Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 15:13
General
-
Target
dfb7a7fa0e66ab11b997243f04a907c0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
dfb7a7fa0e66ab11b997243f04a907c0
-
SHA1
5aa5ebf2d74892f135b48df022b6867e4c389118
-
SHA256
6b08410a148132d98a424c6b5668570c89c5ef79731fae23e39fa5cff422af20
-
SHA512
464049e17c792e107213030ea8cf3088dcec8181f311774ce080d2fa15f54ab84411de9903650096bc9210ebef2f92290fa602e9ec33814f67ca2ed64b65e891
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vK:ymb3NkkiQ3mdBjFo6Pfgy3dbc/K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfb7a7fa0e66ab11b997243f04a907c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dfb7a7fa0e66ab11b997243f04a907c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnbtt.exec:\9nnbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlxlx.exec:\rlrlxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhb.exec:\tnnnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpp.exec:\5dvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjvj.exec:\9jjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrrflf.exec:\1xrrflf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthb.exec:\bhbthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhthb.exec:\5bhthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxrlx.exec:\7llxrlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbt.exec:\hnhbbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdj.exec:\pvpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnn.exec:\tttnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvj.exec:\1ddvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrlf.exec:\xfllrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrrf.exec:\3lfxrrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjv.exec:\jvvjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpv.exec:\vdvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\3xxrxxl.exec:\3xxrxxl.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbtnh.exec:\hhbtnh.exe25⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\7xlxffr.exec:\7xlxffr.exe28⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbtnh.exec:\hbbtnh.exe30⤵
- Executes dropped EXE
-
\??\c:\dppvv.exec:\dppvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xffrxxl.exec:\xffrxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe33⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\3dpdj.exec:\3dpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\lffxlff.exec:\lffxlff.exe36⤵
- Executes dropped EXE
-
\??\c:\xrfxxrr.exec:\xrfxxrr.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbttn.exec:\ntbttn.exe38⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe41⤵
- Executes dropped EXE
-
\??\c:\1rxlrlx.exec:\1rxlrlx.exe42⤵
- Executes dropped EXE
-
\??\c:\rxxrffr.exec:\rxxrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\5nnhnh.exec:\5nnhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\ttthtt.exec:\ttthtt.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\1jjdd.exec:\1jjdd.exe47⤵
- Executes dropped EXE
-
\??\c:\lflxffr.exec:\lflxffr.exe48⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe51⤵
- Executes dropped EXE
-
\??\c:\7flxlfr.exec:\7flxlfr.exe52⤵
- Executes dropped EXE
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe53⤵
- Executes dropped EXE
-
\??\c:\ttttnh.exec:\ttttnh.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\rffflxr.exec:\rffflxr.exe58⤵
- Executes dropped EXE
-
\??\c:\hbbbnn.exec:\hbbbnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrrlll.exec:\fxrrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\xxxrlff.exec:\xxxrlff.exe62⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe66⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe67⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe68⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe69⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe70⤵
-
\??\c:\xxffrlx.exec:\xxffrlx.exe71⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe72⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe73⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe74⤵
-
\??\c:\fxxrxfl.exec:\fxxrxfl.exe75⤵
-
\??\c:\bbnhnh.exec:\bbnhnh.exe76⤵
-
\??\c:\5vvvj.exec:\5vvvj.exe77⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe78⤵
-
\??\c:\fxxrrll.exec:\fxxrrll.exe79⤵
-
\??\c:\pjppp.exec:\pjppp.exe80⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe81⤵
-
\??\c:\7rfffll.exec:\7rfffll.exe82⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe83⤵
-
\??\c:\7nnhhh.exec:\7nnhhh.exe84⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe85⤵
-
\??\c:\lrxxfll.exec:\lrxxfll.exe86⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe87⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe88⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe89⤵
-
\??\c:\9rxlrlr.exec:\9rxlrlr.exe90⤵
-
\??\c:\3rxrlxr.exec:\3rxrlxr.exe91⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe92⤵
-
\??\c:\7bbtbb.exec:\7bbtbb.exe93⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe94⤵
-
\??\c:\hbbbth.exec:\hbbbth.exe95⤵
-
\??\c:\dvppd.exec:\dvppd.exe96⤵
-
\??\c:\rfflxxl.exec:\rfflxxl.exe97⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe98⤵
-
\??\c:\1btnbb.exec:\1btnbb.exe99⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe100⤵
-
\??\c:\dppdp.exec:\dppdp.exe101⤵
-
\??\c:\fxlffff.exec:\fxlffff.exe102⤵
-
\??\c:\tbtbnn.exec:\tbtbnn.exe103⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe104⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe105⤵
-
\??\c:\pvppv.exec:\pvppv.exe106⤵
-
\??\c:\frxrxrx.exec:\frxrxrx.exe107⤵
-
\??\c:\xlllxrr.exec:\xlllxrr.exe108⤵
-
\??\c:\1nbthb.exec:\1nbthb.exe109⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe110⤵
-
\??\c:\pddpv.exec:\pddpv.exe111⤵
-
\??\c:\djpdp.exec:\djpdp.exe112⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe113⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe114⤵
-
\??\c:\bhtnbt.exec:\bhtnbt.exe115⤵
-
\??\c:\dppdp.exec:\dppdp.exe116⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe117⤵
-
\??\c:\fllxlfx.exec:\fllxlfx.exe118⤵
-
\??\c:\rfffrrf.exec:\rfffrrf.exe119⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe120⤵
-
\??\c:\htthtn.exec:\htthtn.exe121⤵
-
\??\c:\7pjdj.exec:\7pjdj.exe122⤵
-
\??\c:\xxllfxr.exec:\xxllfxr.exe123⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe124⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe125⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe126⤵
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe127⤵
-
\??\c:\3btttt.exec:\3btttt.exe128⤵
-
\??\c:\1ntntt.exec:\1ntntt.exe129⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe130⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe131⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe132⤵
-
\??\c:\9fxxlfx.exec:\9fxxlfx.exe133⤵
-
\??\c:\thbhtt.exec:\thbhtt.exe134⤵
-
\??\c:\thnbtn.exec:\thnbtn.exe135⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe136⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe137⤵
-
\??\c:\rrxxfff.exec:\rrxxfff.exe138⤵
-
\??\c:\9hbbbb.exec:\9hbbbb.exe139⤵
-
\??\c:\dppjv.exec:\dppjv.exe140⤵
-
\??\c:\jppdv.exec:\jppdv.exe141⤵
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe142⤵
-
\??\c:\httnbt.exec:\httnbt.exe143⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe144⤵
-
\??\c:\9ppjj.exec:\9ppjj.exe145⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe146⤵
-
\??\c:\lllfxrr.exec:\lllfxrr.exe147⤵
-
\??\c:\flfxlfr.exec:\flfxlfr.exe148⤵
-
\??\c:\thbtbb.exec:\thbtbb.exe149⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe150⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe151⤵
-
\??\c:\5jddp.exec:\5jddp.exe152⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe153⤵
-
\??\c:\1hhhhh.exec:\1hhhhh.exe154⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe155⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe156⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe157⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe158⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe159⤵
-
\??\c:\9tnnhh.exec:\9tnnhh.exe160⤵
-
\??\c:\7dppd.exec:\7dppd.exe161⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe162⤵
-
\??\c:\lxrlrlx.exec:\lxrlrlx.exe163⤵
-
\??\c:\nbhthb.exec:\nbhthb.exe164⤵
-
\??\c:\bnhbhb.exec:\bnhbhb.exe165⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe166⤵
-
\??\c:\9jdvj.exec:\9jdvj.exe167⤵
-
\??\c:\3ffxllf.exec:\3ffxllf.exe168⤵
-
\??\c:\3xrlxxr.exec:\3xrlxxr.exe169⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe170⤵
-
\??\c:\9vvjd.exec:\9vvjd.exe171⤵
-
\??\c:\1llxxxx.exec:\1llxxxx.exe172⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe173⤵
-
\??\c:\bttntt.exec:\bttntt.exe174⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe175⤵
-
\??\c:\9rxrrrx.exec:\9rxrrrx.exe176⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe177⤵
-
\??\c:\thhhtn.exec:\thhhtn.exe178⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe179⤵
-
\??\c:\xlffrll.exec:\xlffrll.exe180⤵
-
\??\c:\3xxxxxr.exec:\3xxxxxr.exe181⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe182⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe183⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe184⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe185⤵
-
\??\c:\thnbbt.exec:\thnbbt.exe186⤵
-
\??\c:\7bnhtt.exec:\7bnhtt.exe187⤵
-
\??\c:\tbbnbn.exec:\tbbnbn.exe188⤵
-
\??\c:\jddvj.exec:\jddvj.exe189⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe190⤵
-
\??\c:\lfrxrxx.exec:\lfrxrxx.exe191⤵
-
\??\c:\xrxfxxx.exec:\xrxfxxx.exe192⤵
-
\??\c:\3ttnbb.exec:\3ttnbb.exe193⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe194⤵
-
\??\c:\djjjv.exec:\djjjv.exe195⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe196⤵
-
\??\c:\llffrxr.exec:\llffrxr.exe197⤵
-
\??\c:\rrxfrrl.exec:\rrxfrrl.exe198⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe199⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe200⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe201⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe202⤵
-
\??\c:\1vjdv.exec:\1vjdv.exe203⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe204⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe205⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe206⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe207⤵
-
\??\c:\1pvpv.exec:\1pvpv.exe208⤵
-
\??\c:\dppjj.exec:\dppjj.exe209⤵
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe210⤵
-
\??\c:\frrrlxr.exec:\frrrlxr.exe211⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe212⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe213⤵
-
\??\c:\pppjd.exec:\pppjd.exe214⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe215⤵
-
\??\c:\rxxxfff.exec:\rxxxfff.exe216⤵
-
\??\c:\rxxrrfx.exec:\rxxrrfx.exe217⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe218⤵
-
\??\c:\5ntbtt.exec:\5ntbtt.exe219⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe220⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe221⤵
-
\??\c:\llfxllx.exec:\llfxllx.exe222⤵
-
\??\c:\lxrlffr.exec:\lxrlffr.exe223⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe224⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe225⤵
-
\??\c:\7pppj.exec:\7pppj.exe226⤵
-
\??\c:\jddvp.exec:\jddvp.exe227⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe228⤵
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe229⤵
-
\??\c:\xrrrxxx.exec:\xrrrxxx.exe230⤵
-
\??\c:\ththnh.exec:\ththnh.exe231⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe232⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe233⤵
-
\??\c:\7djdv.exec:\7djdv.exe234⤵
-
\??\c:\lflrxxr.exec:\lflrxxr.exe235⤵
-
\??\c:\llllrrx.exec:\llllrrx.exe236⤵
-
\??\c:\hnthbt.exec:\hnthbt.exe237⤵
-
\??\c:\jddvp.exec:\jddvp.exe238⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe239⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe240⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe241⤵