Analysis
-
max time kernel
150s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:19
General
-
Target
5291e23ba149ce59ef6f4484d9925890_NeikiAnalytics.exe
-
Size
226KB
-
MD5
5291e23ba149ce59ef6f4484d9925890
-
SHA1
c0bdb588f540e204651f95d92ca9a9cc03f9583b
-
SHA256
ae44d21e6b6bf3f13a1ed40818423df39a3784cdea29a9792ad3a59a9dc2e20a
-
SHA512
3e8f7e191faa6e25c53fca4b59a288c520217718b10825b3a5b36bb5e99fb02eb714cfaa09a1a7d7d356ddee033f223a93629a99550f842641621fc3919f6bef
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x47WBQ:n3C9BRo7MlrWKo+lxQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5291e23ba149ce59ef6f4484d9925890_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5291e23ba149ce59ef6f4484d9925890_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxrff.exec:\flrxrff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhn.exec:\thnhhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlllll.exec:\3rlllll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnhn.exec:\tbhnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnnnn.exec:\1bnnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrx.exec:\rxfxrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllffr.exec:\ffllffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxffl.exec:\lrfxffl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhb.exec:\nbnhhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppj.exec:\pdppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnhb.exec:\7ttnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhtt.exec:\nhnhtt.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnnhn.exec:\bhnnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxrlff.exec:\xrxrlff.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe28⤵
- Executes dropped EXE
-
\??\c:\1lxrllf.exec:\1lxrllf.exe29⤵
- Executes dropped EXE
-
\??\c:\hntnhn.exec:\hntnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe32⤵
- Executes dropped EXE
-
\??\c:\xffrrff.exec:\xffrrff.exe33⤵
- Executes dropped EXE
-
\??\c:\7ntnhh.exec:\7ntnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe35⤵
- Executes dropped EXE
-
\??\c:\rllxlxr.exec:\rllxlxr.exe36⤵
- Executes dropped EXE
-
\??\c:\bbnnnn.exec:\bbnnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\thtntn.exec:\thtntn.exe38⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\lrlffff.exec:\lrlffff.exe40⤵
- Executes dropped EXE
-
\??\c:\9rxrllr.exec:\9rxrllr.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xxrlfxf.exec:\xxrlfxf.exe43⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe45⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrfflr.exec:\lrrfflr.exe47⤵
- Executes dropped EXE
-
\??\c:\3nbbnb.exec:\3nbbnb.exe48⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\xfrlfff.exec:\xfrlfff.exe50⤵
- Executes dropped EXE
-
\??\c:\1flllll.exec:\1flllll.exe51⤵
- Executes dropped EXE
-
\??\c:\hbnnhn.exec:\hbnnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe54⤵
- Executes dropped EXE
-
\??\c:\1fffrxr.exec:\1fffrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe56⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe57⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe58⤵
- Executes dropped EXE
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe60⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe62⤵
- Executes dropped EXE
-
\??\c:\lflffxx.exec:\lflffxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\btthbb.exec:\btthbb.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe66⤵
- Executes dropped EXE
-
\??\c:\ffllfff.exec:\ffllfff.exe67⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe68⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe69⤵
-
\??\c:\ffxxxxx.exec:\ffxxxxx.exe70⤵
-
\??\c:\xrfxflr.exec:\xrfxflr.exe71⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe72⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe73⤵
-
\??\c:\frlfflf.exec:\frlfflf.exe74⤵
-
\??\c:\1lrlrxf.exec:\1lrlrxf.exe75⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe76⤵
-
\??\c:\djvvv.exec:\djvvv.exe77⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe78⤵
-
\??\c:\7tnhbb.exec:\7tnhbb.exe79⤵
-
\??\c:\bttthh.exec:\bttthh.exe80⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe81⤵
-
\??\c:\lflxrrr.exec:\lflxrrr.exe82⤵
-
\??\c:\rxlfffx.exec:\rxlfffx.exe83⤵
-
\??\c:\tnhhbt.exec:\tnhhbt.exe84⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe85⤵
-
\??\c:\5tbthh.exec:\5tbthh.exe86⤵
-
\??\c:\tbnnbb.exec:\tbnnbb.exe87⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe88⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe89⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe90⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe91⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe92⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe93⤵
-
\??\c:\7jjpp.exec:\7jjpp.exe94⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe95⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe96⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe97⤵
-
\??\c:\9djjv.exec:\9djjv.exe98⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe99⤵
-
\??\c:\tntthh.exec:\tntthh.exe100⤵
-
\??\c:\dvddv.exec:\dvddv.exe101⤵
-
\??\c:\vppvp.exec:\vppvp.exe102⤵
-
\??\c:\1rrllrl.exec:\1rrllrl.exe103⤵
-
\??\c:\rffxrxr.exec:\rffxrxr.exe104⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe105⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe106⤵
-
\??\c:\3jppj.exec:\3jppj.exe107⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe108⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe109⤵
-
\??\c:\nthbbt.exec:\nthbbt.exe110⤵
-
\??\c:\pdddd.exec:\pdddd.exe111⤵
-
\??\c:\rrfxffr.exec:\rrfxffr.exe112⤵
-
\??\c:\xlfffxx.exec:\xlfffxx.exe113⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe114⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe115⤵
-
\??\c:\5jppv.exec:\5jppv.exe116⤵
-
\??\c:\fffxxrl.exec:\fffxxrl.exe117⤵
-
\??\c:\nntntt.exec:\nntntt.exe118⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe119⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe120⤵
-
\??\c:\lxfxrxl.exec:\lxfxrxl.exe121⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe122⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe123⤵
-
\??\c:\jjddj.exec:\jjddj.exe124⤵
-
\??\c:\rflrlfl.exec:\rflrlfl.exe125⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe126⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe127⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe128⤵
-
\??\c:\9djjv.exec:\9djjv.exe129⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe130⤵
-
\??\c:\9rrrrll.exec:\9rrrrll.exe131⤵
-
\??\c:\hbnhnb.exec:\hbnhnb.exe132⤵
-
\??\c:\7hnhbb.exec:\7hnhbb.exe133⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe134⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe135⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe136⤵
-
\??\c:\1ffffll.exec:\1ffffll.exe137⤵
-
\??\c:\9bbhbh.exec:\9bbhbh.exe138⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe139⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe140⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe141⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe142⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe143⤵
-
\??\c:\ntbhnt.exec:\ntbhnt.exe144⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe145⤵
-
\??\c:\1pjdv.exec:\1pjdv.exe146⤵
-
\??\c:\3xxrllf.exec:\3xxrllf.exe147⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe148⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe149⤵
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe150⤵
-
\??\c:\9flffll.exec:\9flffll.exe151⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe152⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe153⤵
-
\??\c:\5lfrlxr.exec:\5lfrlxr.exe154⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe155⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe156⤵
-
\??\c:\7lxxxff.exec:\7lxxxff.exe157⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe158⤵
-
\??\c:\llflflx.exec:\llflflx.exe159⤵
-
\??\c:\1dpjp.exec:\1dpjp.exe160⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe161⤵
-
\??\c:\xrllffx.exec:\xrllffx.exe162⤵
-
\??\c:\7bnnhh.exec:\7bnnhh.exe163⤵
-
\??\c:\vppdv.exec:\vppdv.exe164⤵
-
\??\c:\7pddj.exec:\7pddj.exe165⤵
-
\??\c:\fxxfxrl.exec:\fxxfxrl.exe166⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe167⤵
-
\??\c:\9ddpj.exec:\9ddpj.exe168⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe169⤵
-
\??\c:\nhhtnt.exec:\nhhtnt.exe170⤵
-
\??\c:\vjppj.exec:\vjppj.exe171⤵
-
\??\c:\3djvp.exec:\3djvp.exe172⤵
-
\??\c:\rflffff.exec:\rflffff.exe173⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe174⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe175⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe176⤵
-
\??\c:\rflfrxr.exec:\rflfrxr.exe177⤵
-
\??\c:\bbhhnh.exec:\bbhhnh.exe178⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe179⤵
-
\??\c:\vddjp.exec:\vddjp.exe180⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe181⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe182⤵
-
\??\c:\bttntb.exec:\bttntb.exe183⤵
-
\??\c:\pppjj.exec:\pppjj.exe184⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe185⤵
-
\??\c:\rrxfxxx.exec:\rrxfxxx.exe186⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe187⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe188⤵
-
\??\c:\jddjd.exec:\jddjd.exe189⤵
-
\??\c:\lrxxllf.exec:\lrxxllf.exe190⤵
-
\??\c:\hbhbhn.exec:\hbhbhn.exe191⤵
-
\??\c:\jjppd.exec:\jjppd.exe192⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe193⤵
-
\??\c:\xffxrrr.exec:\xffxrrr.exe194⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe195⤵
-
\??\c:\7vddd.exec:\7vddd.exe196⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe197⤵
-
\??\c:\rxflflf.exec:\rxflflf.exe198⤵
-
\??\c:\bhtbtn.exec:\bhtbtn.exe199⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe200⤵
-
\??\c:\jjppj.exec:\jjppj.exe201⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe202⤵
-
\??\c:\5tttnb.exec:\5tttnb.exe203⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe204⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe205⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe206⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe207⤵
-
\??\c:\thbhbb.exec:\thbhbb.exe208⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe209⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe210⤵
-
\??\c:\lrffrrf.exec:\lrffrrf.exe211⤵
-
\??\c:\9rlllll.exec:\9rlllll.exe212⤵
-
\??\c:\3tbnhh.exec:\3tbnhh.exe213⤵
-
\??\c:\vppjv.exec:\vppjv.exe214⤵
-
\??\c:\rllfxxf.exec:\rllfxxf.exe215⤵
-
\??\c:\5lxrxxf.exec:\5lxrxxf.exe216⤵
-
\??\c:\1thbnn.exec:\1thbnn.exe217⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe218⤵
-
\??\c:\xflrfrr.exec:\xflrfrr.exe219⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe220⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe221⤵
-
\??\c:\pdppd.exec:\pdppd.exe222⤵
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe223⤵
-
\??\c:\nbnbbb.exec:\nbnbbb.exe224⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe225⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe226⤵
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe227⤵
-
\??\c:\lffffff.exec:\lffffff.exe228⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe229⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe230⤵
-
\??\c:\pvddp.exec:\pvddp.exe231⤵
-
\??\c:\fxfxxff.exec:\fxfxxff.exe232⤵
-
\??\c:\7btttt.exec:\7btttt.exe233⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe234⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe235⤵
-
\??\c:\3llxrll.exec:\3llxrll.exe236⤵
-
\??\c:\hnnhht.exec:\hnnhht.exe237⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe238⤵
-
\??\c:\5pddv.exec:\5pddv.exe239⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe240⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe241⤵