Analysis
-
max time kernel
149s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 00:46
General
-
Target
38905f8e75a540a0d18bb8b24118a9a0_NeikiAnalytics.exe
-
Size
135KB
-
MD5
38905f8e75a540a0d18bb8b24118a9a0
-
SHA1
b38734bfcf761da79294047146901dbae273da4e
-
SHA256
6492e496cbc2dd5629ab6b552c85eb6208d911faff3a4bda110414da1be227e2
-
SHA512
f2a1872dfef39dc1269c9ba5567b1d9e960fd5f4aa4fb64a19cc9e811dfdd6e4ff5c62baf9985095d1229372c6f31f36aaab75cc29deae0c073be33348d2545b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorw:n3C9BRW0j/1px+dGd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\38905f8e75a540a0d18bb8b24118a9a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\38905f8e75a540a0d18bb8b24118a9a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbn.exec:\hthbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnb.exec:\nhtnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbhh.exec:\nnnbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflllr.exec:\fxflllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrllx.exec:\xrxrllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjp.exec:\pvjjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnb.exec:\nbhhnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlll.exec:\xrxrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvp.exec:\djvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrxrll.exec:\llrxrll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthn.exec:\nhtthn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvd.exec:\vvvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpd.exec:\3vjpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntthh.exec:\nntthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvvv.exec:\7vvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxrl.exec:\rflfxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrflfx.exec:\xlrflfx.exe25⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe27⤵
- Executes dropped EXE
-
\??\c:\nnthbb.exec:\nnthbb.exe28⤵
- Executes dropped EXE
-
\??\c:\1pdjd.exec:\1pdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxrflr.exec:\xrxrflr.exe31⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxrrlxr.exec:\fxrrlxr.exe34⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe35⤵
- Executes dropped EXE
-
\??\c:\1pjdd.exec:\1pjdd.exe36⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe37⤵
- Executes dropped EXE
-
\??\c:\rrxrxrx.exec:\rrxrxrx.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\1bbtnn.exec:\1bbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\5hhthh.exec:\5hhthh.exe41⤵
- Executes dropped EXE
-
\??\c:\9jdvp.exec:\9jdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlffxr.exec:\xrlffxr.exe44⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\btbtht.exec:\btbtht.exe46⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\5fxrrxx.exec:\5fxrrxx.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrfxrl.exec:\xlrfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe52⤵
- Executes dropped EXE
-
\??\c:\1rlfxrl.exec:\1rlfxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\9bthht.exec:\9bthht.exe55⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\rrfrllr.exec:\rrfrllr.exe57⤵
- Executes dropped EXE
-
\??\c:\9nnnbt.exec:\9nnnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe59⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe60⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe64⤵
- Executes dropped EXE
-
\??\c:\rllfxlf.exec:\rllfxlf.exe65⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe66⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe67⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe68⤵
-
\??\c:\dpppj.exec:\dpppj.exe69⤵
-
\??\c:\rlxrrrf.exec:\rlxrrrf.exe70⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe71⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe72⤵
-
\??\c:\thhnhh.exec:\thhnhh.exe73⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe74⤵
-
\??\c:\7rllrrl.exec:\7rllrrl.exe75⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe76⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe77⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe78⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe79⤵
-
\??\c:\xlrrlxr.exec:\xlrrlxr.exe80⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe81⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe82⤵
-
\??\c:\jppjd.exec:\jppjd.exe83⤵
-
\??\c:\rfllxxl.exec:\rfllxxl.exe84⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe85⤵
-
\??\c:\7nbbtt.exec:\7nbbtt.exe86⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe87⤵
-
\??\c:\dvddj.exec:\dvddj.exe88⤵
-
\??\c:\rxxrxrl.exec:\rxxrxrl.exe89⤵
-
\??\c:\9xxxfxf.exec:\9xxxfxf.exe90⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe91⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe92⤵
-
\??\c:\vddvp.exec:\vddvp.exe93⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe94⤵
-
\??\c:\rxlrlrr.exec:\rxlrlrr.exe95⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe96⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe97⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe98⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe99⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe100⤵
-
\??\c:\xrfxxff.exec:\xrfxxff.exe101⤵
-
\??\c:\bntbth.exec:\bntbth.exe102⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe103⤵
-
\??\c:\jppjd.exec:\jppjd.exe104⤵
-
\??\c:\lfxrfxx.exec:\lfxrfxx.exe105⤵
-
\??\c:\5bhbtb.exec:\5bhbtb.exe106⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe107⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe108⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe109⤵
-
\??\c:\9rxrlll.exec:\9rxrlll.exe110⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe111⤵
-
\??\c:\5btnnt.exec:\5btnnt.exe112⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe113⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe114⤵
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe115⤵
-
\??\c:\flrlffl.exec:\flrlffl.exe116⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe117⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe118⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe119⤵
-
\??\c:\rxlflll.exec:\rxlflll.exe120⤵
-
\??\c:\9nnhbh.exec:\9nnhbh.exe121⤵
-
\??\c:\1ttbht.exec:\1ttbht.exe122⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe123⤵
-
\??\c:\xrlllrx.exec:\xrlllrx.exe124⤵
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe125⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe126⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe127⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe128⤵
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe129⤵
-
\??\c:\bhhttt.exec:\bhhttt.exe130⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe131⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe132⤵
-
\??\c:\lflrxxr.exec:\lflrxxr.exe133⤵
-
\??\c:\btttbb.exec:\btttbb.exe134⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe135⤵
-
\??\c:\3frffll.exec:\3frffll.exe136⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe137⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe138⤵
-
\??\c:\xlfrllf.exec:\xlfrllf.exe139⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe140⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe141⤵
-
\??\c:\flfflll.exec:\flfflll.exe142⤵
-
\??\c:\nnbtbn.exec:\nnbtbn.exe143⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe144⤵
-
\??\c:\rlfrffx.exec:\rlfrffx.exe145⤵
-
\??\c:\tthbhb.exec:\tthbhb.exe146⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe147⤵
-
\??\c:\lllllll.exec:\lllllll.exe148⤵
-
\??\c:\jpppj.exec:\jpppj.exe149⤵
-
\??\c:\5jdvp.exec:\5jdvp.exe150⤵
-
\??\c:\5xffxxx.exec:\5xffxxx.exe151⤵
-
\??\c:\9hhntb.exec:\9hhntb.exe152⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe153⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe154⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe155⤵
-
\??\c:\ffflffl.exec:\ffflffl.exe156⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe157⤵
-
\??\c:\ntnnhb.exec:\ntnnhb.exe158⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe159⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe160⤵
-
\??\c:\llrxxrr.exec:\llrxxrr.exe161⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe162⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe163⤵
-
\??\c:\lrlllll.exec:\lrlllll.exe164⤵
-
\??\c:\5btnnn.exec:\5btnnn.exe165⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe166⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe167⤵
-
\??\c:\1dddp.exec:\1dddp.exe168⤵
-
\??\c:\lxffrrr.exec:\lxffrrr.exe169⤵
-
\??\c:\9rrxrlf.exec:\9rrxrlf.exe170⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe171⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe172⤵
-
\??\c:\1vdpj.exec:\1vdpj.exe173⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe174⤵
-
\??\c:\lllxlrl.exec:\lllxlrl.exe175⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe176⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe177⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe178⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe179⤵
-
\??\c:\xrrrllr.exec:\xrrrllr.exe180⤵
-
\??\c:\xfllfff.exec:\xfllfff.exe181⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe182⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe183⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe184⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe185⤵
-
\??\c:\rxrllrr.exec:\rxrllrr.exe186⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe187⤵
-
\??\c:\nbbntn.exec:\nbbntn.exe188⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe189⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe190⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe191⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe192⤵
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe193⤵
-
\??\c:\1fflllr.exec:\1fflllr.exe194⤵
-
\??\c:\5nbttt.exec:\5nbttt.exe195⤵
-
\??\c:\bnnhhb.exec:\bnnhhb.exe196⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe197⤵
-
\??\c:\xrlfffl.exec:\xrlfffl.exe198⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe199⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe200⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe201⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe202⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe203⤵
-
\??\c:\fffxlfx.exec:\fffxlfx.exe204⤵
-
\??\c:\xffrlll.exec:\xffrlll.exe205⤵
-
\??\c:\3ttthb.exec:\3ttthb.exe206⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe207⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe208⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe209⤵
-
\??\c:\9rrlxxr.exec:\9rrlxxr.exe210⤵
-
\??\c:\rxrlxfr.exec:\rxrlxfr.exe211⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe212⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe213⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe214⤵
-
\??\c:\djjdv.exec:\djjdv.exe215⤵
-
\??\c:\fxxxlll.exec:\fxxxlll.exe216⤵
-
\??\c:\9frrrrr.exec:\9frrrrr.exe217⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe218⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe219⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe220⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe221⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe222⤵
-
\??\c:\frxrxxx.exec:\frxrxxx.exe223⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe224⤵
-
\??\c:\1bnhbt.exec:\1bnhbt.exe225⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe226⤵
-
\??\c:\dvddd.exec:\dvddd.exe227⤵
-
\??\c:\llfrlxr.exec:\llfrlxr.exe228⤵
-
\??\c:\fflfllr.exec:\fflfllr.exe229⤵
-
\??\c:\bbhbhb.exec:\bbhbhb.exe230⤵
-
\??\c:\5httnn.exec:\5httnn.exe231⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe232⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe233⤵
-
\??\c:\xfrfllr.exec:\xfrfllr.exe234⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe235⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe236⤵
-
\??\c:\rxxfffx.exec:\rxxfffx.exe237⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe238⤵
-
\??\c:\9rllflf.exec:\9rllflf.exe239⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe240⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe241⤵