Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 05:25
General
-
Target
81b3247af3b70f3835eda58f72ff6a10_NeikiAnalytics.exe
-
Size
141KB
-
MD5
81b3247af3b70f3835eda58f72ff6a10
-
SHA1
cca2db5274dcaa618a2dcac1b899cf77526a9a1e
-
SHA256
3c9d57bdd1e8cfd1a6b299ffa0a106a1050354231e59e90bf511dcf9675e51b2
-
SHA512
3f3e044069b476c609641a7ec528a027567e653835a8bd1d48837e87888604dda18318c3599d74a3e3c0c5b0cebc79d6c8662ad32f0ba6c4e8d7604d1953aa47
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmm8mzuFli55p150E:n3C9BRIG0asYFm71mm8fliiE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\81b3247af3b70f3835eda58f72ff6a10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\81b3247af3b70f3835eda58f72ff6a10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllfff.exec:\rrllfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlffl.exec:\ffrlffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddj.exec:\jpddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxx.exec:\lffxxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnnn.exec:\tbnnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjd.exec:\dpjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbt.exec:\hbbbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjdv.exec:\3jjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrxlr.exec:\rxfrxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnh.exec:\bntnnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllllll.exec:\rllllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtbh.exec:\3tbtbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflflf.exec:\fxflflf.exe23⤵
- Executes dropped EXE
-
\??\c:\frrrxxx.exec:\frrrxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\9tbhhn.exec:\9tbhhn.exe25⤵
- Executes dropped EXE
-
\??\c:\3tbbhn.exec:\3tbbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxfrff.exec:\lfxfrff.exe28⤵
- Executes dropped EXE
-
\??\c:\bhtnnt.exec:\bhtnnt.exe29⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe30⤵
- Executes dropped EXE
-
\??\c:\hnnnbt.exec:\hnnnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\7bhhbb.exec:\7bhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe33⤵
- Executes dropped EXE
-
\??\c:\rrxrlll.exec:\rrxrlll.exe34⤵
- Executes dropped EXE
-
\??\c:\nnntnn.exec:\nnntnn.exe35⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe36⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe38⤵
- Executes dropped EXE
-
\??\c:\5lfrlrr.exec:\5lfrlrr.exe39⤵
- Executes dropped EXE
-
\??\c:\flllfff.exec:\flllfff.exe40⤵
- Executes dropped EXE
-
\??\c:\1thbtt.exec:\1thbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\bhnhtb.exec:\bhnhtb.exe42⤵
- Executes dropped EXE
-
\??\c:\7pvvv.exec:\7pvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\5llxxxx.exec:\5llxxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\lrllfff.exec:\lrllfff.exe45⤵
- Executes dropped EXE
-
\??\c:\thbnth.exec:\thbnth.exe46⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\ffrlxxx.exec:\ffrlxxx.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtthb.exec:\bbtthb.exe51⤵
- Executes dropped EXE
-
\??\c:\1ppvj.exec:\1ppvj.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbnbn.exec:\ntbnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\llxlrxx.exec:\llxlrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe61⤵
- Executes dropped EXE
-
\??\c:\llffxxx.exec:\llffxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\7lffrxl.exec:\7lffrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\bnhhhn.exec:\bnhhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe66⤵
-
\??\c:\7llrrrx.exec:\7llrrrx.exe67⤵
-
\??\c:\tnbhnb.exec:\tnbhnb.exe68⤵
-
\??\c:\bhhnbt.exec:\bhhnbt.exe69⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe70⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe71⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe72⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe73⤵
-
\??\c:\3ffxllf.exec:\3ffxllf.exe74⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe75⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe76⤵
-
\??\c:\3vvdp.exec:\3vvdp.exe77⤵
-
\??\c:\hnhhtb.exec:\hnhhtb.exe78⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe79⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe80⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe81⤵
-
\??\c:\5llfxxx.exec:\5llfxxx.exe82⤵
-
\??\c:\7lllffx.exec:\7lllffx.exe83⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe84⤵
-
\??\c:\1jddv.exec:\1jddv.exe85⤵
-
\??\c:\pvddv.exec:\pvddv.exe86⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe87⤵
-
\??\c:\rrfffff.exec:\rrfffff.exe88⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe89⤵
-
\??\c:\9btntb.exec:\9btntb.exe90⤵
-
\??\c:\vpppv.exec:\vpppv.exe91⤵
-
\??\c:\fxfrxxr.exec:\fxfrxxr.exe92⤵
-
\??\c:\fxlrrxr.exec:\fxlrrxr.exe93⤵
-
\??\c:\pvppp.exec:\pvppp.exe94⤵
-
\??\c:\vjddj.exec:\vjddj.exe95⤵
-
\??\c:\lfrllrx.exec:\lfrllrx.exe96⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe97⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe98⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe99⤵
-
\??\c:\rfrlffr.exec:\rfrlffr.exe100⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe101⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe102⤵
-
\??\c:\jddvv.exec:\jddvv.exe103⤵
-
\??\c:\9rfxxff.exec:\9rfxxff.exe104⤵
-
\??\c:\xxxlfrr.exec:\xxxlfrr.exe105⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe106⤵
-
\??\c:\pdppj.exec:\pdppj.exe107⤵
-
\??\c:\lxffrff.exec:\lxffrff.exe108⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe109⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe110⤵
-
\??\c:\5httbt.exec:\5httbt.exe111⤵
-
\??\c:\5pvpp.exec:\5pvpp.exe112⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe113⤵
-
\??\c:\3xxxxxx.exec:\3xxxxxx.exe114⤵
-
\??\c:\7xffxfx.exec:\7xffxfx.exe115⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe116⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe117⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe118⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe119⤵
-
\??\c:\xfrfrfl.exec:\xfrfrfl.exe120⤵
-
\??\c:\frffxxl.exec:\frffxxl.exe121⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe122⤵
-
\??\c:\bhbbtb.exec:\bhbbtb.exe123⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe124⤵
-
\??\c:\3dppj.exec:\3dppj.exe125⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe126⤵
-
\??\c:\5fxrxxf.exec:\5fxrxxf.exe127⤵
-
\??\c:\rllllff.exec:\rllllff.exe128⤵
-
\??\c:\tbhtnb.exec:\tbhtnb.exe129⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe130⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe131⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe132⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe133⤵
-
\??\c:\9rfffll.exec:\9rfffll.exe134⤵
-
\??\c:\fxxxxff.exec:\fxxxxff.exe135⤵
-
\??\c:\nbhntn.exec:\nbhntn.exe136⤵
-
\??\c:\9btttt.exec:\9btttt.exe137⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe138⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe139⤵
-
\??\c:\xxxxrrx.exec:\xxxxrrx.exe140⤵
-
\??\c:\3xrlffl.exec:\3xrlffl.exe141⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe142⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe143⤵
-
\??\c:\jjppj.exec:\jjppj.exe144⤵
-
\??\c:\dpppv.exec:\dpppv.exe145⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe146⤵
-
\??\c:\9ffxrrx.exec:\9ffxrrx.exe147⤵
-
\??\c:\nnhhbt.exec:\nnhhbt.exe148⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe149⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe150⤵
-
\??\c:\ddppp.exec:\ddppp.exe151⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe152⤵
-
\??\c:\ffrlxrx.exec:\ffrlxrx.exe153⤵
-
\??\c:\nhnnnb.exec:\nhnnnb.exe154⤵
-
\??\c:\1tbbtb.exec:\1tbbtb.exe155⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe156⤵
-
\??\c:\7jppv.exec:\7jppv.exe157⤵
-
\??\c:\9lfrrrf.exec:\9lfrrrf.exe158⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe159⤵
-
\??\c:\5nbbtt.exec:\5nbbtt.exe160⤵
-
\??\c:\1tbhhh.exec:\1tbhhh.exe161⤵
-
\??\c:\djpjj.exec:\djpjj.exe162⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe163⤵
-
\??\c:\5hnhbb.exec:\5hnhbb.exe164⤵
-
\??\c:\djvpp.exec:\djvpp.exe165⤵
-
\??\c:\vpddj.exec:\vpddj.exe166⤵
-
\??\c:\xffffll.exec:\xffffll.exe167⤵
-
\??\c:\dpppp.exec:\dpppp.exe168⤵
-
\??\c:\lllrllx.exec:\lllrllx.exe169⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe170⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe171⤵
-
\??\c:\7flxrrr.exec:\7flxrrr.exe172⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe173⤵
-
\??\c:\vpddd.exec:\vpddd.exe174⤵
-
\??\c:\rfllrxx.exec:\rfllrxx.exe175⤵
-
\??\c:\ffllfxx.exec:\ffllfxx.exe176⤵
-
\??\c:\vjddj.exec:\vjddj.exe177⤵
-
\??\c:\ffxxlxl.exec:\ffxxlxl.exe178⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe179⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe180⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe181⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe182⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe183⤵
-
\??\c:\pdppd.exec:\pdppd.exe184⤵
-
\??\c:\frffxxf.exec:\frffxxf.exe185⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe186⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe187⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe188⤵
-
\??\c:\frfxxll.exec:\frfxxll.exe189⤵
-
\??\c:\7xllfff.exec:\7xllfff.exe190⤵
-
\??\c:\bbnnnh.exec:\bbnnnh.exe191⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe192⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe193⤵
-
\??\c:\1jpvj.exec:\1jpvj.exe194⤵
-
\??\c:\xlrfxxl.exec:\xlrfxxl.exe195⤵
-
\??\c:\1lrrrxx.exec:\1lrrrxx.exe196⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe197⤵
-
\??\c:\7hhhtt.exec:\7hhhtt.exe198⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe199⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe200⤵
-
\??\c:\1xlflll.exec:\1xlflll.exe201⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe202⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe203⤵
-
\??\c:\5tbttt.exec:\5tbttt.exe204⤵
-
\??\c:\vvppj.exec:\vvppj.exe205⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe206⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe207⤵
-
\??\c:\llllrfr.exec:\llllrfr.exe208⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe209⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe210⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe211⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe212⤵
-
\??\c:\5xfxrfx.exec:\5xfxrfx.exe213⤵
-
\??\c:\fxffxll.exec:\fxffxll.exe214⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe215⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe216⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe217⤵
-
\??\c:\lrfflll.exec:\lrfflll.exe218⤵
-
\??\c:\1rxrrrl.exec:\1rxrrrl.exe219⤵
-
\??\c:\9nbhnt.exec:\9nbhnt.exe220⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe221⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe222⤵
-
\??\c:\7ddvv.exec:\7ddvv.exe223⤵
-
\??\c:\lxffrll.exec:\lxffrll.exe224⤵
-
\??\c:\lrfllrf.exec:\lrfllrf.exe225⤵
-
\??\c:\bthntn.exec:\bthntn.exe226⤵
-
\??\c:\3tbbbh.exec:\3tbbbh.exe227⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe228⤵
-
\??\c:\djjjd.exec:\djjjd.exe229⤵
-
\??\c:\3xffxff.exec:\3xffxff.exe230⤵
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe231⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe232⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe233⤵
-
\??\c:\dvddd.exec:\dvddd.exe234⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe235⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe236⤵
-
\??\c:\httttb.exec:\httttb.exe237⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe238⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe239⤵
-
\??\c:\5rfxxrr.exec:\5rfxxrr.exe240⤵
-
\??\c:\9xlrlrl.exec:\9xlrlrl.exe241⤵