Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 14:41
General
-
Target
d9816cf137b90efe6e891ab6a5013460_NeikiAnalytics.exe
-
Size
537KB
-
MD5
d9816cf137b90efe6e891ab6a5013460
-
SHA1
1ac2b693f0657bba730250e2112920cd2e6426db
-
SHA256
797f5849d1a0363ad742a9f1fa1424a83700db2c9cfa56e9a6093ba864c6512c
-
SHA512
29ba28d3afb57c559a8cacdc62de1b41df0012e8c9e71a322529170624b52223d0a90c62d6ace0f73bbde98ac9471b764a28fe55856374eff60f8fec040dc752
-
SSDEEP
12288:y4wFHoS3eFp3IDvSbh5nP+UbGTHoSouKs8N0u/D6vIZR:HFp3lzZbGa5soR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9816cf137b90efe6e891ab6a5013460_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d9816cf137b90efe6e891ab6a5013460_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjj.exec:\vpdjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxxxr.exec:\rllxxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtn.exec:\btbbtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnn.exec:\hhbtnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllfx.exec:\rrrllfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhb.exec:\hbhnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjp.exec:\vddjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxf.exec:\lffxfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbb.exec:\hthnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxrl.exec:\rrxxxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllff.exec:\xxlllff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhbb.exec:\3hnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhnn.exec:\tnhhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjj.exec:\7vvjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxrrl.exec:\frxxrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrlrl.exec:\frlrlrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbbb.exec:\3nnbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjvv.exec:\1vjvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlrrx.exec:\5lrlrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe25⤵
- Executes dropped EXE
-
\??\c:\3lfxxxx.exec:\3lfxxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnhhbb.exec:\bnhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\lffxxfx.exec:\lffxxfx.exe29⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\lxfrxxf.exec:\lxfrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe33⤵
- Executes dropped EXE
-
\??\c:\5hhbnn.exec:\5hhbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\rxllflf.exec:\rxllflf.exe35⤵
- Executes dropped EXE
-
\??\c:\1tbtnn.exec:\1tbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrllfxr.exec:\xrllfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\htbbtn.exec:\htbbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrllfff.exec:\rrllfff.exe41⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlfxff.exec:\lxlfxff.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\xrrllfr.exec:\xrrllfr.exe48⤵
- Executes dropped EXE
-
\??\c:\lrfxlfr.exec:\lrfxlfr.exe49⤵
- Executes dropped EXE
-
\??\c:\bhnhnn.exec:\bhnhnn.exe50⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\rfffffx.exec:\rfffffx.exe52⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxxfrr.exec:\rrxxfrr.exe56⤵
- Executes dropped EXE
-
\??\c:\1fllflx.exec:\1fllflx.exe57⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe59⤵
- Executes dropped EXE
-
\??\c:\xxllrrx.exec:\xxllrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\tttbtb.exec:\tttbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe62⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe63⤵
- Executes dropped EXE
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\7tttnn.exec:\7tttnn.exe66⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe67⤵
-
\??\c:\xxffxxr.exec:\xxffxxr.exe68⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe69⤵
-
\??\c:\xfllrrf.exec:\xfllrrf.exe70⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe71⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe72⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe73⤵
-
\??\c:\7nthbb.exec:\7nthbb.exe74⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe75⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe76⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe77⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe78⤵
-
\??\c:\7ffxffr.exec:\7ffxffr.exe79⤵
-
\??\c:\xrfxllx.exec:\xrfxllx.exe80⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe81⤵
-
\??\c:\jddpj.exec:\jddpj.exe82⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe83⤵
-
\??\c:\3llxlxx.exec:\3llxlxx.exe84⤵
-
\??\c:\bnbtnt.exec:\bnbtnt.exe85⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe86⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe87⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe88⤵
-
\??\c:\7nnbtb.exec:\7nnbtb.exe89⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe90⤵
-
\??\c:\lrxxrlf.exec:\lrxxrlf.exe91⤵
-
\??\c:\xxxrlxr.exec:\xxxrlxr.exe92⤵
-
\??\c:\htntht.exec:\htntht.exe93⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe94⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe95⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe96⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe97⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe98⤵
-
\??\c:\fxffxfx.exec:\fxffxfx.exe99⤵
-
\??\c:\rrxrrxx.exec:\rrxrrxx.exe100⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe101⤵
-
\??\c:\jjppj.exec:\jjppj.exe102⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe103⤵
-
\??\c:\llflrrx.exec:\llflrrx.exe104⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe105⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe106⤵
-
\??\c:\rrrlrrx.exec:\rrrlrrx.exe107⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe108⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe109⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe110⤵
-
\??\c:\3xxfrlf.exec:\3xxfrlf.exe111⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe112⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe113⤵
-
\??\c:\3djdj.exec:\3djdj.exe114⤵
-
\??\c:\xrfxrll.exec:\xrfxrll.exe115⤵
-
\??\c:\fffxxxr.exec:\fffxxxr.exe116⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe117⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe118⤵
-
\??\c:\lxlffll.exec:\lxlffll.exe119⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe120⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe121⤵
-
\??\c:\1vjvp.exec:\1vjvp.exe122⤵
-
\??\c:\7llllfx.exec:\7llllfx.exe123⤵
-
\??\c:\hbbbth.exec:\hbbbth.exe124⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe125⤵
-
\??\c:\7djjd.exec:\7djjd.exe126⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe127⤵
-
\??\c:\bnnnth.exec:\bnnnth.exe128⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe129⤵
-
\??\c:\jppjp.exec:\jppjp.exe130⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe131⤵
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe132⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe133⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe134⤵
-
\??\c:\xxffxxf.exec:\xxffxxf.exe135⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe136⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe137⤵
-
\??\c:\lrlfxxl.exec:\lrlfxxl.exe138⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe139⤵
-
\??\c:\jvjvp.exec:\jvjvp.exe140⤵
-
\??\c:\vvddp.exec:\vvddp.exe141⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe142⤵
-
\??\c:\bttttt.exec:\bttttt.exe143⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe144⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe145⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe146⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe147⤵
-
\??\c:\llfxflr.exec:\llfxflr.exe148⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe149⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe150⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe151⤵
-
\??\c:\xrfrfff.exec:\xrfrfff.exe152⤵
-
\??\c:\djvpp.exec:\djvpp.exe153⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe154⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe155⤵
-
\??\c:\bttbth.exec:\bttbth.exe156⤵
-
\??\c:\5ddpj.exec:\5ddpj.exe157⤵
-
\??\c:\rlffrlf.exec:\rlffrlf.exe158⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe159⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe160⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe161⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe162⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe163⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe164⤵
-
\??\c:\rlxrrrl.exec:\rlxrrrl.exe165⤵
-
\??\c:\hbtntn.exec:\hbtntn.exe166⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe167⤵
-
\??\c:\lrrrlfx.exec:\lrrrlfx.exe168⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe169⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe170⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe171⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe172⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe173⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe174⤵
-
\??\c:\jddvp.exec:\jddvp.exe175⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe176⤵
-
\??\c:\httnhn.exec:\httnhn.exe177⤵
-
\??\c:\1ppvp.exec:\1ppvp.exe178⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe179⤵
-
\??\c:\xlfflxr.exec:\xlfflxr.exe180⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe181⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe182⤵
-
\??\c:\llfrlll.exec:\llfrlll.exe183⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe184⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe185⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe186⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe187⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe188⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe189⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe190⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe191⤵
-
\??\c:\ddppp.exec:\ddppp.exe192⤵
-
\??\c:\rrxrllf.exec:\rrxrllf.exe193⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe194⤵
-
\??\c:\djpdj.exec:\djpdj.exe195⤵
-
\??\c:\1lfrfxr.exec:\1lfrfxr.exe196⤵
-
\??\c:\5nnhtt.exec:\5nnhtt.exe197⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe198⤵
-
\??\c:\jppdp.exec:\jppdp.exe199⤵
-
\??\c:\5lxxrrr.exec:\5lxxrrr.exe200⤵
-
\??\c:\hbthth.exec:\hbthth.exe201⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe202⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe203⤵
-
\??\c:\7bthnt.exec:\7bthnt.exe204⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe205⤵
-
\??\c:\7xrfrlf.exec:\7xrfrlf.exe206⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe207⤵
-
\??\c:\ddddv.exec:\ddddv.exe208⤵
-
\??\c:\rxfrlll.exec:\rxfrlll.exe209⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe210⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe211⤵
-
\??\c:\ddppj.exec:\ddppj.exe212⤵
-
\??\c:\xfrlffr.exec:\xfrlffr.exe213⤵
-
\??\c:\fxrrffl.exec:\fxrrffl.exe214⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe215⤵
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe216⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe217⤵
-
\??\c:\7htthh.exec:\7htthh.exe218⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe219⤵
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe220⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe221⤵
-
\??\c:\1hnhbb.exec:\1hnhbb.exe222⤵
-
\??\c:\djdvj.exec:\djdvj.exe223⤵
-
\??\c:\xlrlfll.exec:\xlrlfll.exe224⤵
-
\??\c:\3llxrrl.exec:\3llxrrl.exe225⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe226⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe227⤵
-
\??\c:\9lfllxr.exec:\9lfllxr.exe228⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe229⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe230⤵
-
\??\c:\1xfxllf.exec:\1xfxllf.exe231⤵
-
\??\c:\bttnbh.exec:\bttnbh.exe232⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe233⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe234⤵
-
\??\c:\9ffxllx.exec:\9ffxllx.exe235⤵
-
\??\c:\5tthbt.exec:\5tthbt.exe236⤵
-
\??\c:\djjdp.exec:\djjdp.exe237⤵
-
\??\c:\9ffxllf.exec:\9ffxllf.exe238⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe239⤵
-
\??\c:\dddvd.exec:\dddvd.exe240⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe241⤵