Analysis
-
max time kernel
149s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 19:36
General
-
Target
3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe
-
Size
118KB
-
MD5
3a18372857c57e4b21fd07438f106a80
-
SHA1
6f4f1dcf85f19a440ab59255c7b458e0091236c9
-
SHA256
8df7874c5d2b927771b9d0761b160fa20b8f5c200b2a63e426be494cf622f57c
-
SHA512
253b73d8030492cbdbe4f0989d300dbd8937dc7aad06b0c8b0331f980fc0002acb0600b2fa10a0c52aa4a5ff271b3aa08171f545a40430366152df99e438ca86
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDomRGApSuLAR2yPBCQ1nDFu1Q8sI:ymb3NkkiQ3mdBjFomR7UsyJC+n0GsgcX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3a18372857c57e4b21fd07438f106a80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrlrl.exec:\xxlrlrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhhb.exec:\3nnhhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtb.exec:\nbbbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrlxr.exec:\lfrrlxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xffflx.exec:\3xffflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnhh.exec:\nhhnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnt.exec:\tntnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllrrx.exec:\frllrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllll.exec:\lfrllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlflrx.exec:\xxlflrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnntb.exec:\bbnntb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvv.exec:\dvjvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxfl.exec:\rrxxxfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnh.exec:\bhhtnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhn.exec:\nnnnhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdv.exec:\1pjdv.exe23⤵
- Executes dropped EXE
-
\??\c:\rrffllx.exec:\rrffllx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnhtb.exec:\nhnhtb.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\xllxrrl.exec:\xllxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe30⤵
-
\??\c:\lxxxxff.exec:\lxxxxff.exe31⤵
- Executes dropped EXE
-
\??\c:\bnthtt.exec:\bnthtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlfrff.exec:\xrlfrff.exe34⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe35⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xfxfxrf.exec:\xfxfxrf.exe37⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnntb.exec:\tbnntb.exe39⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrfllx.exec:\lrrfllx.exe41⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe42⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe47⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\hhnntb.exec:\hhnntb.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\1pdpd.exec:\1pdpd.exe52⤵
- Executes dropped EXE
-
\??\c:\1vvvj.exec:\1vvvj.exe53⤵
- Executes dropped EXE
-
\??\c:\1flrlfl.exec:\1flrlfl.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe58⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrxrxr.exec:\rrrxrxr.exe60⤵
- Executes dropped EXE
-
\??\c:\flffffl.exec:\flffffl.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnbhn.exec:\nbnbhn.exe62⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe63⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe64⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxrxrx.exec:\rxxrxrx.exe66⤵
- Executes dropped EXE
-
\??\c:\9bhhhh.exec:\9bhhhh.exe67⤵
- Executes dropped EXE
-
\??\c:\1tbtnn.exec:\1tbtnn.exe68⤵
-
\??\c:\djdpp.exec:\djdpp.exe69⤵
-
\??\c:\1lrrrxl.exec:\1lrrrxl.exe70⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe71⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe72⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe73⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe74⤵
-
\??\c:\xxfxxff.exec:\xxfxxff.exe75⤵
-
\??\c:\nhtbbb.exec:\nhtbbb.exe76⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe77⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe78⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe79⤵
-
\??\c:\9flffff.exec:\9flffff.exe80⤵
-
\??\c:\9fllfff.exec:\9fllfff.exe81⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe82⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe83⤵
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe84⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe85⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe86⤵
-
\??\c:\djppp.exec:\djppp.exe87⤵
-
\??\c:\fllfxff.exec:\fllfxff.exe88⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe89⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe90⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe91⤵
-
\??\c:\5rlrrrl.exec:\5rlrrrl.exe92⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe93⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe94⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe95⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe96⤵
-
\??\c:\fllfrrr.exec:\fllfrrr.exe97⤵
-
\??\c:\nbbnnh.exec:\nbbnnh.exe98⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe99⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe100⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe101⤵
-
\??\c:\7tnnnn.exec:\7tnnnn.exe102⤵
-
\??\c:\7bhhtb.exec:\7bhhtb.exe103⤵
-
\??\c:\dvddp.exec:\dvddp.exe104⤵
-
\??\c:\3rrrllr.exec:\3rrrllr.exe105⤵
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe106⤵
-
\??\c:\btthbn.exec:\btthbn.exe107⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe108⤵
-
\??\c:\jjddd.exec:\jjddd.exe109⤵
-
\??\c:\fxxxrff.exec:\fxxxrff.exe110⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe111⤵
-
\??\c:\nnttth.exec:\nnttth.exe112⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe113⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe114⤵
-
\??\c:\rxffrxx.exec:\rxffrxx.exe115⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe116⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe117⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe118⤵
-
\??\c:\3djdv.exec:\3djdv.exe119⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe120⤵
-
\??\c:\9xfllll.exec:\9xfllll.exe121⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe122⤵
-
\??\c:\1djjj.exec:\1djjj.exe123⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe124⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe125⤵
-
\??\c:\rrffrxl.exec:\rrffrxl.exe126⤵
-
\??\c:\tbbbhh.exec:\tbbbhh.exe127⤵
-
\??\c:\bnthth.exec:\bnthth.exe128⤵
-
\??\c:\vpppj.exec:\vpppj.exe129⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe130⤵
-
\??\c:\flxrlll.exec:\flxrlll.exe131⤵
-
\??\c:\7bbbtb.exec:\7bbbtb.exe132⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe133⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe134⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe135⤵
-
\??\c:\lxfrxxx.exec:\lxfrxxx.exe136⤵
-
\??\c:\lrlllrx.exec:\lrlllrx.exe137⤵
-
\??\c:\httnnn.exec:\httnnn.exe138⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe139⤵
-
\??\c:\7pvpv.exec:\7pvpv.exe140⤵
-
\??\c:\xlxrffl.exec:\xlxrffl.exe141⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe142⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe143⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe144⤵
-
\??\c:\flfxrxx.exec:\flfxrxx.exe145⤵
-
\??\c:\hbhbbn.exec:\hbhbbn.exe146⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe147⤵
-
\??\c:\jppvp.exec:\jppvp.exe148⤵
-
\??\c:\7vjvd.exec:\7vjvd.exe149⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe150⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe151⤵
-
\??\c:\jdddd.exec:\jdddd.exe152⤵
-
\??\c:\lrfrrlf.exec:\lrfrrlf.exe153⤵
-
\??\c:\1xlllrr.exec:\1xlllrr.exe154⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe155⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe156⤵
-
\??\c:\xlffflr.exec:\xlffflr.exe157⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe158⤵
-
\??\c:\bbnnbb.exec:\bbnnbb.exe159⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe160⤵
-
\??\c:\xxrrrrl.exec:\xxrrrrl.exe161⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe162⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe163⤵
-
\??\c:\lxlfrfx.exec:\lxlfrfx.exe164⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe165⤵
-
\??\c:\7frllll.exec:\7frllll.exe166⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe167⤵
-
\??\c:\3vvdj.exec:\3vvdj.exe168⤵
-
\??\c:\frflxrx.exec:\frflxrx.exe169⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe170⤵
-
\??\c:\djppp.exec:\djppp.exe171⤵
-
\??\c:\fffxxrr.exec:\fffxxrr.exe172⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe173⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe174⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe175⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe176⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe177⤵
-
\??\c:\thtnnt.exec:\thtnnt.exe178⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe179⤵
-
\??\c:\5rlrlff.exec:\5rlrlff.exe180⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe181⤵
-
\??\c:\3nbthh.exec:\3nbthh.exe182⤵
-
\??\c:\jdddd.exec:\jdddd.exe183⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe184⤵
-
\??\c:\rfllrxx.exec:\rfllrxx.exe185⤵
-
\??\c:\9xffxxf.exec:\9xffxxf.exe186⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe187⤵
-
\??\c:\jjddd.exec:\jjddd.exe188⤵
-
\??\c:\llrlrfr.exec:\llrlrfr.exe189⤵
-
\??\c:\5lflllf.exec:\5lflllf.exe190⤵
-
\??\c:\3hnnnt.exec:\3hnnnt.exe191⤵
-
\??\c:\hhbttn.exec:\hhbttn.exe192⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe193⤵
-
\??\c:\llfxxfx.exec:\llfxxfx.exe194⤵
-
\??\c:\5lrrrxr.exec:\5lrrrxr.exe195⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe196⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe197⤵
-
\??\c:\jddvp.exec:\jddvp.exe198⤵
-
\??\c:\jjppv.exec:\jjppv.exe199⤵
-
\??\c:\fxxrflf.exec:\fxxrflf.exe200⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe201⤵
-
\??\c:\1nnnhh.exec:\1nnnhh.exe202⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe203⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe204⤵
-
\??\c:\pjppj.exec:\pjppj.exe205⤵
-
\??\c:\fxfllxx.exec:\fxfllxx.exe206⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe207⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe208⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe209⤵
-
\??\c:\pppvv.exec:\pppvv.exe210⤵
-
\??\c:\1rfxxxf.exec:\1rfxxxf.exe211⤵
-
\??\c:\lfxffrx.exec:\lfxffrx.exe212⤵
-
\??\c:\1tbbnn.exec:\1tbbnn.exe213⤵
-
\??\c:\nntnbh.exec:\nntnbh.exe214⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe215⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe216⤵
-
\??\c:\ffxxlxx.exec:\ffxxlxx.exe217⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe218⤵
-
\??\c:\9tbtnt.exec:\9tbtnt.exe219⤵
-
\??\c:\jddvj.exec:\jddvj.exe220⤵
-
\??\c:\dvppp.exec:\dvppp.exe221⤵
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe222⤵
-
\??\c:\9xxxxxx.exec:\9xxxxxx.exe223⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe224⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe225⤵
-
\??\c:\7vddv.exec:\7vddv.exe226⤵
-
\??\c:\frlrlll.exec:\frlrlll.exe227⤵
-
\??\c:\xxlllxx.exec:\xxlllxx.exe228⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe229⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe230⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe231⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe232⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe233⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe234⤵
-
\??\c:\frfffll.exec:\frfffll.exe235⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe236⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe237⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe238⤵
-
\??\c:\jdppp.exec:\jdppp.exe239⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe240⤵
-
\??\c:\1xxrrrr.exec:\1xxrrrr.exe241⤵