Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 15:51
General
-
Target
e67a980b37def68e8f09f90157f1bba0_NeikiAnalytics.exe
-
Size
56KB
-
MD5
e67a980b37def68e8f09f90157f1bba0
-
SHA1
8d4af8b3b33790c3dbbbbc1cb33f20260e1e7345
-
SHA256
5e095d802b46afd333b3e5c042c9367448e0b3ae0ce596e180a6ec39a785f261
-
SHA512
4c0842fb6440c5eea8506e96bdbe9cfca65742f615a9d25d3d74e6687216afa0f718bebad40fa21c7e48282dec5d822bb71febd6f0361e063ad83949d2754ebf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVnJ:ymb3NkkiQ3mdBjF0crJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e67a980b37def68e8f09f90157f1bba0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e67a980b37def68e8f09f90157f1bba0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthh.exec:\thhthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjv.exec:\vjjjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxllf.exec:\xrfxllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfxr.exec:\flrlfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbn.exec:\bbthbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpd.exec:\1vvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntn.exec:\tnbntn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbnb.exec:\thnbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxffrl.exec:\llxffrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntb.exec:\hthntb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxrllf.exec:\7xxrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjp.exec:\jppjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfxrr.exec:\xlrfxrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbb.exec:\bnnhbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrlllf.exec:\fxrlllf.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe25⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe26⤵
- Executes dropped EXE
-
\??\c:\9jpjj.exec:\9jpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfrrll.exec:\lxfrrll.exe28⤵
- Executes dropped EXE
-
\??\c:\1xxxrxr.exec:\1xxxrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\7frlfxr.exec:\7frlfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\nhhhnh.exec:\nhhhnh.exe35⤵
- Executes dropped EXE
-
\??\c:\9hbtth.exec:\9hbtth.exe36⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnnnb.exec:\tbnnnb.exe39⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrlfxr.exec:\ffrlfxr.exe41⤵
- Executes dropped EXE
-
\??\c:\thhbhn.exec:\thhbhn.exe42⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe45⤵
- Executes dropped EXE
-
\??\c:\3lrlxrf.exec:\3lrlxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\7tbbtb.exec:\7tbbtb.exe47⤵
- Executes dropped EXE
-
\??\c:\ttbbtb.exec:\ttbbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\lfflfll.exec:\lfflfll.exe50⤵
- Executes dropped EXE
-
\??\c:\nthnnt.exec:\nthnnt.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddj.exec:\ddddj.exe52⤵
- Executes dropped EXE
-
\??\c:\flrrlxx.exec:\flrrlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxxlll.exec:\xxxxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrllll.exec:\fxrllll.exe58⤵
- Executes dropped EXE
-
\??\c:\thhnnh.exec:\thhnnh.exe59⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe60⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe61⤵
- Executes dropped EXE
-
\??\c:\rrllrxr.exec:\rrllrxr.exe62⤵
- Executes dropped EXE
-
\??\c:\bnbttb.exec:\bnbttb.exe63⤵
- Executes dropped EXE
-
\??\c:\nhthtt.exec:\nhthtt.exe64⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\7rlxflf.exec:\7rlxflf.exe66⤵
-
\??\c:\3bhnnn.exec:\3bhnnn.exe67⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe68⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe69⤵
-
\??\c:\ffrlxff.exec:\ffrlxff.exe70⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe71⤵
-
\??\c:\djddp.exec:\djddp.exe72⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe73⤵
-
\??\c:\frrrrxx.exec:\frrrrxx.exe74⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe75⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe76⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe77⤵
-
\??\c:\flllffx.exec:\flllffx.exe78⤵
-
\??\c:\hhhttt.exec:\hhhttt.exe79⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe80⤵
-
\??\c:\ppppp.exec:\ppppp.exe81⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe82⤵
-
\??\c:\fflrrff.exec:\fflrrff.exe83⤵
-
\??\c:\nnnnnt.exec:\nnnnnt.exe84⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe85⤵
-
\??\c:\llrlffr.exec:\llrlffr.exe86⤵
-
\??\c:\rrxflrr.exec:\rrxflrr.exe87⤵
-
\??\c:\5nnttt.exec:\5nnttt.exe88⤵
-
\??\c:\9jppj.exec:\9jppj.exe89⤵
-
\??\c:\dvddv.exec:\dvddv.exe90⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe91⤵
-
\??\c:\9hhbnn.exec:\9hhbnn.exe92⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe93⤵
-
\??\c:\djppp.exec:\djppp.exe94⤵
-
\??\c:\5xxxffr.exec:\5xxxffr.exe95⤵
-
\??\c:\lllllll.exec:\lllllll.exe96⤵
-
\??\c:\hntbth.exec:\hntbth.exe97⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe98⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe99⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe100⤵
-
\??\c:\bhtnbn.exec:\bhtnbn.exe101⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe102⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe103⤵
-
\??\c:\fxlfxff.exec:\fxlfxff.exe104⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe105⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe106⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe107⤵
-
\??\c:\bbnntn.exec:\bbnntn.exe108⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe109⤵
-
\??\c:\jpppv.exec:\jpppv.exe110⤵
-
\??\c:\llxxrxx.exec:\llxxrxx.exe111⤵
-
\??\c:\btnhhn.exec:\btnhhn.exe112⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe113⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe114⤵
-
\??\c:\1rfxlfx.exec:\1rfxlfx.exe115⤵
-
\??\c:\1hhhhn.exec:\1hhhhn.exe116⤵
-
\??\c:\1hnnhn.exec:\1hnnhn.exe117⤵
-
\??\c:\dpppj.exec:\dpppj.exe118⤵
-
\??\c:\3flrlll.exec:\3flrlll.exe119⤵
-
\??\c:\thtttn.exec:\thtttn.exe120⤵
-
\??\c:\3httbh.exec:\3httbh.exe121⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe122⤵
-
\??\c:\fflxxxl.exec:\fflxxxl.exe123⤵
-
\??\c:\bttttt.exec:\bttttt.exe124⤵
-
\??\c:\3bbbbb.exec:\3bbbbb.exe125⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe126⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe127⤵
-
\??\c:\fffflrr.exec:\fffflrr.exe128⤵
-
\??\c:\fxffrfl.exec:\fxffrfl.exe129⤵
-
\??\c:\lffffll.exec:\lffffll.exe130⤵
-
\??\c:\thhhhn.exec:\thhhhn.exe131⤵
-
\??\c:\jdddd.exec:\jdddd.exe132⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe133⤵
-
\??\c:\llllflf.exec:\llllflf.exe134⤵
-
\??\c:\7rffxlf.exec:\7rffxlf.exe135⤵
-
\??\c:\tnbbbn.exec:\tnbbbn.exe136⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe137⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe138⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe139⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe140⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe141⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe142⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe143⤵
-
\??\c:\7ntnhh.exec:\7ntnhh.exe144⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe145⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe146⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe147⤵
-
\??\c:\fflllll.exec:\fflllll.exe148⤵
-
\??\c:\rlxrrxf.exec:\rlxrrxf.exe149⤵
-
\??\c:\hbbhhb.exec:\hbbhhb.exe150⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe151⤵
-
\??\c:\djpjv.exec:\djpjv.exe152⤵
-
\??\c:\xrrxfrx.exec:\xrrxfrx.exe153⤵
-
\??\c:\xfllllr.exec:\xfllllr.exe154⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe155⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe156⤵
-
\??\c:\frxrffx.exec:\frxrffx.exe157⤵
-
\??\c:\fxflllf.exec:\fxflllf.exe158⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe159⤵
-
\??\c:\3ttnbb.exec:\3ttnbb.exe160⤵
-
\??\c:\djdjj.exec:\djdjj.exe161⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe162⤵
-
\??\c:\lrfxllf.exec:\lrfxllf.exe163⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe164⤵
-
\??\c:\rlllffl.exec:\rlllffl.exe165⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe166⤵
-
\??\c:\1nhtnn.exec:\1nhtnn.exe167⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe168⤵
-
\??\c:\lfxxrxr.exec:\lfxxrxr.exe169⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe170⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe171⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe172⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe173⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe174⤵
-
\??\c:\frxrffr.exec:\frxrffr.exe175⤵
-
\??\c:\rflxlxx.exec:\rflxlxx.exe176⤵
-
\??\c:\xlrrlrf.exec:\xlrrlrf.exe177⤵
-
\??\c:\htthbt.exec:\htthbt.exe178⤵
-
\??\c:\7bbhbb.exec:\7bbhbb.exe179⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe180⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe181⤵
-
\??\c:\flfxrrr.exec:\flfxrrr.exe182⤵
-
\??\c:\5llxrlf.exec:\5llxrlf.exe183⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe184⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe185⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe186⤵
-
\??\c:\rxfxrfx.exec:\rxfxrfx.exe187⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe188⤵
-
\??\c:\hntthh.exec:\hntthh.exe189⤵
-
\??\c:\flfxlfr.exec:\flfxlfr.exe190⤵
-
\??\c:\lxffxrl.exec:\lxffxrl.exe191⤵
-
\??\c:\tnhnth.exec:\tnhnth.exe192⤵
-
\??\c:\vddpj.exec:\vddpj.exe193⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe194⤵
-
\??\c:\fllrlll.exec:\fllrlll.exe195⤵
-
\??\c:\tbnbtt.exec:\tbnbtt.exe196⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe197⤵
-
\??\c:\xllxlxf.exec:\xllxlxf.exe198⤵
-
\??\c:\tnttbn.exec:\tnttbn.exe199⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe200⤵
-
\??\c:\rrxlxrl.exec:\rrxlxrl.exe201⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe202⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe203⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe204⤵
-
\??\c:\xrxxxrl.exec:\xrxxxrl.exe205⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe206⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe207⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe208⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe209⤵
-
\??\c:\fxxrllx.exec:\fxxrllx.exe210⤵
-
\??\c:\rfllllx.exec:\rfllllx.exe211⤵
-
\??\c:\9hbntn.exec:\9hbntn.exe212⤵
-
\??\c:\bbhnhb.exec:\bbhnhb.exe213⤵
-
\??\c:\pjddp.exec:\pjddp.exe214⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe215⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe216⤵
-
\??\c:\fllfxfx.exec:\fllfxfx.exe217⤵
-
\??\c:\7btnnn.exec:\7btnnn.exe218⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe219⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe220⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe221⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe222⤵
-
\??\c:\frxfxxl.exec:\frxfxxl.exe223⤵
-
\??\c:\lrrffxr.exec:\lrrffxr.exe224⤵
-
\??\c:\tnnbbn.exec:\tnnbbn.exe225⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe226⤵
-
\??\c:\9dpvp.exec:\9dpvp.exe227⤵
-
\??\c:\9jpjv.exec:\9jpjv.exe228⤵
-
\??\c:\xllrlfx.exec:\xllrlfx.exe229⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe230⤵
-
\??\c:\3ttbtn.exec:\3ttbtn.exe231⤵
-
\??\c:\nntbhn.exec:\nntbhn.exe232⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe233⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe234⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe235⤵
-
\??\c:\httnhh.exec:\httnhh.exe236⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe237⤵
-
\??\c:\7vvvj.exec:\7vvvj.exe238⤵
-
\??\c:\vpddv.exec:\vpddv.exe239⤵
-
\??\c:\vddpj.exec:\vddpj.exe240⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe241⤵