Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:25
General
-
Target
53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe
-
Size
229KB
-
MD5
53e0190a2bb775d745fe02f51afac8a0
-
SHA1
95c8391c6f361b833a396814846e9cc60362c868
-
SHA256
4d9d166acaa6093ac49df76ed04d040660bb93bc32c751405aa7985e250d8dfd
-
SHA512
327894717faaccf3a7c9209ec44037a10805ca9d25bcff1d553d8d16830dd31ef51e9614437b1ae5b634ab6c246262e5d87c55d47875ce5dfc38e4f677d31e2d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31z8mF7C/:n3C9BRo7MlrWKo+lfFe/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\53e0190a2bb775d745fe02f51afac8a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhh.exec:\nnnhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpj.exec:\1pvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrfxrl.exec:\5lrfxrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdj.exec:\9pjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrffx.exec:\rllrffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlfrl.exec:\rrxlfrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhht.exec:\hbhhht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfffff.exec:\frfffff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxlfrx.exec:\9fxlfrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrr.exec:\rllfrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntb.exec:\hbnntb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbtt.exec:\3hhbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxrr.exec:\xflfxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppp.exec:\jvppp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe26⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\7jpjj.exec:\7jpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbhnt.exec:\bnbhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\lfffxxr.exec:\lfffxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe36⤵
- Executes dropped EXE
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe37⤵
- Executes dropped EXE
-
\??\c:\thhhnh.exec:\thhhnh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe40⤵
- Executes dropped EXE
-
\??\c:\3flfrrr.exec:\3flfrrr.exe41⤵
- Executes dropped EXE
-
\??\c:\htbttn.exec:\htbttn.exe42⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xrffxxx.exec:\xrffxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\fffxrxr.exec:\fffxrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe47⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\xffxxxf.exec:\xffxxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\hbtbbb.exec:\hbtbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe52⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\btbhbb.exec:\btbhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\3nnbhn.exec:\3nnbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxrllf.exec:\rrxrllf.exe59⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe61⤵
- Executes dropped EXE
-
\??\c:\3vddd.exec:\3vddd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe63⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe64⤵
- Executes dropped EXE
-
\??\c:\tbhtnb.exec:\tbhtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe66⤵
-
\??\c:\7jpvd.exec:\7jpvd.exe67⤵
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe68⤵
-
\??\c:\nbbntb.exec:\nbbntb.exe69⤵
-
\??\c:\7pppj.exec:\7pppj.exe70⤵
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe71⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe72⤵
-
\??\c:\btnntt.exec:\btnntt.exe73⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe74⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe75⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe76⤵
-
\??\c:\7ttnhn.exec:\7ttnhn.exe77⤵
-
\??\c:\5jvdp.exec:\5jvdp.exe78⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe79⤵
-
\??\c:\lrrlxlf.exec:\lrrlxlf.exe80⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe81⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe82⤵
-
\??\c:\xffxlll.exec:\xffxlll.exe83⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe84⤵
-
\??\c:\3vddv.exec:\3vddv.exe85⤵
-
\??\c:\llflffr.exec:\llflffr.exe86⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe87⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe88⤵
-
\??\c:\djpvp.exec:\djpvp.exe89⤵
-
\??\c:\djjjv.exec:\djjjv.exe90⤵
-
\??\c:\frxlfrr.exec:\frxlfrr.exe91⤵
-
\??\c:\1hhbtn.exec:\1hhbtn.exe92⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe93⤵
-
\??\c:\ddppd.exec:\ddppd.exe94⤵
-
\??\c:\lxlxrxr.exec:\lxlxrxr.exe95⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe96⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe97⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe98⤵
-
\??\c:\jjpdj.exec:\jjpdj.exe99⤵
-
\??\c:\rrlfxfl.exec:\rrlfxfl.exe100⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe101⤵
-
\??\c:\5xrrllr.exec:\5xrrllr.exe102⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe103⤵
-
\??\c:\3bhbtb.exec:\3bhbtb.exe104⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe105⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe106⤵
-
\??\c:\bbbnnn.exec:\bbbnnn.exe107⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe108⤵
-
\??\c:\9rfxxxx.exec:\9rfxxxx.exe109⤵
-
\??\c:\3rfxrfx.exec:\3rfxrfx.exe110⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe111⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe112⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe113⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe114⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe115⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe116⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe117⤵
-
\??\c:\1rrrlrr.exec:\1rrrlrr.exe118⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe119⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe120⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe121⤵
-
\??\c:\rrllflf.exec:\rrllflf.exe122⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe123⤵
-
\??\c:\9hnnnn.exec:\9hnnnn.exe124⤵
-
\??\c:\vpddv.exec:\vpddv.exe125⤵
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe126⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe127⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe128⤵
-
\??\c:\ffrrlrr.exec:\ffrrlrr.exe129⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe130⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe131⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe132⤵
-
\??\c:\rlrfxrf.exec:\rlrfxrf.exe133⤵
-
\??\c:\flfflll.exec:\flfflll.exe134⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe135⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe136⤵
-
\??\c:\7lrlflf.exec:\7lrlflf.exe137⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe138⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe139⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe140⤵
-
\??\c:\lrlfxfr.exec:\lrlfxfr.exe141⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe142⤵
-
\??\c:\1vvjj.exec:\1vvjj.exe143⤵
-
\??\c:\rflllll.exec:\rflllll.exe144⤵
-
\??\c:\9tnhnn.exec:\9tnhnn.exe145⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe146⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe147⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe148⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe149⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe150⤵
-
\??\c:\lflfxrr.exec:\lflfxrr.exe151⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe152⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe153⤵
-
\??\c:\llfrffx.exec:\llfrffx.exe154⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe155⤵
-
\??\c:\7djvj.exec:\7djvj.exe156⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe157⤵
-
\??\c:\rxllfff.exec:\rxllfff.exe158⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe159⤵
-
\??\c:\ppppp.exec:\ppppp.exe160⤵
-
\??\c:\pddvp.exec:\pddvp.exe161⤵
-
\??\c:\3xxrlxr.exec:\3xxrlxr.exe162⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe163⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe164⤵
-
\??\c:\dvddp.exec:\dvddp.exe165⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe166⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe167⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe168⤵
-
\??\c:\xxxrlrx.exec:\xxxrlrx.exe169⤵
-
\??\c:\rrxflxx.exec:\rrxflxx.exe170⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe171⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe172⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe173⤵
-
\??\c:\3xlfxxr.exec:\3xlfxxr.exe174⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe175⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe176⤵
-
\??\c:\9nnhhh.exec:\9nnhhh.exe177⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe178⤵
-
\??\c:\lrrlrll.exec:\lrrlrll.exe179⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe180⤵
-
\??\c:\1nbtbh.exec:\1nbtbh.exe181⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe182⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe183⤵
-
\??\c:\7xfxxxr.exec:\7xfxxxr.exe184⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe185⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe186⤵
-
\??\c:\3jpjp.exec:\3jpjp.exe187⤵
-
\??\c:\1rlllll.exec:\1rlllll.exe188⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe189⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe190⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe191⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe192⤵
-
\??\c:\fxxrrxx.exec:\fxxrrxx.exe193⤵
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe194⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe195⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe196⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe197⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe198⤵
-
\??\c:\htbtnb.exec:\htbtnb.exe199⤵
-
\??\c:\7bnhbb.exec:\7bnhbb.exe200⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe201⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe202⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe203⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe204⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe205⤵
-
\??\c:\5vjdd.exec:\5vjdd.exe206⤵
-
\??\c:\lllxxrx.exec:\lllxxrx.exe207⤵
-
\??\c:\7ttnhh.exec:\7ttnhh.exe208⤵
-
\??\c:\nnhhbn.exec:\nnhhbn.exe209⤵
-
\??\c:\dpppj.exec:\dpppj.exe210⤵
-
\??\c:\fxfxrlr.exec:\fxfxrlr.exe211⤵
-
\??\c:\fflfffl.exec:\fflfffl.exe212⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe213⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe214⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe215⤵
-
\??\c:\rrrrlxx.exec:\rrrrlxx.exe216⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe217⤵
-
\??\c:\httnhh.exec:\httnhh.exe218⤵
-
\??\c:\vpppj.exec:\vpppj.exe219⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe220⤵
-
\??\c:\xrrfllx.exec:\xrrfllx.exe221⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe222⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe223⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe224⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe225⤵
-
\??\c:\llfxxxr.exec:\llfxxxr.exe226⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe227⤵
-
\??\c:\3btttt.exec:\3btttt.exe228⤵
-
\??\c:\hhhbbn.exec:\hhhbbn.exe229⤵
-
\??\c:\1vjjj.exec:\1vjjj.exe230⤵
-
\??\c:\fxffllf.exec:\fxffllf.exe231⤵
-
\??\c:\7thbnn.exec:\7thbnn.exe232⤵
-
\??\c:\ntttbb.exec:\ntttbb.exe233⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe234⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe235⤵
-
\??\c:\7lxrllf.exec:\7lxrllf.exe236⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe237⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe238⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe239⤵
-
\??\c:\ffffffl.exec:\ffffffl.exe240⤵
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe241⤵