05-2024 16:27
General
-
Target
ec8298402bc1c199f240b5df36018760_NeikiAnalytics.exe
-
Size
127KB
-
MD5
ec8298402bc1c199f240b5df36018760
-
SHA1
4c2a2ce2f345655c309e528d9890204793492617
-
SHA256
264b7ae25ef559c4240ca2a3262d28708528c286998710c672e154f656d19621
-
SHA512
ca39db8a1ae29419c7a9226bffdcc7f8f91adb6baf4e50c9fe3a6a7e9904be1f886da0b65e8b6c738333344c034ca9e4cc22627a45cf1fde93745975f0724eb4
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afodnmm9Ao98h3dktX4/JL:n3C9BRW0j/tmm9nwytIN
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec8298402bc1c199f240b5df36018760_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ec8298402bc1c199f240b5df36018760_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flfffxx.exec:\flfffxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfffxx.exec:\llfffxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbb.exec:\htttbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbb.exec:\tthhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdv.exec:\1pjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frxllf.exec:\1frxllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrlfx.exec:\5rrrlfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntt.exec:\nhtntt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrll.exec:\ffxrrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjd.exec:\3dpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlflfr.exec:\xxlflfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbhbt.exec:\7bbhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpv.exec:\1jvpv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pppv.exec:\5pppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrl.exec:\frxrrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrffx.exec:\fxrrffx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnnntb.exec:\nnnntb.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\xflfxrr.exec:\xflfxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\1lffxxr.exec:\1lffxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\1pvpd.exec:\1pvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\7rxrrrr.exec:\7rxrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxxffl.exec:\ffxxffl.exe33⤵
- Executes dropped EXE
-
\??\c:\5nhhbb.exec:\5nhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\ddjvd.exec:\ddjvd.exe37⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhnn.exec:\nhnhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnntn.exec:\nbnntn.exe40⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe41⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxrlrr.exec:\lfxrlrr.exe43⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\9ddvv.exec:\9ddvv.exe45⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe46⤵
- Executes dropped EXE
-
\??\c:\xffxllf.exec:\xffxllf.exe47⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\5vpdd.exec:\5vpdd.exe50⤵
- Executes dropped EXE
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe51⤵
- Executes dropped EXE
-
\??\c:\3xffxxr.exec:\3xffxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhtht.exec:\hhhtht.exe53⤵
- Executes dropped EXE
-
\??\c:\bnnbnh.exec:\bnnbnh.exe54⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe57⤵
- Executes dropped EXE
-
\??\c:\lxfflfl.exec:\lxfflfl.exe58⤵
- Executes dropped EXE
-
\??\c:\nnhhtn.exec:\nnhhtn.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe60⤵
- Executes dropped EXE
-
\??\c:\9dpdd.exec:\9dpdd.exe61⤵
- Executes dropped EXE
-
\??\c:\3xxxlfx.exec:\3xxxlfx.exe62⤵
- Executes dropped EXE
-
\??\c:\5fllfxr.exec:\5fllfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\5tnhtn.exec:\5tnhtn.exe65⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe66⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe67⤵
-
\??\c:\1xrfrlx.exec:\1xrfrlx.exe68⤵
-
\??\c:\rfxrxrx.exec:\rfxrxrx.exe69⤵
-
\??\c:\3hbnbt.exec:\3hbnbt.exe70⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe71⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe72⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe73⤵
-
\??\c:\fxrllff.exec:\fxrllff.exe74⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe75⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe76⤵
-
\??\c:\nntthh.exec:\nntthh.exe77⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe78⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe79⤵
-
\??\c:\xllfxlf.exec:\xllfxlf.exe80⤵
-
\??\c:\lxrlxlf.exec:\lxrlxlf.exe81⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe82⤵
-
\??\c:\nhhtnb.exec:\nhhtnb.exe83⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe84⤵
-
\??\c:\pvppv.exec:\pvppv.exe85⤵
-
\??\c:\xlfrfrl.exec:\xlfrfrl.exe86⤵
-
\??\c:\lffrlxr.exec:\lffrlxr.exe87⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe88⤵
-
\??\c:\nhhttn.exec:\nhhttn.exe89⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe90⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe91⤵
-
\??\c:\5flrlrl.exec:\5flrlrl.exe92⤵
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe93⤵
-
\??\c:\lrxfrlf.exec:\lrxfrlf.exe94⤵
-
\??\c:\hnhtnb.exec:\hnhtnb.exe95⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe96⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe97⤵
-
\??\c:\dpppj.exec:\dpppj.exe98⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe99⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe100⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe101⤵
-
\??\c:\vdddj.exec:\vdddj.exe102⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe103⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe104⤵
-
\??\c:\thbbnt.exec:\thbbnt.exe105⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe106⤵
-
\??\c:\xxrrrrf.exec:\xxrrrrf.exe107⤵
-
\??\c:\hnnhnh.exec:\hnnhnh.exe108⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe109⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe110⤵
-
\??\c:\xflxfxx.exec:\xflxfxx.exe111⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe112⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe113⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe114⤵
-
\??\c:\xfffxxl.exec:\xfffxxl.exe115⤵
-
\??\c:\hbnbbt.exec:\hbnbbt.exe116⤵
-
\??\c:\djddp.exec:\djddp.exe117⤵
-
\??\c:\1flfffx.exec:\1flfffx.exe118⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe119⤵
-
\??\c:\djjjj.exec:\djjjj.exe120⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe121⤵
-
\??\c:\fxfxlll.exec:\fxfxlll.exe122⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe123⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe124⤵
-
\??\c:\thtttt.exec:\thtttt.exe125⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe126⤵
-
\??\c:\frrlflf.exec:\frrlflf.exe127⤵
-
\??\c:\7hnnbb.exec:\7hnnbb.exe128⤵
-
\??\c:\9pjjd.exec:\9pjjd.exe129⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe130⤵
-
\??\c:\jvppj.exec:\jvppj.exe131⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe132⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe133⤵
-
\??\c:\llxxlrx.exec:\llxxlrx.exe134⤵
-
\??\c:\7hnhnn.exec:\7hnhnn.exe135⤵
-
\??\c:\djjjd.exec:\djjjd.exe136⤵
-
\??\c:\1bnnnb.exec:\1bnnnb.exe137⤵
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe138⤵
-
\??\c:\3frlfxr.exec:\3frlfxr.exe139⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe140⤵
-
\??\c:\pppjj.exec:\pppjj.exe141⤵
-
\??\c:\llllxxx.exec:\llllxxx.exe142⤵
-
\??\c:\9rxxfff.exec:\9rxxfff.exe143⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe144⤵
-
\??\c:\7ttnbb.exec:\7ttnbb.exe145⤵
-
\??\c:\5vddv.exec:\5vddv.exe146⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe147⤵
-
\??\c:\rfxflll.exec:\rfxflll.exe148⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe149⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe150⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe151⤵
-
\??\c:\fffxffl.exec:\fffxffl.exe152⤵
-
\??\c:\btttnt.exec:\btttnt.exe153⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe154⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe155⤵
-
\??\c:\ppppd.exec:\ppppd.exe156⤵
-
\??\c:\1rrfllr.exec:\1rrfllr.exe157⤵
-
\??\c:\rflrfxr.exec:\rflrfxr.exe158⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe159⤵
-
\??\c:\5tbnhn.exec:\5tbnhn.exe160⤵
-
\??\c:\5vvpd.exec:\5vvpd.exe161⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe162⤵
-
\??\c:\fflrrlf.exec:\fflrrlf.exe163⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe164⤵
-
\??\c:\vvddv.exec:\vvddv.exe165⤵
-
\??\c:\djpvp.exec:\djpvp.exe166⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe167⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe168⤵
-
\??\c:\jvppp.exec:\jvppp.exe169⤵
-
\??\c:\vjppj.exec:\vjppj.exe170⤵
-
\??\c:\rfffflf.exec:\rfffflf.exe171⤵
-
\??\c:\3xxxrrl.exec:\3xxxrrl.exe172⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe173⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe174⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe175⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe176⤵
-
\??\c:\flrffxx.exec:\flrffxx.exe177⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe178⤵
-
\??\c:\hbbnbn.exec:\hbbnbn.exe179⤵
-
\??\c:\vpppd.exec:\vpppd.exe180⤵
-
\??\c:\9jddd.exec:\9jddd.exe181⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe182⤵
-
\??\c:\xfrrrrx.exec:\xfrrrrx.exe183⤵
-
\??\c:\hhnnht.exec:\hhnnht.exe184⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe185⤵
-
\??\c:\1pdjd.exec:\1pdjd.exe186⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe187⤵
-
\??\c:\flrlxfx.exec:\flrlxfx.exe188⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe189⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe190⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe191⤵
-
\??\c:\1djdp.exec:\1djdp.exe192⤵
-
\??\c:\fxfxlxr.exec:\fxfxlxr.exe193⤵
-
\??\c:\xxxxlxr.exec:\xxxxlxr.exe194⤵
-
\??\c:\htthbt.exec:\htthbt.exe195⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe196⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe197⤵
-
\??\c:\rrlrlfr.exec:\rrlrlfr.exe198⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe199⤵
-
\??\c:\lxlfrlx.exec:\lxlfrlx.exe200⤵
-
\??\c:\7hnhtn.exec:\7hnhtn.exe201⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe202⤵
-
\??\c:\7pdpd.exec:\7pdpd.exe203⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe204⤵
-
\??\c:\fxxffxx.exec:\fxxffxx.exe205⤵
-
\??\c:\3hhbtn.exec:\3hhbtn.exe206⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe207⤵
-
\??\c:\tththb.exec:\tththb.exe208⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe209⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe210⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe211⤵
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe212⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe213⤵
-
\??\c:\9rrllll.exec:\9rrllll.exe214⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe215⤵
-
\??\c:\1vjdv.exec:\1vjdv.exe216⤵
-
\??\c:\vddpv.exec:\vddpv.exe217⤵
-
\??\c:\rfxxrrx.exec:\rfxxrrx.exe218⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe219⤵
-
\??\c:\ntbhht.exec:\ntbhht.exe220⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe221⤵
-
\??\c:\fxxllrf.exec:\fxxllrf.exe222⤵
-
\??\c:\flxlxrl.exec:\flxlxrl.exe223⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe224⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe225⤵
-
\??\c:\vppdv.exec:\vppdv.exe226⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe227⤵
-
\??\c:\xfxrfrl.exec:\xfxrfrl.exe228⤵
-
\??\c:\9thbnn.exec:\9thbnn.exe229⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe230⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe231⤵
-
\??\c:\5lrlffr.exec:\5lrlffr.exe232⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe233⤵
-
\??\c:\3bbthh.exec:\3bbthh.exe234⤵
-
\??\c:\3tnbnh.exec:\3tnbnh.exe235⤵
-
\??\c:\5djdp.exec:\5djdp.exe236⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe237⤵
-
\??\c:\lffrxrr.exec:\lffrxrr.exe238⤵
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe239⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe240⤵
-
\??\c:\5hnbtn.exec:\5hnbtn.exe241⤵