Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 05:47
General
-
Target
86bb743dcd4965f3587c9d736a9dd660_NeikiAnalytics.exe
-
Size
64KB
-
MD5
86bb743dcd4965f3587c9d736a9dd660
-
SHA1
f826759064746a2e8b74ab7b2db37e6aef5937c5
-
SHA256
f009f8375abde1c5967c027b2800fc80cd60b20e82ca696cbbb98f92cdf97ceb
-
SHA512
e50495db271829268c64c37e4016e6f9a03a5975addfd50260e9336db7198dd2c62de669a160a0ebc73fa27072b383fddc410bbf329a8d2ea00378ab559b217d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvd0:ymb3NkkiQ3mdBjF0yMl1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\86bb743dcd4965f3587c9d736a9dd660_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\86bb743dcd4965f3587c9d736a9dd660_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxlxrl.exec:\7xxlxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhb.exec:\nnnhhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdpd.exec:\1jdpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlfr.exec:\rrlxlfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxfxr.exec:\xrfxfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhtbb.exec:\7bhtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnbnh.exec:\5nnbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpd.exec:\vdjpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhtt.exec:\hnnhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrxrf.exec:\7xxrxrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnnh.exec:\btbnnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvj.exec:\5vvvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffx.exec:\lrrlffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflxrl.exec:\xfflxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnntt.exec:\nbnntt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrflxl.exec:\xrrflxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnnntt.exec:\nnnntt.exe24⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\flfxxxx.exec:\flfxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\btnntb.exec:\btnntb.exe30⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe34⤵
- Executes dropped EXE
-
\??\c:\hthntn.exec:\hthntn.exe35⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe36⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\flllxrf.exec:\flllxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxfxxr.exec:\lxxfxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1pjvp.exec:\1pjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\7rxrxxr.exec:\7rxrxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\fxxxxll.exec:\fxxxxll.exe43⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\tntntt.exec:\tntntt.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\5frrxxf.exec:\5frrxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\lflfrrr.exec:\lflfrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\1bnnhh.exec:\1bnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\5pvpd.exec:\5pvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\xxrlxxx.exec:\xxrlxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\5frrxxx.exec:\5frrxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\9vddd.exec:\9vddd.exe62⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe63⤵
- Executes dropped EXE
-
\??\c:\5rxxlff.exec:\5rxxlff.exe64⤵
- Executes dropped EXE
-
\??\c:\rrlxrlr.exec:\rrlxrlr.exe65⤵
- Executes dropped EXE
-
\??\c:\hnbtnh.exec:\hnbtnh.exe66⤵
-
\??\c:\pppjd.exec:\pppjd.exe67⤵
-
\??\c:\vppjd.exec:\vppjd.exe68⤵
-
\??\c:\3lfrxrf.exec:\3lfrxrf.exe69⤵
-
\??\c:\5lfxlfx.exec:\5lfxlfx.exe70⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe71⤵
-
\??\c:\bntthh.exec:\bntthh.exe72⤵
-
\??\c:\7nthbn.exec:\7nthbn.exe73⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe74⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe75⤵
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe76⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe77⤵
-
\??\c:\5nbthh.exec:\5nbthh.exe78⤵
-
\??\c:\3bbntn.exec:\3bbntn.exe79⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe80⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe81⤵
-
\??\c:\lllxlxr.exec:\lllxlxr.exe82⤵
-
\??\c:\3hbtht.exec:\3hbtht.exe83⤵
-
\??\c:\thhtbt.exec:\thhtbt.exe84⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe85⤵
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe86⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe87⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe88⤵
-
\??\c:\1nbtht.exec:\1nbtht.exe89⤵
-
\??\c:\vppvj.exec:\vppvj.exe90⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe91⤵
-
\??\c:\rxlxflr.exec:\rxlxflr.exe92⤵
-
\??\c:\1lffrlf.exec:\1lffrlf.exe93⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe94⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe95⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe96⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe97⤵
-
\??\c:\llxrfxf.exec:\llxrfxf.exe98⤵
-
\??\c:\5xfffxf.exec:\5xfffxf.exe99⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe100⤵
-
\??\c:\5nnbnn.exec:\5nnbnn.exe101⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe102⤵
-
\??\c:\lrfrflx.exec:\lrfrflx.exe103⤵
-
\??\c:\7ffxxrf.exec:\7ffxxrf.exe104⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe105⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe106⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe107⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe108⤵
-
\??\c:\frrfrlx.exec:\frrfrlx.exe109⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe110⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe111⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe112⤵
-
\??\c:\lxrflfx.exec:\lxrflfx.exe113⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe114⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe115⤵
-
\??\c:\ththbt.exec:\ththbt.exe116⤵
-
\??\c:\9vjvj.exec:\9vjvj.exe117⤵
-
\??\c:\lfffxxr.exec:\lfffxxr.exe118⤵
-
\??\c:\9nhtht.exec:\9nhtht.exe119⤵
-
\??\c:\tbthnb.exec:\tbthnb.exe120⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe121⤵
-
\??\c:\9dpdj.exec:\9dpdj.exe122⤵
-
\??\c:\7xrlrlx.exec:\7xrlrlx.exe123⤵
-
\??\c:\hbttht.exec:\hbttht.exe124⤵
-
\??\c:\bnntht.exec:\bnntht.exe125⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe126⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe127⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe128⤵
-
\??\c:\xrrfrlx.exec:\xrrfrlx.exe129⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe130⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe131⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe132⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe133⤵
-
\??\c:\frxxlfx.exec:\frxxlfx.exe134⤵
-
\??\c:\fffrllx.exec:\fffrllx.exe135⤵
-
\??\c:\3nhtnh.exec:\3nhtnh.exe136⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe137⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe138⤵
-
\??\c:\xxfffxx.exec:\xxfffxx.exe139⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe140⤵
-
\??\c:\jppjj.exec:\jppjj.exe141⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe142⤵
-
\??\c:\ffrlffx.exec:\ffrlffx.exe143⤵
-
\??\c:\xxxxrrx.exec:\xxxxrrx.exe144⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe145⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe146⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe147⤵
-
\??\c:\jdddv.exec:\jdddv.exe148⤵
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe149⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe150⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe151⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe152⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe153⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe154⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe155⤵
-
\??\c:\lfxlxlf.exec:\lfxlxlf.exe156⤵
-
\??\c:\xrfrrlr.exec:\xrfrrlr.exe157⤵
-
\??\c:\ttttth.exec:\ttttth.exe158⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe159⤵
-
\??\c:\vjppj.exec:\vjppj.exe160⤵
-
\??\c:\fflrrrx.exec:\fflrrrx.exe161⤵
-
\??\c:\lrrxrlf.exec:\lrrxrlf.exe162⤵
-
\??\c:\9hhtnb.exec:\9hhtnb.exe163⤵
-
\??\c:\tntnht.exec:\tntnht.exe164⤵
-
\??\c:\pppjj.exec:\pppjj.exe165⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe166⤵
-
\??\c:\ffffrfl.exec:\ffffrfl.exe167⤵
-
\??\c:\xrxrrlf.exec:\xrxrrlf.exe168⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe169⤵
-
\??\c:\tntttt.exec:\tntttt.exe170⤵
-
\??\c:\bbhnbh.exec:\bbhnbh.exe171⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe172⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe173⤵
-
\??\c:\lxlrlll.exec:\lxlrlll.exe174⤵
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe175⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe176⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe177⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe178⤵
-
\??\c:\ffffrxr.exec:\ffffrxr.exe179⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe180⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe181⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe182⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe183⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe184⤵
-
\??\c:\frxffff.exec:\frxffff.exe185⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe186⤵
-
\??\c:\nnntth.exec:\nnntth.exe187⤵
-
\??\c:\vpddv.exec:\vpddv.exe188⤵
-
\??\c:\vppjv.exec:\vppjv.exe189⤵
-
\??\c:\frxrlrl.exec:\frxrlrl.exe190⤵
-
\??\c:\3frrllr.exec:\3frrllr.exe191⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe192⤵
-
\??\c:\btthtn.exec:\btthtn.exe193⤵
-
\??\c:\5djdd.exec:\5djdd.exe194⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe195⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe196⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe197⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe198⤵
-
\??\c:\fxxrxxx.exec:\fxxrxxx.exe199⤵
-
\??\c:\rxxxfll.exec:\rxxxfll.exe200⤵
-
\??\c:\lllxlff.exec:\lllxlff.exe201⤵
-
\??\c:\3hntbb.exec:\3hntbb.exe202⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe203⤵
-
\??\c:\vpppp.exec:\vpppp.exe204⤵
-
\??\c:\jppjv.exec:\jppjv.exe205⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe206⤵
-
\??\c:\7xffxxl.exec:\7xffxxl.exe207⤵
-
\??\c:\btbtnt.exec:\btbtnt.exe208⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe209⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe210⤵
-
\??\c:\5frrlrr.exec:\5frrlrr.exe211⤵
-
\??\c:\hbbbbt.exec:\hbbbbt.exe212⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe213⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe214⤵
-
\??\c:\1fffxxx.exec:\1fffxxx.exe215⤵
-
\??\c:\3xffffl.exec:\3xffffl.exe216⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe217⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe218⤵
-
\??\c:\djdpj.exec:\djdpj.exe219⤵
-
\??\c:\1llfrxr.exec:\1llfrxr.exe220⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe221⤵
-
\??\c:\tttttt.exec:\tttttt.exe222⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe223⤵
-
\??\c:\jddvp.exec:\jddvp.exe224⤵
-
\??\c:\rxxlrfx.exec:\rxxlrfx.exe225⤵
-
\??\c:\bththh.exec:\bththh.exe226⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe227⤵
-
\??\c:\dvppp.exec:\dvppp.exe228⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe229⤵
-
\??\c:\fxfflll.exec:\fxfflll.exe230⤵
-
\??\c:\xxlflxx.exec:\xxlflxx.exe231⤵
-
\??\c:\btbttn.exec:\btbttn.exe232⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe233⤵
-
\??\c:\pjddj.exec:\pjddj.exe234⤵
-
\??\c:\pvddd.exec:\pvddd.exe235⤵
-
\??\c:\9flfxxx.exec:\9flfxxx.exe236⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe237⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe238⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe239⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe240⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe241⤵