Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 13:06
General
-
Target
516dfbd0eddc02ecafcec50af6ccee4204afa9e0e29db79c70f83ff9f2e4f43e_NeikiAnalytics.exe
-
Size
130KB
-
MD5
272dfb049c9fe4fa9c0d382c14bc5e00
-
SHA1
b9542b1d2e2dc2521387f84bf28b0e3a9670ab78
-
SHA256
516dfbd0eddc02ecafcec50af6ccee4204afa9e0e29db79c70f83ff9f2e4f43e
-
SHA512
e3693ef4acad5ba6e273f0b3d95ca3940302ec94e2f56bc0b9203493e49b45035aafe4ab4b1313e1a3dcec775489f20a7e98371e0a180c72915739148079d924
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGoXVS:n3C9BRW0j/1px+dG4VS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\516dfbd0eddc02ecafcec50af6ccee4204afa9e0e29db79c70f83ff9f2e4f43e_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\516dfbd0eddc02ecafcec50af6ccee4204afa9e0e29db79c70f83ff9f2e4f43e_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lffxrr.exec:\5lffxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllfl.exec:\fflllfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhtn.exec:\hnnhtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxlfx.exec:\rfxxlfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbth.exec:\tnhbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpv.exec:\vvdpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvp.exec:\jpjvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlrr.exec:\xrlxlrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhbtn.exec:\9hhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpd.exec:\dddpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlll.exec:\xxxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbt.exec:\thhhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrllf.exec:\lxfrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbtn.exec:\bbbbtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbbb.exec:\9nhbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpd.exec:\1vvpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfxrr.exec:\rfxfxrr.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\ffllxxx.exec:\ffllxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\bttttn.exec:\bttttn.exe28⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\fllfrlx.exec:\fllfrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\5djpd.exec:\5djpd.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxlfrl.exec:\lrxlfrl.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\5rflrxl.exec:\5rflrxl.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnhbn.exec:\nbnhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxrxrl.exec:\xxxrxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\9rlfrfx.exec:\9rlfrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\9xllfff.exec:\9xllfff.exe46⤵
- Executes dropped EXE
-
\??\c:\llfrfxr.exec:\llfrfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\5ttthh.exec:\5ttthh.exe48⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe50⤵
- Executes dropped EXE
-
\??\c:\rrfxlll.exec:\rrfxlll.exe51⤵
- Executes dropped EXE
-
\??\c:\bhnbhb.exec:\bhnbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\tbnnbb.exec:\tbnnbb.exe53⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\rllrllf.exec:\rllrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\xrxfrrl.exec:\xrxfrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nthhbt.exec:\nthhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\hhhbtb.exec:\hhhbtb.exe59⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxlrlf.exec:\xrxlrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\hhbnhb.exec:\hhbnhb.exe63⤵
- Executes dropped EXE
-
\??\c:\9dvpj.exec:\9dvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\7fllrll.exec:\7fllrll.exe66⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe67⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe68⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe69⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe70⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe71⤵
-
\??\c:\fxrxrrl.exec:\fxrxrrl.exe72⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe73⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe74⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe75⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe76⤵
-
\??\c:\nthhnh.exec:\nthhnh.exe77⤵
-
\??\c:\bhbbtn.exec:\bhbbtn.exe78⤵
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe79⤵
-
\??\c:\xrlffrx.exec:\xrlffrx.exe80⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe81⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe82⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe83⤵
-
\??\c:\7lrlffr.exec:\7lrlffr.exe84⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe85⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe86⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe87⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe88⤵
-
\??\c:\rfflfrl.exec:\rfflfrl.exe89⤵
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe90⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe91⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe92⤵
-
\??\c:\ppddd.exec:\ppddd.exe93⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe94⤵
-
\??\c:\lrxfxfx.exec:\lrxfxfx.exe95⤵
-
\??\c:\1btnhh.exec:\1btnhh.exe96⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe97⤵
-
\??\c:\frrlxxl.exec:\frrlxxl.exe98⤵
-
\??\c:\1llfrrl.exec:\1llfrrl.exe99⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe100⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe101⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe102⤵
-
\??\c:\rxlfxxl.exec:\rxlfxxl.exe103⤵
-
\??\c:\bnhbnb.exec:\bnhbnb.exe104⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe105⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe106⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe107⤵
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe108⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe109⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe110⤵
-
\??\c:\pddpd.exec:\pddpd.exe111⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe112⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe113⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe114⤵
-
\??\c:\1tbbtb.exec:\1tbbtb.exe115⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe116⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe117⤵
-
\??\c:\fxxlxrf.exec:\fxxlxrf.exe118⤵
-
\??\c:\btthbt.exec:\btthbt.exe119⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe120⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe121⤵
-
\??\c:\rlllxrx.exec:\rlllxrx.exe122⤵
-
\??\c:\7bhhbb.exec:\7bhhbb.exe123⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe124⤵
-
\??\c:\dddvp.exec:\dddvp.exe125⤵
-
\??\c:\nbbtht.exec:\nbbtht.exe126⤵
-
\??\c:\dppdd.exec:\dppdd.exe127⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe128⤵
-
\??\c:\rfxllfx.exec:\rfxllfx.exe129⤵
-
\??\c:\7bbnnh.exec:\7bbnnh.exe130⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe131⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe132⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe133⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe134⤵
-
\??\c:\httnhb.exec:\httnhb.exe135⤵
-
\??\c:\1btntt.exec:\1btntt.exe136⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe137⤵
-
\??\c:\9pppd.exec:\9pppd.exe138⤵
-
\??\c:\rlfxrrf.exec:\rlfxrrf.exe139⤵
-
\??\c:\7rfxrlf.exec:\7rfxrlf.exe140⤵
-
\??\c:\bttntt.exec:\bttntt.exe141⤵
-
\??\c:\1hhhbt.exec:\1hhhbt.exe142⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe143⤵
-
\??\c:\fxrfxrl.exec:\fxrfxrl.exe144⤵
-
\??\c:\rlflfrl.exec:\rlflfrl.exe145⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe146⤵
-
\??\c:\1tttbb.exec:\1tttbb.exe147⤵
-
\??\c:\jvddp.exec:\jvddp.exe148⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe149⤵
-
\??\c:\9rfxxxr.exec:\9rfxxxr.exe150⤵
-
\??\c:\rxllxxf.exec:\rxllxxf.exe151⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe152⤵
-
\??\c:\9thtbh.exec:\9thtbh.exe153⤵
-
\??\c:\jppjd.exec:\jppjd.exe154⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe155⤵
-
\??\c:\7rrxrrl.exec:\7rrxrrl.exe156⤵
-
\??\c:\xllfrlr.exec:\xllfrlr.exe157⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe158⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe159⤵
-
\??\c:\1rlfxxr.exec:\1rlfxxr.exe160⤵
-
\??\c:\htbbbt.exec:\htbbbt.exe161⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe162⤵
-
\??\c:\9jjdp.exec:\9jjdp.exe163⤵
-
\??\c:\xfxxrrl.exec:\xfxxrrl.exe164⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe165⤵
-
\??\c:\vpddv.exec:\vpddv.exe166⤵
-
\??\c:\7lxxrrl.exec:\7lxxrrl.exe167⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe168⤵
-
\??\c:\1pppj.exec:\1pppj.exe169⤵
-
\??\c:\llffrlf.exec:\llffrlf.exe170⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe171⤵
-
\??\c:\htnnbt.exec:\htnnbt.exe172⤵
-
\??\c:\pddpd.exec:\pddpd.exe173⤵
-
\??\c:\rlxlrll.exec:\rlxlrll.exe174⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe175⤵
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe176⤵
-
\??\c:\5ttnnn.exec:\5ttnnn.exe177⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe178⤵
-
\??\c:\xlxrllf.exec:\xlxrllf.exe179⤵
-
\??\c:\5nbtnn.exec:\5nbtnn.exe180⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe181⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe182⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe183⤵
-
\??\c:\fffflfr.exec:\fffflfr.exe184⤵
-
\??\c:\lxlxrlf.exec:\lxlxrlf.exe185⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe186⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe187⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe188⤵
-
\??\c:\5rrrllf.exec:\5rrrllf.exe189⤵
-
\??\c:\9bhhnt.exec:\9bhhnt.exe190⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe191⤵
-
\??\c:\fffllrr.exec:\fffllrr.exe192⤵
-
\??\c:\9lffxff.exec:\9lffxff.exe193⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe194⤵
-
\??\c:\xxfxxxl.exec:\xxfxxxl.exe195⤵
-
\??\c:\9hhhbh.exec:\9hhhbh.exe196⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe197⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe198⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe199⤵
-
\??\c:\hhttnt.exec:\hhttnt.exe200⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe201⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe202⤵
-
\??\c:\lxlxxrf.exec:\lxlxxrf.exe203⤵
-
\??\c:\tntnhb.exec:\tntnhb.exe204⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe205⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe206⤵
-
\??\c:\fxxrxrl.exec:\fxxrxrl.exe207⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe208⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe209⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe210⤵
-
\??\c:\vpppd.exec:\vpppd.exe211⤵
-
\??\c:\xlllxrl.exec:\xlllxrl.exe212⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe213⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe214⤵
-
\??\c:\djjdd.exec:\djjdd.exe215⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe216⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe217⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe218⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe219⤵
-
\??\c:\pddvp.exec:\pddvp.exe220⤵
-
\??\c:\9ffrfxr.exec:\9ffrfxr.exe221⤵
-
\??\c:\flxfxfr.exec:\flxfxfr.exe222⤵
-
\??\c:\3ttthb.exec:\3ttthb.exe223⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe224⤵
-
\??\c:\pppvj.exec:\pppvj.exe225⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe226⤵
-
\??\c:\hntttn.exec:\hntttn.exe227⤵
-
\??\c:\9tbthh.exec:\9tbthh.exe228⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe229⤵
-
\??\c:\lfxlxrl.exec:\lfxlxrl.exe230⤵
-
\??\c:\xlrlrrl.exec:\xlrlrrl.exe231⤵
-
\??\c:\thhhnn.exec:\thhhnn.exe232⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe233⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe234⤵
-
\??\c:\rlfllrr.exec:\rlfllrr.exe235⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe236⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe237⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe238⤵
-
\??\c:\dppjv.exec:\dppjv.exe239⤵
-
\??\c:\xlfxffr.exec:\xlfxffr.exe240⤵