Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
18-05-2024 20:47
General
-
Target
4cc21ab451f8f8ba1862e95f3977c0e0_NeikiAnalytics.exe
-
Size
254KB
-
MD5
4cc21ab451f8f8ba1862e95f3977c0e0
-
SHA1
33da8a716a5756c789e17595065f20ee30b236b0
-
SHA256
1f04d652f7389508674478ae21ebbbec3edc2081d328903f1c1bbfcb9cba3c62
-
SHA512
602e42d43df03cf77a19a4bfe2209b91bd2310654196d22b4433d72411f1f8d667b4073c5236dee00dd5ca3b8266da379141ae705b8aaf5ffa23ad9ff0545714
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOaKHpolTjZXvEQo9dfrS:y4wFHoS3eFaKHpKT9XvEhdfrS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4cc21ab451f8f8ba1862e95f3977c0e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4cc21ab451f8f8ba1862e95f3977c0e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddp.exec:\ppddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrfl.exec:\llxrrfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtb.exec:\btthtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpp.exec:\pdjpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlrlrl.exec:\5xlrlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjp.exec:\djjjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhth.exec:\hbhhth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrlx.exec:\xrlfrlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrrr.exec:\fxflrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxlf.exec:\rrrrxlf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllrrl.exec:\xlllrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlfll.exec:\ffrlfll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppv.exec:\pvppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrlf.exec:\xrxfrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtn.exec:\btnhtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flfxxr.exec:\9flfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppd.exec:\1dppd.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlrrrr.exec:\xxlrrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe25⤵
- Executes dropped EXE
-
\??\c:\1vppd.exec:\1vppd.exe26⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\flxrrrr.exec:\flxrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbthb.exec:\hbbthb.exe30⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe31⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\rxrffrf.exec:\rxrffrf.exe34⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\rxrfxlx.exec:\rxrfxlx.exe37⤵
- Executes dropped EXE
-
\??\c:\bntnhn.exec:\bntnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjpj.exec:\vdjpj.exe39⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe40⤵
- Executes dropped EXE
-
\??\c:\1rxrlfx.exec:\1rxrlfx.exe41⤵
- Executes dropped EXE
-
\??\c:\hnnnhb.exec:\hnnnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\flfrllx.exec:\flfrllx.exe43⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe44⤵
- Executes dropped EXE
-
\??\c:\3bhbbb.exec:\3bhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe46⤵
- Executes dropped EXE
-
\??\c:\lflrrlr.exec:\lflrrlr.exe47⤵
- Executes dropped EXE
-
\??\c:\bhhhtt.exec:\bhhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe51⤵
- Executes dropped EXE
-
\??\c:\3pddd.exec:\3pddd.exe52⤵
- Executes dropped EXE
-
\??\c:\flrxrxx.exec:\flrxrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\lfllffx.exec:\lfllffx.exe57⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\5llrlfx.exec:\5llrlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\bhthhh.exec:\bhthhh.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe62⤵
- Executes dropped EXE
-
\??\c:\lxffxrf.exec:\lxffxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\3rllxxl.exec:\3rllxxl.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe66⤵
-
\??\c:\flxrxrf.exec:\flxrxrf.exe67⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe68⤵
-
\??\c:\rxffrxr.exec:\rxffrxr.exe69⤵
-
\??\c:\btbnht.exec:\btbnht.exe70⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe71⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe72⤵
-
\??\c:\xrrllxr.exec:\xrrllxr.exe73⤵
-
\??\c:\7nbbtt.exec:\7nbbtt.exe74⤵
-
\??\c:\pddjj.exec:\pddjj.exe75⤵
-
\??\c:\pjddp.exec:\pjddp.exe76⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe77⤵
-
\??\c:\frxrxlr.exec:\frxrxlr.exe78⤵
-
\??\c:\3ntthb.exec:\3ntthb.exe79⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe80⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe81⤵
-
\??\c:\frlrlrx.exec:\frlrlrx.exe82⤵
-
\??\c:\tthbnn.exec:\tthbnn.exe83⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe84⤵
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe85⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe86⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe87⤵
-
\??\c:\9xxxxff.exec:\9xxxxff.exe88⤵
-
\??\c:\hntbbt.exec:\hntbbt.exe89⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe90⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe91⤵
-
\??\c:\lxrlflx.exec:\lxrlflx.exe92⤵
-
\??\c:\fxlllxr.exec:\fxlllxr.exe93⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe94⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe95⤵
-
\??\c:\rlxxfrr.exec:\rlxxfrr.exe96⤵
-
\??\c:\rrrrfrl.exec:\rrrrfrl.exe97⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe98⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe99⤵
-
\??\c:\5fxxxxx.exec:\5fxxxxx.exe100⤵
-
\??\c:\3fffrlf.exec:\3fffrlf.exe101⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe102⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe103⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe104⤵
-
\??\c:\xxrrfll.exec:\xxrrfll.exe105⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe106⤵
-
\??\c:\pddpv.exec:\pddpv.exe107⤵
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe108⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe109⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe110⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe111⤵
-
\??\c:\3frrlfr.exec:\3frrlfr.exe112⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe113⤵
-
\??\c:\tnbnbt.exec:\tnbnbt.exe114⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe115⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe116⤵
-
\??\c:\rlffrlf.exec:\rlffrlf.exe117⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe118⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe119⤵
-
\??\c:\9rxrffx.exec:\9rxrffx.exe120⤵
-
\??\c:\llxxrrl.exec:\llxxrrl.exe121⤵
-
\??\c:\bnhbnn.exec:\bnhbnn.exe122⤵
-
\??\c:\thtnnt.exec:\thtnnt.exe123⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe124⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe125⤵
-
\??\c:\rrfrrlf.exec:\rrfrrlf.exe126⤵
-
\??\c:\9bhbtn.exec:\9bhbtn.exe127⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe128⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe129⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe130⤵
-
\??\c:\nthbbh.exec:\nthbbh.exe131⤵
-
\??\c:\nbbhht.exec:\nbbhht.exe132⤵
-
\??\c:\rflxrxx.exec:\rflxrxx.exe133⤵
-
\??\c:\1nhhbb.exec:\1nhhbb.exe134⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe135⤵
-
\??\c:\djpdd.exec:\djpdd.exe136⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe137⤵
-
\??\c:\xrrrrfl.exec:\xrrrrfl.exe138⤵
-
\??\c:\7nhbbb.exec:\7nhbbb.exe139⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe140⤵
-
\??\c:\fflfxfr.exec:\fflfxfr.exe141⤵
-
\??\c:\lfllxxr.exec:\lfllxxr.exe142⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe143⤵
-
\??\c:\djvpj.exec:\djvpj.exe144⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe145⤵
-
\??\c:\frrfxlf.exec:\frrfxlf.exe146⤵
-
\??\c:\llffrlx.exec:\llffrlx.exe147⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe148⤵
-
\??\c:\9bhtnn.exec:\9bhtnn.exe149⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe150⤵
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe151⤵
-
\??\c:\rfrrlxr.exec:\rfrrlxr.exe152⤵
-
\??\c:\bhbnhn.exec:\bhbnhn.exe153⤵
-
\??\c:\jdddd.exec:\jdddd.exe154⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe155⤵
-
\??\c:\rrxflrr.exec:\rrxflrr.exe156⤵
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe157⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe158⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe159⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe160⤵
-
\??\c:\5rlxlxx.exec:\5rlxlxx.exe161⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe162⤵
-
\??\c:\9nbbtt.exec:\9nbbtt.exe163⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe164⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe165⤵
-
\??\c:\xlxflxf.exec:\xlxflxf.exe166⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe167⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe168⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe169⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe170⤵
-
\??\c:\frxlrfr.exec:\frxlrfr.exe171⤵
-
\??\c:\bnnhhn.exec:\bnnhhn.exe172⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe173⤵
-
\??\c:\3xfxffr.exec:\3xfxffr.exe174⤵
-
\??\c:\9bnhnn.exec:\9bnhnn.exe175⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe176⤵
-
\??\c:\pvppj.exec:\pvppj.exe177⤵
-
\??\c:\flxfxrl.exec:\flxfxrl.exe178⤵
-
\??\c:\llxlflf.exec:\llxlflf.exe179⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe180⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe181⤵
-
\??\c:\rlxxxff.exec:\rlxxxff.exe182⤵
-
\??\c:\ffxxxff.exec:\ffxxxff.exe183⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe184⤵
-
\??\c:\ddppp.exec:\ddppp.exe185⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe186⤵
-
\??\c:\5rxxrrr.exec:\5rxxrrr.exe187⤵
-
\??\c:\9thhbb.exec:\9thhbb.exe188⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe189⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe190⤵
-
\??\c:\9xfxrrr.exec:\9xfxrrr.exe191⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe192⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe193⤵
-
\??\c:\jddvj.exec:\jddvj.exe194⤵
-
\??\c:\xlxfxlx.exec:\xlxfxlx.exe195⤵
-
\??\c:\nbnnhb.exec:\nbnnhb.exe196⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe197⤵
-
\??\c:\xlrlllx.exec:\xlrlllx.exe198⤵
-
\??\c:\rrxlxxl.exec:\rrxlxxl.exe199⤵
-
\??\c:\bthttn.exec:\bthttn.exe200⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe201⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe202⤵
-
\??\c:\xlrxflx.exec:\xlrxflx.exe203⤵
-
\??\c:\5hntbn.exec:\5hntbn.exe204⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe205⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe206⤵
-
\??\c:\rxlxrlf.exec:\rxlxrlf.exe207⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe208⤵
-
\??\c:\3hhbtt.exec:\3hhbtt.exe209⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe210⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe211⤵
-
\??\c:\lrxrfrr.exec:\lrxrfrr.exe212⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe213⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe214⤵
-
\??\c:\jppvv.exec:\jppvv.exe215⤵
-
\??\c:\frfxxlf.exec:\frfxxlf.exe216⤵
-
\??\c:\ntnttb.exec:\ntnttb.exe217⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe218⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe219⤵
-
\??\c:\lllflxr.exec:\lllflxr.exe220⤵
-
\??\c:\7nnhbh.exec:\7nnhbh.exe221⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe222⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe223⤵
-
\??\c:\llrxllf.exec:\llrxllf.exe224⤵
-
\??\c:\5thbhn.exec:\5thbhn.exe225⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe226⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe227⤵
-
\??\c:\dpddd.exec:\dpddd.exe228⤵
-
\??\c:\ffrfrrl.exec:\ffrfrrl.exe229⤵
-
\??\c:\nbbthn.exec:\nbbthn.exe230⤵
-
\??\c:\1bhbnn.exec:\1bhbnn.exe231⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe232⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe233⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe234⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe235⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe236⤵
-
\??\c:\fllrxxf.exec:\fllrxxf.exe237⤵
-
\??\c:\fxllrlr.exec:\fxllrlr.exe238⤵
-
\??\c:\tbhttt.exec:\tbhttt.exe239⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe240⤵
-
\??\c:\jppdd.exec:\jppdd.exe241⤵