Analysis
-
max time kernel
139s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 05:05
General
-
Target
7c8553c5fe13cb4407280f2984f72020_NeikiAnalytics.exe
-
Size
55KB
-
MD5
7c8553c5fe13cb4407280f2984f72020
-
SHA1
dc730967018e05e8702b688d0c1197d78dbad1a2
-
SHA256
35ba9c7f281972ff6123940f8dc9c2446cb0358768b638e04cbd9d8f5dd18c22
-
SHA512
62be8b2d6553244f235f12761ffedc18d4dd1e116acf7575397fc22aa729742cdb35026ba34842f7cfe239ef31c21093130a986233ee3d08e2fb5cdb0e77f8d8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVA:ymb3NkkiQ3mdBjFIn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c8553c5fe13cb4407280f2984f72020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7c8553c5fe13cb4407280f2984f72020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhnnt.exec:\7nhnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlxxf.exec:\lxxlxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnbh.exec:\htbnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnttb.exec:\hnnttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfllx.exec:\lrrfllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnn.exec:\thtnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpp.exec:\dpjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxrrr.exec:\lflxrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtb.exec:\ntbbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjv.exec:\pddjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlllr.exec:\xrrlllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnnn.exec:\7htnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvj.exec:\dpvvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxllll.exec:\fxxllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbbh.exec:\thbbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpp.exec:\pdjpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrxxll.exec:\ffrxxll.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\nbbtnb.exec:\nbbtnb.exe26⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe27⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe31⤵
- Executes dropped EXE
-
\??\c:\xxffrfl.exec:\xxffrfl.exe32⤵
- Executes dropped EXE
-
\??\c:\llffrlf.exec:\llffrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\httthb.exec:\httthb.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe35⤵
- Executes dropped EXE
-
\??\c:\rxrflxl.exec:\rxrflxl.exe36⤵
- Executes dropped EXE
-
\??\c:\rlrlfxl.exec:\rlrlfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlflxlr.exec:\rlflxlr.exe40⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\7thhhh.exec:\7thhhh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe44⤵
- Executes dropped EXE
-
\??\c:\lrllffx.exec:\lrllffx.exe45⤵
- Executes dropped EXE
-
\??\c:\7nnhbt.exec:\7nnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe47⤵
- Executes dropped EXE
-
\??\c:\3jpvv.exec:\3jpvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xxrxfrr.exec:\xxrxfrr.exe49⤵
- Executes dropped EXE
-
\??\c:\bnhnth.exec:\bnhnth.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe51⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe52⤵
- Executes dropped EXE
-
\??\c:\frlxlxx.exec:\frlxlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hnttnh.exec:\hnttnh.exe54⤵
- Executes dropped EXE
-
\??\c:\7nbbhn.exec:\7nbbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjvp.exec:\dpjvp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrxrrx.exec:\xrrxrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\bhhbbb.exec:\bhhbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe61⤵
- Executes dropped EXE
-
\??\c:\7vvjv.exec:\7vvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrrllr.exec:\rlrrllr.exe63⤵
- Executes dropped EXE
-
\??\c:\xxxrrll.exec:\xxxrrll.exe64⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe65⤵
- Executes dropped EXE
-
\??\c:\ttttnb.exec:\ttttnb.exe66⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe67⤵
-
\??\c:\rflrffx.exec:\rflrffx.exe68⤵
-
\??\c:\rlflffx.exec:\rlflffx.exe69⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe70⤵
-
\??\c:\ppppv.exec:\ppppv.exe71⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe72⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe73⤵
-
\??\c:\frxllfr.exec:\frxllfr.exe74⤵
-
\??\c:\xxrxxlf.exec:\xxrxxlf.exe75⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe76⤵
-
\??\c:\hbnbtn.exec:\hbnbtn.exe77⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe78⤵
-
\??\c:\xlllxxx.exec:\xlllxxx.exe79⤵
-
\??\c:\llffffx.exec:\llffffx.exe80⤵
-
\??\c:\httttt.exec:\httttt.exe81⤵
-
\??\c:\djppp.exec:\djppp.exe82⤵
-
\??\c:\djpjj.exec:\djpjj.exe83⤵
-
\??\c:\5frfllx.exec:\5frfllx.exe84⤵
-
\??\c:\5nbtnn.exec:\5nbtnn.exe85⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe86⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe87⤵
-
\??\c:\1fxxrff.exec:\1fxxrff.exe88⤵
-
\??\c:\httbtt.exec:\httbtt.exe89⤵
-
\??\c:\7vdjd.exec:\7vdjd.exe90⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe91⤵
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe92⤵
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe93⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe94⤵
-
\??\c:\rfffrrl.exec:\rfffrrl.exe95⤵
-
\??\c:\xxflfxl.exec:\xxflfxl.exe96⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe97⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe98⤵
-
\??\c:\3llffxr.exec:\3llffxr.exe99⤵
-
\??\c:\rlrrrlf.exec:\rlrrrlf.exe100⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe101⤵
-
\??\c:\lxrxxrr.exec:\lxrxxrr.exe102⤵
-
\??\c:\5rrlffx.exec:\5rrlffx.exe103⤵
-
\??\c:\9hhbtn.exec:\9hhbtn.exe104⤵
-
\??\c:\ttthbt.exec:\ttthbt.exe105⤵
-
\??\c:\vddpd.exec:\vddpd.exe106⤵
-
\??\c:\llfrfxl.exec:\llfrfxl.exe107⤵
-
\??\c:\ffxrffr.exec:\ffxrffr.exe108⤵
-
\??\c:\btbhnh.exec:\btbhnh.exe109⤵
-
\??\c:\hbtnbn.exec:\hbtnbn.exe110⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe111⤵
-
\??\c:\3xfrrlx.exec:\3xfrrlx.exe112⤵
-
\??\c:\rlffrfr.exec:\rlffrfr.exe113⤵
-
\??\c:\hnhbnn.exec:\hnhbnn.exe114⤵
-
\??\c:\nbhbht.exec:\nbhbht.exe115⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe116⤵
-
\??\c:\rxxllxr.exec:\rxxllxr.exe117⤵
-
\??\c:\5flflrl.exec:\5flflrl.exe118⤵
-
\??\c:\bnhttb.exec:\bnhttb.exe119⤵
-
\??\c:\ddddp.exec:\ddddp.exe120⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe121⤵
-
\??\c:\flfxxlx.exec:\flfxxlx.exe122⤵
-
\??\c:\flrxfxf.exec:\flrxfxf.exe123⤵
-
\??\c:\5rrlxrf.exec:\5rrlxrf.exe124⤵
-
\??\c:\3xrlxxl.exec:\3xrlxxl.exe125⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe126⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe127⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe128⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe129⤵
-
\??\c:\rffxrlx.exec:\rffxrlx.exe130⤵
-
\??\c:\3lrfxxr.exec:\3lrfxxr.exe131⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe132⤵
-
\??\c:\httnhh.exec:\httnhh.exe133⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe134⤵
-
\??\c:\flfrrrf.exec:\flfrrrf.exe135⤵
-
\??\c:\rfxrlfr.exec:\rfxrlfr.exe136⤵
-
\??\c:\7bbthb.exec:\7bbthb.exe137⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe138⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe139⤵
-
\??\c:\jvddj.exec:\jvddj.exe140⤵
-
\??\c:\fflllrl.exec:\fflllrl.exe141⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe142⤵
-
\??\c:\htbnbn.exec:\htbnbn.exe143⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe144⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe145⤵
-
\??\c:\fffxlfr.exec:\fffxlfr.exe146⤵
-
\??\c:\7xrlfxx.exec:\7xrlfxx.exe147⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe148⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe149⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe150⤵
-
\??\c:\lxrlflf.exec:\lxrlflf.exe151⤵
-
\??\c:\1rrrllf.exec:\1rrrllf.exe152⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe153⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe154⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe155⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe156⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe157⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe158⤵
-
\??\c:\ddddd.exec:\ddddd.exe159⤵
-
\??\c:\rrflllx.exec:\rrflllx.exe160⤵
-
\??\c:\rlfllrx.exec:\rlfllrx.exe161⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe162⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe163⤵
-
\??\c:\xfflfrx.exec:\xfflfrx.exe164⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe165⤵
-
\??\c:\rflxlrf.exec:\rflxlrf.exe166⤵
-
\??\c:\fxlxxrl.exec:\fxlxxrl.exe167⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe168⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe169⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe170⤵
-
\??\c:\xffrxrf.exec:\xffrxrf.exe171⤵
-
\??\c:\nbnbbt.exec:\nbnbbt.exe172⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe173⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe174⤵
-
\??\c:\djjvp.exec:\djjvp.exe175⤵
-
\??\c:\9xxrxfx.exec:\9xxrxfx.exe176⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe177⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe178⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe179⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe180⤵
-
\??\c:\rlfxrlr.exec:\rlfxrlr.exe181⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe182⤵
-
\??\c:\thbthb.exec:\thbthb.exe183⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe184⤵
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe185⤵
-
\??\c:\fllrrrr.exec:\fllrrrr.exe186⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe187⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe188⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe189⤵
-
\??\c:\rllrrrx.exec:\rllrrrx.exe190⤵
-
\??\c:\9llllfx.exec:\9llllfx.exe191⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe192⤵
-
\??\c:\bnnbth.exec:\bnnbth.exe193⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe194⤵
-
\??\c:\fffffrr.exec:\fffffrr.exe195⤵
-
\??\c:\5rlfxrl.exec:\5rlfxrl.exe196⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe197⤵
-
\??\c:\hthbtn.exec:\hthbtn.exe198⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe199⤵
-
\??\c:\jddvj.exec:\jddvj.exe200⤵
-
\??\c:\lfrrflr.exec:\lfrrflr.exe201⤵
-
\??\c:\xflfrrf.exec:\xflfrrf.exe202⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe203⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe204⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe205⤵
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe206⤵
-
\??\c:\frfxlfx.exec:\frfxlfx.exe207⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe208⤵
-
\??\c:\bbnbnh.exec:\bbnbnh.exe209⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe210⤵
-
\??\c:\7xfrllf.exec:\7xfrllf.exe211⤵
-
\??\c:\3nhnhb.exec:\3nhnhb.exe212⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe213⤵
-
\??\c:\dppjv.exec:\dppjv.exe214⤵
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe215⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe216⤵
-
\??\c:\hnnbhh.exec:\hnnbhh.exe217⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe218⤵
-
\??\c:\dppjp.exec:\dppjp.exe219⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe220⤵
-
\??\c:\flxxrlx.exec:\flxxrlx.exe221⤵
-
\??\c:\fxxffff.exec:\fxxffff.exe222⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe223⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe224⤵
-
\??\c:\5jpdv.exec:\5jpdv.exe225⤵
-
\??\c:\frxrlxr.exec:\frxrlxr.exe226⤵
-
\??\c:\bbhbhb.exec:\bbhbhb.exe227⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe228⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe229⤵
-
\??\c:\xffrfrf.exec:\xffrfrf.exe230⤵
-
\??\c:\1rrfxrl.exec:\1rrfxrl.exe231⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe232⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe233⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe234⤵
-
\??\c:\xxrflxf.exec:\xxrflxf.exe235⤵
-
\??\c:\lxfllrl.exec:\lxfllrl.exe236⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe237⤵
-
\??\c:\nhnhhb.exec:\nhnhhb.exe238⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe239⤵
-
\??\c:\vddjj.exec:\vddjj.exe240⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe241⤵