Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 19:02
General
-
Target
1dd150b2e16628bf3a2e0f665ed74590_NeikiAnalytics.exe
-
Size
122KB
-
MD5
1dd150b2e16628bf3a2e0f665ed74590
-
SHA1
4e36b3da46ad656e13d09768c271b1c836d2d242
-
SHA256
a5bf35b082de71c42a8a99b9245a84d71d874ac754db166300774dd43d10cb18
-
SHA512
12aad920e6b3245497b27f5d0ff7427806e262c44c6f8b7b678454024dabe53a031287ab1b527b673f9fdac1c0edb895ba5fa2e9173176772604028043906bc7
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90Ifcmt:n3C9BRW0j/uVEZFmIkS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1dd150b2e16628bf3a2e0f665ed74590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1dd150b2e16628bf3a2e0f665ed74590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbhhn.exec:\bhbhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdp.exec:\9jpdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxllx.exec:\xllxllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnht.exec:\ttnnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvd.exec:\jvdvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllxfx.exec:\lrllxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbn.exec:\htnnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvd.exec:\jpdvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1flfxxl.exec:\1flfxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjv.exec:\1vpjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flflfr.exec:\9flflfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnhn.exec:\9hbnhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlfrl.exec:\xfxlfrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnh.exec:\nhbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrffxf.exec:\flrffxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxfxfl.exec:\lxxfxfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhht.exec:\tthhht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe24⤵
- Executes dropped EXE
-
\??\c:\nnthbt.exec:\nnthbt.exe25⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrllxrl.exec:\xrllxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\nttnbh.exec:\nttnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\9ffxllx.exec:\9ffxllx.exe30⤵
- Executes dropped EXE
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe32⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\xrxxlll.exec:\xrxxlll.exe35⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\3thbhh.exec:\3thbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lffrrxr.exec:\lffrrxr.exe43⤵
- Executes dropped EXE
-
\??\c:\5ntnhb.exec:\5ntnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\nthnht.exec:\nthnht.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrlllr.exec:\xrrlllr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnbhb.exec:\nhnbhb.exe48⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe50⤵
- Executes dropped EXE
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrllrx.exec:\fxrllrx.exe52⤵
- Executes dropped EXE
-
\??\c:\3bnbth.exec:\3bnbth.exe53⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe54⤵
- Executes dropped EXE
-
\??\c:\1dvpp.exec:\1dvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\xfxlrlr.exec:\xfxlrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\rrfrllr.exec:\rrfrllr.exe57⤵
- Executes dropped EXE
-
\??\c:\tntnbh.exec:\tntnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\7pjdp.exec:\7pjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe60⤵
- Executes dropped EXE
-
\??\c:\llllxll.exec:\llllxll.exe61⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe62⤵
- Executes dropped EXE
-
\??\c:\thhtht.exec:\thhtht.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe65⤵
- Executes dropped EXE
-
\??\c:\llxrxxr.exec:\llxrxxr.exe66⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe67⤵
-
\??\c:\tnnhth.exec:\tnnhth.exe68⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe69⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe70⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe71⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe72⤵
-
\??\c:\dpvjv.exec:\dpvjv.exe73⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe74⤵
-
\??\c:\xllxlxr.exec:\xllxlxr.exe75⤵
-
\??\c:\rfllxrl.exec:\rfllxrl.exe76⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe77⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe78⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe79⤵
-
\??\c:\frfffff.exec:\frfffff.exe80⤵
-
\??\c:\fxrlrlx.exec:\fxrlrlx.exe81⤵
-
\??\c:\5bnnnb.exec:\5bnnnb.exe82⤵
-
\??\c:\nbbbbh.exec:\nbbbbh.exe83⤵
-
\??\c:\pddjj.exec:\pddjj.exe84⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe85⤵
-
\??\c:\5xfrffl.exec:\5xfrffl.exe86⤵
-
\??\c:\ntnnbb.exec:\ntnnbb.exe87⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe88⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe89⤵
-
\??\c:\lrxflxl.exec:\lrxflxl.exe90⤵
-
\??\c:\rxxrflx.exec:\rxxrflx.exe91⤵
-
\??\c:\bnnnhn.exec:\bnnnhn.exe92⤵
-
\??\c:\tbnnnb.exec:\tbnnnb.exe93⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe94⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe95⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe96⤵
-
\??\c:\rfflfxr.exec:\rfflfxr.exe97⤵
-
\??\c:\httnnh.exec:\httnnh.exe98⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe99⤵
-
\??\c:\dvddd.exec:\dvddd.exe100⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe101⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe102⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe103⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe104⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe105⤵
-
\??\c:\rflrlrf.exec:\rflrlrf.exe106⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe107⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe108⤵
-
\??\c:\7jpjp.exec:\7jpjp.exe109⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe110⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe111⤵
-
\??\c:\xfxrllf.exec:\xfxrllf.exe112⤵
-
\??\c:\bnbthn.exec:\bnbthn.exe113⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe114⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe115⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe116⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe117⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe118⤵
-
\??\c:\1lrlrlr.exec:\1lrlrlr.exe119⤵
-
\??\c:\7rxrffr.exec:\7rxrffr.exe120⤵
-
\??\c:\tthttt.exec:\tthttt.exe121⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe122⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe123⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe124⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe125⤵
-
\??\c:\ththbt.exec:\ththbt.exe126⤵
-
\??\c:\5tthtt.exec:\5tthtt.exe127⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe128⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe129⤵
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe130⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe131⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe132⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe133⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe134⤵
-
\??\c:\llrlrrl.exec:\llrlrrl.exe135⤵
-
\??\c:\btttnn.exec:\btttnn.exe136⤵
-
\??\c:\bhhnht.exec:\bhhnht.exe137⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe138⤵
-
\??\c:\fllxrlf.exec:\fllxrlf.exe139⤵
-
\??\c:\xrfrrlr.exec:\xrfrrlr.exe140⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe141⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe142⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe143⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe144⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe145⤵
-
\??\c:\rlfrlll.exec:\rlfrlll.exe146⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe147⤵
-
\??\c:\htbnhn.exec:\htbnhn.exe148⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe149⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe150⤵
-
\??\c:\fxxfrfx.exec:\fxxfrfx.exe151⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe152⤵
-
\??\c:\9nntnn.exec:\9nntnn.exe153⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe154⤵
-
\??\c:\dppjd.exec:\dppjd.exe155⤵
-
\??\c:\fffxrrl.exec:\fffxrrl.exe156⤵
-
\??\c:\3rxxffl.exec:\3rxxffl.exe157⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe158⤵
-
\??\c:\ntnhhh.exec:\ntnhhh.exe159⤵
-
\??\c:\jddpp.exec:\jddpp.exe160⤵
-
\??\c:\lxffxxx.exec:\lxffxxx.exe161⤵
-
\??\c:\5xxrllf.exec:\5xxrllf.exe162⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe163⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe164⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe165⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe166⤵
-
\??\c:\nntbtn.exec:\nntbtn.exe167⤵
-
\??\c:\3bbtbb.exec:\3bbtbb.exe168⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe169⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe170⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe171⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe172⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe173⤵
-
\??\c:\5rlxxlf.exec:\5rlxxlf.exe174⤵
-
\??\c:\lflffff.exec:\lflffff.exe175⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe176⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe177⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe178⤵
-
\??\c:\xxxfrrr.exec:\xxxfrrr.exe179⤵
-
\??\c:\xlllfxr.exec:\xlllfxr.exe180⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe181⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe182⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe183⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe184⤵
-
\??\c:\fxxxrxl.exec:\fxxxrxl.exe185⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe186⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe187⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe188⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe189⤵
-
\??\c:\xrfflrr.exec:\xrfflrr.exe190⤵
-
\??\c:\bhnnhb.exec:\bhnnhb.exe191⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe192⤵
-
\??\c:\ppddd.exec:\ppddd.exe193⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe194⤵
-
\??\c:\fxllflf.exec:\fxllflf.exe195⤵
-
\??\c:\5rrllll.exec:\5rrllll.exe196⤵
-
\??\c:\ntbhbn.exec:\ntbhbn.exe197⤵
-
\??\c:\jddjj.exec:\jddjj.exe198⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe199⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe200⤵
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe201⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe202⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe203⤵
-
\??\c:\frrrrff.exec:\frrrrff.exe204⤵
-
\??\c:\rffffxl.exec:\rffffxl.exe205⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe206⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe207⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe208⤵
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe209⤵
-
\??\c:\rxflxxx.exec:\rxflxxx.exe210⤵
-
\??\c:\ntntbt.exec:\ntntbt.exe211⤵
-
\??\c:\pjppv.exec:\pjppv.exe212⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe213⤵
-
\??\c:\xlrlrrf.exec:\xlrlrrf.exe214⤵
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe215⤵
-
\??\c:\htbttt.exec:\htbttt.exe216⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe217⤵
-
\??\c:\9vjjv.exec:\9vjjv.exe218⤵
-
\??\c:\7rlfxxx.exec:\7rlfxxx.exe219⤵
-
\??\c:\xlrlflf.exec:\xlrlflf.exe220⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe221⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe222⤵
-
\??\c:\pppjj.exec:\pppjj.exe223⤵
-
\??\c:\rffxxfx.exec:\rffxxfx.exe224⤵
-
\??\c:\3xxrrrl.exec:\3xxrrrl.exe225⤵
-
\??\c:\3tbttt.exec:\3tbttt.exe226⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe227⤵
-
\??\c:\7vddj.exec:\7vddj.exe228⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe229⤵
-
\??\c:\fxffxrf.exec:\fxffxrf.exe230⤵
-
\??\c:\ffxffff.exec:\ffxffff.exe231⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe232⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe233⤵
-
\??\c:\jpddd.exec:\jpddd.exe234⤵
-
\??\c:\flrllll.exec:\flrllll.exe235⤵
-
\??\c:\frrlfxl.exec:\frrlfxl.exe236⤵
-
\??\c:\hnbnnn.exec:\hnbnnn.exe237⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe238⤵
-
\??\c:\dpddd.exec:\dpddd.exe239⤵
-
\??\c:\rfrrfrl.exec:\rfrrfrl.exe240⤵
-
\??\c:\rlffllf.exec:\rlffllf.exe241⤵