Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 19:28
General
-
Target
07898069b5da6cce55d807570617e6c0_NeikiAnalytics.exe
-
Size
144KB
-
MD5
07898069b5da6cce55d807570617e6c0
-
SHA1
882a2d26928c3d1bf53361a971cd9428577eafff
-
SHA256
0fe4a8b06ae60384c506bce2c541651d72dd34cb176fbf92ddc48f6e16d45e33
-
SHA512
c6b98ee11e8462977f745769d2c4e38f76ccbb6a9dfce0d8ea2d1585ca1f4ebc28b612a3b1488a251dcf7585ee4e1c88213a414c71a166f01cdd1283d9148e7a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmklgQ2:n3C9BRosxW8MFHLMW7Q2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07898069b5da6cce55d807570617e6c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\07898069b5da6cce55d807570617e6c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnbtb.exec:\9hnbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjv.exec:\1vvjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtnh.exec:\3nhtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdv.exec:\3djdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfrxx.exec:\7flfrxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrrfx.exec:\1lrrrfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhthb.exec:\bhhthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpj.exec:\7jdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlxlfr.exec:\7rlxlfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfxlx.exec:\frrfxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhb.exec:\bbtnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjd.exec:\5ppjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfrl.exec:\lrxlfrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrlfr.exec:\fxfrlfr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnt.exec:\nhbtnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vddv.exec:\9vddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lffxxl.exec:\7lffxxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbt.exec:\bnhhbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe23⤵
- Executes dropped EXE
-
\??\c:\9fxxlfx.exec:\9fxxlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbnbh.exec:\nnbnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\7jpdj.exec:\7jpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxrffxl.exec:\lxrffxl.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrffrr.exec:\fxrffrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\7jppd.exec:\7jppd.exe31⤵
- Executes dropped EXE
-
\??\c:\7vjdd.exec:\7vjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\ttnbtt.exec:\ttnbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\bntbnt.exec:\bntbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe35⤵
- Executes dropped EXE
-
\??\c:\lflrfff.exec:\lflrfff.exe36⤵
- Executes dropped EXE
-
\??\c:\1xrlxff.exec:\1xrlxff.exe37⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnhhn.exec:\nhnhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe42⤵
- Executes dropped EXE
-
\??\c:\bbnhhb.exec:\bbnhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe45⤵
- Executes dropped EXE
-
\??\c:\flllrrf.exec:\flllrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\1ffxxxx.exec:\1ffxxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrllfx.exec:\rlrllfx.exe51⤵
- Executes dropped EXE
-
\??\c:\1djjd.exec:\1djjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xflllll.exec:\xflllll.exe53⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\7ttnhh.exec:\7ttnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\5vjjv.exec:\5vjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\7flfxxr.exec:\7flfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\nnbttb.exec:\nnbttb.exe60⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe61⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\llfffff.exec:\llfffff.exe63⤵
- Executes dropped EXE
-
\??\c:\3fllfll.exec:\3fllfll.exe64⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe66⤵
-
\??\c:\dpppj.exec:\dpppj.exe67⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe68⤵
-
\??\c:\lffflfl.exec:\lffflfl.exe69⤵
-
\??\c:\xffffff.exec:\xffffff.exe70⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe71⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe72⤵
-
\??\c:\1jppd.exec:\1jppd.exe73⤵
-
\??\c:\rrffflf.exec:\rrffflf.exe74⤵
-
\??\c:\xxxxlll.exec:\xxxxlll.exe75⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe76⤵
-
\??\c:\dddvp.exec:\dddvp.exe77⤵
-
\??\c:\dddpp.exec:\dddpp.exe78⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe79⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe80⤵
-
\??\c:\3bhbtt.exec:\3bhbtt.exe81⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe82⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe83⤵
-
\??\c:\3rlfxlf.exec:\3rlfxlf.exe84⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe85⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe86⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe87⤵
-
\??\c:\dppjj.exec:\dppjj.exe88⤵
-
\??\c:\ffrlrxf.exec:\ffrlrxf.exe89⤵
-
\??\c:\nntttb.exec:\nntttb.exe90⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe91⤵
-
\??\c:\vpppd.exec:\vpppd.exe92⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe93⤵
-
\??\c:\1rxrrrl.exec:\1rxrrrl.exe94⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe95⤵
-
\??\c:\hhtttb.exec:\hhtttb.exe96⤵
-
\??\c:\djjdd.exec:\djjdd.exe97⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe98⤵
-
\??\c:\frllffx.exec:\frllffx.exe99⤵
-
\??\c:\9lrrlrr.exec:\9lrrlrr.exe100⤵
-
\??\c:\thtntt.exec:\thtntt.exe101⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe102⤵
-
\??\c:\9dddv.exec:\9dddv.exe103⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe104⤵
-
\??\c:\llfflxl.exec:\llfflxl.exe105⤵
-
\??\c:\ttnhnh.exec:\ttnhnh.exe106⤵
-
\??\c:\hbbhth.exec:\hbbhth.exe107⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe108⤵
-
\??\c:\dpppd.exec:\dpppd.exe109⤵
-
\??\c:\rrxlfrr.exec:\rrxlfrr.exe110⤵
-
\??\c:\thtbbb.exec:\thtbbb.exe111⤵
-
\??\c:\5nbtnn.exec:\5nbtnn.exe112⤵
-
\??\c:\3hhbtb.exec:\3hhbtb.exe113⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe114⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe115⤵
-
\??\c:\rlxxxfx.exec:\rlxxxfx.exe116⤵
-
\??\c:\5tttnh.exec:\5tttnh.exe117⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe118⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe119⤵
-
\??\c:\lrlrflf.exec:\lrlrflf.exe120⤵
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe121⤵
-
\??\c:\btttnt.exec:\btttnt.exe122⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe123⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe124⤵
-
\??\c:\llrfffx.exec:\llrfffx.exe125⤵
-
\??\c:\frrrlff.exec:\frrrlff.exe126⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe127⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe128⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe129⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe130⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe131⤵
-
\??\c:\bbtnhn.exec:\bbtnhn.exe132⤵
-
\??\c:\djvvp.exec:\djvvp.exe133⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe134⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe135⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe136⤵
-
\??\c:\1lllllx.exec:\1lllllx.exe137⤵
-
\??\c:\xxllllr.exec:\xxllllr.exe138⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe139⤵
-
\??\c:\vppjj.exec:\vppjj.exe140⤵
-
\??\c:\pppjd.exec:\pppjd.exe141⤵
-
\??\c:\3lffrrl.exec:\3lffrrl.exe142⤵
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe143⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe144⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe145⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe146⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe147⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe148⤵
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe149⤵
-
\??\c:\xrrlrrf.exec:\xrrlrrf.exe150⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe151⤵
-
\??\c:\tbtbhh.exec:\tbtbhh.exe152⤵
-
\??\c:\dpppd.exec:\dpppd.exe153⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe154⤵
-
\??\c:\1lxrxxf.exec:\1lxrxxf.exe155⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe156⤵
-
\??\c:\5xffxfx.exec:\5xffxfx.exe157⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe158⤵
-
\??\c:\ppppp.exec:\ppppp.exe159⤵
-
\??\c:\3pppj.exec:\3pppj.exe160⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe161⤵
-
\??\c:\3llffff.exec:\3llffff.exe162⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe163⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe164⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe165⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe166⤵
-
\??\c:\rrllffx.exec:\rrllffx.exe167⤵
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe168⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe169⤵
-
\??\c:\5bbbbb.exec:\5bbbbb.exe170⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe171⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe172⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe173⤵
-
\??\c:\9lrlrrl.exec:\9lrlrrl.exe174⤵
-
\??\c:\lrflffx.exec:\lrflffx.exe175⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe176⤵
-
\??\c:\hntnht.exec:\hntnht.exe177⤵
-
\??\c:\ppppp.exec:\ppppp.exe178⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe179⤵
-
\??\c:\xffffff.exec:\xffffff.exe180⤵
-
\??\c:\5frxxfr.exec:\5frxxfr.exe181⤵
-
\??\c:\hnnbnb.exec:\hnnbnb.exe182⤵
-
\??\c:\1nbbbb.exec:\1nbbbb.exe183⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe184⤵
-
\??\c:\llxxxrr.exec:\llxxxrr.exe185⤵
-
\??\c:\rxxfxxr.exec:\rxxfxxr.exe186⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe187⤵
-
\??\c:\jjppd.exec:\jjppd.exe188⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe189⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe190⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe191⤵
-
\??\c:\1pdpj.exec:\1pdpj.exe192⤵
-
\??\c:\xflrllf.exec:\xflrllf.exe193⤵
-
\??\c:\5rlfxxr.exec:\5rlfxxr.exe194⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe195⤵
-
\??\c:\3djvv.exec:\3djvv.exe196⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe197⤵
-
\??\c:\xfrxfrx.exec:\xfrxfrx.exe198⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe199⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe200⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe201⤵
-
\??\c:\xxxffff.exec:\xxxffff.exe202⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe203⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe204⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe205⤵
-
\??\c:\1vvjv.exec:\1vvjv.exe206⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe207⤵
-
\??\c:\hhhnnn.exec:\hhhnnn.exe208⤵
-
\??\c:\nbbttb.exec:\nbbttb.exe209⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe210⤵
-
\??\c:\9fxrllf.exec:\9fxrllf.exe211⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe212⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe213⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe214⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe215⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe216⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe217⤵
-
\??\c:\thnbnh.exec:\thnbnh.exe218⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe219⤵
-
\??\c:\djddj.exec:\djddj.exe220⤵
-
\??\c:\dppjj.exec:\dppjj.exe221⤵
-
\??\c:\frrxrff.exec:\frrxrff.exe222⤵
-
\??\c:\rlffxlf.exec:\rlffxlf.exe223⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe224⤵
-
\??\c:\nnthbh.exec:\nnthbh.exe225⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe226⤵
-
\??\c:\lflllrx.exec:\lflllrx.exe227⤵
-
\??\c:\lrfxxxx.exec:\lrfxxxx.exe228⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe229⤵
-
\??\c:\3tbnnt.exec:\3tbnnt.exe230⤵
-
\??\c:\ppppp.exec:\ppppp.exe231⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe232⤵
-
\??\c:\flfrlfr.exec:\flfrlfr.exe233⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe234⤵
-
\??\c:\hbtnbh.exec:\hbtnbh.exe235⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe236⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe237⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe238⤵
-
\??\c:\rfxlxxr.exec:\rfxlxxr.exe239⤵
-
\??\c:\llfllll.exec:\llfllll.exe240⤵