Analysis
-
max time kernel
149s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 20:12
General
-
Target
0900ac89e62ad767ba8f3d8680949280_NeikiAnalytics.exe
-
Size
68KB
-
MD5
0900ac89e62ad767ba8f3d8680949280
-
SHA1
344f8b2a0800592a7dc792ef9ee2df785ac9212b
-
SHA256
e7634c816c626607edcddc8cbb8fd7dd303369fa5bc96b6d7d4aacfa94bbf70f
-
SHA512
e6f319b66656a49396e86b9fa244789646001b3ba5ca147430a9ea513ab50256143ecbe8d1b902163471239c6b526c5cbbe83ef373dc7cd967e0b73ad556955a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/I:ymb3NkkiQ3mdBjF0yjcsMQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0900ac89e62ad767ba8f3d8680949280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0900ac89e62ad767ba8f3d8680949280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfrr.exec:\lfllfrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhhn.exec:\bnbhhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhn.exec:\nhhbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjd.exec:\9jpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lflxlr.exec:\5lflxlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllll.exec:\llrllll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnhh.exec:\3bnnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllllf.exec:\flllllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrffx.exec:\fxfrffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfrlrr.exec:\5rfrlrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtt.exec:\hhbbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjd.exec:\vvdjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxr.exec:\fllfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxfx.exec:\rllfxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe24⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\flrlrrr.exec:\flrlrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\7fxxffl.exec:\7fxxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\9bnntt.exec:\9bnntt.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe30⤵
- Executes dropped EXE
-
\??\c:\flrlfxr.exec:\flrlfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnhnn.exec:\hbnhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\lxxrrll.exec:\lxxrrll.exe34⤵
- Executes dropped EXE
-
\??\c:\rxffxxx.exec:\rxffxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\1hnhht.exec:\1hnhht.exe36⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\5nbnhh.exec:\5nbnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnnbb.exec:\ttnnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\rlrlxxl.exec:\rlrlxxl.exe43⤵
- Executes dropped EXE
-
\??\c:\xlfrrxx.exec:\xlfrrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\tbbtht.exec:\tbbtht.exe46⤵
- Executes dropped EXE
-
\??\c:\vvvpv.exec:\vvvpv.exe47⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\9rllfxr.exec:\9rllfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe51⤵
- Executes dropped EXE
-
\??\c:\1jjdd.exec:\1jjdd.exe52⤵
- Executes dropped EXE
-
\??\c:\llxrllf.exec:\llxrllf.exe53⤵
- Executes dropped EXE
-
\??\c:\nttnbn.exec:\nttnbn.exe54⤵
- Executes dropped EXE
-
\??\c:\5hhhhn.exec:\5hhhhn.exe55⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\hbbhbb.exec:\hbbhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe61⤵
- Executes dropped EXE
-
\??\c:\3llfxxx.exec:\3llfxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\frxxrxr.exec:\frxxrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe64⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe66⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe67⤵
-
\??\c:\xrrxrxr.exec:\xrrxrxr.exe68⤵
-
\??\c:\lfrrllf.exec:\lfrrllf.exe69⤵
-
\??\c:\httbbn.exec:\httbbn.exe70⤵
-
\??\c:\ttbtbt.exec:\ttbtbt.exe71⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe72⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe73⤵
-
\??\c:\rlrlrff.exec:\rlrlrff.exe74⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe75⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe76⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe77⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe78⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe79⤵
-
\??\c:\lrxrlrl.exec:\lrxrlrl.exe80⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe81⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe82⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe83⤵
-
\??\c:\flfxrrr.exec:\flfxrrr.exe84⤵
-
\??\c:\fflxxlx.exec:\fflxxlx.exe85⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe86⤵
-
\??\c:\5hhhhn.exec:\5hhhhn.exe87⤵
-
\??\c:\jjppj.exec:\jjppj.exe88⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe89⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe90⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe91⤵
-
\??\c:\1nhhtt.exec:\1nhhtt.exe92⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe93⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe94⤵
-
\??\c:\7lllflf.exec:\7lllflf.exe95⤵
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe96⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe97⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe98⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe99⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe100⤵
-
\??\c:\thttnn.exec:\thttnn.exe101⤵
-
\??\c:\5dddp.exec:\5dddp.exe102⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe103⤵
-
\??\c:\fxflxxx.exec:\fxflxxx.exe104⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe105⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe106⤵
-
\??\c:\xxffflr.exec:\xxffflr.exe107⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe108⤵
-
\??\c:\tnhtbb.exec:\tnhtbb.exe109⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe110⤵
-
\??\c:\djppv.exec:\djppv.exe111⤵
-
\??\c:\rfffffr.exec:\rfffffr.exe112⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe113⤵
-
\??\c:\pjddv.exec:\pjddv.exe114⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe115⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe116⤵
-
\??\c:\rfllllr.exec:\rfllllr.exe117⤵
-
\??\c:\hhbbht.exec:\hhbbht.exe118⤵
-
\??\c:\5djdv.exec:\5djdv.exe119⤵
-
\??\c:\fllfrfr.exec:\fllfrfr.exe120⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe121⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe122⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe123⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe124⤵
-
\??\c:\1xfxxrl.exec:\1xfxxrl.exe125⤵
-
\??\c:\nnbbtb.exec:\nnbbtb.exe126⤵
-
\??\c:\bhhbth.exec:\bhhbth.exe127⤵
-
\??\c:\pjddp.exec:\pjddp.exe128⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe129⤵
-
\??\c:\xxffxrf.exec:\xxffxrf.exe130⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe131⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe132⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe133⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe134⤵
-
\??\c:\1flfxxx.exec:\1flfxxx.exe135⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe136⤵
-
\??\c:\tnnnht.exec:\tnnnht.exe137⤵
-
\??\c:\ddddv.exec:\ddddv.exe138⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe139⤵
-
\??\c:\rrxxxxr.exec:\rrxxxxr.exe140⤵
-
\??\c:\llllrxr.exec:\llllrxr.exe141⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe142⤵
-
\??\c:\djvpj.exec:\djvpj.exe143⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe144⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe145⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe146⤵
-
\??\c:\5ttttn.exec:\5ttttn.exe147⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe148⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe149⤵
-
\??\c:\lrrrlrr.exec:\lrrrlrr.exe150⤵
-
\??\c:\lrffxfx.exec:\lrffxfx.exe151⤵
-
\??\c:\btttnn.exec:\btttnn.exe152⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe153⤵
-
\??\c:\dppvd.exec:\dppvd.exe154⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe155⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe156⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe157⤵
-
\??\c:\nnbbth.exec:\nnbbth.exe158⤵
-
\??\c:\bbhthb.exec:\bbhthb.exe159⤵
-
\??\c:\djpjd.exec:\djpjd.exe160⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe161⤵
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe162⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe163⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe164⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe165⤵
-
\??\c:\fffflxr.exec:\fffflxr.exe166⤵
-
\??\c:\xllfrxr.exec:\xllfrxr.exe167⤵
-
\??\c:\1bbtbh.exec:\1bbtbh.exe168⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe169⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe170⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe171⤵
-
\??\c:\xffxxll.exec:\xffxxll.exe172⤵
-
\??\c:\nthnbh.exec:\nthnbh.exe173⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe174⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe175⤵
-
\??\c:\jvddd.exec:\jvddd.exe176⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe177⤵
-
\??\c:\ttnnbb.exec:\ttnnbb.exe178⤵
-
\??\c:\hbhhbt.exec:\hbhhbt.exe179⤵
-
\??\c:\jpppp.exec:\jpppp.exe180⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe181⤵
-
\??\c:\lxllffl.exec:\lxllffl.exe182⤵
-
\??\c:\1lfxllx.exec:\1lfxllx.exe183⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe184⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe185⤵
-
\??\c:\lflrfff.exec:\lflrfff.exe186⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe187⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe188⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe189⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe190⤵
-
\??\c:\7llrlrl.exec:\7llrlrl.exe191⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe192⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe193⤵
-
\??\c:\flrffff.exec:\flrffff.exe194⤵
-
\??\c:\5nbbbh.exec:\5nbbbh.exe195⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe196⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe197⤵
-
\??\c:\djvvv.exec:\djvvv.exe198⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe199⤵
-
\??\c:\1xfxllf.exec:\1xfxllf.exe200⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe201⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe202⤵
-
\??\c:\dppjv.exec:\dppjv.exe203⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe204⤵
-
\??\c:\ffllfrf.exec:\ffllfrf.exe205⤵
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe206⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe207⤵
-
\??\c:\7btnnt.exec:\7btnnt.exe208⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe209⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe210⤵
-
\??\c:\frrlffl.exec:\frrlffl.exe211⤵
-
\??\c:\xfrrlff.exec:\xfrrlff.exe212⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe213⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe214⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe215⤵
-
\??\c:\xflllff.exec:\xflllff.exe216⤵
-
\??\c:\rlfxflr.exec:\rlfxflr.exe217⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe218⤵
-
\??\c:\9bntnb.exec:\9bntnb.exe219⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe220⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe221⤵
-
\??\c:\dvddp.exec:\dvddp.exe222⤵
-
\??\c:\flrlxfx.exec:\flrlxfx.exe223⤵
-
\??\c:\lfflfxx.exec:\lfflfxx.exe224⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe225⤵
-
\??\c:\nnhtth.exec:\nnhtth.exe226⤵
-
\??\c:\hbnhbh.exec:\hbnhbh.exe227⤵
-
\??\c:\vpddd.exec:\vpddd.exe228⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe229⤵
-
\??\c:\lxfxxff.exec:\lxfxxff.exe230⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe231⤵
-
\??\c:\9tbhht.exec:\9tbhht.exe232⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe233⤵
-
\??\c:\7pppp.exec:\7pppp.exe234⤵
-
\??\c:\dvddp.exec:\dvddp.exe235⤵
-
\??\c:\lflxxxr.exec:\lflxxxr.exe236⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe237⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe238⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe239⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe240⤵