Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 09:44
General
-
Target
483a72b7874a17167dbcff1eec2d65d1d9f15b405de41b2863e9d677ae2e10af_NeikiAnalytics.exe
-
Size
134KB
-
MD5
691fa633bdc21f641ea3196d809ca0a0
-
SHA1
73b6ae277413dd1509c2b2e3dd1545c0adcf5c22
-
SHA256
483a72b7874a17167dbcff1eec2d65d1d9f15b405de41b2863e9d677ae2e10af
-
SHA512
929fd5786149f57c0356e4c2b8709da18d8b463bad4eccfc85162e43d3fdb4a39e10603db05b487640119d50c7e6c2b14ef52171a76dee7fded09f32fd4bff84
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73HUoMsAbrF3BTUwFB:n3C9BRo7HCsAbhxYo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\483a72b7874a17167dbcff1eec2d65d1d9f15b405de41b2863e9d677ae2e10af_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\483a72b7874a17167dbcff1eec2d65d1d9f15b405de41b2863e9d677ae2e10af_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrllx.exec:\lrfrllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tttbb.exec:\5tttbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxfxl.exec:\lflxfxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntt.exec:\hhnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthh.exec:\btbthh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllff.exec:\lfrllff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhbb.exec:\5hnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdv.exec:\vdjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrll.exec:\frxrrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrllf.exec:\rrxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnt.exec:\nbnnnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthn.exec:\ttnthn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvdv.exec:\7vvdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrrxxf.exec:\3lrrxxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffxxx.exec:\3lffxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttn.exec:\tntttn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\rflffll.exec:\rflffll.exe26⤵
- Executes dropped EXE
-
\??\c:\flrxxrr.exec:\flrxxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\htbtbt.exec:\htbtbt.exe28⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjvp.exec:\vjjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\3jjvp.exec:\3jjvp.exe36⤵
- Executes dropped EXE
-
\??\c:\rlfffff.exec:\rlfffff.exe37⤵
- Executes dropped EXE
-
\??\c:\5lllllf.exec:\5lllllf.exe38⤵
- Executes dropped EXE
-
\??\c:\5tbbtn.exec:\5tbbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe43⤵
- Executes dropped EXE
-
\??\c:\5xfxxfl.exec:\5xfxxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\flrrllf.exec:\flrrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe46⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe48⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe50⤵
- Executes dropped EXE
-
\??\c:\7lffxfx.exec:\7lffxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrlfrl.exec:\xrrlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\1flfxxl.exec:\1flfxxl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnnbbh.exec:\tnnbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\ntbbnn.exec:\ntbbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\5ppjj.exec:\5ppjj.exe56⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\rrrxrxr.exec:\rrrxrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\llrlrrx.exec:\llrlrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\7hhhht.exec:\7hhhht.exe61⤵
- Executes dropped EXE
-
\??\c:\nbtnbb.exec:\nbtnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1htnnt.exec:\1htnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe64⤵
- Executes dropped EXE
-
\??\c:\7djdd.exec:\7djdd.exe65⤵
- Executes dropped EXE
-
\??\c:\xllrrxx.exec:\xllrrxx.exe66⤵
-
\??\c:\7rrxrfx.exec:\7rrxrfx.exe67⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe68⤵
-
\??\c:\1nntbb.exec:\1nntbb.exe69⤵
-
\??\c:\3tnhhh.exec:\3tnhhh.exe70⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe71⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe72⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe73⤵
-
\??\c:\vppdj.exec:\vppdj.exe74⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe75⤵
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe76⤵
-
\??\c:\hbbhhn.exec:\hbbhhn.exe77⤵
-
\??\c:\9ntntt.exec:\9ntntt.exe78⤵
-
\??\c:\3vdvv.exec:\3vdvv.exe79⤵
-
\??\c:\xfrrfxr.exec:\xfrrfxr.exe80⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe81⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe82⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe83⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe84⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe85⤵
-
\??\c:\3dppj.exec:\3dppj.exe86⤵
-
\??\c:\9xrlffx.exec:\9xrlffx.exe87⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe88⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe89⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe90⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe91⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe92⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe93⤵
-
\??\c:\3rrrxxx.exec:\3rrrxxx.exe94⤵
-
\??\c:\tbhnhh.exec:\tbhnhh.exe95⤵
-
\??\c:\llflffx.exec:\llflffx.exe96⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe97⤵
-
\??\c:\ttbthn.exec:\ttbthn.exe98⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe99⤵
-
\??\c:\3xxrffx.exec:\3xxrffx.exe100⤵
-
\??\c:\5httbb.exec:\5httbb.exe101⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe102⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe103⤵
-
\??\c:\nntbbh.exec:\nntbbh.exe104⤵
-
\??\c:\xxxlllx.exec:\xxxlllx.exe105⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe106⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe107⤵
-
\??\c:\7btnhh.exec:\7btnhh.exe108⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe109⤵
-
\??\c:\rlfxffl.exec:\rlfxffl.exe110⤵
-
\??\c:\hnnnhb.exec:\hnnnhb.exe111⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe112⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe113⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe114⤵
-
\??\c:\7jpdv.exec:\7jpdv.exe115⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe116⤵
-
\??\c:\lxxrrlr.exec:\lxxrrlr.exe117⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe118⤵
-
\??\c:\5bnntt.exec:\5bnntt.exe119⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe120⤵
-
\??\c:\1djdp.exec:\1djdp.exe121⤵
-
\??\c:\xrrfrrl.exec:\xrrfrrl.exe122⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe123⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe124⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe125⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe126⤵
-
\??\c:\xrrxlff.exec:\xrrxlff.exe127⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe128⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe129⤵
-
\??\c:\vppdv.exec:\vppdv.exe130⤵
-
\??\c:\3vddd.exec:\3vddd.exe131⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe132⤵
-
\??\c:\hntttn.exec:\hntttn.exe133⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe134⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe135⤵
-
\??\c:\fxllxxx.exec:\fxllxxx.exe136⤵
-
\??\c:\lllrlll.exec:\lllrlll.exe137⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe138⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe139⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe140⤵
-
\??\c:\xxffrxl.exec:\xxffrxl.exe141⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe142⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe143⤵
-
\??\c:\5hhhbh.exec:\5hhhbh.exe144⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe145⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe146⤵
-
\??\c:\1xxrfff.exec:\1xxrfff.exe147⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe148⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe149⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe150⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe151⤵
-
\??\c:\rrxrfff.exec:\rrxrfff.exe152⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe153⤵
-
\??\c:\bbbtnb.exec:\bbbtnb.exe154⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe155⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe156⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe157⤵
-
\??\c:\xrrrffx.exec:\xrrrffx.exe158⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe159⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe160⤵
-
\??\c:\vdppv.exec:\vdppv.exe161⤵
-
\??\c:\lrflxll.exec:\lrflxll.exe162⤵
-
\??\c:\bttttt.exec:\bttttt.exe163⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe164⤵
-
\??\c:\ddppp.exec:\ddppp.exe165⤵
-
\??\c:\flxrrrr.exec:\flxrrrr.exe166⤵
-
\??\c:\xrlfxlx.exec:\xrlfxlx.exe167⤵
-
\??\c:\5tbtbt.exec:\5tbtbt.exe168⤵
-
\??\c:\bnhtnh.exec:\bnhtnh.exe169⤵
-
\??\c:\pdppd.exec:\pdppd.exe170⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe171⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe172⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe173⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe174⤵
-
\??\c:\dppjv.exec:\dppjv.exe175⤵
-
\??\c:\dvppp.exec:\dvppp.exe176⤵
-
\??\c:\lrfxlrl.exec:\lrfxlrl.exe177⤵
-
\??\c:\fxlxffl.exec:\fxlxffl.exe178⤵
-
\??\c:\bnttnb.exec:\bnttnb.exe179⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe180⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe181⤵
-
\??\c:\lrffffl.exec:\lrffffl.exe182⤵
-
\??\c:\xrfxxxr.exec:\xrfxxxr.exe183⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe184⤵
-
\??\c:\3pvpp.exec:\3pvpp.exe185⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe186⤵
-
\??\c:\1xxxrxx.exec:\1xxxrxx.exe187⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe188⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe189⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe190⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe191⤵
-
\??\c:\5rfxxrx.exec:\5rfxxrx.exe192⤵
-
\??\c:\bhhhhn.exec:\bhhhhn.exe193⤵
-
\??\c:\tttthh.exec:\tttthh.exe194⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe195⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe196⤵
-
\??\c:\frrlrlf.exec:\frrlrlf.exe197⤵
-
\??\c:\hntntt.exec:\hntntt.exe198⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe199⤵
-
\??\c:\pddvv.exec:\pddvv.exe200⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe201⤵
-
\??\c:\rlrlxrl.exec:\rlrlxrl.exe202⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe203⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe204⤵
-
\??\c:\vpddd.exec:\vpddd.exe205⤵
-
\??\c:\7ddvd.exec:\7ddvd.exe206⤵
-
\??\c:\7rrlffx.exec:\7rrlffx.exe207⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe208⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe209⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe210⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe211⤵
-
\??\c:\frxrffx.exec:\frxrffx.exe212⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe213⤵
-
\??\c:\bbbbtn.exec:\bbbbtn.exe214⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe215⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe216⤵
-
\??\c:\rrllfll.exec:\rrllfll.exe217⤵
-
\??\c:\rxlllrr.exec:\rxlllrr.exe218⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe219⤵
-
\??\c:\nnbntn.exec:\nnbntn.exe220⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe221⤵
-
\??\c:\3xfrlff.exec:\3xfrlff.exe222⤵
-
\??\c:\7fxrllf.exec:\7fxrllf.exe223⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe224⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe225⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe226⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe227⤵
-
\??\c:\lrrrfxl.exec:\lrrrfxl.exe228⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe229⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe230⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe231⤵
-
\??\c:\lllxrlx.exec:\lllxrlx.exe232⤵
-
\??\c:\btbttn.exec:\btbttn.exe233⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe234⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe235⤵
-
\??\c:\5llfxrl.exec:\5llfxrl.exe236⤵
-
\??\c:\rrlfxxl.exec:\rrlfxxl.exe237⤵
-
\??\c:\7nhhhh.exec:\7nhhhh.exe238⤵
-
\??\c:\djjjj.exec:\djjjj.exe239⤵
-
\??\c:\dppdp.exec:\dppdp.exe240⤵