Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 20:38
General
-
Target
09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe
-
Size
95KB
-
MD5
09f37fda7b8df6367968cb640f4d8b00
-
SHA1
204428adf66673ade1ea8b79abb0655e5fa38aca
-
SHA256
a0049debd0cb677baaf88a056f42a0b46f09717997b4bca0f535fcbfb5b97983
-
SHA512
a85b26632fa69b1397c70a78f2d691908199946b9feaf5e06c37ca4d555487ed8007aaac22fed7d6597f7b24a85229336804394704cee0a4d2312442d40608d5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2CC:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gwy5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09f37fda7b8df6367968cb640f4d8b00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbhn.exec:\bttbhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddj.exec:\vpddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfff.exec:\rxrlfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrrl.exec:\fffxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlffx.exec:\xxrlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllx.exec:\rrxxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbh.exec:\hnhhbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvvv.exec:\3vvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffrr.exec:\rflffrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbb.exec:\tthbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdv.exec:\jpjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lllfll.exec:\7lllfll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthhb.exec:\hbthhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbt.exec:\bhntbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrflrl.exec:\fxrflrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtbh.exec:\hnbtbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhb.exec:\tnnnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrffff.exec:\rrrffff.exe24⤵
- Executes dropped EXE
-
\??\c:\1ttnhb.exec:\1ttnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\ttthnh.exec:\ttthnh.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\9xxxlll.exec:\9xxxlll.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlrlxrx.exec:\rlrlxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\ntttbb.exec:\ntttbb.exe32⤵
- Executes dropped EXE
-
\??\c:\7jpjd.exec:\7jpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\9rxrfff.exec:\9rxrfff.exe34⤵
- Executes dropped EXE
-
\??\c:\thtbbb.exec:\thtbbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe40⤵
- Executes dropped EXE
-
\??\c:\rffffrf.exec:\rffffrf.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfrfrl.exec:\xrfrfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\tthbhh.exec:\tthbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\3rxlffx.exec:\3rxlffx.exe46⤵
- Executes dropped EXE
-
\??\c:\3htthb.exec:\3htthb.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe49⤵
- Executes dropped EXE
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhbbt.exec:\nnhbbt.exe53⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe56⤵
- Executes dropped EXE
-
\??\c:\nbtntb.exec:\nbtntb.exe57⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rflfrrr.exec:\rflfrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\hnhhnt.exec:\hnhhnt.exe61⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\5rllflf.exec:\5rllflf.exe64⤵
- Executes dropped EXE
-
\??\c:\thnntn.exec:\thnntn.exe65⤵
- Executes dropped EXE
-
\??\c:\1nttnn.exec:\1nttnn.exe66⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe67⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe68⤵
-
\??\c:\lrxrfxr.exec:\lrxrfxr.exe69⤵
-
\??\c:\7hbhbh.exec:\7hbhbh.exe70⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe71⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe72⤵
-
\??\c:\vppjd.exec:\vppjd.exe73⤵
-
\??\c:\1fllllf.exec:\1fllllf.exe74⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe75⤵
-
\??\c:\vdvjp.exec:\vdvjp.exe76⤵
-
\??\c:\rllxrrl.exec:\rllxrrl.exe77⤵
-
\??\c:\fllrlrl.exec:\fllrlrl.exe78⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe79⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe80⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe81⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe82⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe83⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe84⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe85⤵
-
\??\c:\jvddp.exec:\jvddp.exe86⤵
-
\??\c:\lxflxxx.exec:\lxflxxx.exe87⤵
-
\??\c:\rrllffl.exec:\rrllffl.exe88⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe89⤵
-
\??\c:\pvppj.exec:\pvppj.exe90⤵
-
\??\c:\jddvj.exec:\jddvj.exe91⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe92⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe93⤵
-
\??\c:\dppdp.exec:\dppdp.exe94⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe95⤵
-
\??\c:\bnnhnb.exec:\bnnhnb.exe96⤵
-
\??\c:\rrxxlrx.exec:\rrxxlrx.exe97⤵
-
\??\c:\fxfxfrl.exec:\fxfxfrl.exe98⤵
-
\??\c:\5ntttt.exec:\5ntttt.exe99⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe100⤵
-
\??\c:\1djdp.exec:\1djdp.exe101⤵
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe102⤵
-
\??\c:\flfflxl.exec:\flfflxl.exe103⤵
-
\??\c:\bbbbhh.exec:\bbbbhh.exe104⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe105⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe106⤵
-
\??\c:\ppddj.exec:\ppddj.exe107⤵
-
\??\c:\llfrlfx.exec:\llfrlfx.exe108⤵
-
\??\c:\thhttt.exec:\thhttt.exe109⤵
-
\??\c:\3thhbb.exec:\3thhbb.exe110⤵
-
\??\c:\lffrfxl.exec:\lffrfxl.exe111⤵
-
\??\c:\htttnn.exec:\htttnn.exe112⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe113⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe114⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe115⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe116⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe117⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe118⤵
-
\??\c:\7jppd.exec:\7jppd.exe119⤵
-
\??\c:\7flfxxx.exec:\7flfxxx.exe120⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe121⤵
-
\??\c:\btttnt.exec:\btttnt.exe122⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe123⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe124⤵
-
\??\c:\xlrxxll.exec:\xlrxxll.exe125⤵
-
\??\c:\bbtbht.exec:\bbtbht.exe126⤵
-
\??\c:\bhtbbh.exec:\bhtbbh.exe127⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe128⤵
-
\??\c:\lffrrlf.exec:\lffrrlf.exe129⤵
-
\??\c:\rfxrlfr.exec:\rfxrlfr.exe130⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe131⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe132⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe133⤵
-
\??\c:\1ppdv.exec:\1ppdv.exe134⤵
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe135⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe136⤵
-
\??\c:\9hnbtt.exec:\9hnbtt.exe137⤵
-
\??\c:\1bnbtn.exec:\1bnbtn.exe138⤵
-
\??\c:\3pvjj.exec:\3pvjj.exe139⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe140⤵
-
\??\c:\lfrflfl.exec:\lfrflfl.exe141⤵
-
\??\c:\xlrflrx.exec:\xlrflrx.exe142⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe143⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe144⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe145⤵
-
\??\c:\3pppd.exec:\3pppd.exe146⤵
-
\??\c:\3rffxxf.exec:\3rffxxf.exe147⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe148⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe149⤵
-
\??\c:\1tbtnt.exec:\1tbtnt.exe150⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe151⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe152⤵
-
\??\c:\lflllrx.exec:\lflllrx.exe153⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe154⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe155⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe156⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe157⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe158⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe159⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe160⤵
-
\??\c:\xlrflfx.exec:\xlrflfx.exe161⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe162⤵
-
\??\c:\btnhth.exec:\btnhth.exe163⤵
-
\??\c:\9pjpp.exec:\9pjpp.exe164⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe165⤵
-
\??\c:\lffxfll.exec:\lffxfll.exe166⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe167⤵
-
\??\c:\ddddd.exec:\ddddd.exe168⤵
-
\??\c:\xxrllfx.exec:\xxrllfx.exe169⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe170⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe171⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe172⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe173⤵
-
\??\c:\3lfxrll.exec:\3lfxrll.exe174⤵
-
\??\c:\rlrlrrl.exec:\rlrlrrl.exe175⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe176⤵
-
\??\c:\bbhnbt.exec:\bbhnbt.exe177⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe178⤵
-
\??\c:\xrlxfll.exec:\xrlxfll.exe179⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe180⤵
-
\??\c:\7nnhtt.exec:\7nnhtt.exe181⤵
-
\??\c:\vpppd.exec:\vpppd.exe182⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe183⤵
-
\??\c:\fxfxllr.exec:\fxfxllr.exe184⤵
-
\??\c:\htbttb.exec:\htbttb.exe185⤵
-
\??\c:\thbthh.exec:\thbthh.exe186⤵
-
\??\c:\djjdp.exec:\djjdp.exe187⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe188⤵
-
\??\c:\lflxllf.exec:\lflxllf.exe189⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe190⤵
-
\??\c:\dddjd.exec:\dddjd.exe191⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe192⤵
-
\??\c:\xlrfrxr.exec:\xlrfrxr.exe193⤵
-
\??\c:\7fxxxxr.exec:\7fxxxxr.exe194⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe195⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe196⤵
-
\??\c:\vppjd.exec:\vppjd.exe197⤵
-
\??\c:\lrrxfrx.exec:\lrrxfrx.exe198⤵
-
\??\c:\lflfflf.exec:\lflfflf.exe199⤵
-
\??\c:\bthtnb.exec:\bthtnb.exe200⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe201⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe202⤵
-
\??\c:\3fxffrx.exec:\3fxffrx.exe203⤵
-
\??\c:\rfxxflr.exec:\rfxxflr.exe204⤵
-
\??\c:\5hhnbb.exec:\5hhnbb.exe205⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe206⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe207⤵
-
\??\c:\lrlrfrr.exec:\lrlrfrr.exe208⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe209⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe210⤵
-
\??\c:\1nhnht.exec:\1nhnht.exe211⤵
-
\??\c:\3dpjd.exec:\3dpjd.exe212⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe213⤵
-
\??\c:\xrxxllr.exec:\xrxxllr.exe214⤵
-
\??\c:\3rffrxx.exec:\3rffrxx.exe215⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe216⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe217⤵
-
\??\c:\9btbhb.exec:\9btbhb.exe218⤵
-
\??\c:\vppjd.exec:\vppjd.exe219⤵
-
\??\c:\lfxxlfx.exec:\lfxxlfx.exe220⤵
-
\??\c:\3xxxffl.exec:\3xxxffl.exe221⤵
-
\??\c:\btnhht.exec:\btnhht.exe222⤵
-
\??\c:\vddvp.exec:\vddvp.exe223⤵
-
\??\c:\llxxfxl.exec:\llxxfxl.exe224⤵
-
\??\c:\thbnhb.exec:\thbnhb.exe225⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe226⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe227⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe228⤵
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe229⤵
-
\??\c:\5flxlfl.exec:\5flxlfl.exe230⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe231⤵
-
\??\c:\7tntnh.exec:\7tntnh.exe232⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe233⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe234⤵
-
\??\c:\5llxrlf.exec:\5llxrlf.exe235⤵
-
\??\c:\fllfrrf.exec:\fllfrrf.exe236⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe237⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe238⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe239⤵
-
\??\c:\flrlxxl.exec:\flrlxxl.exe240⤵