Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 22:42
General
-
Target
4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe
-
Size
92KB
-
MD5
4f5778f2e51e8200e8b6985289bf7dd0
-
SHA1
f4e7b5c0d4d1e6efb51dddb23844f575c96d800c
-
SHA256
57217b70b8f28cb03b8940935b8b208c53131a4df6166bec13d2e3f1dcdbf4b2
-
SHA512
e7b4ca7b2deb486ebd2ecbbc008b43b1bba6b294c5196ffd33d9850ec8ca9fe54d318136819bd9aaf9dba3be846953da5861f09cdd773b12f1a19333ae16de37
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBm:ymb3NkkiQ3mdBjFIVLd2hWZGreRCUlbO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f5778f2e51e8200e8b6985289bf7dd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffffx.exec:\xlffffx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbnnt.exec:\ntbnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttn.exec:\hnbttn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpp.exec:\vdjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrfrf.exec:\llxrfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvd.exec:\pdjvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrrrr.exec:\frrrrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffrrr.exec:\lxffrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhnt.exec:\tthhnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbt.exec:\hhntbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlllf.exec:\rxrlllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbt.exec:\bthbbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhnn.exec:\nbnhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\djpvd.exec:\djpvd.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnhbh.exec:\bbnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe26⤵
- Executes dropped EXE
-
\??\c:\lxxxxrr.exec:\lxxxxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\rxrrlfx.exec:\rxrrlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlxxrl.exec:\rxlxxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\tbhhnn.exec:\tbhhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe34⤵
- Executes dropped EXE
-
\??\c:\1lrrllf.exec:\1lrrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\hhhnhb.exec:\hhhnhb.exe36⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrfrxf.exec:\rrrfrxf.exe38⤵
-
\??\c:\1rrlrrl.exec:\1rrlrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\thbtnh.exec:\thbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe42⤵
- Executes dropped EXE
-
\??\c:\lrffffx.exec:\lrffffx.exe43⤵
- Executes dropped EXE
-
\??\c:\lffffff.exec:\lffffff.exe44⤵
- Executes dropped EXE
-
\??\c:\9ntbbb.exec:\9ntbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe47⤵
- Executes dropped EXE
-
\??\c:\rfllrlx.exec:\rfllrlx.exe48⤵
- Executes dropped EXE
-
\??\c:\hbnhth.exec:\hbnhth.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhttt.exec:\bhhttt.exe53⤵
- Executes dropped EXE
-
\??\c:\ttbtht.exec:\ttbtht.exe54⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe55⤵
- Executes dropped EXE
-
\??\c:\1llfrfl.exec:\1llfrfl.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\frffrlf.exec:\frffrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrrffx.exec:\rlrrffx.exe60⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe62⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\bhhhtb.exec:\bhhhtb.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe66⤵
- Executes dropped EXE
-
\??\c:\fxllrxr.exec:\fxllrxr.exe67⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe68⤵
-
\??\c:\rrrxfrx.exec:\rrrxfrx.exe69⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe70⤵
-
\??\c:\nnnhnh.exec:\nnnhnh.exe71⤵
-
\??\c:\tbhhbt.exec:\tbhhbt.exe72⤵
-
\??\c:\pjppv.exec:\pjppv.exe73⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe74⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe75⤵
-
\??\c:\9hhttt.exec:\9hhttt.exe76⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe77⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe78⤵
-
\??\c:\xrllfxf.exec:\xrllfxf.exe79⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe80⤵
-
\??\c:\tntnbn.exec:\tntnbn.exe81⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe82⤵
-
\??\c:\dpppv.exec:\dpppv.exe83⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe84⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe85⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe86⤵
-
\??\c:\7hnhhh.exec:\7hnhhh.exe87⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe88⤵
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe89⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe90⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe91⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe92⤵
-
\??\c:\xrxxxff.exec:\xrxxxff.exe93⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe94⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe95⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe96⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe97⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe98⤵
-
\??\c:\5xflffr.exec:\5xflffr.exe99⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe100⤵
-
\??\c:\ntbntn.exec:\ntbntn.exe101⤵
-
\??\c:\dvppp.exec:\dvppp.exe102⤵
-
\??\c:\3rffxlr.exec:\3rffxlr.exe103⤵
-
\??\c:\5hnnbb.exec:\5hnnbb.exe104⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe105⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe106⤵
-
\??\c:\llrxflf.exec:\llrxflf.exe107⤵
-
\??\c:\rxlllll.exec:\rxlllll.exe108⤵
-
\??\c:\ntnnnb.exec:\ntnnnb.exe109⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe110⤵
-
\??\c:\lxfxlxr.exec:\lxfxlxr.exe111⤵
-
\??\c:\rrffxrl.exec:\rrffxrl.exe112⤵
-
\??\c:\hntttt.exec:\hntttt.exe113⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe114⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe115⤵
-
\??\c:\rffrrrl.exec:\rffrrrl.exe116⤵
-
\??\c:\nthhnb.exec:\nthhnb.exe117⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe118⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe119⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe120⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe121⤵
-
\??\c:\9nbbtt.exec:\9nbbtt.exe122⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe123⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe124⤵
-
\??\c:\1xxxxll.exec:\1xxxxll.exe125⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe126⤵
-
\??\c:\ttnhhb.exec:\ttnhhb.exe127⤵
-
\??\c:\djppj.exec:\djppj.exe128⤵
-
\??\c:\7jddv.exec:\7jddv.exe129⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe130⤵
-
\??\c:\fxrxxxx.exec:\fxrxxxx.exe131⤵
-
\??\c:\ffxrrll.exec:\ffxrrll.exe132⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe133⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe134⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe135⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe136⤵
-
\??\c:\rlxlfff.exec:\rlxlfff.exe137⤵
-
\??\c:\lrrllrr.exec:\lrrllrr.exe138⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe139⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe140⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe141⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe142⤵
-
\??\c:\fflflrx.exec:\fflflrx.exe143⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe144⤵
-
\??\c:\jvppj.exec:\jvppj.exe145⤵
-
\??\c:\rxrxrll.exec:\rxrxrll.exe146⤵
-
\??\c:\flxfrlx.exec:\flxfrlx.exe147⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe148⤵
-
\??\c:\5jvvp.exec:\5jvvp.exe149⤵
-
\??\c:\lxlrfrr.exec:\lxlrfrr.exe150⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe151⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe152⤵
-
\??\c:\vvppj.exec:\vvppj.exe153⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe154⤵
-
\??\c:\xxfrfrl.exec:\xxfrfrl.exe155⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe156⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe157⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe158⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe159⤵
-
\??\c:\ddppv.exec:\ddppv.exe160⤵
-
\??\c:\xflfllf.exec:\xflfllf.exe161⤵
-
\??\c:\bttttt.exec:\bttttt.exe162⤵
-
\??\c:\thtnnt.exec:\thtnnt.exe163⤵
-
\??\c:\jdddd.exec:\jdddd.exe164⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe165⤵
-
\??\c:\rlffxff.exec:\rlffxff.exe166⤵
-
\??\c:\3xfxrrr.exec:\3xfxrrr.exe167⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe168⤵
-
\??\c:\ppppj.exec:\ppppj.exe169⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe170⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe171⤵
-
\??\c:\llrxxfx.exec:\llrxxfx.exe172⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe173⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe174⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe175⤵
-
\??\c:\1pppj.exec:\1pppj.exe176⤵
-
\??\c:\fffxlll.exec:\fffxlll.exe177⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe178⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe179⤵
-
\??\c:\5nnhbh.exec:\5nnhbh.exe180⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe181⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe182⤵
-
\??\c:\5lllxll.exec:\5lllxll.exe183⤵
-
\??\c:\xxxxrlx.exec:\xxxxrlx.exe184⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe185⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe186⤵
-
\??\c:\dpppp.exec:\dpppp.exe187⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe188⤵
-
\??\c:\xlfrfxf.exec:\xlfrfxf.exe189⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe190⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe191⤵
-
\??\c:\rrxrffr.exec:\rrxrffr.exe192⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe193⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe194⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe195⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe196⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe197⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe198⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe199⤵
-
\??\c:\frfffll.exec:\frfffll.exe200⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe201⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe202⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe203⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe204⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe205⤵
-
\??\c:\5fllffx.exec:\5fllffx.exe206⤵
-
\??\c:\5bbbtt.exec:\5bbbtt.exe207⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe208⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe209⤵
-
\??\c:\3pvvj.exec:\3pvvj.exe210⤵
-
\??\c:\frrfrxl.exec:\frrfrxl.exe211⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe212⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe213⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe214⤵
-
\??\c:\rxxrfff.exec:\rxxrfff.exe215⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe216⤵
-
\??\c:\3fllxfx.exec:\3fllxfx.exe217⤵
-
\??\c:\7tttbb.exec:\7tttbb.exe218⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe219⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe220⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe221⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe222⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe223⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe224⤵
-
\??\c:\ffrllfx.exec:\ffrllfx.exe225⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe226⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe227⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe228⤵
-
\??\c:\rffllxf.exec:\rffllxf.exe229⤵
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe230⤵
-
\??\c:\bbhnbn.exec:\bbhnbn.exe231⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe232⤵
-
\??\c:\5flfxxr.exec:\5flfxxr.exe233⤵
-
\??\c:\bhtbth.exec:\bhtbth.exe234⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe235⤵
-
\??\c:\rlffxxr.exec:\rlffxxr.exe236⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe237⤵
-
\??\c:\pdppp.exec:\pdppp.exe238⤵
-
\??\c:\flfxflx.exec:\flfxflx.exe239⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe240⤵
-
\??\c:\3nhtnn.exec:\3nhtnn.exe241⤵