Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 14:32
General
-
Target
d7cfaa175b9665062d9390403948c3d0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
d7cfaa175b9665062d9390403948c3d0
-
SHA1
dd705e7c50150361fec2a5f7a5d2164d8dc834c5
-
SHA256
7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006
-
SHA512
13a9956d024f1489d7895bca76e94706724cea866536bc5ce3dbafa65ab85486c3e5afb5b1f795a3c71393ae995116506c8e2304f8d82fa11e865e2df29ab07b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEB:ymb3NkkiQ3mdBjFIM
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7cfaa175b9665062d9390403948c3d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d7cfaa175b9665062d9390403948c3d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrxlr.exec:\rfxrxlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbh.exec:\hhnnbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtnn.exec:\thbtnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnbn.exec:\bnnnbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrfrl.exec:\3rxrfrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntbh.exec:\tnntbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrllx.exec:\rfxrllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtt.exec:\bbhbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhb.exec:\hbbnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdd.exec:\vjpdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrfxx.exec:\rrlrfxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxrx.exec:\rlflxrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbnt.exec:\nbbbnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppdv.exec:\7ppdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvd.exec:\jddvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtn.exec:\nnnbtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\3flfllf.exec:\3flfllf.exe24⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\1bttnn.exec:\1bttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\htnnbt.exec:\htnnbt.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe29⤵
- Executes dropped EXE
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe30⤵
- Executes dropped EXE
-
\??\c:\llfxlfr.exec:\llfxlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe32⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe36⤵
- Executes dropped EXE
-
\??\c:\1nnbnh.exec:\1nnbnh.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe39⤵
- Executes dropped EXE
-
\??\c:\frfxrfx.exec:\frfxrfx.exe40⤵
- Executes dropped EXE
-
\??\c:\7tnhhn.exec:\7tnhhn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe43⤵
- Executes dropped EXE
-
\??\c:\llrlrlx.exec:\llrlrlx.exe44⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\1nnhnh.exec:\1nnhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe47⤵
- Executes dropped EXE
-
\??\c:\7dvpv.exec:\7dvpv.exe48⤵
- Executes dropped EXE
-
\??\c:\9lxrxlf.exec:\9lxrxlf.exe49⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe50⤵
- Executes dropped EXE
-
\??\c:\ttntnn.exec:\ttntnn.exe51⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe53⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe54⤵
- Executes dropped EXE
-
\??\c:\3fflxlf.exec:\3fflxlf.exe55⤵
- Executes dropped EXE
-
\??\c:\7rrlxlf.exec:\7rrlxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\7ntnhh.exec:\7ntnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlfffl.exec:\xrlfffl.exe60⤵
- Executes dropped EXE
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\xlxrffr.exec:\xlxrffr.exe64⤵
- Executes dropped EXE
-
\??\c:\lrrxlfl.exec:\lrrxlfl.exe65⤵
- Executes dropped EXE
-
\??\c:\7hhbnh.exec:\7hhbnh.exe66⤵
-
\??\c:\htthtt.exec:\htthtt.exe67⤵
-
\??\c:\pjppd.exec:\pjppd.exe68⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe69⤵
-
\??\c:\3ffxrxx.exec:\3ffxrxx.exe70⤵
-
\??\c:\fxllflf.exec:\fxllflf.exe71⤵
-
\??\c:\btttnt.exec:\btttnt.exe72⤵
-
\??\c:\httttt.exec:\httttt.exe73⤵
-
\??\c:\dpppp.exec:\dpppp.exe74⤵
-
\??\c:\vppjj.exec:\vppjj.exe75⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe76⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe77⤵
-
\??\c:\llxrrxx.exec:\llxrrxx.exe78⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe79⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe80⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe81⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe82⤵
-
\??\c:\xrrxxxr.exec:\xrrxxxr.exe83⤵
-
\??\c:\7lxfrrr.exec:\7lxfrrr.exe84⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe85⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe86⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe87⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe88⤵
-
\??\c:\5lxxlll.exec:\5lxxlll.exe89⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe90⤵
-
\??\c:\fxlrrrl.exec:\fxlrrrl.exe91⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe92⤵
-
\??\c:\hnnttn.exec:\hnnttn.exe93⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe94⤵
-
\??\c:\xffxxxf.exec:\xffxxxf.exe95⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe96⤵
-
\??\c:\bttttn.exec:\bttttn.exe97⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe98⤵
-
\??\c:\nntbth.exec:\nntbth.exe99⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe100⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe101⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe102⤵
-
\??\c:\9xfflll.exec:\9xfflll.exe103⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe104⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe105⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe106⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe107⤵
-
\??\c:\lffxfxf.exec:\lffxfxf.exe108⤵
-
\??\c:\9frrlll.exec:\9frrlll.exe109⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe110⤵
-
\??\c:\5bhnhh.exec:\5bhnhh.exe111⤵
-
\??\c:\3ntnnn.exec:\3ntnnn.exe112⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe113⤵
-
\??\c:\7ffxlxx.exec:\7ffxlxx.exe114⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe115⤵
-
\??\c:\llxlrrx.exec:\llxlrrx.exe116⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe117⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe118⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe119⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe120⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe121⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe122⤵
-
\??\c:\3rxxrrr.exec:\3rxxrrr.exe123⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe124⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe125⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe126⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe127⤵
-
\??\c:\xflxffr.exec:\xflxffr.exe128⤵
-
\??\c:\3lrrlxx.exec:\3lrrlxx.exe129⤵
-
\??\c:\frrrllx.exec:\frrrllx.exe130⤵
-
\??\c:\1bbtnn.exec:\1bbtnn.exe131⤵
-
\??\c:\hnnntt.exec:\hnnntt.exe132⤵
-
\??\c:\vpppd.exec:\vpppd.exe133⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe134⤵
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe135⤵
-
\??\c:\xfxxlll.exec:\xfxxlll.exe136⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe137⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe138⤵
-
\??\c:\7hnhbb.exec:\7hnhbb.exe139⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe140⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe141⤵
-
\??\c:\frxfxrx.exec:\frxfxrx.exe142⤵
-
\??\c:\tntttn.exec:\tntttn.exe143⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe144⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe145⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe146⤵
-
\??\c:\dppdp.exec:\dppdp.exe147⤵
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe148⤵
-
\??\c:\5xllfff.exec:\5xllfff.exe149⤵
-
\??\c:\frfxxxr.exec:\frfxxxr.exe150⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe151⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe152⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe153⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe154⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe155⤵
-
\??\c:\xxflffl.exec:\xxflffl.exe156⤵
-
\??\c:\rflrlff.exec:\rflrlff.exe157⤵
-
\??\c:\1bbttb.exec:\1bbttb.exe158⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe159⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe160⤵
-
\??\c:\1bhbnh.exec:\1bhbnh.exe161⤵
-
\??\c:\1nnbtt.exec:\1nnbtt.exe162⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe163⤵
-
\??\c:\5xxxlll.exec:\5xxxlll.exe164⤵
-
\??\c:\rrxxlll.exec:\rrxxlll.exe165⤵
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe166⤵
-
\??\c:\tbtbtb.exec:\tbtbtb.exe167⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe168⤵
-
\??\c:\pddvp.exec:\pddvp.exe169⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe170⤵
-
\??\c:\lxxxrxx.exec:\lxxxrxx.exe171⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe172⤵
-
\??\c:\vvddd.exec:\vvddd.exe173⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe174⤵
-
\??\c:\7xxxxff.exec:\7xxxxff.exe175⤵
-
\??\c:\frxxfff.exec:\frxxfff.exe176⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe177⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe178⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe179⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe180⤵
-
\??\c:\rrffffl.exec:\rrffffl.exe181⤵
-
\??\c:\1frllll.exec:\1frllll.exe182⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe183⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe184⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe185⤵
-
\??\c:\lxfrffr.exec:\lxfrffr.exe186⤵
-
\??\c:\httnnn.exec:\httnnn.exe187⤵
-
\??\c:\bnbnbt.exec:\bnbnbt.exe188⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe189⤵
-
\??\c:\lrlllll.exec:\lrlllll.exe190⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe191⤵
-
\??\c:\xxlflll.exec:\xxlflll.exe192⤵
-
\??\c:\hnhnnn.exec:\hnhnnn.exe193⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe194⤵
-
\??\c:\xrxlrrf.exec:\xrxlrrf.exe195⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe196⤵
-
\??\c:\ffxfrll.exec:\ffxfrll.exe197⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe198⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe199⤵
-
\??\c:\jdddv.exec:\jdddv.exe200⤵
-
\??\c:\jddvv.exec:\jddvv.exe201⤵
-
\??\c:\xffflll.exec:\xffflll.exe202⤵
-
\??\c:\lrlrlll.exec:\lrlrlll.exe203⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe204⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe205⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe206⤵
-
\??\c:\dppjv.exec:\dppjv.exe207⤵
-
\??\c:\rrrrflf.exec:\rrrrflf.exe208⤵
-
\??\c:\lxxxxfx.exec:\lxxxxfx.exe209⤵
-
\??\c:\3bnhhn.exec:\3bnhhn.exe210⤵
-
\??\c:\pjppv.exec:\pjppv.exe211⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe212⤵
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe213⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe214⤵
-
\??\c:\5bnntt.exec:\5bnntt.exe215⤵
-
\??\c:\djjjj.exec:\djjjj.exe216⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe217⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe218⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe219⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe220⤵
-
\??\c:\hbttnb.exec:\hbttnb.exe221⤵
-
\??\c:\djvpv.exec:\djvpv.exe222⤵
-
\??\c:\1pdvp.exec:\1pdvp.exe223⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe224⤵
-
\??\c:\3rfxxfx.exec:\3rfxxfx.exe225⤵
-
\??\c:\3lxxflr.exec:\3lxxflr.exe226⤵
-
\??\c:\tbbbbh.exec:\tbbbbh.exe227⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe228⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe229⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe230⤵
-
\??\c:\7xrxlff.exec:\7xrxlff.exe231⤵
-
\??\c:\lxlfffx.exec:\lxlfffx.exe232⤵
-
\??\c:\bhnnnt.exec:\bhnnnt.exe233⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe234⤵
-
\??\c:\rxrrlrl.exec:\rxrrlrl.exe235⤵
-
\??\c:\lfffxfx.exec:\lfffxfx.exe236⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe237⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe238⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe239⤵
-
\??\c:\flrfxrf.exec:\flrfxrf.exe240⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe241⤵