Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:47
General
-
Target
5966d5110f575445a7280c3fb897c7b0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
5966d5110f575445a7280c3fb897c7b0
-
SHA1
48567bebb4c98e7193a666ffb7baf9bdbabae25c
-
SHA256
cfcdb38a610c2aecd42cebb6afc3cc25f6310435a0244599bbe06fb03eab5be7
-
SHA512
b03794c021ba84984a593ddc2d5fdda93dc27267d743dd540b2944882f9b8dc2f1df3056b64b9c9ab81d0498fce8311bc0b44c8ce358af57f75f96c27570d9ae
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6TQpCihfj:zhOmTsF93UYfwC6GIoutiTU2HVS64hb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5966d5110f575445a7280c3fb897c7b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5966d5110f575445a7280c3fb897c7b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrflfx.exec:\llrflfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnth.exec:\thnnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfrrl.exec:\flrfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnn.exec:\hntnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvv.exec:\ppvvv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrl.exec:\rlxxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhtt.exec:\tbhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxffl.exec:\lrxxffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbttb.exec:\3nbttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppp.exec:\vdppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxrl.exec:\fxlrxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbtt.exec:\nhnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllfll.exec:\lxllfll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnn.exec:\hhttnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrfrl.exec:\fxrrfrl.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\xxffffl.exec:\xxffffl.exe25⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\tbbttt.exec:\tbbttt.exe27⤵
- Executes dropped EXE
-
\??\c:\5dpjj.exec:\5dpjj.exe28⤵
- Executes dropped EXE
-
\??\c:\lllflrf.exec:\lllflrf.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rllffff.exec:\rllffff.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\rxxllfr.exec:\rxxllfr.exe35⤵
- Executes dropped EXE
-
\??\c:\9xlfxff.exec:\9xlfxff.exe36⤵
- Executes dropped EXE
-
\??\c:\bbttht.exec:\bbttht.exe37⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlfflrx.exec:\rlfflrx.exe40⤵
- Executes dropped EXE
-
\??\c:\hnbbbh.exec:\hnbbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxlrll.exec:\rlxlrll.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxxffx.exec:\rxxxffx.exe44⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdp.exec:\pvjdp.exe46⤵
- Executes dropped EXE
-
\??\c:\rfxrlll.exec:\rfxrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\lfxxxxr.exec:\lfxxxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\nbhttt.exec:\nbhttt.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe51⤵
- Executes dropped EXE
-
\??\c:\fffffxx.exec:\fffffxx.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbtbt.exec:\nhbtbt.exe53⤵
- Executes dropped EXE
-
\??\c:\1djdj.exec:\1djdj.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxfxff.exec:\5rxfxff.exe55⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\btthht.exec:\btthht.exe57⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe58⤵
- Executes dropped EXE
-
\??\c:\lfllxrl.exec:\lfllxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\xxllffr.exec:\xxllffr.exe60⤵
- Executes dropped EXE
-
\??\c:\hnbhht.exec:\hnbhht.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe63⤵
- Executes dropped EXE
-
\??\c:\frrlxfr.exec:\frrlxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbtnb.exec:\bbbtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\7btbbt.exec:\7btbbt.exe66⤵
-
\??\c:\pppjd.exec:\pppjd.exe67⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe68⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe69⤵
-
\??\c:\dddpp.exec:\dddpp.exe70⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe71⤵
-
\??\c:\5frlflf.exec:\5frlflf.exe72⤵
-
\??\c:\lrffrfl.exec:\lrffrfl.exe73⤵
-
\??\c:\bhntbb.exec:\bhntbb.exe74⤵
-
\??\c:\3pddd.exec:\3pddd.exe75⤵
-
\??\c:\5jvjj.exec:\5jvjj.exe76⤵
-
\??\c:\lffllrf.exec:\lffllrf.exe77⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe78⤵
-
\??\c:\7jdpp.exec:\7jdpp.exe79⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe80⤵
-
\??\c:\fxllfxf.exec:\fxllfxf.exe81⤵
-
\??\c:\ntnnbb.exec:\ntnnbb.exe82⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe83⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe84⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe85⤵
-
\??\c:\rxxlrxx.exec:\rxxlrxx.exe86⤵
-
\??\c:\nnbnhb.exec:\nnbnhb.exe87⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe88⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe89⤵
-
\??\c:\lfrrlrr.exec:\lfrrlrr.exe90⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe91⤵
-
\??\c:\9hhhhh.exec:\9hhhhh.exe92⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe93⤵
-
\??\c:\flllrrx.exec:\flllrrx.exe94⤵
-
\??\c:\fxlflxx.exec:\fxlflxx.exe95⤵
-
\??\c:\ntnnnb.exec:\ntnnnb.exe96⤵
-
\??\c:\3bhtnh.exec:\3bhtnh.exe97⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe98⤵
-
\??\c:\rxrlxxl.exec:\rxrlxxl.exe99⤵
-
\??\c:\fflllll.exec:\fflllll.exe100⤵
-
\??\c:\xrxrfrr.exec:\xrxrfrr.exe101⤵
-
\??\c:\1tttnt.exec:\1tttnt.exe102⤵
-
\??\c:\jjppd.exec:\jjppd.exe103⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe104⤵
-
\??\c:\llxrllf.exec:\llxrllf.exe105⤵
-
\??\c:\ffffflr.exec:\ffffflr.exe106⤵
-
\??\c:\hbhhhb.exec:\hbhhhb.exe107⤵
-
\??\c:\nnbttn.exec:\nnbttn.exe108⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe109⤵
-
\??\c:\tbntbh.exec:\tbntbh.exe110⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe111⤵
-
\??\c:\fxrxlrl.exec:\fxrxlrl.exe112⤵
-
\??\c:\nnttnh.exec:\nnttnh.exe113⤵
-
\??\c:\bnnhhh.exec:\bnnhhh.exe114⤵
-
\??\c:\dvppp.exec:\dvppp.exe115⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe116⤵
-
\??\c:\1lllfll.exec:\1lllfll.exe117⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe118⤵
-
\??\c:\5nhnnh.exec:\5nhnnh.exe119⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe120⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe121⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe122⤵
-
\??\c:\7bnhhh.exec:\7bnhhh.exe123⤵
-
\??\c:\ddddv.exec:\ddddv.exe124⤵
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe125⤵
-
\??\c:\lllffxr.exec:\lllffxr.exe126⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe127⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe128⤵
-
\??\c:\7llxxrx.exec:\7llxxrx.exe129⤵
-
\??\c:\lxrxxxr.exec:\lxrxxxr.exe130⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe131⤵
-
\??\c:\pjddd.exec:\pjddd.exe132⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe133⤵
-
\??\c:\rxfxllf.exec:\rxfxllf.exe134⤵
-
\??\c:\btbttb.exec:\btbttb.exe135⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe136⤵
-
\??\c:\lrfrlrx.exec:\lrfrlrx.exe137⤵
-
\??\c:\rrxxfrf.exec:\rrxxfrf.exe138⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe139⤵
-
\??\c:\xfrlfff.exec:\xfrlfff.exe140⤵
-
\??\c:\frxllfr.exec:\frxllfr.exe141⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe142⤵
-
\??\c:\1lfxrll.exec:\1lfxrll.exe143⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe144⤵
-
\??\c:\rxrfflx.exec:\rxrfflx.exe145⤵
-
\??\c:\btbttn.exec:\btbttn.exe146⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe147⤵
-
\??\c:\xrxfrfl.exec:\xrxfrfl.exe148⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe149⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe150⤵
-
\??\c:\fllrrrx.exec:\fllrrrx.exe151⤵
-
\??\c:\7ttbbb.exec:\7ttbbb.exe152⤵
-
\??\c:\flrrrrx.exec:\flrrrrx.exe153⤵
-
\??\c:\nnnbhh.exec:\nnnbhh.exe154⤵
-
\??\c:\djjdj.exec:\djjdj.exe155⤵
-
\??\c:\1xllffr.exec:\1xllffr.exe156⤵
-
\??\c:\9bbbtt.exec:\9bbbtt.exe157⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe158⤵
-
\??\c:\xllfxlx.exec:\xllfxlx.exe159⤵
-
\??\c:\thhbht.exec:\thhbht.exe160⤵
-
\??\c:\bhntnh.exec:\bhntnh.exe161⤵
-
\??\c:\llllllf.exec:\llllllf.exe162⤵
-
\??\c:\hnbhbn.exec:\hnbhbn.exe163⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe164⤵
-
\??\c:\xlrfrxx.exec:\xlrfrxx.exe165⤵
-
\??\c:\bhnnhn.exec:\bhnnhn.exe166⤵
-
\??\c:\jppvj.exec:\jppvj.exe167⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe168⤵
-
\??\c:\1ttnnt.exec:\1ttnnt.exe169⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe170⤵
-
\??\c:\pjppv.exec:\pjppv.exe171⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe172⤵
-
\??\c:\rlxxfll.exec:\rlxxfll.exe173⤵
-
\??\c:\7rxxxfr.exec:\7rxxxfr.exe174⤵
-
\??\c:\7nbtnt.exec:\7nbtnt.exe175⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe176⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe177⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe178⤵
-
\??\c:\xfrrffr.exec:\xfrrffr.exe179⤵
-
\??\c:\frrflxf.exec:\frrflxf.exe180⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe181⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe182⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe183⤵
-
\??\c:\rxfxffr.exec:\rxfxffr.exe184⤵
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe185⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe186⤵
-
\??\c:\dppjp.exec:\dppjp.exe187⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe188⤵
-
\??\c:\5llllrr.exec:\5llllrr.exe189⤵
-
\??\c:\hhhnhh.exec:\hhhnhh.exe190⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe191⤵
-
\??\c:\lxflxff.exec:\lxflxff.exe192⤵
-
\??\c:\rfxxrlx.exec:\rfxxrlx.exe193⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe194⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe195⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe196⤵
-
\??\c:\9fflfrf.exec:\9fflfrf.exe197⤵
-
\??\c:\lxfrrxr.exec:\lxfrrxr.exe198⤵
-
\??\c:\9bbbbb.exec:\9bbbbb.exe199⤵
-
\??\c:\vddpp.exec:\vddpp.exe200⤵
-
\??\c:\rfrlllr.exec:\rfrlllr.exe201⤵
-
\??\c:\1rrrrrr.exec:\1rrrrrr.exe202⤵
-
\??\c:\htbttt.exec:\htbttt.exe203⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe204⤵
-
\??\c:\rxxrrll.exec:\rxxrrll.exe205⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe206⤵
-
\??\c:\bbnbtn.exec:\bbnbtn.exe207⤵
-
\??\c:\9jpjj.exec:\9jpjj.exe208⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe209⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe210⤵
-
\??\c:\7fffrfx.exec:\7fffrfx.exe211⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe212⤵
-
\??\c:\nnnhbh.exec:\nnnhbh.exe213⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe214⤵
-
\??\c:\jvddj.exec:\jvddj.exe215⤵
-
\??\c:\7fffxll.exec:\7fffxll.exe216⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe217⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe218⤵
-
\??\c:\jddvp.exec:\jddvp.exe219⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe220⤵
-
\??\c:\rlrfrlr.exec:\rlrfrlr.exe221⤵
-
\??\c:\9bnbnh.exec:\9bnbnh.exe222⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe223⤵
-
\??\c:\fllfxfr.exec:\fllfxfr.exe224⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe225⤵
-
\??\c:\7nbttt.exec:\7nbttt.exe226⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe227⤵
-
\??\c:\ffrllll.exec:\ffrllll.exe228⤵
-
\??\c:\xflflll.exec:\xflflll.exe229⤵
-
\??\c:\bnthht.exec:\bnthht.exe230⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe231⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe232⤵
-
\??\c:\1ttthh.exec:\1ttthh.exe233⤵
-
\??\c:\9tbtnn.exec:\9tbtnn.exe234⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe235⤵
-
\??\c:\rfffxll.exec:\rfffxll.exe236⤵
-
\??\c:\xflflll.exec:\xflflll.exe237⤵
-
\??\c:\nnhhnh.exec:\nnhhnh.exe238⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe239⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe240⤵
-
\??\c:\1flfrxr.exec:\1flfrxr.exe241⤵