Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 08:01
General
-
Target
d8e516e3df8b4147c3272626e263c5a0_NeikiAnalytics.exe
-
Size
226KB
-
MD5
d8e516e3df8b4147c3272626e263c5a0
-
SHA1
f33e2e9a47b4c7290a8fa150a5ee2c2a64ab1aeb
-
SHA256
afdc3edbe2bb2e06278b691f183ceec861b842eec987dcb0d78233e1ca02f474
-
SHA512
dca26e8724573b4bff7d37738423726d81d6ef29a0b77ef0fe8429e35d2786da0d7acc6f20f6cb69606ddcc3bdbec7214132a1a8ff079863f6bfcd1f5578053e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x47Wjr:n3C9BRo7MlrWKo+lxRr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d8e516e3df8b4147c3272626e263c5a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d8e516e3df8b4147c3272626e263c5a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhnh.exec:\nbbhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflllf.exec:\frflllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthb.exec:\bbtthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjv.exec:\7vjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrrr.exec:\xxllrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhn.exec:\htnhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflllxx.exec:\xflllxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnn.exec:\hhtnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrlll.exec:\3xxrlll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhthb.exec:\nbhthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvd.exec:\ppdvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhbh.exec:\9hhhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxlf.exec:\lrrxxlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntn.exec:\tntntn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtbt.exec:\hnbtbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlflfr.exec:\rxlflfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpj.exec:\ddjpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbhn.exec:\hnbbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\xlfxrrx.exec:\xlfxrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\ththhn.exec:\ththhn.exe26⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe27⤵
- Executes dropped EXE
-
\??\c:\9nhbbb.exec:\9nhbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\lfflfxf.exec:\lfflfxf.exe29⤵
- Executes dropped EXE
-
\??\c:\bbhntn.exec:\bbhntn.exe30⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\nthbbb.exec:\nthbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\9pdvv.exec:\9pdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\bhhbht.exec:\bhhbht.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\3hhttt.exec:\3hhttt.exe39⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe40⤵
- Executes dropped EXE
-
\??\c:\frfffff.exec:\frfffff.exe41⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\lxrxfll.exec:\lxrxfll.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe45⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\xxfrfxr.exec:\xxfrfxr.exe48⤵
- Executes dropped EXE
-
\??\c:\nbtbhb.exec:\nbtbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxlllr.exec:\xxxlllr.exe51⤵
- Executes dropped EXE
-
\??\c:\1ntttt.exec:\1ntttt.exe52⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\5pvvp.exec:\5pvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\rrrxrxr.exec:\rrrxrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe56⤵
- Executes dropped EXE
-
\??\c:\9jjdd.exec:\9jjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\7dpjd.exec:\7dpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\btbtth.exec:\btbtth.exe59⤵
- Executes dropped EXE
-
\??\c:\7vvdv.exec:\7vvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe61⤵
- Executes dropped EXE
-
\??\c:\llxlfff.exec:\llxlfff.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\flxllxf.exec:\flxllxf.exe64⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbbnt.exec:\tbbbnt.exe66⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe67⤵
-
\??\c:\xxrfxrf.exec:\xxrfxrf.exe68⤵
-
\??\c:\nbnhht.exec:\nbnhht.exe69⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe70⤵
-
\??\c:\ffxxffx.exec:\ffxxffx.exe71⤵
-
\??\c:\bttttn.exec:\bttttn.exe72⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe73⤵
-
\??\c:\pjddv.exec:\pjddv.exe74⤵
-
\??\c:\lflflll.exec:\lflflll.exe75⤵
-
\??\c:\9rfxrxr.exec:\9rfxrxr.exe76⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe77⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe78⤵
-
\??\c:\5fffffl.exec:\5fffffl.exe79⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe80⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe81⤵
-
\??\c:\jjppj.exec:\jjppj.exe82⤵
-
\??\c:\fxrfffl.exec:\fxrfffl.exe83⤵
-
\??\c:\3xxxxff.exec:\3xxxxff.exe84⤵
-
\??\c:\bbtthn.exec:\bbtthn.exe85⤵
-
\??\c:\7dddv.exec:\7dddv.exe86⤵
-
\??\c:\llfrrfl.exec:\llfrrfl.exe87⤵
-
\??\c:\bnhtnb.exec:\bnhtnb.exe88⤵
-
\??\c:\1nbttb.exec:\1nbttb.exe89⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe90⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe91⤵
-
\??\c:\7flffrr.exec:\7flffrr.exe92⤵
-
\??\c:\9hnhhn.exec:\9hnhhn.exe93⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe94⤵
-
\??\c:\llrrlrr.exec:\llrrlrr.exe95⤵
-
\??\c:\ffxrxxx.exec:\ffxrxxx.exe96⤵
-
\??\c:\9tnntb.exec:\9tnntb.exe97⤵
-
\??\c:\pvddd.exec:\pvddd.exe98⤵
-
\??\c:\rllffff.exec:\rllffff.exe99⤵
-
\??\c:\frfllff.exec:\frfllff.exe100⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe101⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe102⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe103⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe104⤵
-
\??\c:\1flllrl.exec:\1flllrl.exe105⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe106⤵
-
\??\c:\tbntbh.exec:\tbntbh.exe107⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe108⤵
-
\??\c:\rlxxfxf.exec:\rlxxfxf.exe109⤵
-
\??\c:\xffrrxf.exec:\xffrrxf.exe110⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe111⤵
-
\??\c:\jppdp.exec:\jppdp.exe112⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe113⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe114⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe115⤵
-
\??\c:\7xlffff.exec:\7xlffff.exe116⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe117⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe118⤵
-
\??\c:\xllffrr.exec:\xllffrr.exe119⤵
-
\??\c:\fflfxrl.exec:\fflfxrl.exe120⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe121⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe122⤵
-
\??\c:\lxxrlll.exec:\lxxrlll.exe123⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe124⤵
-
\??\c:\nbbttn.exec:\nbbttn.exe125⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe126⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe127⤵
-
\??\c:\rrxxrlf.exec:\rrxxrlf.exe128⤵
-
\??\c:\nnthtn.exec:\nnthtn.exe129⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe130⤵
-
\??\c:\pddjp.exec:\pddjp.exe131⤵
-
\??\c:\5xfxffl.exec:\5xfxffl.exe132⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe133⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe134⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe135⤵
-
\??\c:\llrlxff.exec:\llrlxff.exe136⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe137⤵
-
\??\c:\dvddv.exec:\dvddv.exe138⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe139⤵
-
\??\c:\7llfxxx.exec:\7llfxxx.exe140⤵
-
\??\c:\nbbbth.exec:\nbbbth.exe141⤵
-
\??\c:\3dddv.exec:\3dddv.exe142⤵
-
\??\c:\5jvpp.exec:\5jvpp.exe143⤵
-
\??\c:\nnthnt.exec:\nnthnt.exe144⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe145⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe146⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe147⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe148⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe149⤵
-
\??\c:\bbhttb.exec:\bbhttb.exe150⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe151⤵
-
\??\c:\rrfrffl.exec:\rrfrffl.exe152⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe153⤵
-
\??\c:\1rrffll.exec:\1rrffll.exe154⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe155⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe156⤵
-
\??\c:\rfrllrl.exec:\rfrllrl.exe157⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe158⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe159⤵
-
\??\c:\5xllfff.exec:\5xllfff.exe160⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe161⤵
-
\??\c:\pdddd.exec:\pdddd.exe162⤵
-
\??\c:\ttntbh.exec:\ttntbh.exe163⤵
-
\??\c:\btbttb.exec:\btbttb.exe164⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe165⤵
-
\??\c:\xfrlfff.exec:\xfrlfff.exe166⤵
-
\??\c:\nbthnh.exec:\nbthnh.exe167⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe168⤵
-
\??\c:\pdppj.exec:\pdppj.exe169⤵
-
\??\c:\ffxffrr.exec:\ffxffrr.exe170⤵
-
\??\c:\xfxxllx.exec:\xfxxllx.exe171⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe172⤵
-
\??\c:\dddjd.exec:\dddjd.exe173⤵
-
\??\c:\fxrrflf.exec:\fxrrflf.exe174⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe175⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe176⤵
-
\??\c:\djjdv.exec:\djjdv.exe177⤵
-
\??\c:\rlfrxrl.exec:\rlfrxrl.exe178⤵
-
\??\c:\thbtht.exec:\thbtht.exe179⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe180⤵
-
\??\c:\xxfxllf.exec:\xxfxllf.exe181⤵
-
\??\c:\nntbht.exec:\nntbht.exe182⤵
-
\??\c:\pdddd.exec:\pdddd.exe183⤵
-
\??\c:\7rfxrrx.exec:\7rfxrrx.exe184⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe185⤵
-
\??\c:\ddppv.exec:\ddppv.exe186⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe187⤵
-
\??\c:\lrxxflr.exec:\lrxxflr.exe188⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe189⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe190⤵
-
\??\c:\lffllll.exec:\lffllll.exe191⤵
-
\??\c:\7ffrrfx.exec:\7ffrrfx.exe192⤵
-
\??\c:\htttnb.exec:\htttnb.exe193⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe194⤵
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe195⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe196⤵
-
\??\c:\thnntt.exec:\thnntt.exe197⤵
-
\??\c:\7pvvp.exec:\7pvvp.exe198⤵
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe199⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe200⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe201⤵
-
\??\c:\djjdv.exec:\djjdv.exe202⤵
-
\??\c:\fflrfrl.exec:\fflrfrl.exe203⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe204⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe205⤵
-
\??\c:\5dddd.exec:\5dddd.exe206⤵
-
\??\c:\rlfrrxr.exec:\rlfrrxr.exe207⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe208⤵
-
\??\c:\thtbbh.exec:\thtbbh.exe209⤵
-
\??\c:\vvddd.exec:\vvddd.exe210⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe211⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe212⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe213⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe214⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe215⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe216⤵
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe217⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe218⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe219⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe220⤵
-
\??\c:\xrlfflr.exec:\xrlfflr.exe221⤵
-
\??\c:\fxxrrxx.exec:\fxxrrxx.exe222⤵
-
\??\c:\nhbhht.exec:\nhbhht.exe223⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe224⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe225⤵
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe226⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe227⤵
-
\??\c:\djjdp.exec:\djjdp.exe228⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe229⤵
-
\??\c:\9btnbb.exec:\9btnbb.exe230⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe231⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe232⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe233⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe234⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe235⤵
-
\??\c:\5rrlllf.exec:\5rrlllf.exe236⤵
-
\??\c:\nbbnth.exec:\nbbnth.exe237⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe238⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe239⤵
-
\??\c:\fllfxxx.exec:\fllfxxx.exe240⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe241⤵