Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 14:36
General
-
Target
d895262304324528d8764447114005e0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
d895262304324528d8764447114005e0
-
SHA1
24b92654c852a11181a2ddba8d7ff220f72d34e5
-
SHA256
33419dc141ad47c8a1d0514a44636f49c5d283b3ef5ded06d50dce86902d6708
-
SHA512
7943c7b1b0a7f06397a0f9b87f2cbe868ee70ded57d55822ec613b49539a63ee68881cbc5acdb5068e4a517a531389df60b6e07d7a406738bfde7b6cb58b6e91
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxE6vr/mAk:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+b3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d895262304324528d8764447114005e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d895262304324528d8764447114005e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\httbtb.exec:\httbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffflf.exec:\xxffflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbn.exec:\hbbbbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjdp.exec:\7vjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxffl.exec:\lffxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbh.exec:\bbhhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djvp.exec:\5djvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlllr.exec:\rfrlllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnh.exec:\nhntnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pppj.exec:\7pppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdp.exec:\9pjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfrlf.exec:\rflfrlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbb.exec:\btttbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhthh.exec:\tbhthh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflfff.exec:\xfflfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnb.exec:\ttnnnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnb.exec:\nnbtnb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe23⤵
- Executes dropped EXE
-
\??\c:\lflxrll.exec:\lflxrll.exe24⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe27⤵
- Executes dropped EXE
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe29⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\3xxxrrr.exec:\3xxxrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\5frlfxx.exec:\5frlfxx.exe37⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\btttht.exec:\btttht.exe39⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe41⤵
- Executes dropped EXE
-
\??\c:\7ffxllf.exec:\7ffxllf.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnbtt.exec:\nbnbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\9vjdp.exec:\9vjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe49⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xxfxfxf.exec:\xxfxfxf.exe53⤵
- Executes dropped EXE
-
\??\c:\htntnh.exec:\htntnh.exe54⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxrflrf.exec:\fxrflrf.exe56⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe60⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe61⤵
- Executes dropped EXE
-
\??\c:\llxxfff.exec:\llxxfff.exe62⤵
- Executes dropped EXE
-
\??\c:\7hnnnh.exec:\7hnnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\3jpvj.exec:\3jpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe66⤵
-
\??\c:\5hnhbt.exec:\5hnhbt.exe67⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe68⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe69⤵
-
\??\c:\xlxlffx.exec:\xlxlffx.exe70⤵
-
\??\c:\xxxfxrf.exec:\xxxfxrf.exe71⤵
-
\??\c:\9nhhbt.exec:\9nhhbt.exe72⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe73⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe74⤵
-
\??\c:\fffffff.exec:\fffffff.exe75⤵
-
\??\c:\1bbnhh.exec:\1bbnhh.exe76⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe77⤵
-
\??\c:\ddddv.exec:\ddddv.exe78⤵
-
\??\c:\9bhbnh.exec:\9bhbnh.exe79⤵
-
\??\c:\hhtbbt.exec:\hhtbbt.exe80⤵
-
\??\c:\jvddp.exec:\jvddp.exe81⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe82⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe83⤵
-
\??\c:\tthbth.exec:\tthbth.exe84⤵
-
\??\c:\jddpd.exec:\jddpd.exe85⤵
-
\??\c:\llxxrrr.exec:\llxxrrr.exe86⤵
-
\??\c:\5ntnhn.exec:\5ntnhn.exe87⤵
-
\??\c:\bhhhbn.exec:\bhhhbn.exe88⤵
-
\??\c:\9vvjp.exec:\9vvjp.exe89⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe90⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe91⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe92⤵
-
\??\c:\bhhthh.exec:\bhhthh.exe93⤵
-
\??\c:\3jdvp.exec:\3jdvp.exe94⤵
-
\??\c:\xrlfxxl.exec:\xrlfxxl.exe95⤵
-
\??\c:\1rrlfxr.exec:\1rrlfxr.exe96⤵
-
\??\c:\htbttb.exec:\htbttb.exe97⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe98⤵
-
\??\c:\vpppj.exec:\vpppj.exe99⤵
-
\??\c:\jppjv.exec:\jppjv.exe100⤵
-
\??\c:\xrllfll.exec:\xrllfll.exe101⤵
-
\??\c:\tthttb.exec:\tthttb.exe102⤵
-
\??\c:\5nthnn.exec:\5nthnn.exe103⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe104⤵
-
\??\c:\3vddv.exec:\3vddv.exe105⤵
-
\??\c:\rrffrxf.exec:\rrffrxf.exe106⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe107⤵
-
\??\c:\nhttth.exec:\nhttth.exe108⤵
-
\??\c:\nnhtnn.exec:\nnhtnn.exe109⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe110⤵
-
\??\c:\djvvj.exec:\djvvj.exe111⤵
-
\??\c:\5fllxfr.exec:\5fllxfr.exe112⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe113⤵
-
\??\c:\jppjd.exec:\jppjd.exe114⤵
-
\??\c:\jjppd.exec:\jjppd.exe115⤵
-
\??\c:\rfrrrxx.exec:\rfrrrxx.exe116⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe117⤵
-
\??\c:\5dppp.exec:\5dppp.exe118⤵
-
\??\c:\jpddd.exec:\jpddd.exe119⤵
-
\??\c:\1fxxlrr.exec:\1fxxlrr.exe120⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe121⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe122⤵
-
\??\c:\jddjd.exec:\jddjd.exe123⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe124⤵
-
\??\c:\rxllfff.exec:\rxllfff.exe125⤵
-
\??\c:\ppppd.exec:\ppppd.exe126⤵
-
\??\c:\rlxfffx.exec:\rlxfffx.exe127⤵
-
\??\c:\xxrllxr.exec:\xxrllxr.exe128⤵
-
\??\c:\nntnhb.exec:\nntnhb.exe129⤵
-
\??\c:\jdppd.exec:\jdppd.exe130⤵
-
\??\c:\7xxrffx.exec:\7xxrffx.exe131⤵
-
\??\c:\5rrlfff.exec:\5rrlfff.exe132⤵
-
\??\c:\3bbbbb.exec:\3bbbbb.exe133⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe134⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe135⤵
-
\??\c:\rxllxlx.exec:\rxllxlx.exe136⤵
-
\??\c:\9ttbtt.exec:\9ttbtt.exe137⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe138⤵
-
\??\c:\7pddv.exec:\7pddv.exe139⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe140⤵
-
\??\c:\fxlfxlf.exec:\fxlfxlf.exe141⤵
-
\??\c:\rlrfxxr.exec:\rlrfxxr.exe142⤵
-
\??\c:\tbtbtn.exec:\tbtbtn.exe143⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe144⤵
-
\??\c:\pjppd.exec:\pjppd.exe145⤵
-
\??\c:\9pddd.exec:\9pddd.exe146⤵
-
\??\c:\llrxxxr.exec:\llrxxxr.exe147⤵
-
\??\c:\xrxffff.exec:\xrxffff.exe148⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe149⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe150⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe151⤵
-
\??\c:\lrlfxxx.exec:\lrlfxxx.exe152⤵
-
\??\c:\5bnhtt.exec:\5bnhtt.exe153⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe154⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe155⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe156⤵
-
\??\c:\5fxxxxx.exec:\5fxxxxx.exe157⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe158⤵
-
\??\c:\ntbtnt.exec:\ntbtnt.exe159⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe160⤵
-
\??\c:\ddppp.exec:\ddppp.exe161⤵
-
\??\c:\djvpp.exec:\djvpp.exe162⤵
-
\??\c:\flffxfx.exec:\flffxfx.exe163⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe164⤵
-
\??\c:\bbhnbb.exec:\bbhnbb.exe165⤵
-
\??\c:\htbnhh.exec:\htbnhh.exe166⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe167⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe168⤵
-
\??\c:\5lrlxrl.exec:\5lrlxrl.exe169⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe170⤵
-
\??\c:\pppjd.exec:\pppjd.exe171⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe172⤵
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe173⤵
-
\??\c:\3flfxxr.exec:\3flfxxr.exe174⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe175⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe176⤵
-
\??\c:\rrffxfl.exec:\rrffxfl.exe177⤵
-
\??\c:\5nhhbb.exec:\5nhhbb.exe178⤵
-
\??\c:\3nnhtt.exec:\3nnhtt.exe179⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe180⤵
-
\??\c:\vjppd.exec:\vjppd.exe181⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe182⤵
-
\??\c:\xrxfllx.exec:\xrxfllx.exe183⤵
-
\??\c:\1bbhht.exec:\1bbhht.exe184⤵
-
\??\c:\jdddv.exec:\jdddv.exe185⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe186⤵
-
\??\c:\1flxrrf.exec:\1flxrrf.exe187⤵
-
\??\c:\5tbbbb.exec:\5tbbbb.exe188⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe189⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe190⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe191⤵
-
\??\c:\djvpd.exec:\djvpd.exe192⤵
-
\??\c:\rflfrff.exec:\rflfrff.exe193⤵
-
\??\c:\1rlfxxx.exec:\1rlfxxx.exe194⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe195⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe196⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe197⤵
-
\??\c:\ppppd.exec:\ppppd.exe198⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe199⤵
-
\??\c:\lfflfff.exec:\lfflfff.exe200⤵
-
\??\c:\flllfff.exec:\flllfff.exe201⤵
-
\??\c:\3bhbtt.exec:\3bhbtt.exe202⤵
-
\??\c:\tbnbtn.exec:\tbnbtn.exe203⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe204⤵
-
\??\c:\dddpv.exec:\dddpv.exe205⤵
-
\??\c:\rrflrlr.exec:\rrflrlr.exe206⤵
-
\??\c:\1bbnbb.exec:\1bbnbb.exe207⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe208⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe209⤵
-
\??\c:\frrllfx.exec:\frrllfx.exe210⤵
-
\??\c:\xlfrflf.exec:\xlfrflf.exe211⤵
-
\??\c:\hhbnnt.exec:\hhbnnt.exe212⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe213⤵
-
\??\c:\jddpd.exec:\jddpd.exe214⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe215⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe216⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe217⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe218⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe219⤵
-
\??\c:\5fllxrl.exec:\5fllxrl.exe220⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe221⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe222⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe223⤵
-
\??\c:\rllfrlf.exec:\rllfrlf.exe224⤵
-
\??\c:\rfrfxrf.exec:\rfrfxrf.exe225⤵
-
\??\c:\5nttnn.exec:\5nttnn.exe226⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe227⤵
-
\??\c:\ffrfxrl.exec:\ffrfxrl.exe228⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe229⤵
-
\??\c:\bntnnt.exec:\bntnnt.exe230⤵
-
\??\c:\9hnhbb.exec:\9hnhbb.exe231⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe232⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe233⤵
-
\??\c:\lflrlfx.exec:\lflrlfx.exe234⤵
-
\??\c:\1nnnhb.exec:\1nnnhb.exe235⤵
-
\??\c:\5dpjv.exec:\5dpjv.exe236⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe237⤵
-
\??\c:\rflfrlf.exec:\rflfrlf.exe238⤵
-
\??\c:\1hnnhh.exec:\1hnnhh.exe239⤵
-
\??\c:\pjddv.exec:\pjddv.exe240⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe241⤵