Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 05:05
General
-
Target
7c3fd3f4c684059b2ea5851ae26086d0_NeikiAnalytics.exe
-
Size
135KB
-
MD5
7c3fd3f4c684059b2ea5851ae26086d0
-
SHA1
f8af14c7fcdfdff235c03113acf103e519f331c3
-
SHA256
bbad6b1799ec212ef1544aead3ac1c25d4838d040f5e3cf096d7275e1fea73d1
-
SHA512
4a64689972c754e07882e9d5637125ee0ae31b0826b9d3a556f9c9a5d173f5e930abe097c53957b48fde108f78866e112c65dc6455beadd7d0e1ee676342c696
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorr:n3C9BRW0j/1px+dGS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c3fd3f4c684059b2ea5851ae26086d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7c3fd3f4c684059b2ea5851ae26086d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfff.exec:\xfllfff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrlff.exec:\llrrlff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhnh.exec:\ntbhnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbbt.exec:\nthbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlfxff.exec:\5xlfxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnbb.exec:\3tnnbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdp.exec:\1djdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnn.exec:\tbnbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvv.exec:\vddvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththh.exec:\tththh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjpj.exec:\9jjpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrfrx.exec:\lxfrfrx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe26⤵
- Executes dropped EXE
-
\??\c:\1lrlfff.exec:\1lrlfff.exe27⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\lrrllxr.exec:\lrrllxr.exe29⤵
- Executes dropped EXE
-
\??\c:\xrfffxx.exec:\xrfffxx.exe30⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrxffff.exec:\rrxffff.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxrrll.exec:\xlxrrll.exe36⤵
- Executes dropped EXE
-
\??\c:\lrrrrxr.exec:\lrrrrxr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe40⤵
- Executes dropped EXE
-
\??\c:\5xxxxfx.exec:\5xxxxfx.exe41⤵
- Executes dropped EXE
-
\??\c:\frllrxr.exec:\frllrxr.exe42⤵
- Executes dropped EXE
-
\??\c:\hthnhh.exec:\hthnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\thbtnt.exec:\thbtnt.exe44⤵
- Executes dropped EXE
-
\??\c:\9jvpj.exec:\9jvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxrlxx.exec:\rxxrlxx.exe46⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe50⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\hhtttn.exec:\hhtttn.exe52⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe54⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\xlrflfl.exec:\xlrflfl.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrffff.exec:\rfrffff.exe57⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe59⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe60⤵
- Executes dropped EXE
-
\??\c:\rxfxlff.exec:\rxfxlff.exe61⤵
- Executes dropped EXE
-
\??\c:\thnhbh.exec:\thnhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\3htnhb.exec:\3htnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe64⤵
- Executes dropped EXE
-
\??\c:\7dvpv.exec:\7dvpv.exe65⤵
- Executes dropped EXE
-
\??\c:\5lllxrl.exec:\5lllxrl.exe66⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe67⤵
-
\??\c:\1jppj.exec:\1jppj.exe68⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe69⤵
-
\??\c:\lrfxxxr.exec:\lrfxxxr.exe70⤵
-
\??\c:\bttthh.exec:\bttthh.exe71⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe72⤵
-
\??\c:\ppppj.exec:\ppppj.exe73⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe74⤵
-
\??\c:\xxxrflx.exec:\xxxrflx.exe75⤵
-
\??\c:\nhhhnh.exec:\nhhhnh.exe76⤵
-
\??\c:\1dddv.exec:\1dddv.exe77⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe78⤵
-
\??\c:\lxxfxrf.exec:\lxxfxrf.exe79⤵
-
\??\c:\lllfxfr.exec:\lllfxfr.exe80⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe81⤵
-
\??\c:\pddjj.exec:\pddjj.exe82⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe83⤵
-
\??\c:\9llfflr.exec:\9llfflr.exe84⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe85⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe86⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe87⤵
-
\??\c:\1llrxrf.exec:\1llrxrf.exe88⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe89⤵
-
\??\c:\tnbnnb.exec:\tnbnnb.exe90⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe91⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe92⤵
-
\??\c:\lfrxlfx.exec:\lfrxlfx.exe93⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe94⤵
-
\??\c:\vddvv.exec:\vddvv.exe95⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe96⤵
-
\??\c:\tbhhhn.exec:\tbhhhn.exe97⤵
-
\??\c:\jddpd.exec:\jddpd.exe98⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe99⤵
-
\??\c:\9rxrlfx.exec:\9rxrlfx.exe100⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe101⤵
-
\??\c:\vppjv.exec:\vppjv.exe102⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe103⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe104⤵
-
\??\c:\7hhhbt.exec:\7hhhbt.exe105⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe106⤵
-
\??\c:\pddvj.exec:\pddvj.exe107⤵
-
\??\c:\flllfxr.exec:\flllfxr.exe108⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe109⤵
-
\??\c:\btttbh.exec:\btttbh.exe110⤵
-
\??\c:\xflxrll.exec:\xflxrll.exe111⤵
-
\??\c:\hbnhtn.exec:\hbnhtn.exe112⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe113⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe114⤵
-
\??\c:\pjppp.exec:\pjppp.exe115⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe116⤵
-
\??\c:\frxfxxl.exec:\frxfxxl.exe117⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe118⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe119⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe120⤵
-
\??\c:\5rxrrrr.exec:\5rxrrrr.exe121⤵
-
\??\c:\flxrlrl.exec:\flxrlrl.exe122⤵
-
\??\c:\ntbbnb.exec:\ntbbnb.exe123⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe124⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe125⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe126⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe127⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe128⤵
-
\??\c:\lllxllf.exec:\lllxllf.exe129⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe130⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe131⤵
-
\??\c:\xllxrrx.exec:\xllxrrx.exe132⤵
-
\??\c:\jppjd.exec:\jppjd.exe133⤵
-
\??\c:\xflrlfx.exec:\xflrlfx.exe134⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe135⤵
-
\??\c:\1tnhbb.exec:\1tnhbb.exe136⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe137⤵
-
\??\c:\rrfrlfx.exec:\rrfrlfx.exe138⤵
-
\??\c:\lfffflf.exec:\lfffflf.exe139⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe140⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe141⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe142⤵
-
\??\c:\9xfrffr.exec:\9xfrffr.exe143⤵
-
\??\c:\lrfxxxf.exec:\lrfxxxf.exe144⤵
-
\??\c:\hhnnhb.exec:\hhnnhb.exe145⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe146⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe147⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe148⤵
-
\??\c:\lflfllf.exec:\lflfllf.exe149⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe150⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe151⤵
-
\??\c:\lffrffx.exec:\lffrffx.exe152⤵
-
\??\c:\9thbbb.exec:\9thbbb.exe153⤵
-
\??\c:\hhnbth.exec:\hhnbth.exe154⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe155⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe156⤵
-
\??\c:\lrxfrrl.exec:\lrxfrrl.exe157⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe158⤵
-
\??\c:\3hbthh.exec:\3hbthh.exe159⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe160⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe161⤵
-
\??\c:\fxxfffl.exec:\fxxfffl.exe162⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe163⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe164⤵
-
\??\c:\3hbnhh.exec:\3hbnhh.exe165⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe166⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe167⤵
-
\??\c:\lrxxllf.exec:\lrxxllf.exe168⤵
-
\??\c:\flllffx.exec:\flllffx.exe169⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe170⤵
-
\??\c:\dpppd.exec:\dpppd.exe171⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe172⤵
-
\??\c:\xlrlrll.exec:\xlrlrll.exe173⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe174⤵
-
\??\c:\1thhth.exec:\1thhth.exe175⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe176⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe177⤵
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe178⤵
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe179⤵
-
\??\c:\9tnntt.exec:\9tnntt.exe180⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe181⤵
-
\??\c:\9vjdp.exec:\9vjdp.exe182⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe183⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe184⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe185⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe186⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe187⤵
-
\??\c:\7rlffff.exec:\7rlffff.exe188⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe189⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe190⤵
-
\??\c:\9djdd.exec:\9djdd.exe191⤵
-
\??\c:\vpppj.exec:\vpppj.exe192⤵
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe193⤵
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe194⤵
-
\??\c:\tbbbhb.exec:\tbbbhb.exe195⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe196⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe197⤵
-
\??\c:\9rlfrrf.exec:\9rlfrrf.exe198⤵
-
\??\c:\rxxlfrr.exec:\rxxlfrr.exe199⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe200⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe201⤵
-
\??\c:\9dddp.exec:\9dddp.exe202⤵
-
\??\c:\3flxlfl.exec:\3flxlfl.exe203⤵
-
\??\c:\llrflxr.exec:\llrflxr.exe204⤵
-
\??\c:\hthbnh.exec:\hthbnh.exe205⤵
-
\??\c:\1vdvj.exec:\1vdvj.exe206⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe207⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe208⤵
-
\??\c:\3lxrxxx.exec:\3lxrxxx.exe209⤵
-
\??\c:\rffrlll.exec:\rffrlll.exe210⤵
-
\??\c:\1bttnn.exec:\1bttnn.exe211⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe212⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe213⤵
-
\??\c:\lxxlfxl.exec:\lxxlfxl.exe214⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe215⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe216⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe217⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe218⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe219⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe220⤵
-
\??\c:\dddvj.exec:\dddvj.exe221⤵
-
\??\c:\jddjd.exec:\jddjd.exe222⤵
-
\??\c:\rxlflfr.exec:\rxlflfr.exe223⤵
-
\??\c:\frxfxfx.exec:\frxfxfx.exe224⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe225⤵
-
\??\c:\5hbttt.exec:\5hbttt.exe226⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe227⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe228⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe229⤵
-
\??\c:\5hnntt.exec:\5hnntt.exe230⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe231⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe232⤵
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe233⤵
-
\??\c:\9flflxr.exec:\9flflxr.exe234⤵
-
\??\c:\btttnn.exec:\btttnn.exe235⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe236⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe237⤵
-
\??\c:\xxrfllf.exec:\xxrfllf.exe238⤵
-
\??\c:\xfrlfrl.exec:\xfrlfrl.exe239⤵
-
\??\c:\bnbhbh.exec:\bnbhbh.exe240⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe241⤵