Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 01:39
General
-
Target
476a34e3a39bf2b66448ee73dc009260_NeikiAnalytics.exe
-
Size
70KB
-
MD5
476a34e3a39bf2b66448ee73dc009260
-
SHA1
0f8c9c6716b53109e22d7c32a93f554190bb447d
-
SHA256
290e851d6553cf075d2ded828a68b9fba6cf7c4dcc3e1520feb35d85e04a7819
-
SHA512
0769ee15bf66e05f1d356154bfda06376385b332fc7e7deb84f5cafb246a6dc37cf71265795dadd5eddd56b58aa929ef6e2567a2a7a97737ec1b224b4cba402d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSH:ymb3NkkiQ3mdBjFIynIKH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\476a34e3a39bf2b66448ee73dc009260_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\476a34e3a39bf2b66448ee73dc009260_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrrll.exec:\xfrrrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtnn.exec:\btbtnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnn.exec:\tttnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhttt.exec:\hhhttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbb.exec:\bntnbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjd.exec:\5ppjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxlf.exec:\rllfxlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxllx.exec:\1xrxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbt.exec:\tttnbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llfflf.exec:\9llfflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvv.exec:\ddvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxrl.exec:\frlfxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflffrr.exec:\xflffrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlfrl.exec:\xfrlfrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfff.exec:\rrrlfff.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnt.exec:\htttnt.exe23⤵
- Executes dropped EXE
-
\??\c:\nhbbth.exec:\nhbbth.exe24⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\9xllrxr.exec:\9xllrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\tbttht.exec:\tbttht.exe27⤵
- Executes dropped EXE
-
\??\c:\ttbbbh.exec:\ttbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\9bbhbh.exec:\9bbhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\rffffff.exec:\rffffff.exe33⤵
- Executes dropped EXE
-
\??\c:\9tbttt.exec:\9tbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrxxxx.exec:\rlrxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\flrrfxl.exec:\flrrfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe38⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\5rxxllx.exec:\5rxxllx.exe41⤵
- Executes dropped EXE
-
\??\c:\bbhbbb.exec:\bbhbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nbbnnn.exec:\nbbnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrrfff.exec:\rlrrfff.exe46⤵
- Executes dropped EXE
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\ntttbb.exec:\ntttbb.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdjj.exec:\dvdjj.exe49⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe50⤵
- Executes dropped EXE
-
\??\c:\lllrrxx.exec:\lllrrxx.exe51⤵
- Executes dropped EXE
-
\??\c:\llffxxr.exec:\llffxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\htthnh.exec:\htthnh.exe53⤵
- Executes dropped EXE
-
\??\c:\nnhbbn.exec:\nnhbbn.exe54⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxfxxr.exec:\xrxfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe58⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\bnthtt.exec:\bnthtt.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\9bbnhb.exec:\9bbnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\hhhthb.exec:\hhhthb.exe66⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe67⤵
-
\??\c:\rlxflll.exec:\rlxflll.exe68⤵
-
\??\c:\rrflllf.exec:\rrflllf.exe69⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe70⤵
-
\??\c:\dvddd.exec:\dvddd.exe71⤵
-
\??\c:\xxffxff.exec:\xxffxff.exe72⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe73⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe74⤵
-
\??\c:\ntnbbt.exec:\ntnbbt.exe75⤵
-
\??\c:\ddddj.exec:\ddddj.exe76⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe77⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe78⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe79⤵
-
\??\c:\bttttn.exec:\bttttn.exe80⤵
-
\??\c:\jjppj.exec:\jjppj.exe81⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe82⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe83⤵
-
\??\c:\httnhh.exec:\httnhh.exe84⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe85⤵
-
\??\c:\xrrrlfx.exec:\xrrrlfx.exe86⤵
-
\??\c:\7flllll.exec:\7flllll.exe87⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe88⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe89⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe90⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe91⤵
-
\??\c:\nhhhhb.exec:\nhhhhb.exe92⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe93⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe94⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe95⤵
-
\??\c:\9flrllr.exec:\9flrllr.exe96⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe97⤵
-
\??\c:\9bbbbh.exec:\9bbbbh.exe98⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe99⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe100⤵
-
\??\c:\1dppd.exec:\1dppd.exe101⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe102⤵
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe103⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe104⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe105⤵
-
\??\c:\rxxllfx.exec:\rxxllfx.exe106⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe107⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe108⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe109⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe110⤵
-
\??\c:\9rffflx.exec:\9rffflx.exe111⤵
-
\??\c:\9ntntt.exec:\9ntntt.exe112⤵
-
\??\c:\htbthh.exec:\htbthh.exe113⤵
-
\??\c:\1xxrlll.exec:\1xxrlll.exe114⤵
-
\??\c:\1xffxfr.exec:\1xffxfr.exe115⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe116⤵
-
\??\c:\1djjj.exec:\1djjj.exe117⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe118⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe119⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe120⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe121⤵
-
\??\c:\7rxlfxr.exec:\7rxlfxr.exe122⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe123⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe124⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe125⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe126⤵
-
\??\c:\xxlffff.exec:\xxlffff.exe127⤵
-
\??\c:\thhnhh.exec:\thhnhh.exe128⤵
-
\??\c:\9nbthh.exec:\9nbthh.exe129⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe130⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe131⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe132⤵
-
\??\c:\fxxxrlr.exec:\fxxxrlr.exe133⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe134⤵
-
\??\c:\bttbtn.exec:\bttbtn.exe135⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe136⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe137⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe138⤵
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe139⤵
-
\??\c:\9tbtnt.exec:\9tbtnt.exe140⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe141⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe142⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe143⤵
-
\??\c:\ppppd.exec:\ppppd.exe144⤵
-
\??\c:\1llflll.exec:\1llflll.exe145⤵
-
\??\c:\lfllxrf.exec:\lfllxrf.exe146⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe147⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe148⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe149⤵
-
\??\c:\9djjd.exec:\9djjd.exe150⤵
-
\??\c:\7xrrffx.exec:\7xrrffx.exe151⤵
-
\??\c:\lrxxlfx.exec:\lrxxlfx.exe152⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe153⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe154⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe155⤵
-
\??\c:\xrlfrxr.exec:\xrlfrxr.exe156⤵
-
\??\c:\frrflrr.exec:\frrflrr.exe157⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe158⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe159⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe160⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe161⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe162⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe163⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe164⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe165⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe166⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe167⤵
-
\??\c:\ppddp.exec:\ppddp.exe168⤵
-
\??\c:\vdddd.exec:\vdddd.exe169⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe170⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe171⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe172⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe173⤵
-
\??\c:\flllflf.exec:\flllflf.exe174⤵
-
\??\c:\bthbth.exec:\bthbth.exe175⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe176⤵
-
\??\c:\vvddv.exec:\vvddv.exe177⤵
-
\??\c:\3xrfrrf.exec:\3xrfrrf.exe178⤵
-
\??\c:\rrxffff.exec:\rrxffff.exe179⤵
-
\??\c:\frxflrl.exec:\frxflrl.exe180⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe181⤵
-
\??\c:\5jdpj.exec:\5jdpj.exe182⤵
-
\??\c:\pddpd.exec:\pddpd.exe183⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe184⤵
-
\??\c:\9flxfxr.exec:\9flxfxr.exe185⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe186⤵
-
\??\c:\hbbtbt.exec:\hbbtbt.exe187⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe188⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe189⤵
-
\??\c:\rxfffrl.exec:\rxfffrl.exe190⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe191⤵
-
\??\c:\dppjv.exec:\dppjv.exe192⤵
-
\??\c:\5frrrrl.exec:\5frrrrl.exe193⤵
-
\??\c:\xxlffrr.exec:\xxlffrr.exe194⤵
-
\??\c:\nntnbn.exec:\nntnbn.exe195⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe196⤵
-
\??\c:\fxlxflf.exec:\fxlxflf.exe197⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe198⤵
-
\??\c:\thnhht.exec:\thnhht.exe199⤵
-
\??\c:\vvppv.exec:\vvppv.exe200⤵
-
\??\c:\xfxlfxx.exec:\xfxlfxx.exe201⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe202⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe203⤵
-
\??\c:\flxffff.exec:\flxffff.exe204⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe205⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe206⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe207⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe208⤵
-
\??\c:\1rxxxxx.exec:\1rxxxxx.exe209⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe210⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe211⤵
-
\??\c:\5dddp.exec:\5dddp.exe212⤵
-
\??\c:\dppjd.exec:\dppjd.exe213⤵
-
\??\c:\xfffxff.exec:\xfffxff.exe214⤵
-
\??\c:\rfrrrxf.exec:\rfrrrxf.exe215⤵
-
\??\c:\tbbhtt.exec:\tbbhtt.exe216⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe217⤵
-
\??\c:\dppjj.exec:\dppjj.exe218⤵
-
\??\c:\dpppp.exec:\dpppp.exe219⤵
-
\??\c:\llfrrff.exec:\llfrrff.exe220⤵
-
\??\c:\lrfllrl.exec:\lrfllrl.exe221⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe222⤵
-
\??\c:\hhhhth.exec:\hhhhth.exe223⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe224⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe225⤵
-
\??\c:\rffffrx.exec:\rffffrx.exe226⤵
-
\??\c:\9xrrrxx.exec:\9xrrrxx.exe227⤵
-
\??\c:\bntttt.exec:\bntttt.exe228⤵
-
\??\c:\tnhbbn.exec:\tnhbbn.exe229⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe230⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe231⤵
-
\??\c:\xllfxff.exec:\xllfxff.exe232⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe233⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe234⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe235⤵
-
\??\c:\dvddv.exec:\dvddv.exe236⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe237⤵
-
\??\c:\rxrxxff.exec:\rxrxxff.exe238⤵
-
\??\c:\xlllllr.exec:\xlllllr.exe239⤵
-
\??\c:\7ttbbh.exec:\7ttbbh.exe240⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe241⤵