Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 02:37
General
-
Target
56df2e044cc2e01894199443044c9490_NeikiAnalytics.exe
-
Size
521KB
-
MD5
56df2e044cc2e01894199443044c9490
-
SHA1
033d2bbdbc4fe319f3cb87042726ece1dcd5f196
-
SHA256
9d77713254e1473c16179cfdb012389040c480bc4de074b36dd5df0daf59d252
-
SHA512
d3cd535300fe1d0dc32601e7db0c774ebd1c2425e32ff84aca79d21c941c9d653840ced88eaf4a01b0b19cbdcbceef374958537ed1655f69479cac99e64cb1be
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3v:q7Tc2NYHUrAwfMHNnpls489/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56df2e044cc2e01894199443044c9490_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\56df2e044cc2e01894199443044c9490_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdd.exec:\jpvdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrxff.exec:\lllrxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjj.exec:\jvjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjdp.exec:\1vjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tttnt.exec:\1tttnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxffl.exec:\rlfxffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnn.exec:\nnttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvv.exec:\pdjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbbt.exec:\hntbbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxxl.exec:\lrlfxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnttn.exec:\tnnttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnhh.exec:\nntnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrllf.exec:\frrrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddj.exec:\vvddj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfrrr.exec:\llxfrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvp.exec:\pdjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhh.exec:\btnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djvd.exec:\1djvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbh.exec:\bbbhbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe23⤵
- Executes dropped EXE
-
\??\c:\1vjdd.exec:\1vjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\7ddvj.exec:\7ddvj.exe25⤵
- Executes dropped EXE
-
\??\c:\1xfxrxr.exec:\1xfxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe28⤵
- Executes dropped EXE
-
\??\c:\3frlxxx.exec:\3frlxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe32⤵
- Executes dropped EXE
-
\??\c:\7xxrrll.exec:\7xxrrll.exe33⤵
- Executes dropped EXE
-
\??\c:\5ntnhn.exec:\5ntnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfxrr.exec:\rllfxrr.exe36⤵
- Executes dropped EXE
-
\??\c:\9hntnh.exec:\9hntnh.exe37⤵
- Executes dropped EXE
-
\??\c:\5dvjp.exec:\5dvjp.exe38⤵
- Executes dropped EXE
-
\??\c:\7rrlffx.exec:\7rrlffx.exe39⤵
- Executes dropped EXE
-
\??\c:\bttthb.exec:\bttthb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe44⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe45⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe48⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe52⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnbbh.exec:\nhnbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxrlxx.exec:\xlxrlxx.exe56⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe57⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxfxrf.exec:\rfxfxrf.exe60⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\rxlfrxr.exec:\rxlfrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\hhtnhn.exec:\hhtnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe65⤵
- Executes dropped EXE
-
\??\c:\lrffxxr.exec:\lrffxxr.exe66⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe67⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe68⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe69⤵
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe70⤵
-
\??\c:\hnhhhh.exec:\hnhhhh.exe71⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe72⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe73⤵
-
\??\c:\rrxlffx.exec:\rrxlffx.exe74⤵
-
\??\c:\7bbtnh.exec:\7bbtnh.exe75⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe76⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe77⤵
-
\??\c:\rlfrrrr.exec:\rlfrrrr.exe78⤵
-
\??\c:\7nttnt.exec:\7nttnt.exe79⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe80⤵
-
\??\c:\9xrlxxf.exec:\9xrlxxf.exe81⤵
-
\??\c:\rflxrfx.exec:\rflxrfx.exe82⤵
-
\??\c:\tbbnnn.exec:\tbbnnn.exe83⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe84⤵
-
\??\c:\9fxrllf.exec:\9fxrllf.exe85⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe86⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe87⤵
-
\??\c:\5fxlfxr.exec:\5fxlfxr.exe88⤵
-
\??\c:\rfffxrf.exec:\rfffxrf.exe89⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe90⤵
-
\??\c:\7vjvj.exec:\7vjvj.exe91⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe92⤵
-
\??\c:\htnhtt.exec:\htnhtt.exe93⤵
-
\??\c:\3bbnhn.exec:\3bbnhn.exe94⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe95⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe96⤵
-
\??\c:\7nnbtn.exec:\7nnbtn.exe97⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe98⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe99⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe100⤵
-
\??\c:\hhhbhn.exec:\hhhbhn.exe101⤵
-
\??\c:\jdppp.exec:\jdppp.exe102⤵
-
\??\c:\ffllflf.exec:\ffllflf.exe103⤵
-
\??\c:\llrfrll.exec:\llrfrll.exe104⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe105⤵
-
\??\c:\dpppj.exec:\dpppj.exe106⤵
-
\??\c:\5flfffl.exec:\5flfffl.exe107⤵
-
\??\c:\3tnhbt.exec:\3tnhbt.exe108⤵
-
\??\c:\vddjj.exec:\vddjj.exe109⤵
-
\??\c:\llxxllr.exec:\llxxllr.exe110⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe111⤵
-
\??\c:\vdddd.exec:\vdddd.exe112⤵
-
\??\c:\rxrxxfr.exec:\rxrxxfr.exe113⤵
-
\??\c:\btbnhn.exec:\btbnhn.exe114⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe115⤵
-
\??\c:\xrlflfx.exec:\xrlflfx.exe116⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe117⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe118⤵
-
\??\c:\lflrrrr.exec:\lflrrrr.exe119⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe120⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe121⤵
-
\??\c:\7lfxrrf.exec:\7lfxrrf.exe122⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe123⤵
-
\??\c:\7nbbbb.exec:\7nbbbb.exe124⤵
-
\??\c:\1djjd.exec:\1djjd.exe125⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe126⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe127⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe128⤵
-
\??\c:\rllffff.exec:\rllffff.exe129⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe130⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe131⤵
-
\??\c:\djdjp.exec:\djdjp.exe132⤵
-
\??\c:\5lllfll.exec:\5lllfll.exe133⤵
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe134⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe135⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe136⤵
-
\??\c:\9lxrrxx.exec:\9lxrrxx.exe137⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe138⤵
-
\??\c:\3nhhbh.exec:\3nhhbh.exe139⤵
-
\??\c:\xxxfrrx.exec:\xxxfrrx.exe140⤵
-
\??\c:\bbttbn.exec:\bbttbn.exe141⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe142⤵
-
\??\c:\dddvp.exec:\dddvp.exe143⤵
-
\??\c:\lfxlflf.exec:\lfxlflf.exe144⤵
-
\??\c:\bhbnnh.exec:\bhbnnh.exe145⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe146⤵
-
\??\c:\rlffxxl.exec:\rlffxxl.exe147⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe148⤵
-
\??\c:\djvjv.exec:\djvjv.exe149⤵
-
\??\c:\rrrfrlf.exec:\rrrfrlf.exe150⤵
-
\??\c:\tbhtbh.exec:\tbhtbh.exe151⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe152⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe153⤵
-
\??\c:\flxlfrr.exec:\flxlfrr.exe154⤵
-
\??\c:\bbtnnn.exec:\bbtnnn.exe155⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe156⤵
-
\??\c:\fllxlfr.exec:\fllxlfr.exe157⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe158⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe159⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe160⤵
-
\??\c:\xfxrxll.exec:\xfxrxll.exe161⤵
-
\??\c:\djdvp.exec:\djdvp.exe162⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe163⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe164⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe165⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe166⤵
-
\??\c:\lfxllfr.exec:\lfxllfr.exe167⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe168⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe169⤵
-
\??\c:\rrlrfll.exec:\rrlrfll.exe170⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe171⤵
-
\??\c:\pjppd.exec:\pjppd.exe172⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe173⤵
-
\??\c:\7ffxfff.exec:\7ffxfff.exe174⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe175⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe176⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe177⤵
-
\??\c:\1ntnhb.exec:\1ntnhb.exe178⤵
-
\??\c:\5tttnh.exec:\5tttnh.exe179⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe180⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe181⤵
-
\??\c:\hbthhb.exec:\hbthhb.exe182⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe183⤵
-
\??\c:\1jvjp.exec:\1jvjp.exe184⤵
-
\??\c:\xllfxfx.exec:\xllfxfx.exe185⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe186⤵
-
\??\c:\9hnnhh.exec:\9hnnhh.exe187⤵
-
\??\c:\rrxrfff.exec:\rrxrfff.exe188⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe189⤵
-
\??\c:\jddjj.exec:\jddjj.exe190⤵
-
\??\c:\lflfffx.exec:\lflfffx.exe191⤵
-
\??\c:\3nhbtt.exec:\3nhbtt.exe192⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe193⤵
-
\??\c:\9djpp.exec:\9djpp.exe194⤵
-
\??\c:\frfxffx.exec:\frfxffx.exe195⤵
-
\??\c:\3bhhbb.exec:\3bhhbb.exe196⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe197⤵
-
\??\c:\lxfllrx.exec:\lxfllrx.exe198⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe199⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe200⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe201⤵
-
\??\c:\jddvp.exec:\jddvp.exe202⤵
-
\??\c:\7fxrrrl.exec:\7fxrrrl.exe203⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe204⤵
-
\??\c:\jvddd.exec:\jvddd.exe205⤵
-
\??\c:\pjddd.exec:\pjddd.exe206⤵
-
\??\c:\5rrfxfx.exec:\5rrfxfx.exe207⤵
-
\??\c:\htbbth.exec:\htbbth.exe208⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe209⤵
-
\??\c:\rxflxxf.exec:\rxflxxf.exe210⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe211⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe212⤵
-
\??\c:\llllfll.exec:\llllfll.exe213⤵
-
\??\c:\tnbtbt.exec:\tnbtbt.exe214⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe215⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe216⤵
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe217⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe218⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe219⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe220⤵
-
\??\c:\1rrllrl.exec:\1rrllrl.exe221⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe222⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe223⤵
-
\??\c:\9ffxrxr.exec:\9ffxrxr.exe224⤵
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe225⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe226⤵
-
\??\c:\vjppp.exec:\vjppp.exe227⤵
-
\??\c:\3jvdp.exec:\3jvdp.exe228⤵
-
\??\c:\fffrlrr.exec:\fffrlrr.exe229⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe230⤵
-
\??\c:\djvpp.exec:\djvpp.exe231⤵
-
\??\c:\xrffflf.exec:\xrffflf.exe232⤵
-
\??\c:\9nnhtt.exec:\9nnhtt.exe233⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe234⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe235⤵
-
\??\c:\xlffxrl.exec:\xlffxrl.exe236⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe237⤵
-
\??\c:\3dddv.exec:\3dddv.exe238⤵
-
\??\c:\rfxfxlx.exec:\rfxfxlx.exe239⤵
-
\??\c:\frfxfxf.exec:\frfxfxf.exe240⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe241⤵