Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 05:11
General
-
Target
7e2ad2f2bec82f25d5c233f3bec51530_NeikiAnalytics.exe
-
Size
134KB
-
MD5
7e2ad2f2bec82f25d5c233f3bec51530
-
SHA1
61bfaf1c499c2efc14877011005b1fd898a6d63e
-
SHA256
778fca23aa12b132439d36f0be16f82400633da40f2e37f1533ebb1ecf334407
-
SHA512
b658d345e0d17b16f721e2948fc7948e2342d89655a246d357d0d0eb9727eaa7eec53fbe0d4169edf5aa4ae0ed527cedc5493179930d29b70e06a9b6ed61a5a6
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGor/:n3C9BRW0j/1px+dGU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e2ad2f2bec82f25d5c233f3bec51530_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7e2ad2f2bec82f25d5c233f3bec51530_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrll.exec:\rrrrrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbb.exec:\nnttbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjj.exec:\5jjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjd.exec:\jvdjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flffff.exec:\9flffff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfxxx.exec:\fxrfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbb.exec:\bntbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrllrr.exec:\9lrllrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtn.exec:\htbbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhh.exec:\nbnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffx.exec:\llllffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbttt.exec:\3tbttt.exe23⤵
- Executes dropped EXE
-
\??\c:\9pjpd.exec:\9pjpd.exe24⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\rfllrlr.exec:\rfllrlr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnnnh.exec:\nhnnnh.exe27⤵
- Executes dropped EXE
-
\??\c:\1jpjj.exec:\1jpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\pddvj.exec:\pddvj.exe29⤵
- Executes dropped EXE
-
\??\c:\lxxxllf.exec:\lxxxllf.exe30⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe31⤵
- Executes dropped EXE
-
\??\c:\7hbbtt.exec:\7hbbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe34⤵
- Executes dropped EXE
-
\??\c:\rllffff.exec:\rllffff.exe35⤵
- Executes dropped EXE
-
\??\c:\rlffxfl.exec:\rlffxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhnnn.exec:\hhhnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\1xrlffx.exec:\1xrlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrflff.exec:\xxrflff.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbtbb.exec:\hbbtbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbhhbt.exec:\hbhhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe47⤵
- Executes dropped EXE
-
\??\c:\llxrxxx.exec:\llxrxxx.exe48⤵
- Executes dropped EXE
-
\??\c:\lrrllll.exec:\lrrllll.exe49⤵
- Executes dropped EXE
-
\??\c:\htntnn.exec:\htntnn.exe50⤵
- Executes dropped EXE
-
\??\c:\hthbbt.exec:\hthbbt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdvv.exec:\vjdvv.exe53⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe54⤵
- Executes dropped EXE
-
\??\c:\fffxxxr.exec:\fffxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe59⤵
- Executes dropped EXE
-
\??\c:\1rfffff.exec:\1rfffff.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\3hnnnn.exec:\3hnnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe65⤵
- Executes dropped EXE
-
\??\c:\xlllfll.exec:\xlllfll.exe66⤵
-
\??\c:\lffflrx.exec:\lffflrx.exe67⤵
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe68⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe69⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe70⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe71⤵
-
\??\c:\fllffff.exec:\fllffff.exe72⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe73⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe74⤵
-
\??\c:\9ttttt.exec:\9ttttt.exe75⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe76⤵
-
\??\c:\1xlfflf.exec:\1xlfflf.exe77⤵
-
\??\c:\7flfxfx.exec:\7flfxfx.exe78⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe79⤵
-
\??\c:\hbbbbn.exec:\hbbbbn.exe80⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe81⤵
-
\??\c:\5jddp.exec:\5jddp.exe82⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe83⤵
-
\??\c:\xrrlllf.exec:\xrrlllf.exe84⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe85⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe86⤵
-
\??\c:\9vddv.exec:\9vddv.exe87⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe88⤵
-
\??\c:\lllffll.exec:\lllffll.exe89⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe90⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe91⤵
-
\??\c:\7bbbnt.exec:\7bbbnt.exe92⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe93⤵
-
\??\c:\7ppdv.exec:\7ppdv.exe94⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe95⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe96⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe97⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe98⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe99⤵
-
\??\c:\llxxxxf.exec:\llxxxxf.exe100⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe101⤵
-
\??\c:\hbhnht.exec:\hbhnht.exe102⤵
-
\??\c:\7hhbtt.exec:\7hhbtt.exe103⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe104⤵
-
\??\c:\vdppj.exec:\vdppj.exe105⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe106⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe107⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe108⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe109⤵
-
\??\c:\1fffrrr.exec:\1fffrrr.exe110⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe111⤵
-
\??\c:\xrffrrx.exec:\xrffrrx.exe112⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe113⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe114⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe115⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe116⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe117⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe118⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe119⤵
-
\??\c:\3dppd.exec:\3dppd.exe120⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe121⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe122⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe123⤵
-
\??\c:\xxfxrrx.exec:\xxfxrrx.exe124⤵
-
\??\c:\lflffff.exec:\lflffff.exe125⤵
-
\??\c:\9hhhhh.exec:\9hhhhh.exe126⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe127⤵
-
\??\c:\jppjd.exec:\jppjd.exe128⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe129⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe130⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe131⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe132⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe133⤵
-
\??\c:\ffllffr.exec:\ffllffr.exe134⤵
-
\??\c:\llrrxxx.exec:\llrrxxx.exe135⤵
-
\??\c:\bbtbbb.exec:\bbtbbb.exe136⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe137⤵
-
\??\c:\9vddp.exec:\9vddp.exe138⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe139⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe140⤵
-
\??\c:\rfrlfff.exec:\rfrlfff.exe141⤵
-
\??\c:\ntntnb.exec:\ntntnb.exe142⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe143⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe144⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe145⤵
-
\??\c:\bnbtnt.exec:\bnbtnt.exe146⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe147⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe148⤵
-
\??\c:\nthhbh.exec:\nthhbh.exe149⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe150⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe151⤵
-
\??\c:\nnhhbn.exec:\nnhhbn.exe152⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe153⤵
-
\??\c:\lflrlff.exec:\lflrlff.exe154⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe155⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe156⤵
-
\??\c:\xfxxffl.exec:\xfxxffl.exe157⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe158⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe159⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe160⤵
-
\??\c:\pppjd.exec:\pppjd.exe161⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe162⤵
-
\??\c:\xflllll.exec:\xflllll.exe163⤵
-
\??\c:\rxfllll.exec:\rxfllll.exe164⤵
-
\??\c:\bntttt.exec:\bntttt.exe165⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe166⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe167⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe168⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe169⤵
-
\??\c:\xflrrrx.exec:\xflrrrx.exe170⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe171⤵
-
\??\c:\1hhbtt.exec:\1hhbtt.exe172⤵
-
\??\c:\vppdd.exec:\vppdd.exe173⤵
-
\??\c:\vddvp.exec:\vddvp.exe174⤵
-
\??\c:\rrfflll.exec:\rrfflll.exe175⤵
-
\??\c:\5rxrfrr.exec:\5rxrfrr.exe176⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe177⤵
-
\??\c:\vpddv.exec:\vpddv.exe178⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe179⤵
-
\??\c:\xfxrlff.exec:\xfxrlff.exe180⤵
-
\??\c:\fffxrfx.exec:\fffxrfx.exe181⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe182⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe183⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe184⤵
-
\??\c:\rxfffxr.exec:\rxfffxr.exe185⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe186⤵
-
\??\c:\dpddp.exec:\dpddp.exe187⤵
-
\??\c:\rrxrffl.exec:\rrxrffl.exe188⤵
-
\??\c:\nbnnht.exec:\nbnnht.exe189⤵
-
\??\c:\7tthbt.exec:\7tthbt.exe190⤵
-
\??\c:\vppjp.exec:\vppjp.exe191⤵
-
\??\c:\rffrlll.exec:\rffrlll.exe192⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe193⤵
-
\??\c:\5bnhbh.exec:\5bnhbh.exe194⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe195⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe196⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe197⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe198⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe199⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe200⤵
-
\??\c:\jpddv.exec:\jpddv.exe201⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe202⤵
-
\??\c:\lffxxxf.exec:\lffxxxf.exe203⤵
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe204⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe205⤵
-
\??\c:\tthhhb.exec:\tthhhb.exe206⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe207⤵
-
\??\c:\vpppp.exec:\vpppp.exe208⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe209⤵
-
\??\c:\thbtth.exec:\thbtth.exe210⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe211⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe212⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe213⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe214⤵
-
\??\c:\hhnttt.exec:\hhnttt.exe215⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe216⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe217⤵
-
\??\c:\dpddd.exec:\dpddd.exe218⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe219⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe220⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe221⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe222⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe223⤵
-
\??\c:\rxxrlxr.exec:\rxxrlxr.exe224⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe225⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe226⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe227⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe228⤵
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe229⤵
-
\??\c:\9lxxflr.exec:\9lxxflr.exe230⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe231⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe232⤵
-
\??\c:\dvppp.exec:\dvppp.exe233⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe234⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe235⤵
-
\??\c:\thttnn.exec:\thttnn.exe236⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe237⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe238⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe239⤵
-
\??\c:\vppvp.exec:\vppvp.exe240⤵
-
\??\c:\lxrlffl.exec:\lxrlffl.exe241⤵