Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
24-05-2024 19:30
General
-
Target
7becbe337c816356dff0054739def600_NeikiAnalytics.exe
-
Size
179KB
-
MD5
7becbe337c816356dff0054739def600
-
SHA1
689107fa7f553698fb053099d9f6a021b71476f2
-
SHA256
93754a01d17d765e88671d1cc895c2143c1734c405adb63968f7b872825a9110
-
SHA512
878bb076e0bcb84cd2f4b82005d0ee79e88eb42e72d3349dcfb68fd1968faaf9666d64a7f1d90124bf991ba2743e309a3523c8519dd4c51298efc741b23b0d71
-
SSDEEP
3072:AhOmTsF93UYfwC6GIoutQ6M/Fpi8rY9AABa1YRMxgRP5ZXux+:Acm4FmowdHoSCddWhR/Z+Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7becbe337c816356dff0054739def600_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7becbe337c816356dff0054739def600_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxlf.exec:\fxrlxlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbn.exec:\nhhhbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjv.exec:\vppjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffrxf.exec:\rfffrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrlx.exec:\xxrfrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnbnt.exec:\bnnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbb.exec:\htbtbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntntt.exec:\nntntt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxll.exec:\llffxll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tthbt.exec:\1tthbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpj.exec:\5dvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtt.exec:\nbnbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\tthbbb.exec:\tthbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\btttbh.exec:\btttbh.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\bntnbb.exec:\bntnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\7pvjd.exec:\7pvjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xllxlfx.exec:\xllxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhbnb.exec:\hhhbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xlxrffl.exec:\xlxrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\3fflffl.exec:\3fflffl.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\ntbhtt.exec:\ntbhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\pvjdp.exec:\pvjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\1rxlfxr.exec:\1rxlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\9fllfff.exec:\9fllfff.exe39⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\5pvdp.exec:\5pvdp.exe42⤵
- Executes dropped EXE
-
\??\c:\xlrrlll.exec:\xlrrlll.exe43⤵
- Executes dropped EXE
-
\??\c:\xlllflf.exec:\xlllflf.exe44⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe45⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe47⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\7xxrffx.exec:\7xxrffx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhtnn.exec:\nhhtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe52⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xlllfll.exec:\xlllfll.exe54⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhbbb.exec:\nnhbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\3jvpd.exec:\3jvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\rrxlllr.exec:\rrxlllr.exe58⤵
- Executes dropped EXE
-
\??\c:\llllffl.exec:\llllffl.exe59⤵
- Executes dropped EXE
-
\??\c:\7ntnhb.exec:\7ntnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\3tttnn.exec:\3tttnn.exe61⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe62⤵
- Executes dropped EXE
-
\??\c:\9dvpj.exec:\9dvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\3ffffff.exec:\3ffffff.exe64⤵
- Executes dropped EXE
-
\??\c:\lxxrlff.exec:\lxxrlff.exe65⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe66⤵
- Executes dropped EXE
-
\??\c:\1hbnbh.exec:\1hbnbh.exe67⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe68⤵
-
\??\c:\rllrlrr.exec:\rllrlrr.exe69⤵
-
\??\c:\rrxlfrr.exec:\rrxlfrr.exe70⤵
-
\??\c:\1nntnh.exec:\1nntnh.exe71⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe72⤵
-
\??\c:\3vddp.exec:\3vddp.exe73⤵
-
\??\c:\ppppj.exec:\ppppj.exe74⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe75⤵
-
\??\c:\bttttn.exec:\bttttn.exe76⤵
-
\??\c:\jddpj.exec:\jddpj.exe77⤵
-
\??\c:\pppjv.exec:\pppjv.exe78⤵
-
\??\c:\xlfxrxr.exec:\xlfxrxr.exe79⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe80⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe81⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe82⤵
-
\??\c:\hhbttn.exec:\hhbttn.exe83⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe84⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe85⤵
-
\??\c:\5rxrrrx.exec:\5rxrrrx.exe86⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe87⤵
-
\??\c:\ppddv.exec:\ppddv.exe88⤵
-
\??\c:\vppjj.exec:\vppjj.exe89⤵
-
\??\c:\9xrrllf.exec:\9xrrllf.exe90⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe91⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe92⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe93⤵
-
\??\c:\jvddp.exec:\jvddp.exe94⤵
-
\??\c:\xlrrlff.exec:\xlrrlff.exe95⤵
-
\??\c:\fxllffx.exec:\fxllffx.exe96⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe97⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe98⤵
-
\??\c:\jvppj.exec:\jvppj.exe99⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe100⤵
-
\??\c:\xrllrrr.exec:\xrllrrr.exe101⤵
-
\??\c:\xxlflfl.exec:\xxlflfl.exe102⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe103⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe104⤵
-
\??\c:\jppjd.exec:\jppjd.exe105⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe106⤵
-
\??\c:\rrfffxx.exec:\rrfffxx.exe107⤵
-
\??\c:\5nhbtt.exec:\5nhbtt.exe108⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe109⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe110⤵
-
\??\c:\9fxxrxx.exec:\9fxxrxx.exe111⤵
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe112⤵
-
\??\c:\hbttnb.exec:\hbttnb.exe113⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe114⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe115⤵
-
\??\c:\3djpd.exec:\3djpd.exe116⤵
-
\??\c:\lflxffx.exec:\lflxffx.exe117⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe118⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe119⤵
-
\??\c:\jdppd.exec:\jdppd.exe120⤵
-
\??\c:\ddddv.exec:\ddddv.exe121⤵
-
\??\c:\rlffflr.exec:\rlffflr.exe122⤵
-
\??\c:\llxrffr.exec:\llxrffr.exe123⤵
-
\??\c:\5hbtnh.exec:\5hbtnh.exe124⤵
-
\??\c:\pvddp.exec:\pvddp.exe125⤵
-
\??\c:\jpppd.exec:\jpppd.exe126⤵
-
\??\c:\7rxrlxx.exec:\7rxrlxx.exe127⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe128⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe129⤵
-
\??\c:\ffrxlfx.exec:\ffrxlfx.exe130⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe131⤵
-
\??\c:\7nbthh.exec:\7nbthh.exe132⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe133⤵
-
\??\c:\xrrrffl.exec:\xrrrffl.exe134⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe135⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe136⤵
-
\??\c:\jpppj.exec:\jpppj.exe137⤵
-
\??\c:\jppjj.exec:\jppjj.exe138⤵
-
\??\c:\rxrfrrf.exec:\rxrfrrf.exe139⤵
-
\??\c:\rffxrfx.exec:\rffxrfx.exe140⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe141⤵
-
\??\c:\9tnhbt.exec:\9tnhbt.exe142⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe143⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe144⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe145⤵
-
\??\c:\3ffxlxx.exec:\3ffxlxx.exe146⤵
-
\??\c:\lrflrxf.exec:\lrflrxf.exe147⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe148⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe149⤵
-
\??\c:\pjppj.exec:\pjppj.exe150⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe151⤵
-
\??\c:\7lxrxxf.exec:\7lxrxxf.exe152⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe153⤵
-
\??\c:\bhtbbh.exec:\bhtbbh.exe154⤵
-
\??\c:\9bbbnn.exec:\9bbbnn.exe155⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe156⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe157⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe158⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe159⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe160⤵
-
\??\c:\hhnnbb.exec:\hhnnbb.exe161⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe162⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe163⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe164⤵
-
\??\c:\bttbnh.exec:\bttbnh.exe165⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe166⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe167⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe168⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe169⤵
-
\??\c:\5xfxxxr.exec:\5xfxxxr.exe170⤵
-
\??\c:\3xffxxr.exec:\3xffxxr.exe171⤵
-
\??\c:\bhnhnn.exec:\bhnhnn.exe172⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe173⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe174⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe175⤵
-
\??\c:\lflffff.exec:\lflffff.exe176⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe177⤵
-
\??\c:\nntthn.exec:\nntthn.exe178⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe179⤵
-
\??\c:\rflfrxx.exec:\rflfrxx.exe180⤵
-
\??\c:\xrlfffl.exec:\xrlfffl.exe181⤵
-
\??\c:\7ntttt.exec:\7ntttt.exe182⤵
-
\??\c:\ttbtht.exec:\ttbtht.exe183⤵
-
\??\c:\3djjj.exec:\3djjj.exe184⤵
-
\??\c:\jjddp.exec:\jjddp.exe185⤵
-
\??\c:\fxllffl.exec:\fxllffl.exe186⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe187⤵
-
\??\c:\3hhbbb.exec:\3hhbbb.exe188⤵
-
\??\c:\vdppj.exec:\vdppj.exe189⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe190⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe191⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe192⤵
-
\??\c:\pppjj.exec:\pppjj.exe193⤵
-
\??\c:\vppdv.exec:\vppdv.exe194⤵
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe195⤵
-
\??\c:\rlrlfrl.exec:\rlrlfrl.exe196⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe197⤵
-
\??\c:\3tbnnn.exec:\3tbnnn.exe198⤵
-
\??\c:\3vjjp.exec:\3vjjp.exe199⤵
-
\??\c:\vppjv.exec:\vppjv.exe200⤵
-
\??\c:\1lxxrrr.exec:\1lxxrrr.exe201⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe202⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe203⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe204⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe205⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe206⤵
-
\??\c:\jppvp.exec:\jppvp.exe207⤵
-
\??\c:\9ffxllf.exec:\9ffxllf.exe208⤵
-
\??\c:\rlllrlx.exec:\rlllrlx.exe209⤵
-
\??\c:\9hhhhh.exec:\9hhhhh.exe210⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe211⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe212⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe213⤵
-
\??\c:\jdddd.exec:\jdddd.exe214⤵
-
\??\c:\5fllfff.exec:\5fllfff.exe215⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe216⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe217⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe218⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe219⤵
-
\??\c:\xrxxrrl.exec:\xrxxrrl.exe220⤵
-
\??\c:\rffxxxr.exec:\rffxxxr.exe221⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe222⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe223⤵
-
\??\c:\jjppj.exec:\jjppj.exe224⤵
-
\??\c:\rlrllrr.exec:\rlrllrr.exe225⤵
-
\??\c:\rfrrrrl.exec:\rfrrrrl.exe226⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe227⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe228⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe229⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe230⤵
-
\??\c:\7xrlfxx.exec:\7xrlfxx.exe231⤵
-
\??\c:\3rlrllf.exec:\3rlrllf.exe232⤵
-
\??\c:\hhbtnn.exec:\hhbtnn.exe233⤵
-
\??\c:\hhnhnh.exec:\hhnhnh.exe234⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe235⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe236⤵
-
\??\c:\frxrrlf.exec:\frxrrlf.exe237⤵
-
\??\c:\xrxfffl.exec:\xrxfffl.exe238⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe239⤵
-
\??\c:\5hnhtn.exec:\5hnhtn.exe240⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe241⤵