Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 07:29
General
-
Target
1a73c415b80e34342bf1106d06341de1749e98c94b0f785b62e506f3538e3065_NeikiAnalytics.exe
-
Size
76KB
-
MD5
e410c09aa53435fc5a29f33b324e9f40
-
SHA1
a828d13bb6317571a93a5265a945501288fcbcb0
-
SHA256
1a73c415b80e34342bf1106d06341de1749e98c94b0f785b62e506f3538e3065
-
SHA512
d4ba38c83bb4c598dccda461c4ac7f09a4bcb93b483beda6586500ff1bf36f36e282836e02a62c2a95fc4b7d7ae5be464aaaf285de4cfce75e5d78ba7be9c939
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8gu3Gno9yvrjKX:ymb3NkkiQ3mdBjFo68t3Gno9IU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a73c415b80e34342bf1106d06341de1749e98c94b0f785b62e506f3538e3065_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1a73c415b80e34342bf1106d06341de1749e98c94b0f785b62e506f3538e3065_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxrf.exec:\lrrfxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhh.exec:\hhnhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdj.exec:\pdjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllll.exec:\frrllll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffllx.exec:\xxffllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxfx.exec:\xxxxxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxxx.exec:\fxflxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttbn.exec:\nbttbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfflff.exec:\lrfflff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffffll.exec:\7ffffll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhbbt.exec:\7hhbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjp.exec:\jjvjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxfl.exec:\llxxxfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllffff.exec:\fllffff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthhn.exec:\nnthhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdj.exec:\jjjdj.exe23⤵
- Executes dropped EXE
-
\??\c:\7jvvd.exec:\7jvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\llxrrll.exec:\llxrrll.exe25⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\fffxrxx.exec:\fffxrxx.exe27⤵
- Executes dropped EXE
-
\??\c:\lllffrf.exec:\lllffrf.exe28⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe29⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlffff.exec:\rxlffff.exe31⤵
- Executes dropped EXE
-
\??\c:\thhnth.exec:\thhnth.exe32⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe33⤵
- Executes dropped EXE
-
\??\c:\rrllrrf.exec:\rrllrrf.exe34⤵
- Executes dropped EXE
-
\??\c:\rxllfxx.exec:\rxllfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\tbntnt.exec:\tbntnt.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe37⤵
- Executes dropped EXE
-
\??\c:\ffflrxl.exec:\ffflrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe40⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe42⤵
- Executes dropped EXE
-
\??\c:\9ntbtt.exec:\9ntbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\llxlflf.exec:\llxlflf.exe45⤵
- Executes dropped EXE
-
\??\c:\xxlxfff.exec:\xxlxfff.exe46⤵
- Executes dropped EXE
-
\??\c:\bhhhhn.exec:\bhhhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\btnhhn.exec:\btnhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\3xffllx.exec:\3xffllx.exe51⤵
- Executes dropped EXE
-
\??\c:\bbttbb.exec:\bbttbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\nbhhbh.exec:\nbhhbh.exe54⤵
- Executes dropped EXE
-
\??\c:\1jppp.exec:\1jppp.exe55⤵
- Executes dropped EXE
-
\??\c:\xffllxx.exec:\xffllxx.exe56⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxflllr.exec:\lxflllr.exe59⤵
- Executes dropped EXE
-
\??\c:\httbhn.exec:\httbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe61⤵
- Executes dropped EXE
-
\??\c:\ddjvd.exec:\ddjvd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\lllfrrr.exec:\lllfrrr.exe66⤵
-
\??\c:\hnnnnh.exec:\hnnnnh.exe67⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe68⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe69⤵
-
\??\c:\lfxxlrr.exec:\lfxxlrr.exe70⤵
-
\??\c:\httnhh.exec:\httnhh.exe71⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe72⤵
-
\??\c:\vpppj.exec:\vpppj.exe73⤵
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe74⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe75⤵
-
\??\c:\bhhbnb.exec:\bhhbnb.exe76⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe77⤵
-
\??\c:\xxfllxr.exec:\xxfllxr.exe78⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe79⤵
-
\??\c:\ntbbtb.exec:\ntbbtb.exe80⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe81⤵
-
\??\c:\9vpdv.exec:\9vpdv.exe82⤵
-
\??\c:\fxxrffr.exec:\fxxrffr.exe83⤵
-
\??\c:\hhbthb.exec:\hhbthb.exe84⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe85⤵
-
\??\c:\flxxfxx.exec:\flxxfxx.exe86⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe87⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe88⤵
-
\??\c:\pppjv.exec:\pppjv.exe89⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe90⤵
-
\??\c:\ffxffff.exec:\ffxffff.exe91⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe92⤵
-
\??\c:\1hnhhb.exec:\1hnhhb.exe93⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe94⤵
-
\??\c:\djddd.exec:\djddd.exe95⤵
-
\??\c:\flrrllr.exec:\flrrllr.exe96⤵
-
\??\c:\nbbttb.exec:\nbbttb.exe97⤵
-
\??\c:\tbhbhh.exec:\tbhbhh.exe98⤵
-
\??\c:\bnttth.exec:\bnttth.exe99⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe100⤵
-
\??\c:\jpppp.exec:\jpppp.exe101⤵
-
\??\c:\xxrrffl.exec:\xxrrffl.exe102⤵
-
\??\c:\7nbhbb.exec:\7nbhbb.exe103⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe104⤵
-
\??\c:\dppjj.exec:\dppjj.exe105⤵
-
\??\c:\llxxxrr.exec:\llxxxrr.exe106⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe107⤵
-
\??\c:\fxxxfff.exec:\fxxxfff.exe108⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe109⤵
-
\??\c:\btbtnb.exec:\btbtnb.exe110⤵
-
\??\c:\djjpd.exec:\djjpd.exe111⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe112⤵
-
\??\c:\fllfxxf.exec:\fllfxxf.exe113⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe114⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe115⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe116⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe117⤵
-
\??\c:\jjppp.exec:\jjppp.exe118⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe119⤵
-
\??\c:\tnbtht.exec:\tnbtht.exe120⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe121⤵
-
\??\c:\lfxlfxl.exec:\lfxlfxl.exe122⤵
-
\??\c:\fllrlfx.exec:\fllrlfx.exe123⤵
-
\??\c:\bhbhhh.exec:\bhbhhh.exe124⤵
-
\??\c:\3flxllx.exec:\3flxllx.exe125⤵
-
\??\c:\3nntnh.exec:\3nntnh.exe126⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe127⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe128⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe129⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe130⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe131⤵
-
\??\c:\rlffrxx.exec:\rlffrxx.exe132⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe133⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe134⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe135⤵
-
\??\c:\9fxxffl.exec:\9fxxffl.exe136⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe137⤵
-
\??\c:\9dvvp.exec:\9dvvp.exe138⤵
-
\??\c:\djjdv.exec:\djjdv.exe139⤵
-
\??\c:\9rrxrrx.exec:\9rrxrrx.exe140⤵
-
\??\c:\tbnbnh.exec:\tbnbnh.exe141⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe142⤵
-
\??\c:\3pppp.exec:\3pppp.exe143⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe144⤵
-
\??\c:\rflffff.exec:\rflffff.exe145⤵
-
\??\c:\hnhbnh.exec:\hnhbnh.exe146⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe147⤵
-
\??\c:\dppjp.exec:\dppjp.exe148⤵
-
\??\c:\xlrxlfr.exec:\xlrxlfr.exe149⤵
-
\??\c:\3flfxlr.exec:\3flfxlr.exe150⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe151⤵
-
\??\c:\djvpj.exec:\djvpj.exe152⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe153⤵
-
\??\c:\lrllflx.exec:\lrllflx.exe154⤵
-
\??\c:\1bhhht.exec:\1bhhht.exe155⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe156⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe157⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe158⤵
-
\??\c:\9frxxxf.exec:\9frxxxf.exe159⤵
-
\??\c:\rfrxfrr.exec:\rfrxfrr.exe160⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe161⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe162⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe163⤵
-
\??\c:\fxxrlrl.exec:\fxxrlrl.exe164⤵
-
\??\c:\rxxrxxx.exec:\rxxrxxx.exe165⤵
-
\??\c:\9hntbb.exec:\9hntbb.exe166⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe167⤵
-
\??\c:\3ddjj.exec:\3ddjj.exe168⤵
-
\??\c:\djvjv.exec:\djvjv.exe169⤵
-
\??\c:\9lrxfrl.exec:\9lrxfrl.exe170⤵
-
\??\c:\hnhtnb.exec:\hnhtnb.exe171⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe172⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe173⤵
-
\??\c:\llxflff.exec:\llxflff.exe174⤵
-
\??\c:\xlfffll.exec:\xlfffll.exe175⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe176⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe177⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe178⤵
-
\??\c:\fflllfl.exec:\fflllfl.exe179⤵
-
\??\c:\bhhhht.exec:\bhhhht.exe180⤵
-
\??\c:\hhnhtn.exec:\hhnhtn.exe181⤵
-
\??\c:\vddvj.exec:\vddvj.exe182⤵
-
\??\c:\xfxrrrl.exec:\xfxrrrl.exe183⤵
-
\??\c:\lllfxll.exec:\lllfxll.exe184⤵
-
\??\c:\bnhbnt.exec:\bnhbnt.exe185⤵
-
\??\c:\pvppv.exec:\pvppv.exe186⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe187⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe188⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe189⤵
-
\??\c:\jppjp.exec:\jppjp.exe190⤵
-
\??\c:\1lxxxff.exec:\1lxxxff.exe191⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe192⤵
-
\??\c:\9thttn.exec:\9thttn.exe193⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe194⤵
-
\??\c:\fxlrrlx.exec:\fxlrrlx.exe195⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe196⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe197⤵
-
\??\c:\vppjp.exec:\vppjp.exe198⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe199⤵
-
\??\c:\lxfxfrx.exec:\lxfxfrx.exe200⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe201⤵
-
\??\c:\pvddp.exec:\pvddp.exe202⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe203⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe204⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe205⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe206⤵
-
\??\c:\jddvj.exec:\jddvj.exe207⤵
-
\??\c:\1ffxxxr.exec:\1ffxxxr.exe208⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe209⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe210⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe211⤵
-
\??\c:\ffllxfx.exec:\ffllxfx.exe212⤵
-
\??\c:\lflrxrx.exec:\lflrxrx.exe213⤵
-
\??\c:\btbttt.exec:\btbttt.exe214⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe215⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe216⤵
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe217⤵
-
\??\c:\tbttnb.exec:\tbttnb.exe218⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe219⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe220⤵
-
\??\c:\jddvv.exec:\jddvv.exe221⤵
-
\??\c:\frrffff.exec:\frrffff.exe222⤵
-
\??\c:\rxllffl.exec:\rxllffl.exe223⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe224⤵
-
\??\c:\1djpp.exec:\1djpp.exe225⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe226⤵
-
\??\c:\lxlrrxx.exec:\lxlrrxx.exe227⤵
-
\??\c:\lrffflf.exec:\lrffflf.exe228⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe229⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe230⤵
-
\??\c:\jjppv.exec:\jjppv.exe231⤵
-
\??\c:\7xxrlrr.exec:\7xxrlrr.exe232⤵
-
\??\c:\lrlllrx.exec:\lrlllrx.exe233⤵
-
\??\c:\thhbht.exec:\thhbht.exe234⤵
-
\??\c:\5ntnnt.exec:\5ntnnt.exe235⤵
-
\??\c:\pvddv.exec:\pvddv.exe236⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe237⤵
-
\??\c:\7lrfffx.exec:\7lrfffx.exe238⤵
-
\??\c:\llrxfxx.exec:\llrxfxx.exe239⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe240⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe241⤵