Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 03:43
General
-
Target
15d1775c23c7f30ecbc07f68ae880070_NeikiAnalytics.exe
-
Size
59KB
-
MD5
15d1775c23c7f30ecbc07f68ae880070
-
SHA1
eaf40127ad377ef7cfaf39ece814355639309273
-
SHA256
da2d197e7c7f378541aa9a0d3634ac49e1ce4d09cbabba0367820c2f26de0b67
-
SHA512
22d1af4954dca8c1881887538f29bec3365d6dee17e81a3e7081d85df018f77252f1a0b6085fba2cc1c94b6295d175f64cd46266ee129277ca264283307da5ac
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzk:ymb3NkkiQ3mdBjFIvlA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15d1775c23c7f30ecbc07f68ae880070_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\15d1775c23c7f30ecbc07f68ae880070_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjv.exec:\dppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlrl.exec:\llfrlrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnh.exec:\hbnhnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvd.exec:\5ddvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlflfx.exec:\3xlflfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthbb.exec:\5tthbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjpv.exec:\3jjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrrx.exec:\frfrrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ppjd.exec:\1ppjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrlfx.exec:\7fxrlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxllx.exec:\rxfxllx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntnn.exec:\htntnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvv.exec:\1jdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjd.exec:\5jpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxrr.exec:\rflfxrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\5lrlfxr.exec:\5lrlfxr.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5ntnhh.exec:\5ntnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\5pjjp.exec:\5pjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\5xxrrfx.exec:\5xxrrfx.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnttn.exec:\ntnttn.exe30⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe31⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\rlfrllx.exec:\rlfrllx.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrrxlf.exec:\xxrrxlf.exe35⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe38⤵
- Executes dropped EXE
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\1vjdd.exec:\1vjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\3xxrxxx.exec:\3xxrxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\3xffxrl.exec:\3xffxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnthh.exec:\tnnthh.exe46⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\rxrrlll.exec:\rxrrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxxrxx.exec:\lxxxrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\1ttnhn.exec:\1ttnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\5pvpd.exec:\5pvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\rrxrffx.exec:\rrxrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\thtbtt.exec:\thtbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\1btnhb.exec:\1btnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe57⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\llfxrrl.exec:\llfxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhbth.exec:\tnhbth.exe61⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe63⤵
- Executes dropped EXE
-
\??\c:\7rllrrr.exec:\7rllrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\3tttbt.exec:\3tttbt.exe65⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe66⤵
-
\??\c:\jjppj.exec:\jjppj.exe67⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe68⤵
-
\??\c:\lfllxlf.exec:\lfllxlf.exe69⤵
-
\??\c:\rlrlxrr.exec:\rlrlxrr.exe70⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe71⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe72⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe73⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe74⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe75⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe76⤵
-
\??\c:\1nhhbn.exec:\1nhhbn.exe77⤵
-
\??\c:\hntnnb.exec:\hntnnb.exe78⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe79⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe80⤵
-
\??\c:\7rflflf.exec:\7rflflf.exe81⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe82⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe83⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe84⤵
-
\??\c:\jddpj.exec:\jddpj.exe85⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe86⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe87⤵
-
\??\c:\1fffrrf.exec:\1fffrrf.exe88⤵
-
\??\c:\7ttthh.exec:\7ttthh.exe89⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe90⤵
-
\??\c:\vppdv.exec:\vppdv.exe91⤵
-
\??\c:\frxrrlr.exec:\frxrrlr.exe92⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe93⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe94⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe95⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe96⤵
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe97⤵
-
\??\c:\rxffllr.exec:\rxffllr.exe98⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe99⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe100⤵
-
\??\c:\xxrrlfx.exec:\xxrrlfx.exe101⤵
-
\??\c:\ntbhnh.exec:\ntbhnh.exe102⤵
-
\??\c:\3vvdd.exec:\3vvdd.exe103⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe104⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe105⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe106⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe107⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe108⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe109⤵
-
\??\c:\flllllf.exec:\flllllf.exe110⤵
-
\??\c:\7bbbtt.exec:\7bbbtt.exe111⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe112⤵
-
\??\c:\vppdv.exec:\vppdv.exe113⤵
-
\??\c:\rlfffll.exec:\rlfffll.exe114⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe115⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe116⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe117⤵
-
\??\c:\9rrlxrl.exec:\9rrlxrl.exe118⤵
-
\??\c:\lllfllf.exec:\lllfllf.exe119⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe120⤵
-
\??\c:\vpddj.exec:\vpddj.exe121⤵
-
\??\c:\hntttt.exec:\hntttt.exe122⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe123⤵
-
\??\c:\9pjjv.exec:\9pjjv.exe124⤵
-
\??\c:\xxlxlxl.exec:\xxlxlxl.exe125⤵
-
\??\c:\xrflllf.exec:\xrflllf.exe126⤵
-
\??\c:\9hhtnh.exec:\9hhtnh.exe127⤵
-
\??\c:\1dppj.exec:\1dppj.exe128⤵
-
\??\c:\3vdvj.exec:\3vdvj.exe129⤵
-
\??\c:\ffxfxrr.exec:\ffxfxrr.exe130⤵
-
\??\c:\9hnhbh.exec:\9hnhbh.exe131⤵
-
\??\c:\jddvv.exec:\jddvv.exe132⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe133⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe134⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe135⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe136⤵
-
\??\c:\1tnhhb.exec:\1tnhhb.exe137⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe138⤵
-
\??\c:\9djdj.exec:\9djdj.exe139⤵
-
\??\c:\9flfxlx.exec:\9flfxlx.exe140⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe141⤵
-
\??\c:\hnhnnb.exec:\hnhnnb.exe142⤵
-
\??\c:\3dddv.exec:\3dddv.exe143⤵
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe144⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe145⤵
-
\??\c:\bntbbt.exec:\bntbbt.exe146⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe147⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe148⤵
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe149⤵
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe150⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe151⤵
-
\??\c:\9hnhnn.exec:\9hnhnn.exe152⤵
-
\??\c:\jddvp.exec:\jddvp.exe153⤵
-
\??\c:\1djdp.exec:\1djdp.exe154⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe155⤵
-
\??\c:\htnttn.exec:\htnttn.exe156⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe157⤵
-
\??\c:\djppp.exec:\djppp.exe158⤵
-
\??\c:\jdppv.exec:\jdppv.exe159⤵
-
\??\c:\1xfrxrl.exec:\1xfrxrl.exe160⤵
-
\??\c:\3tnntt.exec:\3tnntt.exe161⤵
-
\??\c:\htbttt.exec:\htbttt.exe162⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe163⤵
-
\??\c:\5dpdv.exec:\5dpdv.exe164⤵
-
\??\c:\1rxrrlr.exec:\1rxrrlr.exe165⤵
-
\??\c:\9ntttt.exec:\9ntttt.exe166⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe167⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe168⤵
-
\??\c:\xrxrrlr.exec:\xrxrrlr.exe169⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe170⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe171⤵
-
\??\c:\nnthbh.exec:\nnthbh.exe172⤵
-
\??\c:\1htnhh.exec:\1htnhh.exe173⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe174⤵
-
\??\c:\jppdp.exec:\jppdp.exe175⤵
-
\??\c:\ffflxrl.exec:\ffflxrl.exe176⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe177⤵
-
\??\c:\dpddj.exec:\dpddj.exe178⤵
-
\??\c:\rxlrfrf.exec:\rxlrfrf.exe179⤵
-
\??\c:\3btbtt.exec:\3btbtt.exe180⤵
-
\??\c:\hnthtt.exec:\hnthtt.exe181⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe182⤵
-
\??\c:\xrrrxxx.exec:\xrrrxxx.exe183⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe184⤵
-
\??\c:\1hbtnn.exec:\1hbtnn.exe185⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe186⤵
-
\??\c:\pddvj.exec:\pddvj.exe187⤵
-
\??\c:\5lllrxr.exec:\5lllrxr.exe188⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe189⤵
-
\??\c:\nhhbth.exec:\nhhbth.exe190⤵
-
\??\c:\vddvd.exec:\vddvd.exe191⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe192⤵
-
\??\c:\1fxrrrl.exec:\1fxrrrl.exe193⤵
-
\??\c:\hhbnhh.exec:\hhbnhh.exe194⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe195⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe196⤵
-
\??\c:\1llllll.exec:\1llllll.exe197⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe198⤵
-
\??\c:\nttttt.exec:\nttttt.exe199⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe200⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe201⤵
-
\??\c:\rllfflf.exec:\rllfflf.exe202⤵
-
\??\c:\llrxlll.exec:\llrxlll.exe203⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe204⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe205⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe206⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe207⤵
-
\??\c:\rfxllff.exec:\rfxllff.exe208⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe209⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe210⤵
-
\??\c:\1djdd.exec:\1djdd.exe211⤵
-
\??\c:\rlfrxfx.exec:\rlfrxfx.exe212⤵
-
\??\c:\fxfffrl.exec:\fxfffrl.exe213⤵
-
\??\c:\5hnhnn.exec:\5hnhnn.exe214⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe215⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe216⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe217⤵
-
\??\c:\7lllfll.exec:\7lllfll.exe218⤵
-
\??\c:\ffxxxxr.exec:\ffxxxxr.exe219⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe220⤵
-
\??\c:\7djdd.exec:\7djdd.exe221⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe222⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe223⤵
-
\??\c:\llrrrxx.exec:\llrrrxx.exe224⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe225⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe226⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe227⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe228⤵
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe229⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe230⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe231⤵
-
\??\c:\ddddv.exec:\ddddv.exe232⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe233⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe234⤵
-
\??\c:\ntbhbb.exec:\ntbhbb.exe235⤵
-
\??\c:\5tbbtt.exec:\5tbbtt.exe236⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe237⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe238⤵
-
\??\c:\fllllll.exec:\fllllll.exe239⤵
-
\??\c:\tbnbbh.exec:\tbnbbh.exe240⤵