Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 23:42
General
-
Target
603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe
-
Size
92KB
-
MD5
603f335e2861ba28c89f52716a701860
-
SHA1
c030eafbfd7d4ab95d34e13179040177e839fa47
-
SHA256
c05639d826765df8c4406c8f6969a9d8038dec6157a238934212b96486419263
-
SHA512
4e02916811e5899cb23eccb3e3b57c4972d8c88eb724312b634d5c9717808a241b99cbb4dd0c1729cf9aaba44e940e942f079706e7ca1026e0266b8445f8172a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/21w:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\603f335e2861ba28c89f52716a701860_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxxl.exec:\llffxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhb.exec:\nbnhhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbb.exec:\bnbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxrfl.exec:\xflxrfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttnt.exec:\9nttnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flfxfl.exec:\3flfxfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttt.exec:\ttbttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthtt.exec:\nbthtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxfr.exec:\xlxxxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrlf.exec:\rxlfrlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttt.exec:\ntbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxxl.exec:\frrfxxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbbb.exec:\3hhbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvj.exec:\1pvvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllll.exec:\xrlllll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlffff.exec:\1xlffff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\lflxrxr.exec:\lflxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe28⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe29⤵
- Executes dropped EXE
-
\??\c:\rfxxrfl.exec:\rfxxrfl.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtbth.exec:\hbtbth.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe33⤵
- Executes dropped EXE
-
\??\c:\flfxrfx.exec:\flfxrfx.exe34⤵
- Executes dropped EXE
-
\??\c:\9hnhbb.exec:\9hnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\5hhhhh.exec:\5hhhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrlfff.exec:\rlrlfff.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\thhbtb.exec:\thhbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\nnbthh.exec:\nnbthh.exe41⤵
- Executes dropped EXE
-
\??\c:\1pppp.exec:\1pppp.exe42⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrllll.exec:\xrrllll.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfxxff.exec:\fxfxxff.exe45⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\nntnnn.exec:\nntnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe48⤵
- Executes dropped EXE
-
\??\c:\9fxxxfx.exec:\9fxxxfx.exe49⤵
- Executes dropped EXE
-
\??\c:\rfxrrll.exec:\rfxrrll.exe50⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe52⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe53⤵
- Executes dropped EXE
-
\??\c:\rrrlflf.exec:\rrrlflf.exe54⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe56⤵
- Executes dropped EXE
-
\??\c:\1jjdd.exec:\1jjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\5rlfxff.exec:\5rlfxff.exe58⤵
- Executes dropped EXE
-
\??\c:\lffllll.exec:\lffllll.exe59⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe62⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe63⤵
- Executes dropped EXE
-
\??\c:\ffxxfff.exec:\ffxxfff.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrrrfx.exec:\fxrrrfx.exe65⤵
- Executes dropped EXE
-
\??\c:\9nnnhh.exec:\9nnnhh.exe66⤵
-
\??\c:\9hnnnt.exec:\9hnnnt.exe67⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe68⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe69⤵
-
\??\c:\djpjd.exec:\djpjd.exe70⤵
-
\??\c:\3rrxxxx.exec:\3rrxxxx.exe71⤵
-
\??\c:\rfrxrxx.exec:\rfrxrxx.exe72⤵
-
\??\c:\hhbhnh.exec:\hhbhnh.exe73⤵
-
\??\c:\dvddd.exec:\dvddd.exe74⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe75⤵
-
\??\c:\llrlrrx.exec:\llrlrrx.exe76⤵
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe77⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe78⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe79⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe80⤵
-
\??\c:\1lllfff.exec:\1lllfff.exe81⤵
-
\??\c:\3thhhh.exec:\3thhhh.exe82⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe83⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe84⤵
-
\??\c:\xllrrxx.exec:\xllrrxx.exe85⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe86⤵
-
\??\c:\htbttn.exec:\htbttn.exe87⤵
-
\??\c:\jjppp.exec:\jjppp.exe88⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe89⤵
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe90⤵
-
\??\c:\7xxrlll.exec:\7xxrlll.exe91⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe92⤵
-
\??\c:\9jpjv.exec:\9jpjv.exe93⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe94⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe95⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe96⤵
-
\??\c:\5bhbtt.exec:\5bhbtt.exe97⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe98⤵
-
\??\c:\djpvv.exec:\djpvv.exe99⤵
-
\??\c:\jppdv.exec:\jppdv.exe100⤵
-
\??\c:\xlxfxxf.exec:\xlxfxxf.exe101⤵
-
\??\c:\lxlffxx.exec:\lxlffxx.exe102⤵
-
\??\c:\nbnttn.exec:\nbnttn.exe103⤵
-
\??\c:\hhbtbh.exec:\hhbtbh.exe104⤵
-
\??\c:\pddpj.exec:\pddpj.exe105⤵
-
\??\c:\flxrllx.exec:\flxrllx.exe106⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe107⤵
-
\??\c:\ttntth.exec:\ttntth.exe108⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe109⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe110⤵
-
\??\c:\1pddv.exec:\1pddv.exe111⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe112⤵
-
\??\c:\xxffrxl.exec:\xxffrxl.exe113⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe114⤵
-
\??\c:\5hbtnt.exec:\5hbtnt.exe115⤵
-
\??\c:\hnthnh.exec:\hnthnh.exe116⤵
-
\??\c:\9pddd.exec:\9pddd.exe117⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe118⤵
-
\??\c:\lrrrrrx.exec:\lrrrrrx.exe119⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe120⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe121⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe122⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe123⤵
-
\??\c:\xfxfrlx.exec:\xfxfrlx.exe124⤵
-
\??\c:\xflxxrl.exec:\xflxxrl.exe125⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe126⤵
-
\??\c:\nnbbtb.exec:\nnbbtb.exe127⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe128⤵
-
\??\c:\jppjj.exec:\jppjj.exe129⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe130⤵
-
\??\c:\rlrlfrl.exec:\rlrlfrl.exe131⤵
-
\??\c:\5rlllll.exec:\5rlllll.exe132⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe133⤵
-
\??\c:\1nbbtt.exec:\1nbbtt.exe134⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe135⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe136⤵
-
\??\c:\3fffrrx.exec:\3fffrrx.exe137⤵
-
\??\c:\rrfxfrx.exec:\rrfxfrx.exe138⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe139⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe140⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe141⤵
-
\??\c:\jpppd.exec:\jpppd.exe142⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe143⤵
-
\??\c:\vdppj.exec:\vdppj.exe144⤵
-
\??\c:\lrfrfrx.exec:\lrfrfrx.exe145⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe146⤵
-
\??\c:\lrxxlfx.exec:\lrxxlfx.exe147⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe148⤵
-
\??\c:\ddddv.exec:\ddddv.exe149⤵
-
\??\c:\lxfxffr.exec:\lxfxffr.exe150⤵
-
\??\c:\thtthh.exec:\thtthh.exe151⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe152⤵
-
\??\c:\jdppp.exec:\jdppp.exe153⤵
-
\??\c:\5rxrlll.exec:\5rxrlll.exe154⤵
-
\??\c:\bttttt.exec:\bttttt.exe155⤵
-
\??\c:\fllllll.exec:\fllllll.exe156⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe157⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe158⤵
-
\??\c:\7nttbt.exec:\7nttbt.exe159⤵
-
\??\c:\pdppv.exec:\pdppv.exe160⤵
-
\??\c:\jvddj.exec:\jvddj.exe161⤵
-
\??\c:\lflrxxx.exec:\lflrxxx.exe162⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe163⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe164⤵
-
\??\c:\jvddd.exec:\jvddd.exe165⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe166⤵
-
\??\c:\rfrlxrf.exec:\rfrlxrf.exe167⤵
-
\??\c:\xflfxfx.exec:\xflfxfx.exe168⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe169⤵
-
\??\c:\hhhntt.exec:\hhhntt.exe170⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe171⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe172⤵
-
\??\c:\rllrllr.exec:\rllrllr.exe173⤵
-
\??\c:\1rxxrfx.exec:\1rxxrfx.exe174⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe175⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe176⤵
-
\??\c:\3tttbb.exec:\3tttbb.exe177⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe178⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe179⤵
-
\??\c:\fflffxr.exec:\fflffxr.exe180⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe181⤵
-
\??\c:\nntttb.exec:\nntttb.exe182⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe183⤵
-
\??\c:\pdppp.exec:\pdppp.exe184⤵
-
\??\c:\rlfxrrf.exec:\rlfxrrf.exe185⤵
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe186⤵
-
\??\c:\3nhhtt.exec:\3nhhtt.exe187⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe188⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe189⤵
-
\??\c:\vjppp.exec:\vjppp.exe190⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe191⤵
-
\??\c:\ffrrllf.exec:\ffrrllf.exe192⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe193⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe194⤵
-
\??\c:\7bbbtn.exec:\7bbbtn.exe195⤵
-
\??\c:\7dddv.exec:\7dddv.exe196⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe197⤵
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe198⤵
-
\??\c:\xxffflr.exec:\xxffflr.exe199⤵
-
\??\c:\3lfflrl.exec:\3lfflrl.exe200⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe201⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe202⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe203⤵
-
\??\c:\9llffll.exec:\9llffll.exe204⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe205⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe206⤵
-
\??\c:\bbbnhn.exec:\bbbnhn.exe207⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe208⤵
-
\??\c:\dddvv.exec:\dddvv.exe209⤵
-
\??\c:\xxffrff.exec:\xxffrff.exe210⤵
-
\??\c:\hnhttb.exec:\hnhttb.exe211⤵
-
\??\c:\hhntbn.exec:\hhntbn.exe212⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe213⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe214⤵
-
\??\c:\lxrrrrr.exec:\lxrrrrr.exe215⤵
-
\??\c:\frfrlxx.exec:\frfrlxx.exe216⤵
-
\??\c:\9frlrxr.exec:\9frlrxr.exe217⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe218⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe219⤵
-
\??\c:\3dvdd.exec:\3dvdd.exe220⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe221⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe222⤵
-
\??\c:\fxlrlrr.exec:\fxlrlrr.exe223⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe224⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe225⤵
-
\??\c:\dvppp.exec:\dvppp.exe226⤵
-
\??\c:\vdppj.exec:\vdppj.exe227⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe228⤵
-
\??\c:\5xxrrxr.exec:\5xxrrxr.exe229⤵
-
\??\c:\5bhhhh.exec:\5bhhhh.exe230⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe231⤵
-
\??\c:\jpppp.exec:\jpppp.exe232⤵
-
\??\c:\5dppd.exec:\5dppd.exe233⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe234⤵
-
\??\c:\lrlfrrx.exec:\lrlfrrx.exe235⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe236⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe237⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe238⤵
-
\??\c:\ffrrlll.exec:\ffrrlll.exe239⤵
-
\??\c:\frfxrrl.exec:\frfxrrl.exe240⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe241⤵