Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 10:56
General
-
Target
3ae5c461a00f65a12ce8b9e134a2abacfb876b66c3226cc34317a068e3d995e5_NeikiAnalytics.exe
-
Size
94KB
-
MD5
8326d0860e6d1af3f1dc0e4e9a034540
-
SHA1
0148ea0d3a07402d03b51284e7190ee5c3465529
-
SHA256
3ae5c461a00f65a12ce8b9e134a2abacfb876b66c3226cc34317a068e3d995e5
-
SHA512
2e51be2cd62051a0d6bb1c1d84769ea80f306c9f4c0fe87728e6890157152b68c52045e2113f6e8bab09f6217748ca014a48bde1190e531c88a461818f913c51
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTrP:ymb3NkkiQ3mdBjFIj+qNhvZuHQYfw0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ae5c461a00f65a12ce8b9e134a2abacfb876b66c3226cc34317a068e3d995e5_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3ae5c461a00f65a12ce8b9e134a2abacfb876b66c3226cc34317a068e3d995e5_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvp.exec:\pdvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxlrf.exec:\frxxlrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnn.exec:\hntnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbb.exec:\ttnnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrrrr.exec:\lxlrrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbhh.exec:\3tbbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhb.exec:\nbhhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjj.exec:\5jjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllrr.exec:\lfrllrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbb.exec:\bthhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxll.exec:\rfffxll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhtn.exec:\hhbhtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjj.exec:\vdvjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfllf.exec:\llxfllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnh.exec:\bbhhnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\lflllrl.exec:\lflllrl.exe24⤵
- Executes dropped EXE
-
\??\c:\lrrlllf.exec:\lrrlllf.exe25⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe26⤵
- Executes dropped EXE
-
\??\c:\xrflxxf.exec:\xrflxxf.exe27⤵
- Executes dropped EXE
-
\??\c:\1rxxrlf.exec:\1rxxrlf.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrfxrlx.exec:\lrfxrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlflxx.exec:\rxlflxx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtnth.exec:\hhtnth.exe32⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\fxfrlrr.exec:\fxfrlrr.exe34⤵
- Executes dropped EXE
-
\??\c:\3ttnhh.exec:\3ttnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\7jjvv.exec:\7jjvv.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\3xfxxxf.exec:\3xfxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhtbb.exec:\nnhtbb.exe39⤵
- Executes dropped EXE
-
\??\c:\hhhhtb.exec:\hhhhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\ffrrffl.exec:\ffrrffl.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxfxll.exec:\rrxfxll.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe45⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\flfxxlf.exec:\flfxxlf.exe47⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe48⤵
- Executes dropped EXE
-
\??\c:\nnhhhn.exec:\nnhhhn.exe49⤵
- Executes dropped EXE
-
\??\c:\tbhnhh.exec:\tbhnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\5pvvj.exec:\5pvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe52⤵
- Executes dropped EXE
-
\??\c:\rxfrfff.exec:\rxfrfff.exe53⤵
- Executes dropped EXE
-
\??\c:\frrxrlf.exec:\frrxrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhhth.exec:\nhhhth.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe58⤵
- Executes dropped EXE
-
\??\c:\llfxrrl.exec:\llfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\tttbbt.exec:\tttbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\ntnhhb.exec:\ntnhhb.exe61⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxffxx.exec:\lfxffxx.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\bnnttt.exec:\bnnttt.exe66⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe67⤵
-
\??\c:\xrxrfff.exec:\xrxrfff.exe68⤵
-
\??\c:\frrrrrx.exec:\frrrrrx.exe69⤵
-
\??\c:\9thbbb.exec:\9thbbb.exe70⤵
-
\??\c:\nbbbbt.exec:\nbbbbt.exe71⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe72⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe73⤵
-
\??\c:\xfrxlxf.exec:\xfrxlxf.exe74⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe75⤵
-
\??\c:\jdddj.exec:\jdddj.exe76⤵
-
\??\c:\lxffrrr.exec:\lxffrrr.exe77⤵
-
\??\c:\xlllffx.exec:\xlllffx.exe78⤵
-
\??\c:\btbntn.exec:\btbntn.exe79⤵
-
\??\c:\httthh.exec:\httthh.exe80⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe81⤵
-
\??\c:\xfffxrl.exec:\xfffxrl.exe82⤵
-
\??\c:\bhbtht.exec:\bhbtht.exe83⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe84⤵
-
\??\c:\xrrxffl.exec:\xrrxffl.exe85⤵
-
\??\c:\frllfxl.exec:\frllfxl.exe86⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe87⤵
-
\??\c:\vddjj.exec:\vddjj.exe88⤵
-
\??\c:\ffxxrlf.exec:\ffxxrlf.exe89⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe90⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe91⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe92⤵
-
\??\c:\7xxxrrr.exec:\7xxxrrr.exe93⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe94⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe95⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe96⤵
-
\??\c:\9rrrllx.exec:\9rrrllx.exe97⤵
-
\??\c:\5tnhtt.exec:\5tnhtt.exe98⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe99⤵
-
\??\c:\jpddd.exec:\jpddd.exe100⤵
-
\??\c:\rxxxfff.exec:\rxxxfff.exe101⤵
-
\??\c:\3bttnh.exec:\3bttnh.exe102⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe103⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe104⤵
-
\??\c:\fxlllll.exec:\fxlllll.exe105⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe106⤵
-
\??\c:\7tnhtt.exec:\7tnhtt.exe107⤵
-
\??\c:\vdppj.exec:\vdppj.exe108⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe109⤵
-
\??\c:\7rrrlxx.exec:\7rrrlxx.exe110⤵
-
\??\c:\btnbnh.exec:\btnbnh.exe111⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe112⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe113⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe114⤵
-
\??\c:\xrffffx.exec:\xrffffx.exe115⤵
-
\??\c:\9fllxxl.exec:\9fllxxl.exe116⤵
-
\??\c:\hnnhhb.exec:\hnnhhb.exe117⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe118⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe119⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe120⤵
-
\??\c:\lrxrxxf.exec:\lrxrxxf.exe121⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe122⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe123⤵
-
\??\c:\xlllfxf.exec:\xlllfxf.exe124⤵
-
\??\c:\xllffxx.exec:\xllffxx.exe125⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe126⤵
-
\??\c:\7pdvp.exec:\7pdvp.exe127⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe128⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe129⤵
-
\??\c:\xxlllfl.exec:\xxlllfl.exe130⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe131⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe132⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe133⤵
-
\??\c:\7djdv.exec:\7djdv.exe134⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe135⤵
-
\??\c:\fxlffxx.exec:\fxlffxx.exe136⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe137⤵
-
\??\c:\7nntnn.exec:\7nntnn.exe138⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe139⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe140⤵
-
\??\c:\xrrlffr.exec:\xrrlffr.exe141⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe142⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe143⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe144⤵
-
\??\c:\dddvp.exec:\dddvp.exe145⤵
-
\??\c:\xlxxfxr.exec:\xlxxfxr.exe146⤵
-
\??\c:\bhhnhh.exec:\bhhnhh.exe147⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe148⤵
-
\??\c:\7lfxllf.exec:\7lfxllf.exe149⤵
-
\??\c:\fxrxxfx.exec:\fxrxxfx.exe150⤵
-
\??\c:\ntbbnt.exec:\ntbbnt.exe151⤵
-
\??\c:\5hnhnn.exec:\5hnhnn.exe152⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe153⤵
-
\??\c:\xllrfrl.exec:\xllrfrl.exe154⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe155⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe156⤵
-
\??\c:\xxxlxlf.exec:\xxxlxlf.exe157⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe158⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe159⤵
-
\??\c:\jdddp.exec:\jdddp.exe160⤵
-
\??\c:\nnhhht.exec:\nnhhht.exe161⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe162⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe163⤵
-
\??\c:\fllfffx.exec:\fllfffx.exe164⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe165⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe166⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe167⤵
-
\??\c:\btnnth.exec:\btnnth.exe168⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe169⤵
-
\??\c:\jvddv.exec:\jvddv.exe170⤵
-
\??\c:\rfrxlll.exec:\rfrxlll.exe171⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe172⤵
-
\??\c:\vdvdv.exec:\vdvdv.exe173⤵
-
\??\c:\1fffflf.exec:\1fffflf.exe174⤵
-
\??\c:\lxfflrf.exec:\lxfflrf.exe175⤵
-
\??\c:\bhhbtb.exec:\bhhbtb.exe176⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe177⤵
-
\??\c:\djddd.exec:\djddd.exe178⤵
-
\??\c:\rrrxfll.exec:\rrrxfll.exe179⤵
-
\??\c:\lfxffff.exec:\lfxffff.exe180⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe181⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe182⤵
-
\??\c:\hnttbh.exec:\hnttbh.exe183⤵
-
\??\c:\ppppj.exec:\ppppj.exe184⤵
-
\??\c:\xfffllr.exec:\xfffllr.exe185⤵
-
\??\c:\3llxxfl.exec:\3llxxfl.exe186⤵
-
\??\c:\htttnn.exec:\htttnn.exe187⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe188⤵
-
\??\c:\ntnnht.exec:\ntnnht.exe189⤵
-
\??\c:\3vppj.exec:\3vppj.exe190⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe191⤵
-
\??\c:\xrxxrxl.exec:\xrxxrxl.exe192⤵
-
\??\c:\xlfxxff.exec:\xlfxxff.exe193⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe194⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe195⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe196⤵
-
\??\c:\frfxrxx.exec:\frfxrxx.exe197⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe198⤵
-
\??\c:\hbbhht.exec:\hbbhht.exe199⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe200⤵
-
\??\c:\7vddv.exec:\7vddv.exe201⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe202⤵
-
\??\c:\xxllffx.exec:\xxllffx.exe203⤵
-
\??\c:\1bbbbh.exec:\1bbbbh.exe204⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe205⤵
-
\??\c:\5dddd.exec:\5dddd.exe206⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe207⤵
-
\??\c:\xxxxffl.exec:\xxxxffl.exe208⤵
-
\??\c:\lrllllr.exec:\lrllllr.exe209⤵
-
\??\c:\bttthb.exec:\bttthb.exe210⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe211⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe212⤵
-
\??\c:\7djjd.exec:\7djjd.exe213⤵
-
\??\c:\1fllfll.exec:\1fllfll.exe214⤵
-
\??\c:\1rlllll.exec:\1rlllll.exe215⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe216⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe217⤵
-
\??\c:\1dvdv.exec:\1dvdv.exe218⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe219⤵
-
\??\c:\frxffll.exec:\frxffll.exe220⤵
-
\??\c:\3rrrrrr.exec:\3rrrrrr.exe221⤵
-
\??\c:\thnttb.exec:\thnttb.exe222⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe223⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe224⤵
-
\??\c:\djvvp.exec:\djvvp.exe225⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe226⤵
-
\??\c:\rrrrrrl.exec:\rrrrrrl.exe227⤵
-
\??\c:\lfrrflx.exec:\lfrrflx.exe228⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe229⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe230⤵
-
\??\c:\djjdp.exec:\djjdp.exe231⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe232⤵
-
\??\c:\ppddd.exec:\ppddd.exe233⤵
-
\??\c:\9lfxrrf.exec:\9lfxrrf.exe234⤵
-
\??\c:\fllllll.exec:\fllllll.exe235⤵
-
\??\c:\3tttnt.exec:\3tttnt.exe236⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe237⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe238⤵
-
\??\c:\9lxrxxl.exec:\9lxrxxl.exe239⤵
-
\??\c:\xlxxrrr.exec:\xlxxrrr.exe240⤵