Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 00:45
General
-
Target
387fb2e71b8084639e29bd9afaafa240_NeikiAnalytics.exe
-
Size
247KB
-
MD5
387fb2e71b8084639e29bd9afaafa240
-
SHA1
e23e3eba0a63f2a30b729994fcc3988a5ffad799
-
SHA256
6cfddcd650d5bf13b9a3dd4b1d5e0d19da6e9d314c882de3ecdfed9953f0337b
-
SHA512
30f74ed3310ffefa2a697c5a37822467d35537a4ba7ddde018fdff7826e84dc991d088f8d79e9decb131ebad3255e2693a9653c803a1c8018ec3fffeed621b62
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4MAWvGjR15:n3C9BRo7MlrWKo+lxtvGt15
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\387fb2e71b8084639e29bd9afaafa240_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\387fb2e71b8084639e29bd9afaafa240_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbt.exec:\hnnhbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfxlx.exec:\rfrfxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfxff.exec:\xxxfxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnhb.exec:\tbbnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrl.exec:\fllfxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nhtnb.exec:\5nhtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlffx.exec:\rfxlffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnb.exec:\ntttnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjd.exec:\pdvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlxxr.exec:\7xrlxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtht.exec:\tbbtht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdj.exec:\jvvdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxrf.exec:\xxxxxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbn.exec:\htnhbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbnbt.exec:\5tbnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\5llfxfx.exec:\5llfxfx.exe24⤵
- Executes dropped EXE
-
\??\c:\tnbnhh.exec:\tnbnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe26⤵
- Executes dropped EXE
-
\??\c:\7pvjp.exec:\7pvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\7llffxr.exec:\7llffxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbthn.exec:\nhbthn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe30⤵
- Executes dropped EXE
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\rflxfxf.exec:\rflxfxf.exe32⤵
- Executes dropped EXE
-
\??\c:\7ttthb.exec:\7ttthb.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe35⤵
- Executes dropped EXE
-
\??\c:\flffrlr.exec:\flffrlr.exe36⤵
- Executes dropped EXE
-
\??\c:\bthtbt.exec:\bthtbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe39⤵
- Executes dropped EXE
-
\??\c:\5rfxxxr.exec:\5rfxxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\frffxxr.exec:\frffxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe46⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxrrxf.exec:\ffxrrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\frxrlxx.exec:\frxrlxx.exe49⤵
- Executes dropped EXE
-
\??\c:\tbbbhh.exec:\tbbbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\7ppjp.exec:\7ppjp.exe52⤵
- Executes dropped EXE
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\btnhbh.exec:\btnhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlrrrl.exec:\lxlrrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxfrll.exec:\ffxfrll.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe61⤵
- Executes dropped EXE
-
\??\c:\tthhhn.exec:\tthhhn.exe62⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\5xlfrrr.exec:\5xlfrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\rflxxlx.exec:\rflxxlx.exe66⤵
-
\??\c:\bbnbhb.exec:\bbnbhb.exe67⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe68⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe69⤵
-
\??\c:\djppp.exec:\djppp.exe70⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe71⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe72⤵
-
\??\c:\tttttt.exec:\tttttt.exe73⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe74⤵
-
\??\c:\7jppj.exec:\7jppj.exe75⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe76⤵
-
\??\c:\xfxlffx.exec:\xfxlffx.exe77⤵
-
\??\c:\nthtnh.exec:\nthtnh.exe78⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe79⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe80⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe81⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe82⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe83⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe84⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe85⤵
-
\??\c:\9xrrlll.exec:\9xrrlll.exe86⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe87⤵
-
\??\c:\5nnhbb.exec:\5nnhbb.exe88⤵
-
\??\c:\7nhnbb.exec:\7nhnbb.exe89⤵
-
\??\c:\djvvv.exec:\djvvv.exe90⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe91⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe92⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe93⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe94⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe95⤵
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe96⤵
-
\??\c:\3lxrflf.exec:\3lxrflf.exe97⤵
-
\??\c:\tbbtht.exec:\tbbtht.exe98⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe99⤵
-
\??\c:\1dddj.exec:\1dddj.exe100⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe101⤵
-
\??\c:\htthnn.exec:\htthnn.exe102⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe103⤵
-
\??\c:\djjjd.exec:\djjjd.exe104⤵
-
\??\c:\9flllrr.exec:\9flllrr.exe105⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe106⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe107⤵
-
\??\c:\pjppj.exec:\pjppj.exe108⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe109⤵
-
\??\c:\rfllxff.exec:\rfllxff.exe110⤵
-
\??\c:\nbnbhh.exec:\nbnbhh.exe111⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe112⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe113⤵
-
\??\c:\fxfrlxr.exec:\fxfrlxr.exe114⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe115⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe116⤵
-
\??\c:\llfxffl.exec:\llfxffl.exe117⤵
-
\??\c:\9flllrr.exec:\9flllrr.exe118⤵
-
\??\c:\9httnt.exec:\9httnt.exe119⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe120⤵
-
\??\c:\3ppjj.exec:\3ppjj.exe121⤵
-
\??\c:\9lllffx.exec:\9lllffx.exe122⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe123⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe124⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe125⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe126⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe127⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe128⤵
-
\??\c:\9rrrllf.exec:\9rrrllf.exe129⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe130⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe131⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe132⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe133⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe134⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe135⤵
-
\??\c:\rlrlflx.exec:\rlrlflx.exe136⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe137⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe138⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe139⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe140⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe141⤵
-
\??\c:\rlxfxxl.exec:\rlxfxxl.exe142⤵
-
\??\c:\1nbbtb.exec:\1nbbtb.exe143⤵
-
\??\c:\dvppp.exec:\dvppp.exe144⤵
-
\??\c:\vddpv.exec:\vddpv.exe145⤵
-
\??\c:\5xlfxxr.exec:\5xlfxxr.exe146⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe147⤵
-
\??\c:\9bhbtt.exec:\9bhbtt.exe148⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe149⤵
-
\??\c:\flrlllf.exec:\flrlllf.exe150⤵
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe151⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe152⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe153⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe154⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe155⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe156⤵
-
\??\c:\fxxxlxr.exec:\fxxxlxr.exe157⤵
-
\??\c:\7bhbtn.exec:\7bhbtn.exe158⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe159⤵
-
\??\c:\ppddp.exec:\ppddp.exe160⤵
-
\??\c:\rrfflll.exec:\rrfflll.exe161⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe162⤵
-
\??\c:\tthnnb.exec:\tthnnb.exe163⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe164⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe165⤵
-
\??\c:\llrlxxx.exec:\llrlxxx.exe166⤵
-
\??\c:\fxxffxf.exec:\fxxffxf.exe167⤵
-
\??\c:\hntttt.exec:\hntttt.exe168⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe169⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe170⤵
-
\??\c:\7xfxxxr.exec:\7xfxxxr.exe171⤵
-
\??\c:\ffllffx.exec:\ffllffx.exe172⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe173⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe174⤵
-
\??\c:\ffrxlxx.exec:\ffrxlxx.exe175⤵
-
\??\c:\3ttbbb.exec:\3ttbbb.exe176⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe177⤵
-
\??\c:\jppjd.exec:\jppjd.exe178⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe179⤵
-
\??\c:\rrfffll.exec:\rrfffll.exe180⤵
-
\??\c:\bntttt.exec:\bntttt.exe181⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe182⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe183⤵
-
\??\c:\3vjpj.exec:\3vjpj.exe184⤵
-
\??\c:\3lrrlxx.exec:\3lrrlxx.exe185⤵
-
\??\c:\xflfffx.exec:\xflfffx.exe186⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe187⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe188⤵
-
\??\c:\lfrrlxr.exec:\lfrrlxr.exe189⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe190⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe191⤵
-
\??\c:\nttbtt.exec:\nttbtt.exe192⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe193⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe194⤵
-
\??\c:\3fxlrlr.exec:\3fxlrlr.exe195⤵
-
\??\c:\rrflrrl.exec:\rrflrrl.exe196⤵
-
\??\c:\3bthbb.exec:\3bthbb.exe197⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe198⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe199⤵
-
\??\c:\3xfxffx.exec:\3xfxffx.exe200⤵
-
\??\c:\rlrllrr.exec:\rlrllrr.exe201⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe202⤵
-
\??\c:\ttbbnt.exec:\ttbbnt.exe203⤵
-
\??\c:\jppjd.exec:\jppjd.exe204⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe205⤵
-
\??\c:\5ffflrr.exec:\5ffflrr.exe206⤵
-
\??\c:\bnhtth.exec:\bnhtth.exe207⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe208⤵
-
\??\c:\rfrllfx.exec:\rfrllfx.exe209⤵
-
\??\c:\xlxlfff.exec:\xlxlfff.exe210⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe211⤵
-
\??\c:\3hthbt.exec:\3hthbt.exe212⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe213⤵
-
\??\c:\rlfrfxr.exec:\rlfrfxr.exe214⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe215⤵
-
\??\c:\9btbnn.exec:\9btbnn.exe216⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe217⤵
-
\??\c:\lflxrlf.exec:\lflxrlf.exe218⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe219⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe220⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe221⤵
-
\??\c:\xxfrlff.exec:\xxfrlff.exe222⤵
-
\??\c:\5hnbtb.exec:\5hnbtb.exe223⤵
-
\??\c:\bhhtnn.exec:\bhhtnn.exe224⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe225⤵
-
\??\c:\frfrlrl.exec:\frfrlrl.exe226⤵
-
\??\c:\frflfxr.exec:\frflfxr.exe227⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe228⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe229⤵
-
\??\c:\7llfrlr.exec:\7llfrlr.exe230⤵
-
\??\c:\lfflxrr.exec:\lfflxrr.exe231⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe232⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe233⤵
-
\??\c:\vppdd.exec:\vppdd.exe234⤵
-
\??\c:\7rfxfxr.exec:\7rfxfxr.exe235⤵
-
\??\c:\3lffrrl.exec:\3lffrrl.exe236⤵
-
\??\c:\nnhtnh.exec:\nnhtnh.exe237⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe238⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe239⤵
-
\??\c:\djpjd.exec:\djpjd.exe240⤵
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe241⤵