Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 15:50
General
-
Target
e9604c33d206896b8e95eed6ddbdf6a0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
e9604c33d206896b8e95eed6ddbdf6a0
-
SHA1
82d511aa124217d79877bf892792ea5bb6e15366
-
SHA256
7807aaf131d8b965f75642209248f621018f94eedc4c14d237707942f3e6c745
-
SHA512
bfffcefad0dc1eae8b0efba46d2f82c1200778b9ab68e02b4d4801502c0e7b60df90c99d3cc4c4dbea0b6cecafb1ba5e434c927d9fe364076e4173734659f0b5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89+t:ymb3NkkiQ3mdBjFIvl358nLA89o
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e9604c33d206896b8e95eed6ddbdf6a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e9604c33d206896b8e95eed6ddbdf6a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnt.exec:\nbbtnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlll.exec:\lffrlll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllfxx.exec:\xrllfxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxrlr.exec:\lxxxrlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhb.exec:\nttnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpj.exec:\1ddpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrllf.exec:\llxrllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththnt.exec:\ththnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpp.exec:\7jvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrrrr.exec:\rxlrrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdv.exec:\jpjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrllr.exec:\llrrllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtnb.exec:\nnhtnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvp.exec:\djvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllfrx.exec:\xfllfrx.exe23⤵
- Executes dropped EXE
-
\??\c:\ntnbbt.exec:\ntnbbt.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\nhtthb.exec:\nhtthb.exe26⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\5xffxxr.exec:\5xffxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe30⤵
- Executes dropped EXE
-
\??\c:\frrlffr.exec:\frrlffr.exe31⤵
- Executes dropped EXE
-
\??\c:\htnnnn.exec:\htnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\bttbtb.exec:\bttbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe34⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\1lrlflf.exec:\1lrlflf.exe36⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe37⤵
- Executes dropped EXE
-
\??\c:\9dpjd.exec:\9dpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\ffllfrr.exec:\ffllfrr.exe39⤵
- Executes dropped EXE
-
\??\c:\xxrlflf.exec:\xxrlflf.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\tbbtth.exec:\tbbtth.exe42⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe43⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\htntnn.exec:\htntnn.exe46⤵
- Executes dropped EXE
-
\??\c:\1bhhbh.exec:\1bhhbh.exe47⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe49⤵
- Executes dropped EXE
-
\??\c:\rrllllx.exec:\rrllllx.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\bthttn.exec:\bthttn.exe56⤵
- Executes dropped EXE
-
\??\c:\1btttb.exec:\1btttb.exe57⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrrrflf.exec:\xrrrflf.exe59⤵
- Executes dropped EXE
-
\??\c:\btttbt.exec:\btttbt.exe60⤵
- Executes dropped EXE
-
\??\c:\hntbtt.exec:\hntbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\3ffxlll.exec:\3ffxlll.exe63⤵
- Executes dropped EXE
-
\??\c:\lxlfffx.exec:\lxlfffx.exe64⤵
- Executes dropped EXE
-
\??\c:\3ttnhh.exec:\3ttnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe66⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe67⤵
-
\??\c:\rllffff.exec:\rllffff.exe68⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe69⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe70⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe71⤵
-
\??\c:\rrllxxx.exec:\rrllxxx.exe72⤵
-
\??\c:\frxxxfl.exec:\frxxxfl.exe73⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe74⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe75⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe76⤵
-
\??\c:\vppjd.exec:\vppjd.exe77⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe78⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe79⤵
-
\??\c:\thbttt.exec:\thbttt.exe80⤵
-
\??\c:\vppjp.exec:\vppjp.exe81⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe82⤵
-
\??\c:\7fflfll.exec:\7fflfll.exe83⤵
-
\??\c:\rffffff.exec:\rffffff.exe84⤵
-
\??\c:\bhtntt.exec:\bhtntt.exe85⤵
-
\??\c:\5hhhbb.exec:\5hhhbb.exe86⤵
-
\??\c:\9dpjj.exec:\9dpjj.exe87⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe88⤵
-
\??\c:\rrxxrff.exec:\rrxxrff.exe89⤵
-
\??\c:\flllfff.exec:\flllfff.exe90⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe91⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe92⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe93⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe94⤵
-
\??\c:\5lllfll.exec:\5lllfll.exe95⤵
-
\??\c:\9fxrrrl.exec:\9fxrrrl.exe96⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe97⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe98⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe99⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe100⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe101⤵
-
\??\c:\3nhbtt.exec:\3nhbtt.exe102⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe103⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe104⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe105⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe106⤵
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe107⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe108⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe109⤵
-
\??\c:\djvpp.exec:\djvpp.exe110⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe111⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe112⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe113⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe114⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe115⤵
-
\??\c:\jpppj.exec:\jpppj.exe116⤵
-
\??\c:\xxxrrrr.exec:\xxxrrrr.exe117⤵
-
\??\c:\5xrrllx.exec:\5xrrllx.exe118⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe119⤵
-
\??\c:\djddv.exec:\djddv.exe120⤵
-
\??\c:\djppv.exec:\djppv.exe121⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe122⤵
-
\??\c:\7bnnht.exec:\7bnnht.exe123⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe124⤵
-
\??\c:\5xxlfff.exec:\5xxlfff.exe125⤵
-
\??\c:\fffrxll.exec:\fffrxll.exe126⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe127⤵
-
\??\c:\5btnhn.exec:\5btnhn.exe128⤵
-
\??\c:\9pppj.exec:\9pppj.exe129⤵
-
\??\c:\pdddv.exec:\pdddv.exe130⤵
-
\??\c:\7xlfxrr.exec:\7xlfxrr.exe131⤵
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe132⤵
-
\??\c:\5tbbtb.exec:\5tbbtb.exe133⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe134⤵
-
\??\c:\lrxlrrf.exec:\lrxlrrf.exe135⤵
-
\??\c:\9xxrxxf.exec:\9xxrxxf.exe136⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe137⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe138⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe139⤵
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe140⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe141⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe142⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe143⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe144⤵
-
\??\c:\flrllfx.exec:\flrllfx.exe145⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe146⤵
-
\??\c:\hbnhht.exec:\hbnhht.exe147⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe148⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe149⤵
-
\??\c:\7llfxxr.exec:\7llfxxr.exe150⤵
-
\??\c:\7lrfxxr.exec:\7lrfxxr.exe151⤵
-
\??\c:\7tnhbn.exec:\7tnhbn.exe152⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe153⤵
-
\??\c:\dppvd.exec:\dppvd.exe154⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe155⤵
-
\??\c:\ffxlllf.exec:\ffxlllf.exe156⤵
-
\??\c:\nbtnht.exec:\nbtnht.exe157⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe158⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe159⤵
-
\??\c:\pjddj.exec:\pjddj.exe160⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe161⤵
-
\??\c:\3llrlrx.exec:\3llrlrx.exe162⤵
-
\??\c:\bbbnth.exec:\bbbnth.exe163⤵
-
\??\c:\tnbtth.exec:\tnbtth.exe164⤵
-
\??\c:\jpppj.exec:\jpppj.exe165⤵
-
\??\c:\fllrlxl.exec:\fllrlxl.exe166⤵
-
\??\c:\xxllfrr.exec:\xxllfrr.exe167⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe168⤵
-
\??\c:\dpddv.exec:\dpddv.exe169⤵
-
\??\c:\9djjd.exec:\9djjd.exe170⤵
-
\??\c:\lllfxxf.exec:\lllfxxf.exe171⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe172⤵
-
\??\c:\5btnnt.exec:\5btnnt.exe173⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe174⤵
-
\??\c:\pjddv.exec:\pjddv.exe175⤵
-
\??\c:\rfffxrr.exec:\rfffxrr.exe176⤵
-
\??\c:\lflllll.exec:\lflllll.exe177⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe178⤵
-
\??\c:\9bhbnn.exec:\9bhbnn.exe179⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe180⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe181⤵
-
\??\c:\7xxxrrl.exec:\7xxxrrl.exe182⤵
-
\??\c:\1rlrlxl.exec:\1rlrlxl.exe183⤵
-
\??\c:\btbnht.exec:\btbnht.exe184⤵
-
\??\c:\9nbntn.exec:\9nbntn.exe185⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe186⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe187⤵
-
\??\c:\xxxrrff.exec:\xxxrrff.exe188⤵
-
\??\c:\9fxlfrr.exec:\9fxlfrr.exe189⤵
-
\??\c:\1bbbbb.exec:\1bbbbb.exe190⤵
-
\??\c:\1dddp.exec:\1dddp.exe191⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe192⤵
-
\??\c:\rfffrll.exec:\rfffrll.exe193⤵
-
\??\c:\lrrrrrf.exec:\lrrrrrf.exe194⤵
-
\??\c:\xxfxxxr.exec:\xxfxxxr.exe195⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe196⤵
-
\??\c:\btnbth.exec:\btnbth.exe197⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe198⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe199⤵
-
\??\c:\fffxrfx.exec:\fffxrfx.exe200⤵
-
\??\c:\5fflfff.exec:\5fflfff.exe201⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe202⤵
-
\??\c:\1nbtbn.exec:\1nbtbn.exe203⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe204⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe205⤵
-
\??\c:\7rxxxll.exec:\7rxxxll.exe206⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe207⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe208⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe209⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe210⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe211⤵
-
\??\c:\xfllxff.exec:\xfllxff.exe212⤵
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe213⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe214⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe215⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe216⤵
-
\??\c:\jpdjd.exec:\jpdjd.exe217⤵
-
\??\c:\1xrxrfl.exec:\1xrxrfl.exe218⤵
-
\??\c:\bnhbth.exec:\bnhbth.exe219⤵
-
\??\c:\rlllllr.exec:\rlllllr.exe220⤵
-
\??\c:\rlllfxr.exec:\rlllfxr.exe221⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe222⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe223⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe224⤵
-
\??\c:\rrfrlff.exec:\rrfrlff.exe225⤵
-
\??\c:\xfllflf.exec:\xfllflf.exe226⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe227⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe228⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe229⤵
-
\??\c:\1dpjd.exec:\1dpjd.exe230⤵
-
\??\c:\ffrlffl.exec:\ffrlffl.exe231⤵
-
\??\c:\xffffff.exec:\xffffff.exe232⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe233⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe234⤵
-
\??\c:\rrlrlrr.exec:\rrlrlrr.exe235⤵
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe236⤵
-
\??\c:\ntthhh.exec:\ntthhh.exe237⤵
-
\??\c:\9nthtb.exec:\9nthtb.exe238⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe239⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe240⤵
-
\??\c:\rrxxrfx.exec:\rrxxrfx.exe241⤵