Analysis
-
max time kernel
150s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 01:45
General
-
Target
495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
495c5b8b6d1b573bc8cdf74f17ae82a0
-
SHA1
8322373ae9dc803737ada8dcbbe1d3568b9f683a
-
SHA256
c15805e19e0066fc492373afb73d5fe3cd3907117924eaf249641b213d6a87ec
-
SHA512
746b788c1a4158bb55654ad993123c783e5335fb8d01cc3231753f5fc8ddc01f77115ae84c77bc87aa3e477eec73e9dcdb15d0358436856e598c8f83c2ccff7f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSLCBCO+HlMO7s0yLH:ymb3NkkiQ3mdBjFIwLMoHW8yLH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\495c5b8b6d1b573bc8cdf74f17ae82a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlxr.exec:\xxrrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntnt.exec:\thntnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxfxx.exec:\fxlxfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjd.exec:\5jpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxlxl.exec:\xfxxlxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhh.exec:\nbtnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppj.exec:\9pppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhnt.exec:\hnhhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrrl.exec:\flfxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbt.exec:\nhnbbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfffff.exec:\frfffff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtttb.exec:\hhtttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrflf.exec:\flxrflf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnh.exec:\nnbtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlrf.exec:\rffxlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ttbnnh.exec:\ttbnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe26⤵
- Executes dropped EXE
-
\??\c:\9tttnb.exec:\9tttnb.exe27⤵
- Executes dropped EXE
-
\??\c:\9jpjd.exec:\9jpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\3rffffl.exec:\3rffffl.exe29⤵
- Executes dropped EXE
-
\??\c:\9xfrlrl.exec:\9xfrlrl.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\rfxxxrf.exec:\rfxxxrf.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe34⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxllfll.exec:\xxllfll.exe36⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhthb.exec:\nhhthb.exe38⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\fllfxxx.exec:\fllfxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe45⤵
- Executes dropped EXE
-
\??\c:\fllrfrx.exec:\fllrfrx.exe46⤵
- Executes dropped EXE
-
\??\c:\rxxrflx.exec:\rxxrflx.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnbt.exec:\bttnbt.exe48⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\lrxrrxr.exec:\lrxrrxr.exe50⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe52⤵
- Executes dropped EXE
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\hhbhtn.exec:\hhbhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxffrrf.exec:\fxffrrf.exe57⤵
- Executes dropped EXE
-
\??\c:\rfffxxx.exec:\rfffxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\hnhhhn.exec:\hnhhhn.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe61⤵
- Executes dropped EXE
-
\??\c:\5hbtnn.exec:\5hbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\llxrllr.exec:\llxrllr.exe65⤵
- Executes dropped EXE
-
\??\c:\9flflff.exec:\9flflff.exe66⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe67⤵
-
\??\c:\jddvp.exec:\jddvp.exe68⤵
-
\??\c:\9lrlfll.exec:\9lrlfll.exe69⤵
-
\??\c:\rlffrfl.exec:\rlffrfl.exe70⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe71⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe72⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe73⤵
-
\??\c:\ffxrrrx.exec:\ffxrrrx.exe74⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe75⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe76⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe77⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe78⤵
-
\??\c:\xxrfxxr.exec:\xxrfxxr.exe79⤵
-
\??\c:\xfrrxfl.exec:\xfrrxfl.exe80⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe81⤵
-
\??\c:\btbthh.exec:\btbthh.exe82⤵
-
\??\c:\djvpp.exec:\djvpp.exe83⤵
-
\??\c:\9rxxrrl.exec:\9rxxrrl.exe84⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe85⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe86⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe87⤵
-
\??\c:\vppjd.exec:\vppjd.exe88⤵
-
\??\c:\9lxfrxr.exec:\9lxfrxr.exe89⤵
-
\??\c:\thnntb.exec:\thnntb.exe90⤵
-
\??\c:\5ddjd.exec:\5ddjd.exe91⤵
-
\??\c:\9xrlffx.exec:\9xrlffx.exe92⤵
-
\??\c:\9fllxxx.exec:\9fllxxx.exe93⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe94⤵
-
\??\c:\tnthhh.exec:\tnthhh.exe95⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe96⤵
-
\??\c:\1llfxxx.exec:\1llfxxx.exe97⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe98⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe99⤵
-
\??\c:\djvpd.exec:\djvpd.exe100⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe101⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe102⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe103⤵
-
\??\c:\5vddv.exec:\5vddv.exe104⤵
-
\??\c:\7xxrrxx.exec:\7xxrrxx.exe105⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe106⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe107⤵
-
\??\c:\7jvpv.exec:\7jvpv.exe108⤵
-
\??\c:\lxfxlxx.exec:\lxfxlxx.exe109⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe110⤵
-
\??\c:\frflfff.exec:\frflfff.exe111⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe112⤵
-
\??\c:\vdppv.exec:\vdppv.exe113⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe114⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe115⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe116⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe117⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe118⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe119⤵
-
\??\c:\jdddj.exec:\jdddj.exe120⤵
-
\??\c:\fffxrrf.exec:\fffxrrf.exe121⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe122⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe123⤵
-
\??\c:\vddvv.exec:\vddvv.exe124⤵
-
\??\c:\lflllll.exec:\lflllll.exe125⤵
-
\??\c:\xllflrl.exec:\xllflrl.exe126⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe127⤵
-
\??\c:\7pvvp.exec:\7pvvp.exe128⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe129⤵
-
\??\c:\7ffxrrr.exec:\7ffxrrr.exe130⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe131⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe132⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe133⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe134⤵
-
\??\c:\rllffff.exec:\rllffff.exe135⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe136⤵
-
\??\c:\jddvv.exec:\jddvv.exe137⤵
-
\??\c:\djjvj.exec:\djjvj.exe138⤵
-
\??\c:\5xrlrxl.exec:\5xrlrxl.exe139⤵
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe140⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe141⤵
-
\??\c:\5nnthn.exec:\5nnthn.exe142⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe143⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe144⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe145⤵
-
\??\c:\nnhbnb.exec:\nnhbnb.exe146⤵
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe147⤵
-
\??\c:\rrrrllr.exec:\rrrrllr.exe148⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe149⤵
-
\??\c:\djpdd.exec:\djpdd.exe150⤵
-
\??\c:\vvddp.exec:\vvddp.exe151⤵
-
\??\c:\rffrfll.exec:\rffrfll.exe152⤵
-
\??\c:\5hhhhh.exec:\5hhhhh.exe153⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe154⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe155⤵
-
\??\c:\rxffxfr.exec:\rxffxfr.exe156⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe157⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe158⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe159⤵
-
\??\c:\vddvd.exec:\vddvd.exe160⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe161⤵
-
\??\c:\tbhbnn.exec:\tbhbnn.exe162⤵
-
\??\c:\5bhhbb.exec:\5bhhbb.exe163⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe164⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe165⤵
-
\??\c:\rfrrffx.exec:\rfrrffx.exe166⤵
-
\??\c:\7hhbth.exec:\7hhbth.exe167⤵
-
\??\c:\nnbbtn.exec:\nnbbtn.exe168⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe169⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe170⤵
-
\??\c:\xlfxxrx.exec:\xlfxxrx.exe171⤵
-
\??\c:\btttnn.exec:\btttnn.exe172⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe173⤵
-
\??\c:\pvppp.exec:\pvppp.exe174⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe175⤵
-
\??\c:\fxfffxx.exec:\fxfffxx.exe176⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe177⤵
-
\??\c:\tbhnth.exec:\tbhnth.exe178⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe179⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe180⤵
-
\??\c:\ffrrllr.exec:\ffrrllr.exe181⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe182⤵
-
\??\c:\bhbbtb.exec:\bhbbtb.exe183⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe184⤵
-
\??\c:\lfflfxx.exec:\lfflfxx.exe185⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe186⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe187⤵
-
\??\c:\httnhn.exec:\httnhn.exe188⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe189⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe190⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe191⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe192⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe193⤵
-
\??\c:\jddvp.exec:\jddvp.exe194⤵
-
\??\c:\xfllrxf.exec:\xfllrxf.exe195⤵
-
\??\c:\thnnht.exec:\thnnht.exe196⤵
-
\??\c:\htbnnn.exec:\htbnnn.exe197⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe198⤵
-
\??\c:\lllfxlr.exec:\lllfxlr.exe199⤵
-
\??\c:\llxrrrl.exec:\llxrrrl.exe200⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe201⤵
-
\??\c:\7ttnbb.exec:\7ttnbb.exe202⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe203⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe204⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe205⤵
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe206⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe207⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe208⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe209⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe210⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe211⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe212⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe213⤵
-
\??\c:\hbnnnh.exec:\hbnnnh.exe214⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe215⤵
-
\??\c:\xfrlffx.exec:\xfrlffx.exe216⤵
-
\??\c:\9bhnhh.exec:\9bhnhh.exe217⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe218⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe219⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe220⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe221⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe222⤵
-
\??\c:\btttnn.exec:\btttnn.exe223⤵
-
\??\c:\ttbtth.exec:\ttbtth.exe224⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe225⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe226⤵
-
\??\c:\1rfxxfl.exec:\1rfxxfl.exe227⤵
-
\??\c:\9lrrlff.exec:\9lrrlff.exe228⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe229⤵
-
\??\c:\hhnhnb.exec:\hhnhnb.exe230⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe231⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe232⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe233⤵
-
\??\c:\ttnhht.exec:\ttnhht.exe234⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe235⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe236⤵
-
\??\c:\frfllll.exec:\frfllll.exe237⤵
-
\??\c:\rxfrfff.exec:\rxfrfff.exe238⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe239⤵
-
\??\c:\5bnnnt.exec:\5bnnnt.exe240⤵
-
\??\c:\vjppp.exec:\vjppp.exe241⤵