Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 18:29
General
-
Target
2acf457af28a5aaf9f196d4871692910_NeikiAnalytics.exe
-
Size
92KB
-
MD5
2acf457af28a5aaf9f196d4871692910
-
SHA1
f3f1008ea93d1004652ef69b87a682cfb04ad578
-
SHA256
b9119989d3255cfd812bac4d259d0eeb59a1bc85cee9be2e167c38d2acbd201b
-
SHA512
28eda542f7081d2edf3feff8d4f5b3ad6a289492046ced2a397d98bc65c2d543508e542f057a331fa90e6e05693a989b8160d6c50a0eb08230e3ee36c4718b56
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21k:ymb3NkkiQ3mdBjFo73PYP1lri3K8Ga
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2acf457af28a5aaf9f196d4871692910_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2acf457af28a5aaf9f196d4871692910_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbt.exec:\hhnhbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflffl.exec:\lxflffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjj.exec:\jpdjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttht.exec:\hbttht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nttnn.exec:\5nttnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvj.exec:\5vjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxff.exec:\xxxxxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhbb.exec:\5thhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlllr.exec:\7lrlllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlfff.exec:\9lrlfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbn.exec:\tnnhbn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhbtb.exec:\5nhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvdd.exec:\5jvdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvp.exec:\9ddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffff.exec:\rrfffff.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe24⤵
- Executes dropped EXE
-
\??\c:\rxfrfrl.exec:\rxfrfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\rfffffl.exec:\rfffffl.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlrlrr.exec:\fxlrlrr.exe28⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe29⤵
- Executes dropped EXE
-
\??\c:\3jppp.exec:\3jppp.exe30⤵
- Executes dropped EXE
-
\??\c:\7xfxffl.exec:\7xfxffl.exe31⤵
- Executes dropped EXE
-
\??\c:\hhntnh.exec:\hhntnh.exe32⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxfxfl.exec:\rxxfxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe36⤵
- Executes dropped EXE
-
\??\c:\1pvpv.exec:\1pvpv.exe37⤵
- Executes dropped EXE
-
\??\c:\lrrllxr.exec:\lrrllxr.exe38⤵
- Executes dropped EXE
-
\??\c:\9ntbbn.exec:\9ntbbn.exe39⤵
- Executes dropped EXE
-
\??\c:\3llfffx.exec:\3llfffx.exe40⤵
- Executes dropped EXE
-
\??\c:\xfrlfrx.exec:\xfrlfrx.exe41⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe42⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe44⤵
- Executes dropped EXE
-
\??\c:\5frllrr.exec:\5frllrr.exe45⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe46⤵
- Executes dropped EXE
-
\??\c:\3dvvp.exec:\3dvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxffrrl.exec:\fxffrrl.exe48⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\lffxllr.exec:\lffxllr.exe51⤵
- Executes dropped EXE
-
\??\c:\1bbhbb.exec:\1bbhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\rffxrrx.exec:\rffxrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\bthhhb.exec:\bthhhb.exe54⤵
- Executes dropped EXE
-
\??\c:\xrllrlf.exec:\xrllrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbhnb.exec:\nnbhnb.exe56⤵
- Executes dropped EXE
-
\??\c:\lfrlfxx.exec:\lfrlfxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\htbbnh.exec:\htbbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrxllr.exec:\xrrxllr.exe63⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe65⤵
- Executes dropped EXE
-
\??\c:\fxxrffx.exec:\fxxrffx.exe66⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe67⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe68⤵
-
\??\c:\vppjd.exec:\vppjd.exe69⤵
-
\??\c:\9dddp.exec:\9dddp.exe70⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe71⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe72⤵
-
\??\c:\1djjd.exec:\1djjd.exe73⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe74⤵
-
\??\c:\5fllrrr.exec:\5fllrrr.exe75⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe76⤵
-
\??\c:\bhbhtt.exec:\bhbhtt.exe77⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe78⤵
-
\??\c:\frlxxrl.exec:\frlxxrl.exe79⤵
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe80⤵
-
\??\c:\7thhbh.exec:\7thhbh.exe81⤵
-
\??\c:\vvddd.exec:\vvddd.exe82⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe83⤵
-
\??\c:\rrxlllf.exec:\rrxlllf.exe84⤵
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe85⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe86⤵
-
\??\c:\7djvd.exec:\7djvd.exe87⤵
-
\??\c:\rlxxffx.exec:\rlxxffx.exe88⤵
-
\??\c:\nnhthb.exec:\nnhthb.exe89⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe90⤵
-
\??\c:\rffffff.exec:\rffffff.exe91⤵
-
\??\c:\nthnhn.exec:\nthnhn.exe92⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe93⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe94⤵
-
\??\c:\pddvd.exec:\pddvd.exe95⤵
-
\??\c:\lrxrfff.exec:\lrxrfff.exe96⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe97⤵
-
\??\c:\nthhnt.exec:\nthhnt.exe98⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe99⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe100⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe101⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe102⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe103⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe104⤵
-
\??\c:\fxlfrrr.exec:\fxlfrrr.exe105⤵
-
\??\c:\1rrxxfl.exec:\1rrxxfl.exe106⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe107⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe108⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe109⤵
-
\??\c:\rlffrxl.exec:\rlffrxl.exe110⤵
-
\??\c:\9frrrfr.exec:\9frrrfr.exe111⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe112⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe113⤵
-
\??\c:\pjppv.exec:\pjppv.exe114⤵
-
\??\c:\3xfxxrr.exec:\3xfxxrr.exe115⤵
-
\??\c:\lrxxrll.exec:\lrxxrll.exe116⤵
-
\??\c:\1hbbtt.exec:\1hbbtt.exe117⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe118⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe119⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe120⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe121⤵
-
\??\c:\5tnhhh.exec:\5tnhhh.exe122⤵
-
\??\c:\httnhh.exec:\httnhh.exe123⤵
-
\??\c:\jppjj.exec:\jppjj.exe124⤵
-
\??\c:\vppjd.exec:\vppjd.exe125⤵
-
\??\c:\9rlffrr.exec:\9rlffrr.exe126⤵
-
\??\c:\fxllfll.exec:\fxllfll.exe127⤵
-
\??\c:\nthntb.exec:\nthntb.exe128⤵
-
\??\c:\tthbnh.exec:\tthbnh.exe129⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe130⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe131⤵
-
\??\c:\xlxrlrr.exec:\xlxrlrr.exe132⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe133⤵
-
\??\c:\nnnnht.exec:\nnnnht.exe134⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe135⤵
-
\??\c:\llrlxxx.exec:\llrlxxx.exe136⤵
-
\??\c:\5bhbbt.exec:\5bhbbt.exe137⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe138⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe139⤵
-
\??\c:\rxlrlfr.exec:\rxlrlfr.exe140⤵
-
\??\c:\xrxxrxf.exec:\xrxxrxf.exe141⤵
-
\??\c:\bbnttt.exec:\bbnttt.exe142⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe143⤵
-
\??\c:\xfrrrxx.exec:\xfrrrxx.exe144⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe145⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe146⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe147⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe148⤵
-
\??\c:\frrlfxl.exec:\frrlfxl.exe149⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe150⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe151⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe152⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe153⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe154⤵
-
\??\c:\tthttn.exec:\tthttn.exe155⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe156⤵
-
\??\c:\xlflrxr.exec:\xlflrxr.exe157⤵
-
\??\c:\lxxxxff.exec:\lxxxxff.exe158⤵
-
\??\c:\tbhbnb.exec:\tbhbnb.exe159⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe160⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe161⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe162⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe163⤵
-
\??\c:\3nhhbn.exec:\3nhhbn.exe164⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe165⤵
-
\??\c:\1dppj.exec:\1dppj.exe166⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe167⤵
-
\??\c:\llrrrxl.exec:\llrrrxl.exe168⤵
-
\??\c:\rlxlllr.exec:\rlxlllr.exe169⤵
-
\??\c:\9lrrrff.exec:\9lrrrff.exe170⤵
-
\??\c:\nnthtt.exec:\nnthtt.exe171⤵
-
\??\c:\nnbbbh.exec:\nnbbbh.exe172⤵
-
\??\c:\djjjd.exec:\djjjd.exe173⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe174⤵
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe175⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe176⤵
-
\??\c:\1tbbbh.exec:\1tbbbh.exe177⤵
-
\??\c:\ttbbnt.exec:\ttbbnt.exe178⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe179⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe180⤵
-
\??\c:\9rflrff.exec:\9rflrff.exe181⤵
-
\??\c:\7xllrrf.exec:\7xllrrf.exe182⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe183⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe184⤵
-
\??\c:\1tbhhh.exec:\1tbhhh.exe185⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe186⤵
-
\??\c:\ddddj.exec:\ddddj.exe187⤵
-
\??\c:\frxlrrf.exec:\frxlrrf.exe188⤵
-
\??\c:\rlfffxf.exec:\rlfffxf.exe189⤵
-
\??\c:\bhbhnt.exec:\bhbhnt.exe190⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe191⤵
-
\??\c:\vvddd.exec:\vvddd.exe192⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe193⤵
-
\??\c:\rrxrlrr.exec:\rrxrlrr.exe194⤵
-
\??\c:\7lllllr.exec:\7lllllr.exe195⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe196⤵
-
\??\c:\nhnntb.exec:\nhnntb.exe197⤵
-
\??\c:\jdppp.exec:\jdppp.exe198⤵
-
\??\c:\ppppd.exec:\ppppd.exe199⤵
-
\??\c:\1rxxfff.exec:\1rxxfff.exe200⤵
-
\??\c:\lrrllff.exec:\lrrllff.exe201⤵
-
\??\c:\nbhtth.exec:\nbhtth.exe202⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe203⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe204⤵
-
\??\c:\rrrrlrr.exec:\rrrrlrr.exe205⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe206⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe207⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe208⤵
-
\??\c:\jjddd.exec:\jjddd.exe209⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe210⤵
-
\??\c:\rflffll.exec:\rflffll.exe211⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe212⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe213⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe214⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe215⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe216⤵
-
\??\c:\rlrlflr.exec:\rlrlflr.exe217⤵
-
\??\c:\1xxrxxf.exec:\1xxrxxf.exe218⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe219⤵
-
\??\c:\7ttttb.exec:\7ttttb.exe220⤵
-
\??\c:\1jppv.exec:\1jppv.exe221⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe222⤵
-
\??\c:\5xffxxl.exec:\5xffxxl.exe223⤵
-
\??\c:\xlrrrll.exec:\xlrrrll.exe224⤵
-
\??\c:\fxxxxfx.exec:\fxxxxfx.exe225⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe226⤵
-
\??\c:\hthhtb.exec:\hthhtb.exe227⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe228⤵
-
\??\c:\jjppp.exec:\jjppp.exe229⤵
-
\??\c:\fxlllrr.exec:\fxlllrr.exe230⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe231⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe232⤵
-
\??\c:\3jjvp.exec:\3jjvp.exe233⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe234⤵
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe235⤵
-
\??\c:\rlxxxff.exec:\rlxxxff.exe236⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe237⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe238⤵
-
\??\c:\ddddd.exec:\ddddd.exe239⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe240⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe241⤵