Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 15:48
General
-
Target
3cd43ac82865884c3e59bb54c2154530_NeikiAnalytics.exe
-
Size
93KB
-
MD5
3cd43ac82865884c3e59bb54c2154530
-
SHA1
1bbc984be40698874b1cbc55ca306d08b785640f
-
SHA256
4bda68002c9075f361ca43a1080687dfef55351991fdebf2106ba68a2f5e1fa7
-
SHA512
5516145cde16344bd2cf816813d9dbfc017c68b57cdcc7fbcbb1be57f69b8fa797c602f00c48f5823d224c61d1a5f34f2c272ddb021558e587cd3f7edaf85023
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7NANTBuQG1np24+2OXs:ymb3NkkiQ3mdBjFo7NguQG1n0USs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cd43ac82865884c3e59bb54c2154530_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3cd43ac82865884c3e59bb54c2154530_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfff.exec:\lfxxfff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btttt.exec:\9btttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflfff.exec:\7rflfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrrx.exec:\llffrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvj.exec:\9vpvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dddv.exec:\5dddv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxff.exec:\fxxxxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbn.exec:\thbhbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpp.exec:\jdjpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhnh.exec:\hnhhnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhhh.exec:\tthhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrll.exec:\xrxrrll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\1pppd.exec:\1pppd.exe24⤵
- Executes dropped EXE
-
\??\c:\3xxfxff.exec:\3xxfxff.exe25⤵
- Executes dropped EXE
-
\??\c:\lrlllrf.exec:\lrlllrf.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\9pvvj.exec:\9pvvj.exe28⤵
- Executes dropped EXE
-
\??\c:\xfflxff.exec:\xfflxff.exe29⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe32⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\3rlllrl.exec:\3rlllrl.exe34⤵
- Executes dropped EXE
-
\??\c:\thhhht.exec:\thhhht.exe35⤵
- Executes dropped EXE
-
\??\c:\hbhbnn.exec:\hbhbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe37⤵
- Executes dropped EXE
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\7bbtnn.exec:\7bbtnn.exe39⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\ffrxfll.exec:\ffrxfll.exe42⤵
- Executes dropped EXE
-
\??\c:\nnnnhn.exec:\nnnnhn.exe43⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\3vvvp.exec:\3vvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\rlllrrf.exec:\rlllrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrllff.exec:\lrrllff.exe47⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe50⤵
- Executes dropped EXE
-
\??\c:\7fllfff.exec:\7fllfff.exe51⤵
- Executes dropped EXE
-
\??\c:\1rlffrl.exec:\1rlffrl.exe52⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe55⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe56⤵
- Executes dropped EXE
-
\??\c:\frxfflf.exec:\frxfflf.exe57⤵
- Executes dropped EXE
-
\??\c:\rrrxrrr.exec:\rrrxrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\thnhbh.exec:\thnhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe62⤵
- Executes dropped EXE
-
\??\c:\frxxxxl.exec:\frxxxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\ttnbbt.exec:\ttnbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\bntbtb.exec:\bntbtb.exe66⤵
-
\??\c:\7pddv.exec:\7pddv.exe67⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe68⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe69⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe70⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe71⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe72⤵
-
\??\c:\3dpjv.exec:\3dpjv.exe73⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe74⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe75⤵
-
\??\c:\rlrrxxr.exec:\rlrrxxr.exe76⤵
-
\??\c:\3bttbh.exec:\3bttbh.exe77⤵
-
\??\c:\5tbbbh.exec:\5tbbbh.exe78⤵
-
\??\c:\vdppp.exec:\vdppp.exe79⤵
-
\??\c:\ddppp.exec:\ddppp.exe80⤵
-
\??\c:\1fxrrxr.exec:\1fxrrxr.exe81⤵
-
\??\c:\lrxffff.exec:\lrxffff.exe82⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe83⤵
-
\??\c:\nnhnnt.exec:\nnhnnt.exe84⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe85⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe86⤵
-
\??\c:\vvddj.exec:\vvddj.exe87⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe88⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe89⤵
-
\??\c:\5httnh.exec:\5httnh.exe90⤵
-
\??\c:\xxffrrx.exec:\xxffrrx.exe91⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe92⤵
-
\??\c:\5nhnhh.exec:\5nhnhh.exe93⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe94⤵
-
\??\c:\1dvjd.exec:\1dvjd.exe95⤵
-
\??\c:\xxllrrx.exec:\xxllrrx.exe96⤵
-
\??\c:\fxfllfx.exec:\fxfllfx.exe97⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe98⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe99⤵
-
\??\c:\pddvj.exec:\pddvj.exe100⤵
-
\??\c:\rrrlfll.exec:\rrrlfll.exe101⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe102⤵
-
\??\c:\bbthht.exec:\bbthht.exe103⤵
-
\??\c:\dvddv.exec:\dvddv.exe104⤵
-
\??\c:\1pvdv.exec:\1pvdv.exe105⤵
-
\??\c:\frrlfll.exec:\frrlfll.exe106⤵
-
\??\c:\lrfxllr.exec:\lrfxllr.exe107⤵
-
\??\c:\1bhhhn.exec:\1bhhhn.exe108⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe109⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe110⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe111⤵
-
\??\c:\fflfrll.exec:\fflfrll.exe112⤵
-
\??\c:\9llffff.exec:\9llffff.exe113⤵
-
\??\c:\3thhtt.exec:\3thhtt.exe114⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe115⤵
-
\??\c:\djppd.exec:\djppd.exe116⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe117⤵
-
\??\c:\fffxlll.exec:\fffxlll.exe118⤵
-
\??\c:\lrfxrrr.exec:\lrfxrrr.exe119⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe120⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe121⤵
-
\??\c:\1ddjd.exec:\1ddjd.exe122⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe123⤵
-
\??\c:\lrxrlll.exec:\lrxrlll.exe124⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe125⤵
-
\??\c:\btttnn.exec:\btttnn.exe126⤵
-
\??\c:\7hhbtb.exec:\7hhbtb.exe127⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe128⤵
-
\??\c:\jdddp.exec:\jdddp.exe129⤵
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe130⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe131⤵
-
\??\c:\httttt.exec:\httttt.exe132⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe133⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe134⤵
-
\??\c:\vvddd.exec:\vvddd.exe135⤵
-
\??\c:\9fffrxr.exec:\9fffrxr.exe136⤵
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe137⤵
-
\??\c:\3xffxll.exec:\3xffxll.exe138⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe139⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe140⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe141⤵
-
\??\c:\5lrlrrl.exec:\5lrlrrl.exe142⤵
-
\??\c:\7rxrrrl.exec:\7rxrrrl.exe143⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe144⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe145⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe146⤵
-
\??\c:\9lrlfff.exec:\9lrlfff.exe147⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe148⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe149⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe150⤵
-
\??\c:\vpppd.exec:\vpppd.exe151⤵
-
\??\c:\9frlllf.exec:\9frlllf.exe152⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe153⤵
-
\??\c:\9hhhbb.exec:\9hhhbb.exe154⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe155⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe156⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe157⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe158⤵
-
\??\c:\xxxfllf.exec:\xxxfllf.exe159⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe160⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe161⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe162⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe163⤵
-
\??\c:\7vjjv.exec:\7vjjv.exe164⤵
-
\??\c:\ffrrfll.exec:\ffrrfll.exe165⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe166⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe167⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe168⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe169⤵
-
\??\c:\ffrrlll.exec:\ffrrlll.exe170⤵
-
\??\c:\lxfffrl.exec:\lxfffrl.exe171⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe172⤵
-
\??\c:\7dddv.exec:\7dddv.exe173⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe174⤵
-
\??\c:\lrrxfll.exec:\lrrxfll.exe175⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe176⤵
-
\??\c:\tnthhn.exec:\tnthhn.exe177⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe178⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe179⤵
-
\??\c:\vvppd.exec:\vvppd.exe180⤵
-
\??\c:\rlrrfll.exec:\rlrrfll.exe181⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe182⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe183⤵
-
\??\c:\lrxrrxx.exec:\lrxrrxx.exe184⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe185⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe186⤵
-
\??\c:\5fffllr.exec:\5fffllr.exe187⤵
-
\??\c:\hnthth.exec:\hnthth.exe188⤵
-
\??\c:\dpddv.exec:\dpddv.exe189⤵
-
\??\c:\5rlrlxr.exec:\5rlrlxr.exe190⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe191⤵
-
\??\c:\vppvp.exec:\vppvp.exe192⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe193⤵
-
\??\c:\frxxrrf.exec:\frxxrrf.exe194⤵
-
\??\c:\rfllllf.exec:\rfllllf.exe195⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe196⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe197⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe198⤵
-
\??\c:\3lrrxfx.exec:\3lrrxfx.exe199⤵
-
\??\c:\ffllffl.exec:\ffllffl.exe200⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe201⤵
-
\??\c:\hbbnnn.exec:\hbbnnn.exe202⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe203⤵
-
\??\c:\jdppp.exec:\jdppp.exe204⤵
-
\??\c:\3pvvp.exec:\3pvvp.exe205⤵
-
\??\c:\xffrllx.exec:\xffrllx.exe206⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe207⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe208⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe209⤵
-
\??\c:\vddvp.exec:\vddvp.exe210⤵
-
\??\c:\xlxrxxx.exec:\xlxrxxx.exe211⤵
-
\??\c:\lxlfllf.exec:\lxlfllf.exe212⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe213⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe214⤵
-
\??\c:\1jvdp.exec:\1jvdp.exe215⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe216⤵
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe217⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe218⤵
-
\??\c:\ntbnnn.exec:\ntbnnn.exe219⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe220⤵
-
\??\c:\vddvj.exec:\vddvj.exe221⤵
-
\??\c:\rlxrrlx.exec:\rlxrrlx.exe222⤵
-
\??\c:\bntttn.exec:\bntttn.exe223⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe224⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe225⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe226⤵
-
\??\c:\1lllxlf.exec:\1lllxlf.exe227⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe228⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe229⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe230⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe231⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe232⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe233⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe234⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe235⤵
-
\??\c:\djpvv.exec:\djpvv.exe236⤵
-
\??\c:\frxrflf.exec:\frxrflf.exe237⤵
-
\??\c:\7lxxffr.exec:\7lxxffr.exe238⤵
-
\??\c:\xxlrlxx.exec:\xxlrlxx.exe239⤵
-
\??\c:\bhhnnt.exec:\bhhnnt.exe240⤵