Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
18-05-2024 17:58
General
-
Target
2355242f54cb037e6f0b0b98238fb630_NeikiAnalytics.exe
-
Size
70KB
-
MD5
2355242f54cb037e6f0b0b98238fb630
-
SHA1
f1fdb0389c3feeb0015119a20261213b666bdc51
-
SHA256
8e56cc5658c169ecfaf9bd60e2989b127c6c35bc37fabc8589c869233e4ebb15
-
SHA512
ece1495beba30393a7946371fd8a8aa8cac7b887f3ad1df0a279d0ef19326ccc16cafdfa6c8e845493508fbde013f3e96d8f621ee92bea782de22732b9e610b7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSO:ymb3NkkiQ3mdBjFIynIKO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2355242f54cb037e6f0b0b98238fb630_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2355242f54cb037e6f0b0b98238fb630_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrfxl.exec:\xffrfxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxrfr.exec:\xxxxrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntht.exec:\tnntht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdv.exec:\jppdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxfx.exec:\rlllxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthb.exec:\hbnthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddv.exec:\djddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xffllx.exec:\7xffllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thtbn.exec:\3thtbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxflrf.exec:\5lxflrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhbh.exec:\9hhhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxxxx.exec:\5ffxxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllll.exec:\xlrllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttt.exec:\nhtttt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllfll.exec:\frllfll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflxff.exec:\lfflxff.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbthh.exec:\bbbthh.exe24⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\fxxxxll.exec:\fxxxxll.exe28⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe29⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjpj.exec:\vpjpj.exe34⤵
- Executes dropped EXE
-
\??\c:\xrflxrl.exec:\xrflxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\tnhbbh.exec:\tnhbbh.exe36⤵
- Executes dropped EXE
-
\??\c:\5hhbnh.exec:\5hhbnh.exe37⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\flllrlr.exec:\flllrlr.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe41⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe42⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxlrrf.exec:\xfxlrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\9fxrlfx.exec:\9fxrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\7bbttn.exec:\7bbttn.exe47⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe49⤵
- Executes dropped EXE
-
\??\c:\rxfxfxx.exec:\rxfxfxx.exe50⤵
- Executes dropped EXE
-
\??\c:\5tnnhb.exec:\5tnnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe52⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlfllr.exec:\xrlfllr.exe54⤵
- Executes dropped EXE
-
\??\c:\1rlxrlf.exec:\1rlxrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe56⤵
- Executes dropped EXE
-
\??\c:\9bhttn.exec:\9bhttn.exe57⤵
- Executes dropped EXE
-
\??\c:\rxfrxrr.exec:\rxfrxrr.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe60⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\xffrlff.exec:\xffrlff.exe62⤵
- Executes dropped EXE
-
\??\c:\flfxxrl.exec:\flfxxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\3tbbbh.exec:\3tbbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe66⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe67⤵
-
\??\c:\flxlfxl.exec:\flxlfxl.exe68⤵
-
\??\c:\nbhbtb.exec:\nbhbtb.exe69⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe70⤵
-
\??\c:\lllxfxf.exec:\lllxfxf.exe71⤵
-
\??\c:\thbtbh.exec:\thbtbh.exe72⤵
-
\??\c:\3nnnbb.exec:\3nnnbb.exe73⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe74⤵
-
\??\c:\xllfxrl.exec:\xllfxrl.exe75⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe76⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe77⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe78⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe79⤵
-
\??\c:\rllfrlx.exec:\rllfrlx.exe80⤵
-
\??\c:\lrrllfx.exec:\lrrllfx.exe81⤵
-
\??\c:\tbhbhb.exec:\tbhbhb.exe82⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe83⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe84⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe85⤵
-
\??\c:\lfrllrf.exec:\lfrllrf.exe86⤵
-
\??\c:\1lllllf.exec:\1lllllf.exe87⤵
-
\??\c:\hbhhtn.exec:\hbhhtn.exe88⤵
-
\??\c:\3tbthb.exec:\3tbthb.exe89⤵
-
\??\c:\vppvp.exec:\vppvp.exe90⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe91⤵
-
\??\c:\flfxrlf.exec:\flfxrlf.exe92⤵
-
\??\c:\3rrfrrf.exec:\3rrfrrf.exe93⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe94⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe95⤵
-
\??\c:\9jvpd.exec:\9jvpd.exe96⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe97⤵
-
\??\c:\1rxffxf.exec:\1rxffxf.exe98⤵
-
\??\c:\9lxrfxl.exec:\9lxrfxl.exe99⤵
-
\??\c:\httthh.exec:\httthh.exe100⤵
-
\??\c:\3bhhbn.exec:\3bhhbn.exe101⤵
-
\??\c:\djdjp.exec:\djdjp.exe102⤵
-
\??\c:\djjvv.exec:\djjvv.exe103⤵
-
\??\c:\5xxrrrl.exec:\5xxrrrl.exe104⤵
-
\??\c:\xllxlfr.exec:\xllxlfr.exe105⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe106⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe107⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe108⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe109⤵
-
\??\c:\lrrxlfr.exec:\lrrxlfr.exe110⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe111⤵
-
\??\c:\nbhhtt.exec:\nbhhtt.exe112⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe113⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe114⤵
-
\??\c:\9ddpj.exec:\9ddpj.exe115⤵
-
\??\c:\9llfxxr.exec:\9llfxxr.exe116⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe117⤵
-
\??\c:\3thbtn.exec:\3thbtn.exe118⤵
-
\??\c:\7ttbnh.exec:\7ttbnh.exe119⤵
-
\??\c:\ppppd.exec:\ppppd.exe120⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe121⤵
-
\??\c:\5rxrlfx.exec:\5rxrlfx.exe122⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe123⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe124⤵
-
\??\c:\9thbnn.exec:\9thbnn.exe125⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe126⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe127⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe128⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe129⤵
-
\??\c:\jppjv.exec:\jppjv.exe130⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe131⤵
-
\??\c:\lxlrxff.exec:\lxlrxff.exe132⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe133⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe134⤵
-
\??\c:\3bttbb.exec:\3bttbb.exe135⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe136⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe137⤵
-
\??\c:\fxlfrxr.exec:\fxlfrxr.exe138⤵
-
\??\c:\rffrllx.exec:\rffrllx.exe139⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe140⤵
-
\??\c:\thbthb.exec:\thbthb.exe141⤵
-
\??\c:\htbnnh.exec:\htbnnh.exe142⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe143⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe144⤵
-
\??\c:\xffxlrl.exec:\xffxlrl.exe145⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe146⤵
-
\??\c:\hhnhnt.exec:\hhnhnt.exe147⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe148⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe149⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe150⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe151⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe152⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe153⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe154⤵
-
\??\c:\xlfrlrr.exec:\xlfrlrr.exe155⤵
-
\??\c:\hnbbnn.exec:\hnbbnn.exe156⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe157⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe158⤵
-
\??\c:\xrfllll.exec:\xrfllll.exe159⤵
-
\??\c:\btthtt.exec:\btthtt.exe160⤵
-
\??\c:\1nthnn.exec:\1nthnn.exe161⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe162⤵
-
\??\c:\djdpj.exec:\djdpj.exe163⤵
-
\??\c:\fflrfxl.exec:\fflrfxl.exe164⤵
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe165⤵
-
\??\c:\bhhnbb.exec:\bhhnbb.exe166⤵
-
\??\c:\ttthhn.exec:\ttthhn.exe167⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe168⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe169⤵
-
\??\c:\9ffxrlf.exec:\9ffxrlf.exe170⤵
-
\??\c:\tbhttt.exec:\tbhttt.exe171⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe172⤵
-
\??\c:\3jjdj.exec:\3jjdj.exe173⤵
-
\??\c:\dppjd.exec:\dppjd.exe174⤵
-
\??\c:\lllfllf.exec:\lllfllf.exe175⤵
-
\??\c:\rflflfl.exec:\rflflfl.exe176⤵
-
\??\c:\nnnhhb.exec:\nnnhhb.exe177⤵
-
\??\c:\tbnhth.exec:\tbnhth.exe178⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe179⤵
-
\??\c:\1vjdv.exec:\1vjdv.exe180⤵
-
\??\c:\rffxlfx.exec:\rffxlfx.exe181⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe182⤵
-
\??\c:\nhnnhb.exec:\nhnnhb.exe183⤵
-
\??\c:\tnnhnn.exec:\tnnhnn.exe184⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe185⤵
-
\??\c:\pddjd.exec:\pddjd.exe186⤵
-
\??\c:\xrxlxxr.exec:\xrxlxxr.exe187⤵
-
\??\c:\flfxrfx.exec:\flfxrfx.exe188⤵
-
\??\c:\htbthb.exec:\htbthb.exe189⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe190⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe191⤵
-
\??\c:\xxfflrf.exec:\xxfflrf.exe192⤵
-
\??\c:\1rrrrlf.exec:\1rrrrlf.exe193⤵
-
\??\c:\1thbtb.exec:\1thbtb.exe194⤵
-
\??\c:\7bbthb.exec:\7bbthb.exe195⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe196⤵
-
\??\c:\5ppdp.exec:\5ppdp.exe197⤵
-
\??\c:\rxxlxrr.exec:\rxxlxrr.exe198⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe199⤵
-
\??\c:\7hhbtn.exec:\7hhbtn.exe200⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe201⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe202⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe203⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe204⤵
-
\??\c:\xfflfxf.exec:\xfflfxf.exe205⤵
-
\??\c:\3bhbtb.exec:\3bhbtb.exe206⤵
-
\??\c:\ttbbbn.exec:\ttbbbn.exe207⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe208⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe209⤵
-
\??\c:\fxrfrrr.exec:\fxrfrrr.exe210⤵
-
\??\c:\9lrrxrf.exec:\9lrrxrf.exe211⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe212⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe213⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe214⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe215⤵
-
\??\c:\flrlflf.exec:\flrlflf.exe216⤵
-
\??\c:\7rrlxrx.exec:\7rrlxrx.exe217⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe218⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe219⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe220⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe221⤵
-
\??\c:\7ppjp.exec:\7ppjp.exe222⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe223⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe224⤵
-
\??\c:\3tnnbb.exec:\3tnnbb.exe225⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe226⤵
-
\??\c:\jjddv.exec:\jjddv.exe227⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe228⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe229⤵
-
\??\c:\ntbntt.exec:\ntbntt.exe230⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe231⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe232⤵
-
\??\c:\rrffxlr.exec:\rrffxlr.exe233⤵
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe234⤵
-
\??\c:\3btnhb.exec:\3btnhb.exe235⤵
-
\??\c:\5htnbh.exec:\5htnbh.exe236⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe237⤵
-
\??\c:\xllfxrx.exec:\xllfxrx.exe238⤵
-
\??\c:\3hnhhh.exec:\3hnhhh.exe239⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe240⤵
-
\??\c:\fflxrrl.exec:\fflxrrl.exe241⤵