Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:01
General
-
Target
4e5572d04fdc8a387c8808ac49e5b550_NeikiAnalytics.exe
-
Size
84KB
-
MD5
4e5572d04fdc8a387c8808ac49e5b550
-
SHA1
7da259d92e350fd64b2766f38ccb868982535379
-
SHA256
88b58cc8fbbae05951894e63220ac8cd5cffe1665306c757fea5aed122e0d6ef
-
SHA512
31412abb4dea7f3c6bca8d0774becd880db4b5d9743ea5fb26621613a7234b8830a111524c2ebbb188eb7969ca5b8d47c166a796549c7c8932352908d9829745
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgt7WxZKmNDnX77lY8/X5Qgrcin:ymb3NkkiQ3mdBjFIgte0mNb77Bptfz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e5572d04fdc8a387c8808ac49e5b550_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4e5572d04fdc8a387c8808ac49e5b550_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtt.exec:\ntbbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpd.exec:\9pvpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllxr.exec:\lflllxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnh.exec:\bbnnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdvp.exec:\1vdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfll.exec:\ffllfll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbnb.exec:\tthbnb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxff.exec:\flxxxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvj.exec:\jpdvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppp.exec:\vdppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttth.exec:\nhttth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnbnh.exec:\7bnbnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjv.exec:\jpdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxfxr.exec:\fllxfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhhh.exec:\hhbhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxllx.exec:\1xrxllx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntth.exec:\bhntth.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdd.exec:\7djdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfxl.exec:\ffllfxl.exe23⤵
- Executes dropped EXE
-
\??\c:\ntnntt.exec:\ntnntt.exe24⤵
- Executes dropped EXE
-
\??\c:\5fxrrrl.exec:\5fxrrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\lxrfxlx.exec:\lxrfxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\hnnbtt.exec:\hnnbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe29⤵
- Executes dropped EXE
-
\??\c:\5rxrxxr.exec:\5rxrxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\nnbbhb.exec:\nnbbhb.exe31⤵
- Executes dropped EXE
-
\??\c:\thhhbt.exec:\thhhbt.exe32⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\rrlfffx.exec:\rrlfffx.exe34⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe35⤵
- Executes dropped EXE
-
\??\c:\tntnth.exec:\tntnth.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe37⤵
- Executes dropped EXE
-
\??\c:\9llffxx.exec:\9llffxx.exe38⤵
- Executes dropped EXE
-
\??\c:\9htnhh.exec:\9htnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe40⤵
- Executes dropped EXE
-
\??\c:\djjpd.exec:\djjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\3xrfxlf.exec:\3xrfxlf.exe43⤵
- Executes dropped EXE
-
\??\c:\hhhthb.exec:\hhhthb.exe44⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\xrxfxfx.exec:\xrxfxfx.exe47⤵
- Executes dropped EXE
-
\??\c:\btnhnt.exec:\btnhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\btbbhb.exec:\btbbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe50⤵
- Executes dropped EXE
-
\??\c:\llxrflx.exec:\llxrflx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\5ttnnt.exec:\5ttnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\1xrxffx.exec:\1xrxffx.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhthh.exec:\bbhthh.exe57⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe58⤵
- Executes dropped EXE
-
\??\c:\3rfxlxf.exec:\3rfxlxf.exe59⤵
- Executes dropped EXE
-
\??\c:\frlllxf.exec:\frlllxf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnnht.exec:\hbnnht.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\vjvdv.exec:\vjvdv.exe63⤵
- Executes dropped EXE
-
\??\c:\lfllllf.exec:\lfllllf.exe64⤵
- Executes dropped EXE
-
\??\c:\9rllfll.exec:\9rllfll.exe65⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe66⤵
-
\??\c:\ntbtnt.exec:\ntbtnt.exe67⤵
-
\??\c:\djjjp.exec:\djjjp.exe68⤵
-
\??\c:\ffxxffx.exec:\ffxxffx.exe69⤵
-
\??\c:\xxrllfx.exec:\xxrllfx.exe70⤵
-
\??\c:\thhbhh.exec:\thhbhh.exe71⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe72⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe73⤵
-
\??\c:\xrrffxx.exec:\xrrffxx.exe74⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe75⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe76⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe77⤵
-
\??\c:\xffxrrr.exec:\xffxrrr.exe78⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe79⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe80⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe81⤵
-
\??\c:\vppjj.exec:\vppjj.exe82⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe83⤵
-
\??\c:\7rxrrlr.exec:\7rxrrlr.exe84⤵
-
\??\c:\nnntbb.exec:\nnntbb.exe85⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe86⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe87⤵
-
\??\c:\9rllfff.exec:\9rllfff.exe88⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe89⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe90⤵
-
\??\c:\9jpdj.exec:\9jpdj.exe91⤵
-
\??\c:\5fffrlx.exec:\5fffrlx.exe92⤵
-
\??\c:\bhtthb.exec:\bhtthb.exe93⤵
-
\??\c:\tnttth.exec:\tnttth.exe94⤵
-
\??\c:\vvddj.exec:\vvddj.exe95⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe96⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe97⤵
-
\??\c:\httnhh.exec:\httnhh.exe98⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe99⤵
-
\??\c:\rflllrl.exec:\rflllrl.exe100⤵
-
\??\c:\rrrllfx.exec:\rrrllfx.exe101⤵
-
\??\c:\bhtntb.exec:\bhtntb.exe102⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe103⤵
-
\??\c:\jjppd.exec:\jjppd.exe104⤵
-
\??\c:\lfxlflf.exec:\lfxlflf.exe105⤵
-
\??\c:\lxrxllf.exec:\lxrxllf.exe106⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe107⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe108⤵
-
\??\c:\9jvvp.exec:\9jvvp.exe109⤵
-
\??\c:\xlrrlxr.exec:\xlrrlxr.exe110⤵
-
\??\c:\fxfrxll.exec:\fxfrxll.exe111⤵
-
\??\c:\tnnhbh.exec:\tnnhbh.exe112⤵
-
\??\c:\3btnhn.exec:\3btnhn.exe113⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe114⤵
-
\??\c:\1llfrxr.exec:\1llfrxr.exe115⤵
-
\??\c:\3rrxxff.exec:\3rrxxff.exe116⤵
-
\??\c:\hhbttb.exec:\hhbttb.exe117⤵
-
\??\c:\nbnbnh.exec:\nbnbnh.exe118⤵
-
\??\c:\dppjj.exec:\dppjj.exe119⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe120⤵
-
\??\c:\frllxll.exec:\frllxll.exe121⤵
-
\??\c:\bnhbbt.exec:\bnhbbt.exe122⤵
-
\??\c:\vjddp.exec:\vjddp.exe123⤵
-
\??\c:\jddvv.exec:\jddvv.exe124⤵
-
\??\c:\fllllrf.exec:\fllllrf.exe125⤵
-
\??\c:\rfllrrl.exec:\rfllrrl.exe126⤵
-
\??\c:\5tbbtb.exec:\5tbbtb.exe127⤵
-
\??\c:\7nbbtt.exec:\7nbbtt.exe128⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe129⤵
-
\??\c:\xflrfxf.exec:\xflrfxf.exe130⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe131⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe132⤵
-
\??\c:\1hnnth.exec:\1hnnth.exe133⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe134⤵
-
\??\c:\djvpp.exec:\djvpp.exe135⤵
-
\??\c:\frfrrfr.exec:\frfrrfr.exe136⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe137⤵
-
\??\c:\hbbnbb.exec:\hbbnbb.exe138⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe139⤵
-
\??\c:\pjppp.exec:\pjppp.exe140⤵
-
\??\c:\xxxrffl.exec:\xxxrffl.exe141⤵
-
\??\c:\xxrrrxx.exec:\xxrrrxx.exe142⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe143⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe144⤵
-
\??\c:\rxffrrr.exec:\rxffrrr.exe145⤵
-
\??\c:\7nttnb.exec:\7nttnb.exe146⤵
-
\??\c:\jppjd.exec:\jppjd.exe147⤵
-
\??\c:\hhnbnb.exec:\hhnbnb.exe148⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe149⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe150⤵
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe151⤵
-
\??\c:\1hnbtt.exec:\1hnbtt.exe152⤵
-
\??\c:\1nttnt.exec:\1nttnt.exe153⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe154⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe155⤵
-
\??\c:\llrlrrx.exec:\llrlrrx.exe156⤵
-
\??\c:\rlxllrf.exec:\rlxllrf.exe157⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe158⤵
-
\??\c:\3djdv.exec:\3djdv.exe159⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe160⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe161⤵
-
\??\c:\7rxrxxf.exec:\7rxrxxf.exe162⤵
-
\??\c:\tttbhh.exec:\tttbhh.exe163⤵
-
\??\c:\9tbthn.exec:\9tbthn.exe164⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe165⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe166⤵
-
\??\c:\xlrxrfx.exec:\xlrxrfx.exe167⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe168⤵
-
\??\c:\btbtnb.exec:\btbtnb.exe169⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe170⤵
-
\??\c:\rlrrlxx.exec:\rlrrlxx.exe171⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe172⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe173⤵
-
\??\c:\tnttth.exec:\tnttth.exe174⤵
-
\??\c:\9ppjp.exec:\9ppjp.exe175⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe176⤵
-
\??\c:\fxlfffx.exec:\fxlfffx.exe177⤵
-
\??\c:\xrfxlfr.exec:\xrfxlfr.exe178⤵
-
\??\c:\htbhhn.exec:\htbhhn.exe179⤵
-
\??\c:\tntthh.exec:\tntthh.exe180⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe181⤵
-
\??\c:\1vjdv.exec:\1vjdv.exe182⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe183⤵
-
\??\c:\9rfrxfr.exec:\9rfrxfr.exe184⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe185⤵
-
\??\c:\tnnhnn.exec:\tnnhnn.exe186⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe187⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe188⤵
-
\??\c:\7lrxxxx.exec:\7lrxxxx.exe189⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe190⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe191⤵
-
\??\c:\7vdvp.exec:\7vdvp.exe192⤵
-
\??\c:\9djdv.exec:\9djdv.exe193⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe194⤵
-
\??\c:\5lxrxfx.exec:\5lxrxfx.exe195⤵
-
\??\c:\bhhtbb.exec:\bhhtbb.exe196⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe197⤵
-
\??\c:\1jjjj.exec:\1jjjj.exe198⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe199⤵
-
\??\c:\ffflxll.exec:\ffflxll.exe200⤵
-
\??\c:\1thnnn.exec:\1thnnn.exe201⤵
-
\??\c:\bhhhnn.exec:\bhhhnn.exe202⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe203⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe204⤵
-
\??\c:\fxrllrl.exec:\fxrllrl.exe205⤵
-
\??\c:\thtnbn.exec:\thtnbn.exe206⤵
-
\??\c:\nthttt.exec:\nthttt.exe207⤵
-
\??\c:\9dpjv.exec:\9dpjv.exe208⤵
-
\??\c:\pdppp.exec:\pdppp.exe209⤵
-
\??\c:\5flfxxl.exec:\5flfxxl.exe210⤵
-
\??\c:\9btbtb.exec:\9btbtb.exe211⤵
-
\??\c:\3bbbbh.exec:\3bbbbh.exe212⤵
-
\??\c:\bbhhhh.exec:\bbhhhh.exe213⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe214⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe215⤵
-
\??\c:\llfffxx.exec:\llfffxx.exe216⤵
-
\??\c:\ntttbh.exec:\ntttbh.exe217⤵
-
\??\c:\nhhbtb.exec:\nhhbtb.exe218⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe219⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe220⤵
-
\??\c:\rflfxxf.exec:\rflfxxf.exe221⤵
-
\??\c:\7bhhbb.exec:\7bhhbb.exe222⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe223⤵
-
\??\c:\1djjp.exec:\1djjp.exe224⤵
-
\??\c:\7dpdd.exec:\7dpdd.exe225⤵
-
\??\c:\rxrflfr.exec:\rxrflfr.exe226⤵
-
\??\c:\rrrlllr.exec:\rrrlllr.exe227⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe228⤵
-
\??\c:\pvvdd.exec:\pvvdd.exe229⤵
-
\??\c:\jpppp.exec:\jpppp.exe230⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe231⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe232⤵
-
\??\c:\pppjd.exec:\pppjd.exe233⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe234⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe235⤵
-
\??\c:\ttttth.exec:\ttttth.exe236⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe237⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe238⤵
-
\??\c:\flffrxx.exec:\flffrxx.exe239⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe240⤵
-
\??\c:\bbhhtb.exec:\bbhhtb.exe241⤵