Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 05:39
General
-
Target
84c6cc46dd5452c0be87ae666d72f430_NeikiAnalytics.exe
-
Size
53KB
-
MD5
84c6cc46dd5452c0be87ae666d72f430
-
SHA1
1b6f7f9896e8743a8d5057e8e6c9d435d2bc5d8b
-
SHA256
664983ead9d5151312efc1b3dced8a2e1594467f404a9eb036791c79be65c780
-
SHA512
cea0023a5c6bfd5cca3d61be5dd7e9b804b9e16eae3572776c1cdafa8ee2dca0bcb542e21cd33ff6e0e8aadeeaec209a6c1159c205a8b31ee155efc157f18919
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFy8:ymb3NkkiQ3mdBjFIFb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\84c6cc46dd5452c0be87ae666d72f430_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\84c6cc46dd5452c0be87ae666d72f430_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrrl.exec:\xfllrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrllf.exec:\7lxrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpd.exec:\7jvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrr.exec:\xllfrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbh.exec:\nnnhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbt.exec:\3nnhbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvj.exec:\pddvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjv.exec:\jvvjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrflxf.exec:\xxrflxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnh.exec:\nhbtnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtnh.exec:\bnbtnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfllx.exec:\frlfllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrrl.exec:\9xfxrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrllf.exec:\xrrrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxlx.exec:\frlfxlx.exe23⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe25⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\fffxxrl.exec:\fffxxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\7rlfrlx.exec:\7rlfrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe31⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlrrfxr.exec:\rlrrfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\thttnt.exec:\thttnt.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe37⤵
- Executes dropped EXE
-
\??\c:\9rlfxxl.exec:\9rlfxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\3rxrrxf.exec:\3rxrrxf.exe39⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\bbtbtn.exec:\bbtbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe42⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxxrllx.exec:\xxxrllx.exe44⤵
- Executes dropped EXE
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe45⤵
- Executes dropped EXE
-
\??\c:\htnhbn.exec:\htnhbn.exe46⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe47⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\1jdvj.exec:\1jdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe50⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\3nnhtn.exec:\3nnhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe55⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe56⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe57⤵
- Executes dropped EXE
-
\??\c:\7xxlxxr.exec:\7xxlxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\bhbtnh.exec:\bhbtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\1vpdp.exec:\1vpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\5vpjv.exec:\5vpjv.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxrlff.exec:\lfxrlff.exe64⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\lflfxlf.exec:\lflfxlf.exe66⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe67⤵
-
\??\c:\nbbnbn.exec:\nbbnbn.exe68⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe69⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe70⤵
-
\??\c:\frrlxlf.exec:\frrlxlf.exe71⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe72⤵
-
\??\c:\hhbbtn.exec:\hhbbtn.exe73⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe74⤵
-
\??\c:\9tnbnn.exec:\9tnbnn.exe75⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe76⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe77⤵
-
\??\c:\xrlxxrl.exec:\xrlxxrl.exe78⤵
-
\??\c:\xrlfxff.exec:\xrlfxff.exe79⤵
-
\??\c:\hththh.exec:\hththh.exe80⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe81⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe82⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe83⤵
-
\??\c:\5xxrllf.exec:\5xxrllf.exe84⤵
-
\??\c:\rfffxrl.exec:\rfffxrl.exe85⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe86⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe87⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe88⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe89⤵
-
\??\c:\pddvp.exec:\pddvp.exe90⤵
-
\??\c:\lffxrfx.exec:\lffxrfx.exe91⤵
-
\??\c:\xlxrrlr.exec:\xlxrrlr.exe92⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe93⤵
-
\??\c:\vddvp.exec:\vddvp.exe94⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe95⤵
-
\??\c:\rlfxllx.exec:\rlfxllx.exe96⤵
-
\??\c:\lffllrr.exec:\lffllrr.exe97⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe98⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe99⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe100⤵
-
\??\c:\rllffff.exec:\rllffff.exe101⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe102⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe103⤵
-
\??\c:\djjjd.exec:\djjjd.exe104⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe105⤵
-
\??\c:\fxlffff.exec:\fxlffff.exe106⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe107⤵
-
\??\c:\7nnhtn.exec:\7nnhtn.exe108⤵
-
\??\c:\ppppp.exec:\ppppp.exe109⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe110⤵
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe111⤵
-
\??\c:\1xrlfff.exec:\1xrlfff.exe112⤵
-
\??\c:\1bnnht.exec:\1bnnht.exe113⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe114⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe115⤵
-
\??\c:\dppjv.exec:\dppjv.exe116⤵
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe117⤵
-
\??\c:\tbhbth.exec:\tbhbth.exe118⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe119⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe120⤵
-
\??\c:\rlffrff.exec:\rlffrff.exe121⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe122⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe123⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe124⤵
-
\??\c:\bnthtt.exec:\bnthtt.exe125⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe126⤵
-
\??\c:\xrfxfxx.exec:\xrfxfxx.exe127⤵
-
\??\c:\frfxrll.exec:\frfxrll.exe128⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe129⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe130⤵
-
\??\c:\jddvp.exec:\jddvp.exe131⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe132⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe133⤵
-
\??\c:\bhhhhb.exec:\bhhhhb.exe134⤵
-
\??\c:\pvddv.exec:\pvddv.exe135⤵
-
\??\c:\lflffxl.exec:\lflffxl.exe136⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe137⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe138⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe139⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe140⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe141⤵
-
\??\c:\1xfrrrl.exec:\1xfrrrl.exe142⤵
-
\??\c:\5llfrrl.exec:\5llfrrl.exe143⤵
-
\??\c:\1bhhbb.exec:\1bhhbb.exe144⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe145⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe146⤵
-
\??\c:\frlxrll.exec:\frlxrll.exe147⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe148⤵
-
\??\c:\ttbnht.exec:\ttbnht.exe149⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe150⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe151⤵
-
\??\c:\flfxxfx.exec:\flfxxfx.exe152⤵
-
\??\c:\lffrlll.exec:\lffrlll.exe153⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe154⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe155⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe156⤵
-
\??\c:\rflxrll.exec:\rflxrll.exe157⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe158⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe159⤵
-
\??\c:\xlrfxrl.exec:\xlrfxrl.exe160⤵
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe161⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe162⤵
-
\??\c:\dppdp.exec:\dppdp.exe163⤵
-
\??\c:\xlrlxxr.exec:\xlrlxxr.exe164⤵
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe165⤵
-
\??\c:\pddvp.exec:\pddvp.exe166⤵
-
\??\c:\xxlxrrr.exec:\xxlxrrr.exe167⤵
-
\??\c:\fflxrrl.exec:\fflxrrl.exe168⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe169⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe170⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe171⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe172⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe173⤵
-
\??\c:\fflfxrr.exec:\fflfxrr.exe174⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe175⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe176⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe177⤵
-
\??\c:\fxrlxrr.exec:\fxrlxrr.exe178⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe179⤵
-
\??\c:\1nhbtt.exec:\1nhbtt.exe180⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe181⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe182⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe183⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe184⤵
-
\??\c:\5xrlflf.exec:\5xrlflf.exe185⤵
-
\??\c:\xxxrrlx.exec:\xxxrrlx.exe186⤵
-
\??\c:\7nhtnh.exec:\7nhtnh.exe187⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe188⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe189⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe190⤵
-
\??\c:\xfxlxxr.exec:\xfxlxxr.exe191⤵
-
\??\c:\xxfxllf.exec:\xxfxllf.exe192⤵
-
\??\c:\1xxrfff.exec:\1xxrfff.exe193⤵
-
\??\c:\nbthhb.exec:\nbthhb.exe194⤵
-
\??\c:\tbbhtt.exec:\tbbhtt.exe195⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe196⤵
-
\??\c:\xxxfffx.exec:\xxxfffx.exe197⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe198⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe199⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe200⤵
-
\??\c:\lxffffx.exec:\lxffffx.exe201⤵
-
\??\c:\fffxrrx.exec:\fffxrrx.exe202⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe203⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe204⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe205⤵
-
\??\c:\vppjv.exec:\vppjv.exe206⤵
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe207⤵
-
\??\c:\5rlfxrl.exec:\5rlfxrl.exe208⤵
-
\??\c:\flflxxr.exec:\flflxxr.exe209⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe210⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe211⤵
-
\??\c:\jjddd.exec:\jjddd.exe212⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe213⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe214⤵
-
\??\c:\9lfllxl.exec:\9lfllxl.exe215⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe216⤵
-
\??\c:\9bbbnt.exec:\9bbbnt.exe217⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe218⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe219⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe220⤵
-
\??\c:\rlllflr.exec:\rlllflr.exe221⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe222⤵
-
\??\c:\5tbttt.exec:\5tbttt.exe223⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe224⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe225⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe226⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe227⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe228⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe229⤵
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe230⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe231⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe232⤵
-
\??\c:\7vvpp.exec:\7vvpp.exe233⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe234⤵
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe235⤵
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe236⤵
-
\??\c:\9nhnnt.exec:\9nhnnt.exe237⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe238⤵
-
\??\c:\dppdv.exec:\dppdv.exe239⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe240⤵
-
\??\c:\lrrfxxl.exec:\lrrfxxl.exe241⤵