Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 18:40
General
-
Target
18144e103e775e56884312eda2167950_NeikiAnalytics.exe
-
Size
62KB
-
MD5
18144e103e775e56884312eda2167950
-
SHA1
49915d38a1c1044b88ce7b18e8832c0a154ca66d
-
SHA256
7e4a438753c2f5c2d0ed898823744aea98dcab116951756e0f3e2346483d4700
-
SHA512
a63fdb41d8f76a1a4f112ce110ab9285383eb688b79328ec2848c2fe8f80201c9b3e834eaf9401fa31737a150d31ad09471328a0112c96d72ae39a0adf5d494e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6b9FFl:ymb3NkkiQ3mdBjFIugqr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\18144e103e775e56884312eda2167950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\18144e103e775e56884312eda2167950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrxxr.exec:\xlrrxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtt.exec:\btthtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppvv.exec:\1ppvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrrrl.exec:\flrrrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfffx.exec:\fflfffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbhh.exec:\htbbhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpp.exec:\pvdpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffxr.exec:\rlrffxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrrlf.exec:\xfrrrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnhn.exec:\3nnnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrll.exec:\lffrrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhhhh.exec:\3bhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrllf.exec:\xfrrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnb.exec:\ttbtnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnnt.exec:\btnnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppd.exec:\vjppd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jppj.exec:\7jppj.exe23⤵
- Executes dropped EXE
-
\??\c:\9llfxxr.exec:\9llfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe26⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\1bbthh.exec:\1bbthh.exe29⤵
- Executes dropped EXE
-
\??\c:\5vddp.exec:\5vddp.exe30⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlffxr.exec:\rrlffxr.exe32⤵
- Executes dropped EXE
-
\??\c:\3vvpp.exec:\3vvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\7llfxfl.exec:\7llfxfl.exe35⤵
- Executes dropped EXE
-
\??\c:\hthhbh.exec:\hthhbh.exe36⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe38⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxffllf.exec:\fxffllf.exe40⤵
- Executes dropped EXE
-
\??\c:\lfffxxr.exec:\lfffxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\3hbtnn.exec:\3hbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\5jddd.exec:\5jddd.exe44⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\flrlfrr.exec:\flrlfrr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe49⤵
- Executes dropped EXE
-
\??\c:\1tnhnn.exec:\1tnhnn.exe50⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\1rlxrrl.exec:\1rlxrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe53⤵
- Executes dropped EXE
-
\??\c:\nttthh.exec:\nttthh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe56⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe57⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rrrlxxx.exec:\rrrlxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\lxllrrr.exec:\lxllrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\bhnhbn.exec:\bhnhbn.exe61⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\5lrrlff.exec:\5lrrlff.exe65⤵
- Executes dropped EXE
-
\??\c:\1flfxxr.exec:\1flfxxr.exe66⤵
-
\??\c:\ntbtbt.exec:\ntbtbt.exe67⤵
-
\??\c:\1hnhhh.exec:\1hnhhh.exe68⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe69⤵
-
\??\c:\xllfrrr.exec:\xllfrrr.exe70⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe71⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe72⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe73⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe74⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe75⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe76⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe77⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe78⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe79⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe80⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe81⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe82⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe83⤵
-
\??\c:\pvppp.exec:\pvppp.exe84⤵
-
\??\c:\1pppd.exec:\1pppd.exe85⤵
-
\??\c:\flrlxxr.exec:\flrlxxr.exe86⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe87⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe88⤵
-
\??\c:\lrffrrr.exec:\lrffrrr.exe89⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe90⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe91⤵
-
\??\c:\dvppj.exec:\dvppj.exe92⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe93⤵
-
\??\c:\9xfxrxx.exec:\9xfxrxx.exe94⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe95⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe96⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe97⤵
-
\??\c:\1dddp.exec:\1dddp.exe98⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe99⤵
-
\??\c:\rrrrrff.exec:\rrrrrff.exe100⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe101⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe102⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe103⤵
-
\??\c:\jpppj.exec:\jpppj.exe104⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe105⤵
-
\??\c:\fxlflll.exec:\fxlflll.exe106⤵
-
\??\c:\rllrlrl.exec:\rllrlrl.exe107⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe108⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe109⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe110⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe111⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe112⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe113⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe114⤵
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe115⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe116⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe117⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe118⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe119⤵
-
\??\c:\lfrllrl.exec:\lfrllrl.exe120⤵
-
\??\c:\1lrrrrx.exec:\1lrrrrx.exe121⤵
-
\??\c:\nnnhhn.exec:\nnnhhn.exe122⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe123⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe124⤵
-
\??\c:\dppjv.exec:\dppjv.exe125⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe126⤵
-
\??\c:\5hnbtt.exec:\5hnbtt.exe127⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe128⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe129⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe130⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe131⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe132⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe133⤵
-
\??\c:\9rrlfff.exec:\9rrlfff.exe134⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe135⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe136⤵
-
\??\c:\hbhthh.exec:\hbhthh.exe137⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe138⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe139⤵
-
\??\c:\rxrlfxx.exec:\rxrlfxx.exe140⤵
-
\??\c:\3xlfrxx.exec:\3xlfrxx.exe141⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe142⤵
-
\??\c:\7tbtbb.exec:\7tbtbb.exe143⤵
-
\??\c:\httnbh.exec:\httnbh.exe144⤵
-
\??\c:\pppjd.exec:\pppjd.exe145⤵
-
\??\c:\7djdv.exec:\7djdv.exe146⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe147⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe148⤵
-
\??\c:\frxrlrx.exec:\frxrlrx.exe149⤵
-
\??\c:\nbbtbb.exec:\nbbtbb.exe150⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe151⤵
-
\??\c:\dppjd.exec:\dppjd.exe152⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe153⤵
-
\??\c:\htttnn.exec:\htttnn.exe154⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe155⤵
-
\??\c:\djpdv.exec:\djpdv.exe156⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe157⤵
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe158⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe159⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe160⤵
-
\??\c:\vdddd.exec:\vdddd.exe161⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe162⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe163⤵
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe164⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe165⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe166⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe167⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe168⤵
-
\??\c:\xllfffx.exec:\xllfffx.exe169⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe170⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe171⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe172⤵
-
\??\c:\bttttt.exec:\bttttt.exe173⤵
-
\??\c:\7jppd.exec:\7jppd.exe174⤵
-
\??\c:\5rxxffl.exec:\5rxxffl.exe175⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe176⤵
-
\??\c:\vppjj.exec:\vppjj.exe177⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe178⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe179⤵
-
\??\c:\3rrrlff.exec:\3rrrlff.exe180⤵
-
\??\c:\btthnn.exec:\btthnn.exe181⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe182⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe183⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe184⤵
-
\??\c:\9ffxfff.exec:\9ffxfff.exe185⤵
-
\??\c:\5rxxxxr.exec:\5rxxxxr.exe186⤵
-
\??\c:\xrrffrx.exec:\xrrffrx.exe187⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe188⤵
-
\??\c:\7tnntb.exec:\7tnntb.exe189⤵
-
\??\c:\djppv.exec:\djppv.exe190⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe191⤵
-
\??\c:\rflxrlf.exec:\rflxrlf.exe192⤵
-
\??\c:\7frlrrf.exec:\7frlrrf.exe193⤵
-
\??\c:\9hnhhn.exec:\9hnhhn.exe194⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe195⤵
-
\??\c:\jppjd.exec:\jppjd.exe196⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe197⤵
-
\??\c:\rrffxxr.exec:\rrffxxr.exe198⤵
-
\??\c:\5llfxfx.exec:\5llfxfx.exe199⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe200⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe201⤵
-
\??\c:\jddvv.exec:\jddvv.exe202⤵
-
\??\c:\djpjd.exec:\djpjd.exe203⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe204⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe205⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe206⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe207⤵
-
\??\c:\dvppj.exec:\dvppj.exe208⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe209⤵
-
\??\c:\jddjd.exec:\jddjd.exe210⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe211⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe212⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe213⤵
-
\??\c:\3nbtnn.exec:\3nbtnn.exe214⤵
-
\??\c:\jdddv.exec:\jdddv.exe215⤵
-
\??\c:\lfrrflr.exec:\lfrrflr.exe216⤵
-
\??\c:\3flffff.exec:\3flffff.exe217⤵
-
\??\c:\hhnnnb.exec:\hhnnnb.exe218⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe219⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe220⤵
-
\??\c:\vppjd.exec:\vppjd.exe221⤵
-
\??\c:\5xrllff.exec:\5xrllff.exe222⤵
-
\??\c:\xfrlfll.exec:\xfrlfll.exe223⤵
-
\??\c:\nthnhh.exec:\nthnhh.exe224⤵
-
\??\c:\bhnnnt.exec:\bhnnnt.exe225⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe226⤵
-
\??\c:\pdddv.exec:\pdddv.exe227⤵
-
\??\c:\5ddvv.exec:\5ddvv.exe228⤵
-
\??\c:\frxfrrr.exec:\frxfrrr.exe229⤵
-
\??\c:\nntntt.exec:\nntntt.exe230⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe231⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe232⤵
-
\??\c:\pjddv.exec:\pjddv.exe233⤵
-
\??\c:\3rxfxlf.exec:\3rxfxlf.exe234⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe235⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe236⤵
-
\??\c:\ppppd.exec:\ppppd.exe237⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe238⤵
-
\??\c:\fffxlxl.exec:\fffxlxl.exe239⤵
-
\??\c:\1rrrllf.exec:\1rrrllf.exe240⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe241⤵