Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 07:18
General
-
Target
cf8c775c71330833a17d8026ccec2a30_NeikiAnalytics.exe
-
Size
224KB
-
MD5
cf8c775c71330833a17d8026ccec2a30
-
SHA1
63d5bf17e5cacd3a4ef39c7b1ea84919bb11a401
-
SHA256
d0a741fb253c21975be756eb5e65dcd000c8697b6c67faf0cbea8548ab0d6586
-
SHA512
015e5f52f1c819fd8253b1d55895c0f4be730ea4b39b189745aaeccf94a2a2f5251dafabd13ff665f9e97d5cce93ed2a7a95cd4833d7e6eaddaedd8c3cf5830d
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QNVrVc:n3C9BRo7MlrWKo+l0rVc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf8c775c71330833a17d8026ccec2a30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf8c775c71330833a17d8026ccec2a30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjv.exec:\pdpjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbn.exec:\tnnhbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvd.exec:\djjvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjd.exec:\5jjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtn.exec:\hhbbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrxlr.exec:\xflrxlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdv.exec:\vdpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhh.exec:\htbnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpp.exec:\ddvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxfllf.exec:\xxxfllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttthh.exec:\nttthh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrxf.exec:\flfxrxf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbntb.exec:\hhbntb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrrx.exec:\rfrlrrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnnt.exec:\bbhnnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxxr.exec:\fxffxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\fxxxflr.exec:\fxxxflr.exe24⤵
- Executes dropped EXE
-
\??\c:\nnnntt.exec:\nnnntt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\7rfxrrx.exec:\7rfxrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\1tbthh.exec:\1tbthh.exe28⤵
- Executes dropped EXE
-
\??\c:\9rrrxlr.exec:\9rrrxlr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe30⤵
- Executes dropped EXE
-
\??\c:\7jpjv.exec:\7jpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xfxfxlr.exec:\xfxfxlr.exe32⤵
- Executes dropped EXE
-
\??\c:\hnbtbh.exec:\hnbtbh.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrxrxx.exec:\rfrxrxx.exe34⤵
- Executes dropped EXE
-
\??\c:\thtbbt.exec:\thtbbt.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe37⤵
- Executes dropped EXE
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnbtt.exec:\tbnbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\xxfxffl.exec:\xxfxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\ttnhnn.exec:\ttnhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrfxxl.exec:\xlrfxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\7vpdv.exec:\7vpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\lfllfff.exec:\lfllfff.exe49⤵
- Executes dropped EXE
-
\??\c:\1nhbtn.exec:\1nhbtn.exe50⤵
- Executes dropped EXE
-
\??\c:\tbtnhh.exec:\tbtnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe53⤵
- Executes dropped EXE
-
\??\c:\rfrlfff.exec:\rfrlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhnhh.exec:\nhhnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrrllr.exec:\lfrrllr.exe61⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe62⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxfxfrr.exec:\fxfxfrr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe66⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe67⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe68⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe69⤵
-
\??\c:\lxrlllr.exec:\lxrlllr.exe70⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe71⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe72⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe73⤵
-
\??\c:\1xlfxff.exec:\1xlfxff.exe74⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe75⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe76⤵
-
\??\c:\pjppv.exec:\pjppv.exe77⤵
-
\??\c:\xllxfxf.exec:\xllxfxf.exe78⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe79⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe80⤵
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe81⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe82⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe83⤵
-
\??\c:\djppj.exec:\djppj.exe84⤵
-
\??\c:\rffxlrl.exec:\rffxlrl.exe85⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe86⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe87⤵
-
\??\c:\fxxxxfx.exec:\fxxxxfx.exe88⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe89⤵
-
\??\c:\xlllxff.exec:\xlllxff.exe90⤵
-
\??\c:\ntttnh.exec:\ntttnh.exe91⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe92⤵
-
\??\c:\rrfflrr.exec:\rrfflrr.exe93⤵
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe94⤵
-
\??\c:\htnbbt.exec:\htnbbt.exe95⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe96⤵
-
\??\c:\llfxlrr.exec:\llfxlrr.exe97⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe98⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe99⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe100⤵
-
\??\c:\djjvp.exec:\djjvp.exe101⤵
-
\??\c:\frrrflf.exec:\frrrflf.exe102⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe103⤵
-
\??\c:\ttbhth.exec:\ttbhth.exe104⤵
-
\??\c:\vvppv.exec:\vvppv.exe105⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe106⤵
-
\??\c:\flxrlrr.exec:\flxrlrr.exe107⤵
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe108⤵
-
\??\c:\nbntnh.exec:\nbntnh.exe109⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe110⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe111⤵
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe112⤵
-
\??\c:\xxrrllf.exec:\xxrrllf.exe113⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe114⤵
-
\??\c:\9vppd.exec:\9vppd.exe115⤵
-
\??\c:\djdvv.exec:\djdvv.exe116⤵
-
\??\c:\1xxrlfx.exec:\1xxrlfx.exe117⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe118⤵
-
\??\c:\ttnhbh.exec:\ttnhbh.exe119⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe120⤵
-
\??\c:\llxxrfr.exec:\llxxrfr.exe121⤵
-
\??\c:\flfflfx.exec:\flfflfx.exe122⤵
-
\??\c:\bnbnhh.exec:\bnbnhh.exe123⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe124⤵
-
\??\c:\vppjj.exec:\vppjj.exe125⤵
-
\??\c:\5lxrllr.exec:\5lxrllr.exe126⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe127⤵
-
\??\c:\3vpjd.exec:\3vpjd.exe128⤵
-
\??\c:\lfflffx.exec:\lfflffx.exe129⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe130⤵
-
\??\c:\7btnhb.exec:\7btnhb.exe131⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe132⤵
-
\??\c:\djvpj.exec:\djvpj.exe133⤵
-
\??\c:\7llfllr.exec:\7llfllr.exe134⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe135⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe136⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe137⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe138⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe139⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe140⤵
-
\??\c:\bhnbbh.exec:\bhnbbh.exe141⤵
-
\??\c:\dddvd.exec:\dddvd.exe142⤵
-
\??\c:\1ffxxxr.exec:\1ffxxxr.exe143⤵
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe144⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe145⤵
-
\??\c:\dpppj.exec:\dpppj.exe146⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe147⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe148⤵
-
\??\c:\3djjj.exec:\3djjj.exe149⤵
-
\??\c:\xlfffff.exec:\xlfffff.exe150⤵
-
\??\c:\7thbbh.exec:\7thbbh.exe151⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe152⤵
-
\??\c:\jddvd.exec:\jddvd.exe153⤵
-
\??\c:\llflfxx.exec:\llflfxx.exe154⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe155⤵
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe156⤵
-
\??\c:\3ntnht.exec:\3ntnht.exe157⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe158⤵
-
\??\c:\xxxllrl.exec:\xxxllrl.exe159⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe160⤵
-
\??\c:\jjppd.exec:\jjppd.exe161⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe162⤵
-
\??\c:\httbbb.exec:\httbbb.exe163⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe164⤵
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe165⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe166⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe167⤵
-
\??\c:\nntbbn.exec:\nntbbn.exe168⤵
-
\??\c:\vpppj.exec:\vpppj.exe169⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe170⤵
-
\??\c:\flrrffx.exec:\flrrffx.exe171⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe172⤵
-
\??\c:\jppdv.exec:\jppdv.exe173⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe174⤵
-
\??\c:\rlrxrrl.exec:\rlrxrrl.exe175⤵
-
\??\c:\7bbnbb.exec:\7bbnbb.exe176⤵
-
\??\c:\dppjd.exec:\dppjd.exe177⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe178⤵
-
\??\c:\9frlllf.exec:\9frlllf.exe179⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe180⤵
-
\??\c:\nbhnhh.exec:\nbhnhh.exe181⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe182⤵
-
\??\c:\xlxrxfr.exec:\xlxrxfr.exe183⤵
-
\??\c:\5rrrlfx.exec:\5rrrlfx.exe184⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe185⤵
-
\??\c:\vppjd.exec:\vppjd.exe186⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe187⤵
-
\??\c:\flrfxrl.exec:\flrfxrl.exe188⤵
-
\??\c:\9bhbbh.exec:\9bhbbh.exe189⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe190⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe191⤵
-
\??\c:\xxfflrr.exec:\xxfflrr.exe192⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe193⤵
-
\??\c:\ddppj.exec:\ddppj.exe194⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe195⤵
-
\??\c:\flrfxrr.exec:\flrfxrr.exe196⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe197⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe198⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe199⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe200⤵
-
\??\c:\3bnhhh.exec:\3bnhhh.exe201⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe202⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe203⤵
-
\??\c:\lflffff.exec:\lflffff.exe204⤵
-
\??\c:\bntttn.exec:\bntttn.exe205⤵
-
\??\c:\3nnhtb.exec:\3nnhtb.exe206⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe207⤵
-
\??\c:\jdppp.exec:\jdppp.exe208⤵
-
\??\c:\7ffxrxr.exec:\7ffxrxr.exe209⤵
-
\??\c:\3tbtht.exec:\3tbtht.exe210⤵
-
\??\c:\7tttnt.exec:\7tttnt.exe211⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe212⤵
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe213⤵
-
\??\c:\rrxrrff.exec:\rrxrrff.exe214⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe215⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe216⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe217⤵
-
\??\c:\llffxxl.exec:\llffxxl.exe218⤵
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe219⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe220⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe221⤵
-
\??\c:\7jddj.exec:\7jddj.exe222⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe223⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe224⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe225⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe226⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe227⤵
-
\??\c:\llfffff.exec:\llfffff.exe228⤵
-
\??\c:\5hbtnh.exec:\5hbtnh.exe229⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe230⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe231⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe232⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe233⤵
-
\??\c:\9pddv.exec:\9pddv.exe234⤵
-
\??\c:\fffxxxl.exec:\fffxxxl.exe235⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe236⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe237⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe238⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe239⤵
-
\??\c:\lxfxffx.exec:\lxfxffx.exe240⤵
-
\??\c:\hnhtbn.exec:\hnhtbn.exe241⤵