Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 01:11
General
-
Target
6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe
-
Size
198KB
-
MD5
6a0404e563719322ea443844d1f284a0
-
SHA1
5d5274516355b03b983a44585e2cd0cd85e9a420
-
SHA256
7f0b0feb9025081fc8c0e187b38319f06b20c0d6364168236fd18713583276c1
-
SHA512
c38d9dbb17f765f9bde7d90a1cee4e699ce84be68785cd4438e998292aefdba9c1a5f2b7032f9d00840ac3e63ea15f27b3c02eda8515e67c66e67279adc2a9ce
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout3WVi/8HCpi8rY9AABa1YRMxl1522cJ1uIZ:xcm4FmowdHoS3WV28HCddWhRO1Lc9Z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a0404e563719322ea443844d1f284a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfff.exec:\llrlfff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnnn.exec:\7ntnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnb.exec:\htbtnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpp.exec:\1jvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttbn.exec:\ntttbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtbt.exec:\tbbtbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffffx.exec:\flffffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrfx.exec:\llfxrfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfrllf.exec:\5lfrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbtt.exec:\btnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhhnh.exec:\7nhhnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvp.exec:\3ddvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrlrrl.exec:\3lrlrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttthb.exec:\nttthb.exe23⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe24⤵
- Executes dropped EXE
-
\??\c:\9fxxrff.exec:\9fxxrff.exe25⤵
- Executes dropped EXE
-
\??\c:\rrlxllr.exec:\rrlxllr.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnhbb.exec:\tbnhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe28⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe30⤵
- Executes dropped EXE
-
\??\c:\fffxrrr.exec:\fffxrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe33⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrrlxxl.exec:\xrrlxxl.exe35⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\9nbnbb.exec:\9nbnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\djpdd.exec:\djpdd.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrlrrl.exec:\rfrlrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe41⤵
- Executes dropped EXE
-
\??\c:\9ntnhn.exec:\9ntnhn.exe42⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\7rfrlxx.exec:\7rfrlxx.exe44⤵
- Executes dropped EXE
-
\??\c:\3nbhnh.exec:\3nbhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\5nbhbb.exec:\5nbhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxfxfxl.exec:\fxfxfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\7xxrxrl.exec:\7xxrxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe50⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfxllf.exec:\fxfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\rllffxx.exec:\rllffxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnbtn.exec:\hbnbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\9btnbb.exec:\9btnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrlfl.exec:\fxxrlfl.exe57⤵
- Executes dropped EXE
-
\??\c:\xrffxrl.exec:\xrffxrl.exe58⤵
- Executes dropped EXE
-
\??\c:\btthhb.exec:\btthhb.exe59⤵
- Executes dropped EXE
-
\??\c:\9btnht.exec:\9btnht.exe60⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe61⤵
- Executes dropped EXE
-
\??\c:\llrlxxl.exec:\llrlxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\7rlrlfx.exec:\7rlrlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\nttbnt.exec:\nttbnt.exe64⤵
- Executes dropped EXE
-
\??\c:\dpdpv.exec:\dpdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\1dvjd.exec:\1dvjd.exe66⤵
-
\??\c:\lrllxff.exec:\lrllxff.exe67⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe68⤵
-
\??\c:\hbbnhh.exec:\hbbnhh.exe69⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe70⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe71⤵
-
\??\c:\9fxrffr.exec:\9fxrffr.exe72⤵
-
\??\c:\5fffxff.exec:\5fffxff.exe73⤵
-
\??\c:\1bntnn.exec:\1bntnn.exe74⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe75⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe76⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe77⤵
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe78⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe79⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe80⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe81⤵
-
\??\c:\lxlflrx.exec:\lxlflrx.exe82⤵
-
\??\c:\xxfxrll.exec:\xxfxrll.exe83⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe84⤵
-
\??\c:\7djdp.exec:\7djdp.exe85⤵
-
\??\c:\lxlllfr.exec:\lxlllfr.exe86⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe87⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe88⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe89⤵
-
\??\c:\5lllxxx.exec:\5lllxxx.exe90⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe91⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe92⤵
-
\??\c:\djjdv.exec:\djjdv.exe93⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe94⤵
-
\??\c:\xxxffff.exec:\xxxffff.exe95⤵
-
\??\c:\fxxfxff.exec:\fxxfxff.exe96⤵
-
\??\c:\1bttnn.exec:\1bttnn.exe97⤵
-
\??\c:\htnhtb.exec:\htnhtb.exe98⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe99⤵
-
\??\c:\xxrfxxr.exec:\xxrfxxr.exe100⤵
-
\??\c:\lllxrfx.exec:\lllxrfx.exe101⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe102⤵
-
\??\c:\tbhhtb.exec:\tbhhtb.exe103⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe104⤵
-
\??\c:\lxlxlfl.exec:\lxlxlfl.exe105⤵
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe106⤵
-
\??\c:\3hhbtb.exec:\3hhbtb.exe107⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe108⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe109⤵
-
\??\c:\jddvp.exec:\jddvp.exe110⤵
-
\??\c:\llfxlrl.exec:\llfxlrl.exe111⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe112⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe113⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe114⤵
-
\??\c:\xxxlflf.exec:\xxxlflf.exe115⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe116⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe117⤵
-
\??\c:\lfllxxx.exec:\lfllxxx.exe118⤵
-
\??\c:\5lrlffx.exec:\5lrlffx.exe119⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe120⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe121⤵
-
\??\c:\jpppp.exec:\jpppp.exe122⤵
-
\??\c:\7fxxrxr.exec:\7fxxrxr.exe123⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe124⤵
-
\??\c:\3tnnhh.exec:\3tnnhh.exe125⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe126⤵
-
\??\c:\rflfxrl.exec:\rflfxrl.exe127⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe128⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe129⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe130⤵
-
\??\c:\lrrlllr.exec:\lrrlllr.exe131⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe132⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe133⤵
-
\??\c:\vdddv.exec:\vdddv.exe134⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe135⤵
-
\??\c:\llxrlfx.exec:\llxrlfx.exe136⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe137⤵
-
\??\c:\nbhbnn.exec:\nbhbnn.exe138⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe139⤵
-
\??\c:\frffxll.exec:\frffxll.exe140⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe141⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe142⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe143⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe144⤵
-
\??\c:\9rflrrr.exec:\9rflrrr.exe145⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe146⤵
-
\??\c:\3hhhbh.exec:\3hhhbh.exe147⤵
-
\??\c:\jpppj.exec:\jpppj.exe148⤵
-
\??\c:\rllfxlf.exec:\rllfxlf.exe149⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe150⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe151⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe152⤵
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe153⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe154⤵
-
\??\c:\djjjp.exec:\djjjp.exe155⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe156⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe157⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe158⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe159⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe160⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe161⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe162⤵
-
\??\c:\1hbbtb.exec:\1hbbtb.exe163⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe164⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe165⤵
-
\??\c:\frrlxlf.exec:\frrlxlf.exe166⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe167⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe168⤵
-
\??\c:\5xxrlfl.exec:\5xxrlfl.exe169⤵
-
\??\c:\3hbtnn.exec:\3hbtnn.exe170⤵
-
\??\c:\pjddv.exec:\pjddv.exe171⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe172⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe173⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe174⤵
-
\??\c:\fxxxrxr.exec:\fxxxrxr.exe175⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe176⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe177⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe178⤵
-
\??\c:\5rrfffx.exec:\5rrfffx.exe179⤵
-
\??\c:\3xrxrrr.exec:\3xrxrrr.exe180⤵
-
\??\c:\bbbbth.exec:\bbbbth.exe181⤵
-
\??\c:\tthtth.exec:\tthtth.exe182⤵
-
\??\c:\ddppv.exec:\ddppv.exe183⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe184⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe185⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe186⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe187⤵
-
\??\c:\ddppj.exec:\ddppj.exe188⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe189⤵
-
\??\c:\5rrlflf.exec:\5rrlflf.exe190⤵
-
\??\c:\tnbntn.exec:\tnbntn.exe191⤵
-
\??\c:\thbthb.exec:\thbthb.exe192⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe193⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe194⤵
-
\??\c:\frfrllx.exec:\frfrllx.exe195⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe196⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe197⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe198⤵
-
\??\c:\3rxrfrl.exec:\3rxrfrl.exe199⤵
-
\??\c:\1rlfxrl.exec:\1rlfxrl.exe200⤵
-
\??\c:\9tnhnn.exec:\9tnhnn.exe201⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe202⤵
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe203⤵
-
\??\c:\httnhh.exec:\httnhh.exe204⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe205⤵
-
\??\c:\jdppj.exec:\jdppj.exe206⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe207⤵
-
\??\c:\lfrrlrr.exec:\lfrrlrr.exe208⤵
-
\??\c:\xflllrl.exec:\xflllrl.exe209⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe210⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe211⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe212⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe213⤵
-
\??\c:\1flxfxx.exec:\1flxfxx.exe214⤵
-
\??\c:\hhbhth.exec:\hhbhth.exe215⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe216⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe217⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe218⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe219⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe220⤵
-
\??\c:\9jpvp.exec:\9jpvp.exe221⤵
-
\??\c:\9vdpp.exec:\9vdpp.exe222⤵
-
\??\c:\3rrllll.exec:\3rrllll.exe223⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe224⤵
-
\??\c:\5hhnht.exec:\5hhnht.exe225⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe226⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe227⤵
-
\??\c:\xxxxrfx.exec:\xxxxrfx.exe228⤵
-
\??\c:\lffxxxf.exec:\lffxxxf.exe229⤵
-
\??\c:\pppjd.exec:\pppjd.exe230⤵
-
\??\c:\ppddv.exec:\ppddv.exe231⤵
-
\??\c:\xrxxxxl.exec:\xrxxxxl.exe232⤵
-
\??\c:\bttbhh.exec:\bttbhh.exe233⤵
-
\??\c:\nbhttn.exec:\nbhttn.exe234⤵
-
\??\c:\pjddd.exec:\pjddd.exe235⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe236⤵
-
\??\c:\rxflfff.exec:\rxflfff.exe237⤵
-
\??\c:\1httnb.exec:\1httnb.exe238⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe239⤵
-
\??\c:\ppppp.exec:\ppppp.exe240⤵