Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:26
General
-
Target
ac1e8317bfc175d0347bb3369617cb70_NeikiAnalytics.exe
-
Size
229KB
-
MD5
ac1e8317bfc175d0347bb3369617cb70
-
SHA1
83cf093de6c8827a72cf984503fded2f245ad2ab
-
SHA256
b317f5fa949015542e62c0b280bd1c0a8e9b51493c9976fefcbaeaee20dcafe6
-
SHA512
2bd86e54e8dd4363b6e755b7e6c2834323ac3bce9fb72c91433e0694a4723d0d75a77cf7b56a22436f2b6495ab38a3a001cf3d0c635f78b8361052226f15f164
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31z8mF7Cb:n3C9BRo7MlrWKo+lfFeb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac1e8317bfc175d0347bb3369617cb70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ac1e8317bfc175d0347bb3369617cb70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbt.exec:\tnhhbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfff.exec:\xrrlfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnb.exec:\tbhtnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbbb.exec:\thnbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xflfrl.exec:\7xflfrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbth.exec:\nbhbth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrlr.exec:\rxxxrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbbb.exec:\hntbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffllr.exec:\fxffllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnt.exec:\tbbtnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvv.exec:\9vdvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhn.exec:\thnnhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffx.exec:\rrrlffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbntb.exec:\thbntb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbth.exec:\ntbbth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpp.exec:\djdpp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrffxlx.exec:\lrffxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\flfrflx.exec:\flfrflx.exe25⤵
- Executes dropped EXE
-
\??\c:\3ffxrll.exec:\3ffxrll.exe26⤵
- Executes dropped EXE
-
\??\c:\5nbtnn.exec:\5nbtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\rxrxlxl.exec:\rxrxlxl.exe28⤵
- Executes dropped EXE
-
\??\c:\bttnnt.exec:\bttnnt.exe29⤵
- Executes dropped EXE
-
\??\c:\bthtnn.exec:\bthtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\rrfrlxx.exec:\rrfrlxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nthbbt.exec:\nthbbt.exe32⤵
- Executes dropped EXE
-
\??\c:\5flfrrl.exec:\5flfrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xxffllr.exec:\xxffllr.exe36⤵
- Executes dropped EXE
-
\??\c:\rffxllf.exec:\rffxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrllff.exec:\fxrllff.exe40⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe42⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\bnnnnn.exec:\bnnnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xxffrrl.exec:\xxffrrl.exe47⤵
- Executes dropped EXE
-
\??\c:\3xrfxxr.exec:\3xrfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe53⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\rllrlrr.exec:\rllrlrr.exe56⤵
- Executes dropped EXE
-
\??\c:\3bhhbh.exec:\3bhhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe59⤵
- Executes dropped EXE
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe62⤵
- Executes dropped EXE
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\9lrllrl.exec:\9lrllrl.exe64⤵
- Executes dropped EXE
-
\??\c:\htttbb.exec:\htttbb.exe65⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe66⤵
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe67⤵
-
\??\c:\httthb.exec:\httthb.exe68⤵
-
\??\c:\thntnh.exec:\thntnh.exe69⤵
-
\??\c:\jddvv.exec:\jddvv.exe70⤵
-
\??\c:\7ffffff.exec:\7ffffff.exe71⤵
-
\??\c:\btthbn.exec:\btthbn.exe72⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe73⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe74⤵
-
\??\c:\xrxrlff.exec:\xrxrlff.exe75⤵
-
\??\c:\thhtnb.exec:\thhtnb.exe76⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe77⤵
-
\??\c:\frfffxx.exec:\frfffxx.exe78⤵
-
\??\c:\9flfxxr.exec:\9flfxxr.exe79⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe80⤵
-
\??\c:\xxllxxf.exec:\xxllxxf.exe81⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe82⤵
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe83⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe84⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe85⤵
-
\??\c:\pjppp.exec:\pjppp.exe86⤵
-
\??\c:\3lfrrxx.exec:\3lfrrxx.exe87⤵
-
\??\c:\ttbhnb.exec:\ttbhnb.exe88⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe89⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe90⤵
-
\??\c:\flrxrrl.exec:\flrxrrl.exe91⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe92⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe93⤵
-
\??\c:\pjppp.exec:\pjppp.exe94⤵
-
\??\c:\flflxlf.exec:\flflxlf.exe95⤵
-
\??\c:\flxlrfl.exec:\flxlrfl.exe96⤵
-
\??\c:\tthtbn.exec:\tthtbn.exe97⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe98⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe99⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe100⤵
-
\??\c:\3tbhhb.exec:\3tbhhb.exe101⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe102⤵
-
\??\c:\pppvv.exec:\pppvv.exe103⤵
-
\??\c:\3xfxrrl.exec:\3xfxrrl.exe104⤵
-
\??\c:\7flllrl.exec:\7flllrl.exe105⤵
-
\??\c:\btthhn.exec:\btthhn.exe106⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe107⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe108⤵
-
\??\c:\xxrxrxr.exec:\xxrxrxr.exe109⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe110⤵
-
\??\c:\hbnhhn.exec:\hbnhhn.exe111⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe112⤵
-
\??\c:\xxffffl.exec:\xxffffl.exe113⤵
-
\??\c:\tttnht.exec:\tttnht.exe114⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe115⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe116⤵
-
\??\c:\xxfrxfr.exec:\xxfrxfr.exe117⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe118⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe119⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe120⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe121⤵
-
\??\c:\djjdv.exec:\djjdv.exe122⤵
-
\??\c:\djpjd.exec:\djpjd.exe123⤵
-
\??\c:\flfxlrr.exec:\flfxlrr.exe124⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe125⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe126⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe127⤵
-
\??\c:\9rlfffx.exec:\9rlfffx.exe128⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe129⤵
-
\??\c:\7nhtbb.exec:\7nhtbb.exe130⤵
-
\??\c:\dppjd.exec:\dppjd.exe131⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe132⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe133⤵
-
\??\c:\tntntn.exec:\tntntn.exe134⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe135⤵
-
\??\c:\lflrlrx.exec:\lflrlrx.exe136⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe137⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe138⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe139⤵
-
\??\c:\9xlfxxx.exec:\9xlfxxx.exe140⤵
-
\??\c:\bbnthb.exec:\bbnthb.exe141⤵
-
\??\c:\9nbbbn.exec:\9nbbbn.exe142⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe143⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe144⤵
-
\??\c:\xxrrlrr.exec:\xxrrlrr.exe145⤵
-
\??\c:\1rxxrxx.exec:\1rxxrxx.exe146⤵
-
\??\c:\bntbhb.exec:\bntbhb.exe147⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe148⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe149⤵
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe150⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe151⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe152⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe153⤵
-
\??\c:\vddvv.exec:\vddvv.exe154⤵
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe155⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe156⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe157⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe158⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe159⤵
-
\??\c:\xxrrrrl.exec:\xxrrrrl.exe160⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe161⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe162⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe163⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe164⤵
-
\??\c:\djvpp.exec:\djvpp.exe165⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe166⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe167⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe168⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe169⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe170⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe171⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe172⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe173⤵
-
\??\c:\9bbhht.exec:\9bbhht.exe174⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe175⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe176⤵
-
\??\c:\3lrlrrx.exec:\3lrlrrx.exe177⤵
-
\??\c:\xflfxrl.exec:\xflfxrl.exe178⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe179⤵
-
\??\c:\jjppj.exec:\jjppj.exe180⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe181⤵
-
\??\c:\xffffff.exec:\xffffff.exe182⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe183⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe184⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe185⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe186⤵
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe187⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe188⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe189⤵
-
\??\c:\1vpjd.exec:\1vpjd.exe190⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe191⤵
-
\??\c:\fxrrfrr.exec:\fxrrfrr.exe192⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe193⤵
-
\??\c:\btnthh.exec:\btnthh.exe194⤵
-
\??\c:\dppjj.exec:\dppjj.exe195⤵
-
\??\c:\jjddd.exec:\jjddd.exe196⤵
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe197⤵
-
\??\c:\nnbbhb.exec:\nnbbhb.exe198⤵
-
\??\c:\9hhbbb.exec:\9hhbbb.exe199⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe200⤵
-
\??\c:\rrrrlrr.exec:\rrrrlrr.exe201⤵
-
\??\c:\flxrfxx.exec:\flxrfxx.exe202⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe203⤵
-
\??\c:\pppjd.exec:\pppjd.exe204⤵
-
\??\c:\dvppp.exec:\dvppp.exe205⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe206⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe207⤵
-
\??\c:\httttt.exec:\httttt.exe208⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe209⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe210⤵
-
\??\c:\lflfxrr.exec:\lflfxrr.exe211⤵
-
\??\c:\3flfxxx.exec:\3flfxxx.exe212⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe213⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe214⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe215⤵
-
\??\c:\5xxrlll.exec:\5xxrlll.exe216⤵
-
\??\c:\xrxllfl.exec:\xrxllfl.exe217⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe218⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe219⤵
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe220⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe221⤵
-
\??\c:\rrlfrrx.exec:\rrlfrrx.exe222⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe223⤵
-
\??\c:\jvppj.exec:\jvppj.exe224⤵
-
\??\c:\lllfrrl.exec:\lllfrrl.exe225⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe226⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe227⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe228⤵
-
\??\c:\lrlflxf.exec:\lrlflxf.exe229⤵
-
\??\c:\ffxfllr.exec:\ffxfllr.exe230⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe231⤵
-
\??\c:\vpppj.exec:\vpppj.exe232⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe233⤵
-
\??\c:\hhhbth.exec:\hhhbth.exe234⤵
-
\??\c:\nnhntn.exec:\nnhntn.exe235⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe236⤵
-
\??\c:\djvpj.exec:\djvpj.exe237⤵
-
\??\c:\xxffxxr.exec:\xxffxxr.exe238⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe239⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe240⤵
-
\??\c:\9djdp.exec:\9djdp.exe241⤵