Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
15-05-2024 22:14
General
-
Target
43edfb5af6e4d7e3e10cdc05716d4c00_NeikiAnalytics.exe
-
Size
69KB
-
MD5
43edfb5af6e4d7e3e10cdc05716d4c00
-
SHA1
371bdd02db9aa2fb9912be898da519f3e2a5ac27
-
SHA256
7aecb222779a2c868de925fb88d24363cd6b5e6165c372948cc8d9f8634eb478
-
SHA512
d1e2c04e70e3b8346a1ef0f454147bd6fbb24a03de8824cb7b94e02187252343fb818e47bc8d764b7dde4ba57a7ce466d9a5b87294d258720247ea537e7e2ad4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgUVyiAnm9:ymb3NkkiQ3mdBjFIgUEa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43edfb5af6e4d7e3e10cdc05716d4c00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43edfb5af6e4d7e3e10cdc05716d4c00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrfxlf.exec:\rrrfxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhbb.exec:\5hhhbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxfll.exec:\fxxxfll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxfff.exec:\fxxxfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnhbh.exec:\5nnhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhbn.exec:\7hnhbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxrrr.exec:\5ffxrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffx.exec:\rlrlffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhtt.exec:\1bnhtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbnb.exec:\hntbnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxllx.exec:\fxrxllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbth.exec:\nhtbth.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttnhh.exec:\9ttnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe23⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe24⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe26⤵
- Executes dropped EXE
-
\??\c:\9nbbhh.exec:\9nbbhh.exe27⤵
- Executes dropped EXE
-
\??\c:\nnbbhb.exec:\nnbbhb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe30⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\bthbtn.exec:\bthbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\thhntn.exec:\thhntn.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnhbh.exec:\nhnhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\3jjjd.exec:\3jjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrxfxf.exec:\rxrxfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\3rrllff.exec:\3rrllff.exe38⤵
- Executes dropped EXE
-
\??\c:\1hhbbt.exec:\1hhbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe40⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe41⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\flffrxx.exec:\flffrxx.exe43⤵
- Executes dropped EXE
-
\??\c:\thnttb.exec:\thnttb.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\flxxrxf.exec:\flxxrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\7hhbbh.exec:\7hhbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe53⤵
- Executes dropped EXE
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\xxfffff.exec:\xxfffff.exe55⤵
- Executes dropped EXE
-
\??\c:\xfllfxx.exec:\xfllfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\nttnnn.exec:\nttnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe59⤵
- Executes dropped EXE
-
\??\c:\7vvdv.exec:\7vvdv.exe60⤵
- Executes dropped EXE
-
\??\c:\ffllrrf.exec:\ffllrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\5lfffll.exec:\5lfffll.exe62⤵
- Executes dropped EXE
-
\??\c:\bhnnnt.exec:\bhnnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbtnn.exec:\hnbtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\5vvvj.exec:\5vvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe66⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe67⤵
-
\??\c:\5rrrrxx.exec:\5rrrrxx.exe68⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe69⤵
-
\??\c:\flrxlxl.exec:\flrxlxl.exe70⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe71⤵
-
\??\c:\hnbthh.exec:\hnbthh.exe72⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe73⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe74⤵
-
\??\c:\lxlxrrl.exec:\lxlxrrl.exe75⤵
-
\??\c:\rrxrrrl.exec:\rrxrrrl.exe76⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe77⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe78⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe79⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe80⤵
-
\??\c:\vpppp.exec:\vpppp.exe81⤵
-
\??\c:\rfllfrf.exec:\rfllfrf.exe82⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe83⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe84⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe85⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe86⤵
-
\??\c:\djjdd.exec:\djjdd.exe87⤵
-
\??\c:\pppjd.exec:\pppjd.exe88⤵
-
\??\c:\lxxrlxx.exec:\lxxrlxx.exe89⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe90⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe91⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe92⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe93⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe94⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe95⤵
-
\??\c:\7xxrlfx.exec:\7xxrlfx.exe96⤵
-
\??\c:\frxxrxf.exec:\frxxrxf.exe97⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe98⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe99⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe100⤵
-
\??\c:\dddvp.exec:\dddvp.exe101⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe102⤵
-
\??\c:\xxllfff.exec:\xxllfff.exe103⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe104⤵
-
\??\c:\lffffff.exec:\lffffff.exe105⤵
-
\??\c:\hthnhh.exec:\hthnhh.exe106⤵
-
\??\c:\7nhhnt.exec:\7nhhnt.exe107⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe108⤵
-
\??\c:\3djpj.exec:\3djpj.exe109⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe110⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe111⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe112⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe113⤵
-
\??\c:\rllrflx.exec:\rllrflx.exe114⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe115⤵
-
\??\c:\nhntth.exec:\nhntth.exe116⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe117⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe118⤵
-
\??\c:\pppjj.exec:\pppjj.exe119⤵
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe120⤵
-
\??\c:\xfrrllx.exec:\xfrrllx.exe121⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe122⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe123⤵
-
\??\c:\ththnt.exec:\ththnt.exe124⤵
-
\??\c:\djddv.exec:\djddv.exe125⤵
-
\??\c:\1jddp.exec:\1jddp.exe126⤵
-
\??\c:\lxlfllx.exec:\lxlfllx.exe127⤵
-
\??\c:\xlllxxr.exec:\xlllxxr.exe128⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe129⤵
-
\??\c:\1bbtbh.exec:\1bbtbh.exe130⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe131⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe132⤵
-
\??\c:\xrrlxff.exec:\xrrlxff.exe133⤵
-
\??\c:\xrllrfx.exec:\xrllrfx.exe134⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe135⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe136⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe137⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe138⤵
-
\??\c:\jdddv.exec:\jdddv.exe139⤵
-
\??\c:\9llxlfx.exec:\9llxlfx.exe140⤵
-
\??\c:\xfrlxrl.exec:\xfrlxrl.exe141⤵
-
\??\c:\xrxrfxr.exec:\xrxrfxr.exe142⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe143⤵
-
\??\c:\5tbtnh.exec:\5tbtnh.exe144⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe145⤵
-
\??\c:\dppjv.exec:\dppjv.exe146⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe147⤵
-
\??\c:\lxrfrrl.exec:\lxrfrrl.exe148⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe149⤵
-
\??\c:\xflxlfr.exec:\xflxlfr.exe150⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe151⤵
-
\??\c:\bbhhnb.exec:\bbhhnb.exe152⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe153⤵
-
\??\c:\jjddj.exec:\jjddj.exe154⤵
-
\??\c:\fllxlfx.exec:\fllxlfx.exe155⤵
-
\??\c:\fllxxrl.exec:\fllxxrl.exe156⤵
-
\??\c:\hhbnhb.exec:\hhbnhb.exe157⤵
-
\??\c:\hntntt.exec:\hntntt.exe158⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe159⤵
-
\??\c:\pddvp.exec:\pddvp.exe160⤵
-
\??\c:\ffxlxxr.exec:\ffxlxxr.exe161⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe162⤵
-
\??\c:\xlrlrrx.exec:\xlrlrrx.exe163⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe164⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe165⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe166⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe167⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe168⤵
-
\??\c:\3flfrxr.exec:\3flfrxr.exe169⤵
-
\??\c:\hhnhhb.exec:\hhnhhb.exe170⤵
-
\??\c:\7hbnhb.exec:\7hbnhb.exe171⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe172⤵
-
\??\c:\jddpd.exec:\jddpd.exe173⤵
-
\??\c:\pjppj.exec:\pjppj.exe174⤵
-
\??\c:\tnttht.exec:\tnttht.exe175⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe176⤵
-
\??\c:\djvjd.exec:\djvjd.exe177⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe178⤵
-
\??\c:\nnnbbt.exec:\nnnbbt.exe179⤵
-
\??\c:\nnhhtn.exec:\nnhhtn.exe180⤵
-
\??\c:\7jdpj.exec:\7jdpj.exe181⤵
-
\??\c:\jppvv.exec:\jppvv.exe182⤵
-
\??\c:\xllffxr.exec:\xllffxr.exe183⤵
-
\??\c:\llxrfxr.exec:\llxrfxr.exe184⤵
-
\??\c:\ffffxrl.exec:\ffffxrl.exe185⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe186⤵
-
\??\c:\7nnhtt.exec:\7nnhtt.exe187⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe188⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe189⤵
-
\??\c:\rrxxfrf.exec:\rrxxfrf.exe190⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe191⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe192⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe193⤵
-
\??\c:\rfxxlfx.exec:\rfxxlfx.exe194⤵
-
\??\c:\nhthbt.exec:\nhthbt.exe195⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe196⤵
-
\??\c:\tbthtn.exec:\tbthtn.exe197⤵
-
\??\c:\hnhbhh.exec:\hnhbhh.exe198⤵
-
\??\c:\ddppj.exec:\ddppj.exe199⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe200⤵
-
\??\c:\lxfxxrf.exec:\lxfxxrf.exe201⤵
-
\??\c:\rfrlfrx.exec:\rfrlfrx.exe202⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe203⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe204⤵
-
\??\c:\nhhbnt.exec:\nhhbnt.exe205⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe206⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe207⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe208⤵
-
\??\c:\lxfrxlr.exec:\lxfrxlr.exe209⤵
-
\??\c:\lxxxrll.exec:\lxxxrll.exe210⤵
-
\??\c:\thtnbn.exec:\thtnbn.exe211⤵
-
\??\c:\hnhthb.exec:\hnhthb.exe212⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe213⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe214⤵
-
\??\c:\1djvp.exec:\1djvp.exe215⤵
-
\??\c:\xlfffxf.exec:\xlfffxf.exe216⤵
-
\??\c:\hnhhbn.exec:\hnhhbn.exe217⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe218⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe219⤵
-
\??\c:\7vjdv.exec:\7vjdv.exe220⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe221⤵
-
\??\c:\jppdd.exec:\jppdd.exe222⤵
-
\??\c:\xxxlrfx.exec:\xxxlrfx.exe223⤵
-
\??\c:\xrlxrff.exec:\xrlxrff.exe224⤵
-
\??\c:\lfxfrlx.exec:\lfxfrlx.exe225⤵
-
\??\c:\httbtn.exec:\httbtn.exe226⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe227⤵
-
\??\c:\vjppj.exec:\vjppj.exe228⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe229⤵
-
\??\c:\flfxlff.exec:\flfxlff.exe230⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe231⤵
-
\??\c:\hhtnnh.exec:\hhtnnh.exe232⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe233⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe234⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe235⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe236⤵
-
\??\c:\xxxlrrf.exec:\xxxlrrf.exe237⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe238⤵
-
\??\c:\htttnt.exec:\htttnt.exe239⤵
-
\??\c:\nbbtbt.exec:\nbbtbt.exe240⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe241⤵