Analysis
-
max time kernel
149s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 02:51
General
-
Target
96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
96cf1073e1fdaa134d1e12fad5a493c0
-
SHA1
24fcdae0065ddc8b7c3dbc6d1cdda9f5a433e956
-
SHA256
fdc5b000c41842926c4339fe20edd31b86f3cbd0ac4d93ab608338801bd37c0b
-
SHA512
7c8f4bb6124089b062ef45ecf5b78f7fdf76e43ea0804790973724322f094a07d231f5cd6697c3f9f5b4b075214e3d887677b4bb0a023fa314f6237302690961
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9Li:ymb3NkkiQ3mdBjFI9m
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnb.exec:\bttnnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlfff.exec:\5lrlfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrrr.exec:\llxrrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhh.exec:\hbnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffffll.exec:\fffffll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnn.exec:\btbbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnb.exec:\tnbbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxllf.exec:\5lfxllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhb.exec:\nnnnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxrr.exec:\ffffxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffxx.exec:\rffffxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbh.exec:\tthhbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvj.exec:\pvjvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllll.exec:\fllllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnb.exec:\bnnbnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxrllf.exec:\xlxrllf.exe27⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe29⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrffll.exec:\fxrffll.exe31⤵
- Executes dropped EXE
-
\??\c:\ntnhbn.exec:\ntnhbn.exe32⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\rxfrlrl.exec:\rxfrlrl.exe34⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\1btnhh.exec:\1btnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe37⤵
- Executes dropped EXE
-
\??\c:\pjdjd.exec:\pjdjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe39⤵
- Executes dropped EXE
-
\??\c:\tntnnt.exec:\tntnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe41⤵
- Executes dropped EXE
-
\??\c:\flxffff.exec:\flxffff.exe42⤵
- Executes dropped EXE
-
\??\c:\xflllff.exec:\xflllff.exe43⤵
- Executes dropped EXE
-
\??\c:\1ttnhh.exec:\1ttnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe45⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\3lxrlrr.exec:\3lxrlrr.exe47⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe48⤵
- Executes dropped EXE
-
\??\c:\tbhhhn.exec:\tbhhhn.exe49⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe50⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\fflllrx.exec:\fflllrx.exe52⤵
- Executes dropped EXE
-
\??\c:\7bthbb.exec:\7bthbb.exe53⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe54⤵
- Executes dropped EXE
-
\??\c:\xfxlxxx.exec:\xfxlxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\lxxxllf.exec:\lxxxllf.exe56⤵
- Executes dropped EXE
-
\??\c:\ppddd.exec:\ppddd.exe57⤵
- Executes dropped EXE
-
\??\c:\5rrfxxr.exec:\5rrfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\btnhhn.exec:\btnhhn.exe59⤵
- Executes dropped EXE
-
\??\c:\5ntnhn.exec:\5ntnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\1hnnbb.exec:\1hnnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\7jjdp.exec:\7jjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe64⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe66⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe67⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe68⤵
-
\??\c:\xflllfr.exec:\xflllfr.exe69⤵
-
\??\c:\rxrrrrl.exec:\rxrrrrl.exe70⤵
-
\??\c:\5ntbbb.exec:\5ntbbb.exe71⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe72⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe73⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe74⤵
-
\??\c:\flxfrrr.exec:\flxfrrr.exe75⤵
-
\??\c:\xrrlffl.exec:\xrrlffl.exe76⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe77⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe78⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe79⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe80⤵
-
\??\c:\lflfxff.exec:\lflfxff.exe81⤵
-
\??\c:\7hnhbh.exec:\7hnhbh.exe82⤵
-
\??\c:\nhhbnt.exec:\nhhbnt.exe83⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe84⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe85⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe86⤵
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe87⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe88⤵
-
\??\c:\ttbhth.exec:\ttbhth.exe89⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe90⤵
-
\??\c:\jdppj.exec:\jdppj.exe91⤵
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe92⤵
-
\??\c:\llflllr.exec:\llflllr.exe93⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe94⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe95⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe96⤵
-
\??\c:\frrlxxx.exec:\frrlxxx.exe97⤵
-
\??\c:\xrrflxf.exec:\xrrflxf.exe98⤵
-
\??\c:\nnnttt.exec:\nnnttt.exe99⤵
-
\??\c:\5dpjj.exec:\5dpjj.exe100⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe101⤵
-
\??\c:\frlfxxx.exec:\frlfxxx.exe102⤵
-
\??\c:\3fllrrx.exec:\3fllrrx.exe103⤵
-
\??\c:\lfrxrrr.exec:\lfrxrrr.exe104⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe105⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe106⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe107⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe108⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe109⤵
-
\??\c:\nttttt.exec:\nttttt.exe110⤵
-
\??\c:\thhbbn.exec:\thhbbn.exe111⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe112⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe113⤵
-
\??\c:\xxxllfx.exec:\xxxllfx.exe114⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe115⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe116⤵
-
\??\c:\xrxxffr.exec:\xrxxffr.exe117⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe118⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe119⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe120⤵
-
\??\c:\jdppv.exec:\jdppv.exe121⤵
-
\??\c:\rxflfxf.exec:\rxflfxf.exe122⤵
-
\??\c:\1flrflr.exec:\1flrflr.exe123⤵
-
\??\c:\nnhnhb.exec:\nnhnhb.exe124⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe125⤵
-
\??\c:\jddjd.exec:\jddjd.exe126⤵
-
\??\c:\xrrllfx.exec:\xrrllfx.exe127⤵
-
\??\c:\fxffrxr.exec:\fxffrxr.exe128⤵
-
\??\c:\nhthbh.exec:\nhthbh.exe129⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe130⤵
-
\??\c:\djjpd.exec:\djjpd.exe131⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe132⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe133⤵
-
\??\c:\pvddv.exec:\pvddv.exe134⤵
-
\??\c:\xxrlllx.exec:\xxrlllx.exe135⤵
-
\??\c:\lfffxfx.exec:\lfffxfx.exe136⤵
-
\??\c:\ttbbnn.exec:\ttbbnn.exe137⤵
-
\??\c:\7llffff.exec:\7llffff.exe138⤵
-
\??\c:\ntbhhh.exec:\ntbhhh.exe139⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe140⤵
-
\??\c:\7djdv.exec:\7djdv.exe141⤵
-
\??\c:\lxrlflf.exec:\lxrlflf.exe142⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe143⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe144⤵
-
\??\c:\xrffrxx.exec:\xrffrxx.exe145⤵
-
\??\c:\9ttbbb.exec:\9ttbbb.exe146⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe147⤵
-
\??\c:\xffllll.exec:\xffllll.exe148⤵
-
\??\c:\flxxflf.exec:\flxxflf.exe149⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe150⤵
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe151⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe152⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe153⤵
-
\??\c:\hhtnbb.exec:\hhtnbb.exe154⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe155⤵
-
\??\c:\ppddd.exec:\ppddd.exe156⤵
-
\??\c:\lxrxlfl.exec:\lxrxlfl.exe157⤵
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe158⤵
-
\??\c:\tttnhn.exec:\tttnhn.exe159⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe160⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe161⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe162⤵
-
\??\c:\5xxrrll.exec:\5xxrrll.exe163⤵
-
\??\c:\ffrxflx.exec:\ffrxflx.exe164⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe165⤵
-
\??\c:\dpppp.exec:\dpppp.exe166⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe167⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe168⤵
-
\??\c:\rflfxfx.exec:\rflfxfx.exe169⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe170⤵
-
\??\c:\bhhbnt.exec:\bhhbnt.exe171⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe172⤵
-
\??\c:\jpppj.exec:\jpppj.exe173⤵
-
\??\c:\5rfrfrf.exec:\5rfrfrf.exe174⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe175⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe176⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe177⤵
-
\??\c:\vjppj.exec:\vjppj.exe178⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe179⤵
-
\??\c:\flllffx.exec:\flllffx.exe180⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe181⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe182⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe183⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe184⤵
-
\??\c:\rfxxrxr.exec:\rfxxrxr.exe185⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe186⤵
-
\??\c:\9vjvd.exec:\9vjvd.exe187⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe188⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe189⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe190⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe191⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe192⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe193⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe194⤵
-
\??\c:\3hhhtn.exec:\3hhhtn.exe195⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe196⤵
-
\??\c:\vpddj.exec:\vpddj.exe197⤵
-
\??\c:\ffflflf.exec:\ffflflf.exe198⤵
-
\??\c:\5flffxr.exec:\5flffxr.exe199⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe200⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe201⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe202⤵
-
\??\c:\rfxrfxx.exec:\rfxrfxx.exe203⤵
-
\??\c:\lrxxrrx.exec:\lrxxrrx.exe204⤵
-
\??\c:\5bnhnh.exec:\5bnhnh.exe205⤵
-
\??\c:\hthhth.exec:\hthhth.exe206⤵
-
\??\c:\httnhh.exec:\httnhh.exe207⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe208⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe209⤵
-
\??\c:\xllfxrf.exec:\xllfxrf.exe210⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe211⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe212⤵
-
\??\c:\bhttnh.exec:\bhttnh.exe213⤵
-
\??\c:\pjddv.exec:\pjddv.exe214⤵
-
\??\c:\htnbht.exec:\htnbht.exe215⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe216⤵
-
\??\c:\vjppj.exec:\vjppj.exe217⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe218⤵
-
\??\c:\frrrlff.exec:\frrrlff.exe219⤵
-
\??\c:\lxxrlxr.exec:\lxxrlxr.exe220⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe221⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe222⤵
-
\??\c:\dvddp.exec:\dvddp.exe223⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe224⤵
-
\??\c:\flfxrlf.exec:\flfxrlf.exe225⤵
-
\??\c:\bbnbbt.exec:\bbnbbt.exe226⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe227⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe228⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe229⤵
-
\??\c:\xxxxxll.exec:\xxxxxll.exe230⤵
-
\??\c:\lfffxrr.exec:\lfffxrr.exe231⤵
-
\??\c:\5ntthh.exec:\5ntthh.exe232⤵
-
\??\c:\9hbnnh.exec:\9hbnnh.exe233⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe234⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe235⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe236⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe237⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe238⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe239⤵
-
\??\c:\djjpp.exec:\djjpp.exe240⤵
-
\??\c:\rlxfxxr.exec:\rlxfxxr.exe241⤵