Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 20:50
General
-
Target
4d88a72974b14e91ddc32395ac2d1aa0_NeikiAnalytics.exe
-
Size
95KB
-
MD5
4d88a72974b14e91ddc32395ac2d1aa0
-
SHA1
20de311c0c078372f1e1dcc81e4f57f06a0385bc
-
SHA256
fa01885804d6bec09be3d4102951ef487b6fdfe83a1a166c0dc2bc6d2956ba0c
-
SHA512
d98bff9325391cf3369a5992a4e5805a8f91211fb396ac958a2cd46d4b649e2094256a07e9659662ca2817592ed0a7adb1b593403f3cee8a77bb94dd2cb1ecf0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQk:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0k
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d88a72974b14e91ddc32395ac2d1aa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4d88a72974b14e91ddc32395ac2d1aa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjj.exec:\vjvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrrrr.exec:\xxfrrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllxxf.exec:\1fllxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjd.exec:\1vvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllrrl.exec:\xlllrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvv.exec:\ddvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfxll.exec:\rrxfxll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhtt.exec:\htnhtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllllrr.exec:\rllllrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpj.exec:\ddvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxrr.exec:\llxxxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbt.exec:\nhbbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjp.exec:\dpjjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllll.exec:\lflllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrrl.exec:\fxffrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpp.exec:\7dvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxrrx.exec:\frfxrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\htbbbh.exec:\htbbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfxrxx.exec:\xrfxrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhhhb.exec:\nhhhhb.exe30⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe31⤵
- Executes dropped EXE
-
\??\c:\5xxxxfx.exec:\5xxxxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\rflrfxr.exec:\rflrfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhhnh.exec:\hbhhnh.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\1lrlrrx.exec:\1lrlrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe38⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe39⤵
- Executes dropped EXE
-
\??\c:\llllrrr.exec:\llllrrr.exe40⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe41⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe43⤵
- Executes dropped EXE
-
\??\c:\lflllrl.exec:\lflllrl.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbhnh.exec:\ntbhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\7vvvd.exec:\7vvvd.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\flfrxrl.exec:\flfrxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe49⤵
- Executes dropped EXE
-
\??\c:\tbnthh.exec:\tbnthh.exe50⤵
- Executes dropped EXE
-
\??\c:\frxfxff.exec:\frxfxff.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlxrfx.exec:\xxlxrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe54⤵
- Executes dropped EXE
-
\??\c:\5flrlrl.exec:\5flrlrl.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxrxxx.exec:\rrxrxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe57⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe58⤵
- Executes dropped EXE
-
\??\c:\5lrrfll.exec:\5lrrfll.exe59⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe62⤵
- Executes dropped EXE
-
\??\c:\7lrfrrr.exec:\7lrfrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\fllrrff.exec:\fllrrff.exe64⤵
- Executes dropped EXE
-
\??\c:\5hnhbt.exec:\5hnhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\hbhntn.exec:\hbhntn.exe66⤵
-
\??\c:\9dddv.exec:\9dddv.exe67⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe68⤵
-
\??\c:\xrrrrlx.exec:\xrrrrlx.exe69⤵
-
\??\c:\3tnnht.exec:\3tnnht.exe70⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe71⤵
-
\??\c:\vppvv.exec:\vppvv.exe72⤵
-
\??\c:\vppvj.exec:\vppvj.exe73⤵
-
\??\c:\fffllxr.exec:\fffllxr.exe74⤵
-
\??\c:\lxlrlrr.exec:\lxlrlrr.exe75⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe76⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe77⤵
-
\??\c:\rxxrffl.exec:\rxxrffl.exe78⤵
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe79⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe80⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe81⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe82⤵
-
\??\c:\flfxfxr.exec:\flfxfxr.exe83⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe84⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe85⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe86⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe87⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe88⤵
-
\??\c:\lxlrffl.exec:\lxlrffl.exe89⤵
-
\??\c:\htbbht.exec:\htbbht.exe90⤵
-
\??\c:\tntttt.exec:\tntttt.exe91⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe92⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe93⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe94⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe95⤵
-
\??\c:\ttbhht.exec:\ttbhht.exe96⤵
-
\??\c:\dppjv.exec:\dppjv.exe97⤵
-
\??\c:\fxrlrlf.exec:\fxrlrlf.exe98⤵
-
\??\c:\flxlxlx.exec:\flxlxlx.exe99⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe100⤵
-
\??\c:\7hbhnt.exec:\7hbhnt.exe101⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe102⤵
-
\??\c:\vvddv.exec:\vvddv.exe103⤵
-
\??\c:\flflxxx.exec:\flflxxx.exe104⤵
-
\??\c:\1xfxxxf.exec:\1xfxxxf.exe105⤵
-
\??\c:\bbhhbn.exec:\bbhhbn.exe106⤵
-
\??\c:\flfrxlr.exec:\flfrxlr.exe107⤵
-
\??\c:\tttttn.exec:\tttttn.exe108⤵
-
\??\c:\ttbtnt.exec:\ttbtnt.exe109⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe110⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe111⤵
-
\??\c:\tthnbn.exec:\tthnbn.exe112⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe113⤵
-
\??\c:\fxllxxl.exec:\fxllxxl.exe114⤵
-
\??\c:\3rrllff.exec:\3rrllff.exe115⤵
-
\??\c:\bbthbn.exec:\bbthbn.exe116⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe117⤵
-
\??\c:\llrxrff.exec:\llrxrff.exe118⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe119⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe120⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe121⤵
-
\??\c:\xxlrlrx.exec:\xxlrlrx.exe122⤵
-
\??\c:\bbthhb.exec:\bbthhb.exe123⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe124⤵
-
\??\c:\lrxllrx.exec:\lrxllrx.exe125⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe126⤵
-
\??\c:\5pddv.exec:\5pddv.exe127⤵
-
\??\c:\llfffrr.exec:\llfffrr.exe128⤵
-
\??\c:\ntnhtn.exec:\ntnhtn.exe129⤵
-
\??\c:\djjdd.exec:\djjdd.exe130⤵
-
\??\c:\ffrxxrl.exec:\ffrxxrl.exe131⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe132⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe133⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe134⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe135⤵
-
\??\c:\3nhtnb.exec:\3nhtnb.exe136⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe137⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe138⤵
-
\??\c:\5rrlffx.exec:\5rrlffx.exe139⤵
-
\??\c:\vppdv.exec:\vppdv.exe140⤵
-
\??\c:\vdppd.exec:\vdppd.exe141⤵
-
\??\c:\ffxlfll.exec:\ffxlfll.exe142⤵
-
\??\c:\llffxll.exec:\llffxll.exe143⤵
-
\??\c:\bhnbnn.exec:\bhnbnn.exe144⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe145⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe146⤵
-
\??\c:\lfrxxxl.exec:\lfrxxxl.exe147⤵
-
\??\c:\5hhtnh.exec:\5hhtnh.exe148⤵
-
\??\c:\vdddp.exec:\vdddp.exe149⤵
-
\??\c:\xffrlxx.exec:\xffrlxx.exe150⤵
-
\??\c:\nhhnhb.exec:\nhhnhb.exe151⤵
-
\??\c:\hnhhnn.exec:\hnhhnn.exe152⤵
-
\??\c:\djppj.exec:\djppj.exe153⤵
-
\??\c:\lfffxrx.exec:\lfffxrx.exe154⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe155⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe156⤵
-
\??\c:\djdvp.exec:\djdvp.exe157⤵
-
\??\c:\xxlrrrl.exec:\xxlrrrl.exe158⤵
-
\??\c:\hnthbh.exec:\hnthbh.exe159⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe160⤵
-
\??\c:\dddpp.exec:\dddpp.exe161⤵
-
\??\c:\frfflfr.exec:\frfflfr.exe162⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe163⤵
-
\??\c:\jddpp.exec:\jddpp.exe164⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe165⤵
-
\??\c:\3frllrx.exec:\3frllrx.exe166⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe167⤵
-
\??\c:\btthnb.exec:\btthnb.exe168⤵
-
\??\c:\dppjd.exec:\dppjd.exe169⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe170⤵
-
\??\c:\frxlffx.exec:\frxlffx.exe171⤵
-
\??\c:\hhthth.exec:\hhthth.exe172⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe173⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe174⤵
-
\??\c:\ffrrlxr.exec:\ffrrlxr.exe175⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe176⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe177⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe178⤵
-
\??\c:\rrfxllr.exec:\rrfxllr.exe179⤵
-
\??\c:\llfxxll.exec:\llfxxll.exe180⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe181⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe182⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe183⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe184⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe185⤵
-
\??\c:\1djdv.exec:\1djdv.exe186⤵
-
\??\c:\lrfrfrx.exec:\lrfrfrx.exe187⤵
-
\??\c:\rllxxxx.exec:\rllxxxx.exe188⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe189⤵
-
\??\c:\vdddv.exec:\vdddv.exe190⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe191⤵
-
\??\c:\flxlffl.exec:\flxlffl.exe192⤵
-
\??\c:\ntnbhn.exec:\ntnbhn.exe193⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe194⤵
-
\??\c:\ffxrffl.exec:\ffxrffl.exe195⤵
-
\??\c:\3rfxrrl.exec:\3rfxrrl.exe196⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe197⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe198⤵
-
\??\c:\7lxxrxr.exec:\7lxxrxr.exe199⤵
-
\??\c:\xrrlllx.exec:\xrrlllx.exe200⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe201⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe202⤵
-
\??\c:\jddvd.exec:\jddvd.exe203⤵
-
\??\c:\3xlffxr.exec:\3xlffxr.exe204⤵
-
\??\c:\bntttb.exec:\bntttb.exe205⤵
-
\??\c:\1tthtt.exec:\1tthtt.exe206⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe207⤵
-
\??\c:\rflfxff.exec:\rflfxff.exe208⤵
-
\??\c:\bbbtht.exec:\bbbtht.exe209⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe210⤵
-
\??\c:\vdvjj.exec:\vdvjj.exe211⤵
-
\??\c:\djpjv.exec:\djpjv.exe212⤵
-
\??\c:\rrxlxlf.exec:\rrxlxlf.exe213⤵
-
\??\c:\tbtnnt.exec:\tbtnnt.exe214⤵
-
\??\c:\nhhnnb.exec:\nhhnnb.exe215⤵
-
\??\c:\pdddd.exec:\pdddd.exe216⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe217⤵
-
\??\c:\xlffffl.exec:\xlffffl.exe218⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe219⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe220⤵
-
\??\c:\djjjj.exec:\djjjj.exe221⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe222⤵
-
\??\c:\fxlrrlr.exec:\fxlrrlr.exe223⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe224⤵
-
\??\c:\ppddp.exec:\ppddp.exe225⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe226⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe227⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe228⤵
-
\??\c:\bnntnb.exec:\bnntnb.exe229⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe230⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe231⤵
-
\??\c:\fffffll.exec:\fffffll.exe232⤵
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe233⤵
-
\??\c:\tththn.exec:\tththn.exe234⤵
-
\??\c:\pppvj.exec:\pppvj.exe235⤵
-
\??\c:\xfxlfxx.exec:\xfxlfxx.exe236⤵
-
\??\c:\rxrflfr.exec:\rxrflfr.exe237⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe238⤵
-
\??\c:\5nhtnn.exec:\5nhtnn.exe239⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe240⤵
-
\??\c:\xxfflxf.exec:\xxfflxf.exe241⤵