Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 06:26
General
-
Target
90b90256780e8fd7f0a3729f546a4a00_NeikiAnalytics.exe
-
Size
65KB
-
MD5
90b90256780e8fd7f0a3729f546a4a00
-
SHA1
9b97685544ce7bd3a8d179ae5194acd2045c6d64
-
SHA256
35b07735f815ba3990fbff3f93eeb91a4a408d6388dc33aeb4eb59f59ff16393
-
SHA512
5e27a9aefa58720a7d3d7b4469dc661ff35b681c363eaaf1f45967be0e8d76ff5875b3b59ebf76e1cb3e385b49d42e5ff8e84feedc572ec97dc64243e94dc7f9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfDK:ymb3NkkiQ3mdBjFI4VC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\90b90256780e8fd7f0a3729f546a4a00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\90b90256780e8fd7f0a3729f546a4a00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnnb.exec:\hbbnnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvjj.exec:\3pvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhhb.exec:\ttnhhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxlfr.exec:\xflxlfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntntn.exec:\bntntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlffff.exec:\9xlffff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbt.exec:\hhhhbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdj.exec:\jvvdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlll.exec:\lflrlll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxxf.exec:\xxxxxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlxr.exec:\lflrlxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtn.exec:\bthhtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxxxr.exec:\1rxxxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttn.exec:\nbbttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhb.exec:\bttnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\9xxrxxr.exec:\9xxrxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe26⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtnhh.exec:\nbtnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\rlrrlff.exec:\rlrrlff.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbbbt.exec:\hbbbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe33⤵
- Executes dropped EXE
-
\??\c:\lflxlfl.exec:\lflxlfl.exe34⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnthh.exec:\tnnthh.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\lrxlffx.exec:\lrxlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhbbb.exec:\hnhbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxfrllr.exec:\fxfrllr.exe43⤵
- Executes dropped EXE
-
\??\c:\htttbh.exec:\htttbh.exe44⤵
- Executes dropped EXE
-
\??\c:\5bhbtt.exec:\5bhbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe48⤵
- Executes dropped EXE
-
\??\c:\5lrxrrr.exec:\5lrxrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbnht.exec:\hhbnht.exe50⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe51⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe52⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe53⤵
- Executes dropped EXE
-
\??\c:\1xffxxr.exec:\1xffxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\5nttnn.exec:\5nttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe56⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\flxffff.exec:\flxffff.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\5pdvd.exec:\5pdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxllrl.exec:\rlxllrl.exe65⤵
- Executes dropped EXE
-
\??\c:\5fffxxx.exec:\5fffxxx.exe66⤵
-
\??\c:\nhntbb.exec:\nhntbb.exe67⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe68⤵
-
\??\c:\jdddv.exec:\jdddv.exe69⤵
-
\??\c:\lfffxll.exec:\lfffxll.exe70⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe71⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe72⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe73⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe74⤵
-
\??\c:\ppppj.exec:\ppppj.exe75⤵
-
\??\c:\llxrrxx.exec:\llxrrxx.exe76⤵
-
\??\c:\rrfrlll.exec:\rrfrlll.exe77⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe78⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe79⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe80⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe81⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe82⤵
-
\??\c:\tnnbbn.exec:\tnnbbn.exe83⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe84⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe85⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe86⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe87⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe88⤵
-
\??\c:\pppjj.exec:\pppjj.exe89⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe90⤵
-
\??\c:\llfflfr.exec:\llfflfr.exe91⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe92⤵
-
\??\c:\5djvp.exec:\5djvp.exe93⤵
-
\??\c:\vdppp.exec:\vdppp.exe94⤵
-
\??\c:\9rrlxxl.exec:\9rrlxxl.exe95⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe96⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe97⤵
-
\??\c:\fxfxlff.exec:\fxfxlff.exe98⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe99⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe100⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe101⤵
-
\??\c:\7flfrrx.exec:\7flfrrx.exe102⤵
-
\??\c:\xxrxrrr.exec:\xxrxrrr.exe103⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe104⤵
-
\??\c:\1djvp.exec:\1djvp.exe105⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe106⤵
-
\??\c:\rlffxfl.exec:\rlffxfl.exe107⤵
-
\??\c:\hnhbhh.exec:\hnhbhh.exe108⤵
-
\??\c:\jdppj.exec:\jdppj.exe109⤵
-
\??\c:\jppjj.exec:\jppjj.exe110⤵
-
\??\c:\xflffxx.exec:\xflffxx.exe111⤵
-
\??\c:\xfxxflr.exec:\xfxxflr.exe112⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe113⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe114⤵
-
\??\c:\fllffff.exec:\fllffff.exe115⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe116⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe117⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe118⤵
-
\??\c:\rxxrrlr.exec:\rxxrrlr.exe119⤵
-
\??\c:\fxxrrlr.exec:\fxxrrlr.exe120⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe121⤵
-
\??\c:\vjppd.exec:\vjppd.exe122⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe123⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe124⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe125⤵
-
\??\c:\xlllxxx.exec:\xlllxxx.exe126⤵
-
\??\c:\3bthtn.exec:\3bthtn.exe127⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe128⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe129⤵
-
\??\c:\flrlllf.exec:\flrlllf.exe130⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe131⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe132⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe133⤵
-
\??\c:\5tbthb.exec:\5tbthb.exe134⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe135⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe136⤵
-
\??\c:\9pdpd.exec:\9pdpd.exe137⤵
-
\??\c:\3rffllf.exec:\3rffllf.exe138⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe139⤵
-
\??\c:\3vdjp.exec:\3vdjp.exe140⤵
-
\??\c:\xxxlxrr.exec:\xxxlxrr.exe141⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe142⤵
-
\??\c:\hhthhh.exec:\hhthhh.exe143⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe144⤵
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe145⤵
-
\??\c:\llffffx.exec:\llffffx.exe146⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe147⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe148⤵
-
\??\c:\pvddv.exec:\pvddv.exe149⤵
-
\??\c:\rllxrrl.exec:\rllxrrl.exe150⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe151⤵
-
\??\c:\9hhnbn.exec:\9hhnbn.exe152⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe153⤵
-
\??\c:\djpjd.exec:\djpjd.exe154⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe155⤵
-
\??\c:\fxfllfx.exec:\fxfllfx.exe156⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe157⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe158⤵
-
\??\c:\3hbtnn.exec:\3hbtnn.exe159⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe160⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe161⤵
-
\??\c:\9xxrffx.exec:\9xxrffx.exe162⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe163⤵
-
\??\c:\7hhbnh.exec:\7hhbnh.exe164⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe165⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe166⤵
-
\??\c:\xrlrxrx.exec:\xrlrxrx.exe167⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe168⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe169⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe170⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe171⤵
-
\??\c:\lxfxrlr.exec:\lxfxrlr.exe172⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe173⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe174⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe175⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe176⤵
-
\??\c:\lxrrffx.exec:\lxrrffx.exe177⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe178⤵
-
\??\c:\9htntt.exec:\9htntt.exe179⤵
-
\??\c:\tnttnh.exec:\tnttnh.exe180⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe181⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe182⤵
-
\??\c:\fllflfx.exec:\fllflfx.exe183⤵
-
\??\c:\5ffxllf.exec:\5ffxllf.exe184⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe185⤵
-
\??\c:\nhnhnn.exec:\nhnhnn.exe186⤵
-
\??\c:\jddvd.exec:\jddvd.exe187⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe188⤵
-
\??\c:\xrxxfrl.exec:\xrxxfrl.exe189⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe190⤵
-
\??\c:\7nttbb.exec:\7nttbb.exe191⤵
-
\??\c:\9hnbnh.exec:\9hnbnh.exe192⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe193⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe194⤵
-
\??\c:\frrrffx.exec:\frrrffx.exe195⤵
-
\??\c:\5rrrffx.exec:\5rrrffx.exe196⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe197⤵
-
\??\c:\ntbntn.exec:\ntbntn.exe198⤵
-
\??\c:\7ttnhh.exec:\7ttnhh.exe199⤵
-
\??\c:\5vjdv.exec:\5vjdv.exe200⤵
-
\??\c:\rrrfrlx.exec:\rrrfrlx.exe201⤵
-
\??\c:\frrrlfx.exec:\frrrlfx.exe202⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe203⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe204⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe205⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe206⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe207⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe208⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe209⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe210⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe211⤵
-
\??\c:\xrrlxxf.exec:\xrrlxxf.exe212⤵
-
\??\c:\frrlfff.exec:\frrlfff.exe213⤵
-
\??\c:\bntttt.exec:\bntttt.exe214⤵
-
\??\c:\7bhbnn.exec:\7bhbnn.exe215⤵
-
\??\c:\jpppj.exec:\jpppj.exe216⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe217⤵
-
\??\c:\xrlrlxf.exec:\xrlrlxf.exe218⤵
-
\??\c:\frfxllx.exec:\frfxllx.exe219⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe220⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe221⤵
-
\??\c:\rrxlxrf.exec:\rrxlxrf.exe222⤵
-
\??\c:\vpppj.exec:\vpppj.exe223⤵
-
\??\c:\rlffrrr.exec:\rlffrrr.exe224⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe225⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe226⤵
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe227⤵
-
\??\c:\hbttnb.exec:\hbttnb.exe228⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe229⤵
-
\??\c:\xxrlllf.exec:\xxrlllf.exe230⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe231⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe232⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe233⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe234⤵
-
\??\c:\rxfllll.exec:\rxfllll.exe235⤵
-
\??\c:\5tbbnn.exec:\5tbbnn.exe236⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe237⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe238⤵
-
\??\c:\frxlxrl.exec:\frxlxrl.exe239⤵
-
\??\c:\lflrrrr.exec:\lflrrrr.exe240⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe241⤵