Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 17:16
General
-
Target
194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe
-
Size
244KB
-
MD5
194b2a684f3f440fcb70ebb8db52ca40
-
SHA1
09b152d2400d251b64e87b468e4d4bcfe7412a54
-
SHA256
bd9dc7b03ffe1e75895f5e7c8d345a9834f3daa8a87f5d0043b7cd0008afa03b
-
SHA512
8343b3c0285fb49467dccc2dc43e0fce13a1b0f3453cb6b295f736761634354e285fe32d7f624c178448754643fd055a09600fae5bad5918300ab40ce2cbee15
-
SSDEEP
6144:n3C9BRo/AIX27NHWpU00VIxas1oa3YiFR2:n3C9uD6AUDCa4NYmR2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\194b2a684f3f440fcb70ebb8db52ca40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdd.exec:\pdpdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbhh.exec:\nbbbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttnhh.exec:\9ttnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthh.exec:\thtthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbhh.exec:\ntbbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrll.exec:\xrrrrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhbb.exec:\hbhhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfflf.exec:\rlxfflf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrxrrl.exec:\3lrxrrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bntnt.exec:\3bntnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbnn.exec:\9nhbnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpj.exec:\9jvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjd.exec:\dpdjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\bhhbhh.exec:\bhhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\bnhbbh.exec:\bnhbbh.exe27⤵
- Executes dropped EXE
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\3dvpd.exec:\3dvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe31⤵
- Executes dropped EXE
-
\??\c:\7xllflf.exec:\7xllflf.exe32⤵
- Executes dropped EXE
-
\??\c:\9xfxxff.exec:\9xfxxff.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xxffxxl.exec:\xxffxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbtnt.exec:\hbbtnt.exe37⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\lxffxxr.exec:\lxffxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\xrllrxf.exec:\xrllrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\5dpdv.exec:\5dpdv.exe42⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\rllxxrl.exec:\rllxxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nbbbbt.exec:\nbbbbt.exe45⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\9lxfrll.exec:\9lxfrll.exe47⤵
- Executes dropped EXE
-
\??\c:\fffflll.exec:\fffflll.exe48⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlfxll.exec:\xxlfxll.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxxxxr.exec:\ffxxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrrxfl.exec:\rrrrxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\nnbbnh.exec:\nnbbnh.exe57⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\rflfllf.exec:\rflfllf.exe59⤵
- Executes dropped EXE
-
\??\c:\3nhbtb.exec:\3nhbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\lfrrxxr.exec:\lfrrxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9jvvp.exec:\9jvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\7xlffll.exec:\7xlffll.exe66⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe67⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe68⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe69⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe70⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe71⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe72⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe73⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe74⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe75⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe76⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe77⤵
-
\??\c:\hhtnht.exec:\hhtnht.exe78⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe79⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe80⤵
-
\??\c:\9llfffx.exec:\9llfffx.exe81⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe82⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe83⤵
-
\??\c:\jddvv.exec:\jddvv.exe84⤵
-
\??\c:\9flfxxx.exec:\9flfxxx.exe85⤵
-
\??\c:\rrfffff.exec:\rrfffff.exe86⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe87⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe88⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe89⤵
-
\??\c:\5frlxfx.exec:\5frlxfx.exe90⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe91⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe92⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe93⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe94⤵
-
\??\c:\xxxrfxx.exec:\xxxrfxx.exe95⤵
-
\??\c:\fxfxlll.exec:\fxfxlll.exe96⤵
-
\??\c:\3bbnbt.exec:\3bbnbt.exe97⤵
-
\??\c:\xrrfrfl.exec:\xrrfrfl.exe98⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe99⤵
-
\??\c:\vvppp.exec:\vvppp.exe100⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe101⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe102⤵
-
\??\c:\9ttnnn.exec:\9ttnnn.exe103⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe104⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe105⤵
-
\??\c:\3xrxrxf.exec:\3xrxrxf.exe106⤵
-
\??\c:\fflffll.exec:\fflffll.exe107⤵
-
\??\c:\3hnntb.exec:\3hnntb.exe108⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe109⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe110⤵
-
\??\c:\rxrlfff.exec:\rxrlfff.exe111⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe112⤵
-
\??\c:\tntttt.exec:\tntttt.exe113⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe114⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe115⤵
-
\??\c:\ffflrfx.exec:\ffflrfx.exe116⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe117⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe118⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe119⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe120⤵
-
\??\c:\xrrllff.exec:\xrrllff.exe121⤵
-
\??\c:\bhhbbt.exec:\bhhbbt.exe122⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe123⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe124⤵
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe125⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe126⤵
-
\??\c:\bhtnht.exec:\bhtnht.exe127⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe128⤵
-
\??\c:\llfffff.exec:\llfffff.exe129⤵
-
\??\c:\bnnbhb.exec:\bnnbhb.exe130⤵
-
\??\c:\9dddv.exec:\9dddv.exe131⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe132⤵
-
\??\c:\ffxlllf.exec:\ffxlllf.exe133⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe134⤵
-
\??\c:\jddvd.exec:\jddvd.exe135⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe136⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe137⤵
-
\??\c:\9lrlffx.exec:\9lrlffx.exe138⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe139⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe140⤵
-
\??\c:\lffxrlx.exec:\lffxrlx.exe141⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe142⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe143⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe144⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe145⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe146⤵
-
\??\c:\5lfxxrl.exec:\5lfxxrl.exe147⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe148⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe149⤵
-
\??\c:\5jjdj.exec:\5jjdj.exe150⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe151⤵
-
\??\c:\xlxxrlf.exec:\xlxxrlf.exe152⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe153⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe154⤵
-
\??\c:\1vddp.exec:\1vddp.exe155⤵
-
\??\c:\7ffrlfl.exec:\7ffrlfl.exe156⤵
-
\??\c:\hntbtn.exec:\hntbtn.exe157⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe158⤵
-
\??\c:\1jppj.exec:\1jppj.exe159⤵
-
\??\c:\5jjpj.exec:\5jjpj.exe160⤵
-
\??\c:\frxxxlf.exec:\frxxxlf.exe161⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe162⤵
-
\??\c:\pjddv.exec:\pjddv.exe163⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe164⤵
-
\??\c:\ffrrrxr.exec:\ffrrrxr.exe165⤵
-
\??\c:\llrrxxf.exec:\llrrxxf.exe166⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe167⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe168⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe169⤵
-
\??\c:\lfflfrr.exec:\lfflfrr.exe170⤵
-
\??\c:\lfllfxx.exec:\lfllfxx.exe171⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe172⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe173⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe174⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe175⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe176⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe177⤵
-
\??\c:\tbnhhb.exec:\tbnhhb.exe178⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe179⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe180⤵
-
\??\c:\xrxxffl.exec:\xrxxffl.exe181⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe182⤵
-
\??\c:\3vppj.exec:\3vppj.exe183⤵
-
\??\c:\pppjd.exec:\pppjd.exe184⤵
-
\??\c:\rrxrllr.exec:\rrxrllr.exe185⤵
-
\??\c:\hbhtnb.exec:\hbhtnb.exe186⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe187⤵
-
\??\c:\jddpj.exec:\jddpj.exe188⤵
-
\??\c:\fxllfxf.exec:\fxllfxf.exe189⤵
-
\??\c:\9rrlflf.exec:\9rrlflf.exe190⤵
-
\??\c:\9hnhbt.exec:\9hnhbt.exe191⤵
-
\??\c:\vpddj.exec:\vpddj.exe192⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe193⤵
-
\??\c:\flxrrxx.exec:\flxrrxx.exe194⤵
-
\??\c:\ffllllf.exec:\ffllllf.exe195⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe196⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe197⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe198⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe199⤵
-
\??\c:\fflllff.exec:\fflllff.exe200⤵
-
\??\c:\bnhttn.exec:\bnhttn.exe201⤵
-
\??\c:\3bnbhb.exec:\3bnbhb.exe202⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe203⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe204⤵
-
\??\c:\ffrffxx.exec:\ffrffxx.exe205⤵
-
\??\c:\bbnhbt.exec:\bbnhbt.exe206⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe207⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe208⤵
-
\??\c:\lllfflf.exec:\lllfflf.exe209⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe210⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe211⤵
-
\??\c:\vdppp.exec:\vdppp.exe212⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe213⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe214⤵
-
\??\c:\5bnhtt.exec:\5bnhtt.exe215⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe216⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe217⤵
-
\??\c:\hbnbth.exec:\hbnbth.exe218⤵
-
\??\c:\5btnnn.exec:\5btnnn.exe219⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe220⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe221⤵
-
\??\c:\nnbnht.exec:\nnbnht.exe222⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe223⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe224⤵
-
\??\c:\3fxxrrr.exec:\3fxxrrr.exe225⤵
-
\??\c:\1hhbbb.exec:\1hhbbb.exe226⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe227⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe228⤵
-
\??\c:\fllrrrx.exec:\fllrrrx.exe229⤵
-
\??\c:\rlrfrlx.exec:\rlrfrlx.exe230⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe231⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe232⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe233⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe234⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe235⤵
-
\??\c:\5tbntb.exec:\5tbntb.exe236⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe237⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe238⤵
-
\??\c:\llxxxxf.exec:\llxxxxf.exe239⤵
-
\??\c:\llrrlrl.exec:\llrrlrl.exe240⤵
-
\??\c:\nntttt.exec:\nntttt.exe241⤵