Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 20:50
General
-
Target
4d80bf26a8ae547018e5c490af88de90_NeikiAnalytics.exe
-
Size
64KB
-
MD5
4d80bf26a8ae547018e5c490af88de90
-
SHA1
f422ccb67549a6b09c231a9dd1976b155f769b29
-
SHA256
9434a81b9e30ac69a3a97272fb7951c58e1a327b833945a7711fccbf523fba7f
-
SHA512
a8b56f797ecb7885d21422dafbc184a7b3cde0841d25bb387e19163631d0a01585aa3f9919a64146b89cd96a36f9944c244644ce514827757ce8ed37c2443982
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+LuvdK:ymb3NkkiQ3mdBjF0yMlv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d80bf26a8ae547018e5c490af88de90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4d80bf26a8ae547018e5c490af88de90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlxfr.exec:\flxlxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjj.exec:\pjdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrll.exec:\fxfxrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdd.exec:\9jpdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxrxf.exec:\lrlxrxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllf.exec:\rlllllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnt.exec:\nhttnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjdv.exec:\9jjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtb.exec:\hbhhtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbtt.exec:\7bhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrfrx.exec:\xlfrfrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddv.exec:\dpddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjd.exec:\9pjjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbtnh.exec:\bhbtnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnhh.exec:\hthnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxl.exec:\fflfxxl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxxr.exec:\rrllxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\5djjd.exec:\5djjd.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxrxr.exec:\fxlxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\bbhtnn.exec:\bbhtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1vddv.exec:\1vddv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrfxlr.exec:\lfrfxlr.exe29⤵
- Executes dropped EXE
-
\??\c:\hnbtnb.exec:\hnbtnb.exe30⤵
- Executes dropped EXE
-
\??\c:\thhnhn.exec:\thhnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe32⤵
- Executes dropped EXE
-
\??\c:\lllfxxx.exec:\lllfxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlflrl.exec:\xrlflrl.exe36⤵
- Executes dropped EXE
-
\??\c:\7hnnbt.exec:\7hnnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe38⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe40⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe41⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe42⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\ffxrfxx.exec:\ffxrfxx.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxlxrf.exec:\fxxlxrf.exe45⤵
- Executes dropped EXE
-
\??\c:\bhbtbt.exec:\bhbtbt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvpvj.exec:\pvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xflfrrr.exec:\xflfrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\hhntnt.exec:\hhntnt.exe53⤵
- Executes dropped EXE
-
\??\c:\dddpp.exec:\dddpp.exe54⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xfxxffr.exec:\xfxxffr.exe56⤵
- Executes dropped EXE
-
\??\c:\3hbbhn.exec:\3hbbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe58⤵
- Executes dropped EXE
-
\??\c:\1jddp.exec:\1jddp.exe59⤵
- Executes dropped EXE
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe60⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe63⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe64⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe65⤵
- Executes dropped EXE
-
\??\c:\fflrfrf.exec:\fflrfrf.exe66⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe67⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe68⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe69⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe70⤵
-
\??\c:\rflxfrl.exec:\rflxfrl.exe71⤵
-
\??\c:\lflllll.exec:\lflllll.exe72⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe73⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe74⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe75⤵
-
\??\c:\9thnbh.exec:\9thnbh.exe76⤵
-
\??\c:\hbnbbn.exec:\hbnbbn.exe77⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe78⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe79⤵
-
\??\c:\fflfxrf.exec:\fflfxrf.exe80⤵
-
\??\c:\nththt.exec:\nththt.exe81⤵
-
\??\c:\nnntht.exec:\nnntht.exe82⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe83⤵
-
\??\c:\3ffxrxr.exec:\3ffxrxr.exe84⤵
-
\??\c:\lrxrlrr.exec:\lrxrlrr.exe85⤵
-
\??\c:\9hbhnb.exec:\9hbhnb.exe86⤵
-
\??\c:\bnthbh.exec:\bnthbh.exe87⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe88⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe89⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe90⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe91⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe92⤵
-
\??\c:\3pppv.exec:\3pppv.exe93⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe94⤵
-
\??\c:\rrflffr.exec:\rrflffr.exe95⤵
-
\??\c:\btbnnt.exec:\btbnnt.exe96⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe97⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe98⤵
-
\??\c:\xlxrlrl.exec:\xlxrlrl.exe99⤵
-
\??\c:\btnbht.exec:\btnbht.exe100⤵
-
\??\c:\btbhbb.exec:\btbhbb.exe101⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe102⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe103⤵
-
\??\c:\fxxllff.exec:\fxxllff.exe104⤵
-
\??\c:\xlfxxxl.exec:\xlfxxxl.exe105⤵
-
\??\c:\7tttnb.exec:\7tttnb.exe106⤵
-
\??\c:\vvddp.exec:\vvddp.exe107⤵
-
\??\c:\9jppp.exec:\9jppp.exe108⤵
-
\??\c:\frrfflf.exec:\frrfflf.exe109⤵
-
\??\c:\nthhbh.exec:\nthhbh.exe110⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe111⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe112⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe113⤵
-
\??\c:\9lfrxlf.exec:\9lfrxlf.exe114⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe115⤵
-
\??\c:\lfxflxl.exec:\lfxflxl.exe116⤵
-
\??\c:\btttnn.exec:\btttnn.exe117⤵
-
\??\c:\dvppp.exec:\dvppp.exe118⤵
-
\??\c:\rxrllll.exec:\rxrllll.exe119⤵
-
\??\c:\lxrlllf.exec:\lxrlllf.exe120⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe121⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe122⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe123⤵
-
\??\c:\rllxrxf.exec:\rllxrxf.exe124⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe125⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe126⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe127⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe128⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe129⤵
-
\??\c:\5hntnn.exec:\5hntnn.exe130⤵
-
\??\c:\9ttnnh.exec:\9ttnnh.exe131⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe132⤵
-
\??\c:\3llfffx.exec:\3llfffx.exe133⤵
-
\??\c:\rrxfxrx.exec:\rrxfxrx.exe134⤵
-
\??\c:\9thhbb.exec:\9thhbb.exe135⤵
-
\??\c:\thtbtb.exec:\thtbtb.exe136⤵
-
\??\c:\vdppp.exec:\vdppp.exe137⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe138⤵
-
\??\c:\ffrxlll.exec:\ffrxlll.exe139⤵
-
\??\c:\xrlfllr.exec:\xrlfllr.exe140⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe141⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe142⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe143⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe144⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe145⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe146⤵
-
\??\c:\bttttt.exec:\bttttt.exe147⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe148⤵
-
\??\c:\flfxlxf.exec:\flfxlxf.exe149⤵
-
\??\c:\htbhbh.exec:\htbhbh.exe150⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe151⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe152⤵
-
\??\c:\jvppp.exec:\jvppp.exe153⤵
-
\??\c:\xfxxxlx.exec:\xfxxxlx.exe154⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe155⤵
-
\??\c:\pddvj.exec:\pddvj.exe156⤵
-
\??\c:\djpjv.exec:\djpjv.exe157⤵
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe158⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe159⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe160⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe161⤵
-
\??\c:\5lxrxfl.exec:\5lxrxfl.exe162⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe163⤵
-
\??\c:\dppjd.exec:\dppjd.exe164⤵
-
\??\c:\lxfflrx.exec:\lxfflrx.exe165⤵
-
\??\c:\lxlffxf.exec:\lxlffxf.exe166⤵
-
\??\c:\5bhbhb.exec:\5bhbhb.exe167⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe168⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe169⤵
-
\??\c:\ttbbth.exec:\ttbbth.exe170⤵
-
\??\c:\lxlrfxr.exec:\lxlrfxr.exe171⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe172⤵
-
\??\c:\djpjj.exec:\djpjj.exe173⤵
-
\??\c:\ffrrlxf.exec:\ffrrlxf.exe174⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe175⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe176⤵
-
\??\c:\lfxlllf.exec:\lfxlllf.exe177⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe178⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe179⤵
-
\??\c:\flrrxxx.exec:\flrrxxx.exe180⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe181⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe182⤵
-
\??\c:\llflxlx.exec:\llflxlx.exe183⤵
-
\??\c:\hnthnb.exec:\hnthnb.exe184⤵
-
\??\c:\pjppv.exec:\pjppv.exe185⤵
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe186⤵
-
\??\c:\1hnnnn.exec:\1hnnnn.exe187⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe188⤵
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe189⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe190⤵
-
\??\c:\1tbnth.exec:\1tbnth.exe191⤵
-
\??\c:\vvppp.exec:\vvppp.exe192⤵
-
\??\c:\pppdp.exec:\pppdp.exe193⤵
-
\??\c:\lrxxflr.exec:\lrxxflr.exe194⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe195⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe196⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe197⤵
-
\??\c:\htthth.exec:\htthth.exe198⤵
-
\??\c:\3jppp.exec:\3jppp.exe199⤵
-
\??\c:\xxxrfrf.exec:\xxxrfrf.exe200⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe201⤵
-
\??\c:\tbnnhn.exec:\tbnnhn.exe202⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe203⤵
-
\??\c:\7fffxff.exec:\7fffxff.exe204⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe205⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe206⤵
-
\??\c:\fffxrxx.exec:\fffxrxx.exe207⤵
-
\??\c:\thntth.exec:\thntth.exe208⤵
-
\??\c:\ppppv.exec:\ppppv.exe209⤵
-
\??\c:\1rrlfxr.exec:\1rrlfxr.exe210⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe211⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe212⤵
-
\??\c:\vddpd.exec:\vddpd.exe213⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe214⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe215⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe216⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe217⤵
-
\??\c:\rrfflrf.exec:\rrfflrf.exe218⤵
-
\??\c:\5hnhtb.exec:\5hnhtb.exe219⤵
-
\??\c:\rfrlxff.exec:\rfrlxff.exe220⤵
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe221⤵
-
\??\c:\ttthtn.exec:\ttthtn.exe222⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe223⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe224⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe225⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe226⤵
-
\??\c:\rfrxfrr.exec:\rfrxfrr.exe227⤵
-
\??\c:\tbtbtn.exec:\tbtbtn.exe228⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe229⤵
-
\??\c:\hnbbbt.exec:\hnbbbt.exe230⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe231⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe232⤵
-
\??\c:\5dpjp.exec:\5dpjp.exe233⤵
-
\??\c:\lrxrrrf.exec:\lrxrrrf.exe234⤵
-
\??\c:\5bbnnn.exec:\5bbnnn.exe235⤵
-
\??\c:\jpddd.exec:\jpddd.exe236⤵
-
\??\c:\7lffflx.exec:\7lffflx.exe237⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe238⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe239⤵
-
\??\c:\djjdv.exec:\djjdv.exe240⤵
-
\??\c:\9pppp.exec:\9pppp.exe241⤵