Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 09:56
General
-
Target
3139894665b6d7807050767a43b0650c16b12c611ef138bf06dc24c765b757c1_NeikiAnalytics.exe
-
Size
361KB
-
MD5
8a2bd3831513d8477c4acf61d2bf0c70
-
SHA1
668c84c854130bbb90ce016fa094646a21226573
-
SHA256
3139894665b6d7807050767a43b0650c16b12c611ef138bf06dc24c765b757c1
-
SHA512
707a270aaea949a5001ef4ea4861c437f4226cd0fe536f3ae18115af1005a425db39f716f6fdf27795699826d9780d12ac9f5e8dba85c4f6908d9fecd5a0eddb
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7a:n3C9uYA71kSMu08px7a
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3139894665b6d7807050767a43b0650c16b12c611ef138bf06dc24c765b757c1_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3139894665b6d7807050767a43b0650c16b12c611ef138bf06dc24c765b757c1_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrlllr.exec:\3lrlllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffx.exec:\fxlxffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlrrf.exec:\1frlrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtn.exec:\thnbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbt.exec:\hhhbbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlllr.exec:\xxrlllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbt.exec:\nnnhbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffffl.exec:\lxffffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnn.exec:\thtnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnt.exec:\bnttnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxfl.exec:\xlrxxfl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhh.exec:\tnhhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbbh.exec:\7thbbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbt.exec:\hthbbt.exe23⤵
- Executes dropped EXE
-
\??\c:\ffrlfxf.exec:\ffrlfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrfxxx.exec:\rlrfxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\3tnnhh.exec:\3tnnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe34⤵
- Executes dropped EXE
-
\??\c:\jpjjp.exec:\jpjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\9bbtnb.exec:\9bbtnb.exe37⤵
- Executes dropped EXE
-
\??\c:\bbhhhh.exec:\bbhhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe39⤵
- Executes dropped EXE
-
\??\c:\llrlfll.exec:\llrlfll.exe40⤵
- Executes dropped EXE
-
\??\c:\xxxxflr.exec:\xxxxflr.exe41⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe42⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe43⤵
- Executes dropped EXE
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\fffflrr.exec:\fffflrr.exe45⤵
- Executes dropped EXE
-
\??\c:\bhtbbb.exec:\bhtbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\1dvvv.exec:\1dvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\xlrrxrl.exec:\xlrrxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\bhhhhb.exec:\bhhhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\7jjdd.exec:\7jjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\rxlrlrl.exec:\rxlrlrl.exe55⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe56⤵
- Executes dropped EXE
-
\??\c:\ttthhh.exec:\ttthhh.exe57⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe58⤵
- Executes dropped EXE
-
\??\c:\lrrlxrf.exec:\lrrlxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\tbnnnt.exec:\tbnnnt.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\3rflfff.exec:\3rflfff.exe63⤵
- Executes dropped EXE
-
\??\c:\7btnhh.exec:\7btnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe65⤵
- Executes dropped EXE
-
\??\c:\7ffxlfx.exec:\7ffxlfx.exe66⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe67⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe68⤵
-
\??\c:\ffxfxxf.exec:\ffxfxxf.exe69⤵
-
\??\c:\htnhhb.exec:\htnhhb.exe70⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe71⤵
-
\??\c:\3xllffx.exec:\3xllffx.exe72⤵
-
\??\c:\btbnht.exec:\btbnht.exe73⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe74⤵
-
\??\c:\5frlxxl.exec:\5frlxxl.exe75⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe76⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe77⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe78⤵
-
\??\c:\xxxlllr.exec:\xxxlllr.exe79⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe80⤵
-
\??\c:\5vpdv.exec:\5vpdv.exe81⤵
-
\??\c:\5rrfrrf.exec:\5rrfrrf.exe82⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe83⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe84⤵
-
\??\c:\dppdv.exec:\dppdv.exe85⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe86⤵
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe87⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe88⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe89⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe90⤵
-
\??\c:\lfrfxrl.exec:\lfrfxrl.exe91⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe92⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe93⤵
-
\??\c:\jppjv.exec:\jppjv.exe94⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe95⤵
-
\??\c:\xlxllfl.exec:\xlxllfl.exe96⤵
-
\??\c:\3nbthb.exec:\3nbthb.exe97⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe98⤵
-
\??\c:\7ppdv.exec:\7ppdv.exe99⤵
-
\??\c:\xxrfxrr.exec:\xxrfxrr.exe100⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe101⤵
-
\??\c:\9nhbnn.exec:\9nhbnn.exe102⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe103⤵
-
\??\c:\dppjv.exec:\dppjv.exe104⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe105⤵
-
\??\c:\bttntb.exec:\bttntb.exe106⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe107⤵
-
\??\c:\dppjd.exec:\dppjd.exe108⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe109⤵
-
\??\c:\3nhbtn.exec:\3nhbtn.exe110⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe111⤵
-
\??\c:\xlffrlf.exec:\xlffrlf.exe112⤵
-
\??\c:\1hbnhb.exec:\1hbnhb.exe113⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe114⤵
-
\??\c:\frxlflf.exec:\frxlflf.exe115⤵
-
\??\c:\9lfrfxr.exec:\9lfrfxr.exe116⤵
-
\??\c:\nnbnht.exec:\nnbnht.exe117⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe118⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe119⤵
-
\??\c:\ffxrlll.exec:\ffxrlll.exe120⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe121⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe122⤵
-
\??\c:\1pvjv.exec:\1pvjv.exe123⤵
-
\??\c:\xrfrrlf.exec:\xrfrrlf.exe124⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe125⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe126⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe127⤵
-
\??\c:\7xxlllx.exec:\7xxlllx.exe128⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe129⤵
-
\??\c:\3ttntn.exec:\3ttntn.exe130⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe131⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe132⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe133⤵
-
\??\c:\ntbnnh.exec:\ntbnnh.exe134⤵
-
\??\c:\bttnbt.exec:\bttnbt.exe135⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe136⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe137⤵
-
\??\c:\3ffrfxr.exec:\3ffrfxr.exe138⤵
-
\??\c:\nhthnh.exec:\nhthnh.exe139⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe140⤵
-
\??\c:\djpdp.exec:\djpdp.exe141⤵
-
\??\c:\3rrfxrl.exec:\3rrfxrl.exe142⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe143⤵
-
\??\c:\5htthh.exec:\5htthh.exe144⤵
-
\??\c:\pddvj.exec:\pddvj.exe145⤵
-
\??\c:\flffrrf.exec:\flffrrf.exe146⤵
-
\??\c:\fflfrfr.exec:\fflfrfr.exe147⤵
-
\??\c:\htthbb.exec:\htthbb.exe148⤵
-
\??\c:\ntbnhb.exec:\ntbnhb.exe149⤵
-
\??\c:\vddvp.exec:\vddvp.exe150⤵
-
\??\c:\5lrfxxl.exec:\5lrfxxl.exe151⤵
-
\??\c:\fxxlfxf.exec:\fxxlfxf.exe152⤵
-
\??\c:\5tnnhb.exec:\5tnnhb.exe153⤵
-
\??\c:\1pppd.exec:\1pppd.exe154⤵
-
\??\c:\dppdp.exec:\dppdp.exe155⤵
-
\??\c:\xrxfrll.exec:\xrxfrll.exe156⤵
-
\??\c:\rrxlxrx.exec:\rrxlxrx.exe157⤵
-
\??\c:\bnhbhh.exec:\bnhbhh.exe158⤵
-
\??\c:\pddvv.exec:\pddvv.exe159⤵
-
\??\c:\pjppp.exec:\pjppp.exe160⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe161⤵
-
\??\c:\thnntt.exec:\thnntt.exe162⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe163⤵
-
\??\c:\llxflrx.exec:\llxflrx.exe164⤵
-
\??\c:\xrxflll.exec:\xrxflll.exe165⤵
-
\??\c:\tbnbhb.exec:\tbnbhb.exe166⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe167⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe168⤵
-
\??\c:\5rfxxxf.exec:\5rfxxxf.exe169⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe170⤵
-
\??\c:\hhhhbt.exec:\hhhhbt.exe171⤵
-
\??\c:\jddvp.exec:\jddvp.exe172⤵
-
\??\c:\7lllffx.exec:\7lllffx.exe173⤵
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe174⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe175⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe176⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe177⤵
-
\??\c:\frrfrlf.exec:\frrfrlf.exe178⤵
-
\??\c:\1xfrffx.exec:\1xfrffx.exe179⤵
-
\??\c:\7hhbnn.exec:\7hhbnn.exe180⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe181⤵
-
\??\c:\1jdvp.exec:\1jdvp.exe182⤵
-
\??\c:\lxlxfrx.exec:\lxlxfrx.exe183⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe184⤵
-
\??\c:\bhtttn.exec:\bhtttn.exe185⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe186⤵
-
\??\c:\7lfxrrr.exec:\7lfxrrr.exe187⤵
-
\??\c:\xlffrxl.exec:\xlffrxl.exe188⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe189⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe190⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe191⤵
-
\??\c:\rfrrxxx.exec:\rfrrxxx.exe192⤵
-
\??\c:\1frxrxx.exec:\1frxrxx.exe193⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe194⤵
-
\??\c:\bhbttn.exec:\bhbttn.exe195⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe196⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe197⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe198⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe199⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe200⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe201⤵
-
\??\c:\5flfxxx.exec:\5flfxxx.exe202⤵
-
\??\c:\ffllfll.exec:\ffllfll.exe203⤵
-
\??\c:\9bbttt.exec:\9bbttt.exe204⤵
-
\??\c:\jjppd.exec:\jjppd.exe205⤵
-
\??\c:\vpppj.exec:\vpppj.exe206⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe207⤵
-
\??\c:\ffrxllr.exec:\ffrxllr.exe208⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe209⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe210⤵
-
\??\c:\rrxrxrr.exec:\rrxrxrr.exe211⤵
-
\??\c:\rfxrrxx.exec:\rfxrrxx.exe212⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe213⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe214⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe215⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe216⤵
-
\??\c:\3hnhhn.exec:\3hnhhn.exe217⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe218⤵
-
\??\c:\pjddj.exec:\pjddj.exe219⤵
-
\??\c:\lffxllx.exec:\lffxllx.exe220⤵
-
\??\c:\hnnntn.exec:\hnnntn.exe221⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe222⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe223⤵
-
\??\c:\5fffxrr.exec:\5fffxrr.exe224⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe225⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe226⤵
-
\??\c:\vvddd.exec:\vvddd.exe227⤵
-
\??\c:\fxxrxff.exec:\fxxrxff.exe228⤵
-
\??\c:\flrllrr.exec:\flrllrr.exe229⤵
-
\??\c:\hnnnnh.exec:\hnnnnh.exe230⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe231⤵
-
\??\c:\frfxrll.exec:\frfxrll.exe232⤵
-
\??\c:\ffxrrxr.exec:\ffxrrxr.exe233⤵
-
\??\c:\ttbbbt.exec:\ttbbbt.exe234⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe235⤵
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe236⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe237⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe238⤵
-
\??\c:\9ddvp.exec:\9ddvp.exe239⤵
-
\??\c:\xfrrffx.exec:\xfrrffx.exe240⤵
-
\??\c:\7rrrlll.exec:\7rrrlll.exe241⤵