Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 02:27
General
-
Target
5461b932108bbf636aec0a1df98f1750_NeikiAnalytics.exe
-
Size
66KB
-
MD5
5461b932108bbf636aec0a1df98f1750
-
SHA1
29a7cad50fc731b4b21e8640f35ffe94bfe21ed5
-
SHA256
9c24e0e54b8d1ef996abc0ec41811f6502b1be4a2b2b9ed7dd23eadd898dc961
-
SHA512
30b776aa44207df2fe564740fcca944a0a684a907b7c239ee5d97be6646916059ae0e02f6b38742d8a7f512af4cfed1741d8a3ba21a9cc39743ad5396dcdaab2
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIe:ymb3NkkiQ3mdBjFIFdJ8bW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5461b932108bbf636aec0a1df98f1750_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5461b932108bbf636aec0a1df98f1750_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjv.exec:\3dpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxxxr.exec:\9ffxxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlll.exec:\rlrrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnn.exec:\nttnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpp.exec:\vdjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfff.exec:\llrlfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffx.exec:\rrrlffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpd.exec:\pvdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllffl.exec:\lrllffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrllrf.exec:\rfrllrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtb.exec:\bbhbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dddp.exec:\7dddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvp.exec:\9pdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfrr.exec:\xlrlfrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnhh.exec:\thhnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjj.exec:\vdjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxllf.exec:\llfxllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnh.exec:\hbbtnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdv.exec:\vvvdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrxrl.exec:\flrrxrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe23⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\xllxxrf.exec:\xllxxrf.exe25⤵
- Executes dropped EXE
-
\??\c:\hnhbtn.exec:\hnhbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\1dpjd.exec:\1dpjd.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe29⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe31⤵
- Executes dropped EXE
-
\??\c:\flxfxfx.exec:\flxfxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe33⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrlfxl.exec:\fxrlfxl.exe36⤵
- Executes dropped EXE
-
\??\c:\hhthnh.exec:\hhthnh.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbthh.exec:\nhbthh.exe38⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe39⤵
- Executes dropped EXE
-
\??\c:\rxrfffl.exec:\rxrfffl.exe40⤵
- Executes dropped EXE
-
\??\c:\hntthh.exec:\hntthh.exe41⤵
- Executes dropped EXE
-
\??\c:\1nhhtt.exec:\1nhhtt.exe42⤵
- Executes dropped EXE
-
\??\c:\3jpjp.exec:\3jpjp.exe43⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe44⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe45⤵
- Executes dropped EXE
-
\??\c:\3vvpp.exec:\3vvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\3xllxxf.exec:\3xllxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\bbhhtt.exec:\bbhhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe50⤵
- Executes dropped EXE
-
\??\c:\ffxrffx.exec:\ffxrffx.exe51⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe52⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe53⤵
- Executes dropped EXE
-
\??\c:\rfffrrr.exec:\rfffrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\1fllllr.exec:\1fllllr.exe55⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe56⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\3lrrfff.exec:\3lrrfff.exe59⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe61⤵
- Executes dropped EXE
-
\??\c:\ffrrlll.exec:\ffrrlll.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrlfxf.exec:\rlrlfxf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe65⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe66⤵
- Executes dropped EXE
-
\??\c:\5rlfxrr.exec:\5rlfxrr.exe67⤵
-
\??\c:\ffrlllf.exec:\ffrlllf.exe68⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe69⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe70⤵
-
\??\c:\djjpd.exec:\djjpd.exe71⤵
-
\??\c:\9rrrlfx.exec:\9rrrlfx.exe72⤵
-
\??\c:\rfllllx.exec:\rfllllx.exe73⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe74⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe75⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe76⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe77⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe78⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe79⤵
-
\??\c:\jddjd.exec:\jddjd.exe80⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe81⤵
-
\??\c:\xlrrlrr.exec:\xlrrlrr.exe82⤵
-
\??\c:\9bbttt.exec:\9bbttt.exe83⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe84⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe85⤵
-
\??\c:\lrfrfxx.exec:\lrfrfxx.exe86⤵
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe87⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe88⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe89⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe90⤵
-
\??\c:\7pjvp.exec:\7pjvp.exe91⤵
-
\??\c:\vjddp.exec:\vjddp.exe92⤵
-
\??\c:\7ffxrlf.exec:\7ffxrlf.exe93⤵
-
\??\c:\hhthbt.exec:\hhthbt.exe94⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe95⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe96⤵
-
\??\c:\djjjd.exec:\djjjd.exe97⤵
-
\??\c:\frlxrlx.exec:\frlxrlx.exe98⤵
-
\??\c:\llllxxx.exec:\llllxxx.exe99⤵
-
\??\c:\bhhbbb.exec:\bhhbbb.exe100⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe101⤵
-
\??\c:\3lflfrx.exec:\3lflfrx.exe102⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe103⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe104⤵
-
\??\c:\ntnhnn.exec:\ntnhnn.exe105⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe106⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe107⤵
-
\??\c:\9lrlxrf.exec:\9lrlxrf.exe108⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe109⤵
-
\??\c:\nhthbn.exec:\nhthbn.exe110⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe111⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe112⤵
-
\??\c:\5lllxxr.exec:\5lllxxr.exe113⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe114⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe115⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe116⤵
-
\??\c:\3lxrlrx.exec:\3lxrlrx.exe117⤵
-
\??\c:\rxxlrxf.exec:\rxxlrxf.exe118⤵
-
\??\c:\bnbbtn.exec:\bnbbtn.exe119⤵
-
\??\c:\vppjv.exec:\vppjv.exe120⤵
-
\??\c:\xrffxrr.exec:\xrffxrr.exe121⤵
-
\??\c:\bhhtnh.exec:\bhhtnh.exe122⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe123⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe124⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe125⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe126⤵
-
\??\c:\1pjvp.exec:\1pjvp.exe127⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe128⤵
-
\??\c:\xxxrlxx.exec:\xxxrlxx.exe129⤵
-
\??\c:\nntttt.exec:\nntttt.exe130⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe131⤵
-
\??\c:\3vdpj.exec:\3vdpj.exe132⤵
-
\??\c:\jjppp.exec:\jjppp.exe133⤵
-
\??\c:\7llffrl.exec:\7llffrl.exe134⤵
-
\??\c:\7lfxrxr.exec:\7lfxrxr.exe135⤵
-
\??\c:\tttttt.exec:\tttttt.exe136⤵
-
\??\c:\jvppd.exec:\jvppd.exe137⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe138⤵
-
\??\c:\frrrllf.exec:\frrrllf.exe139⤵
-
\??\c:\3fflffx.exec:\3fflffx.exe140⤵
-
\??\c:\5tbnht.exec:\5tbnht.exe141⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe142⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe143⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe144⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe145⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe146⤵
-
\??\c:\pppjv.exec:\pppjv.exe147⤵
-
\??\c:\1djdd.exec:\1djdd.exe148⤵
-
\??\c:\xrlffxr.exec:\xrlffxr.exe149⤵
-
\??\c:\htbttt.exec:\htbttt.exe150⤵
-
\??\c:\htbbnh.exec:\htbbnh.exe151⤵
-
\??\c:\3pdpj.exec:\3pdpj.exe152⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe153⤵
-
\??\c:\jddvp.exec:\jddvp.exe154⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe155⤵
-
\??\c:\rlrlxfx.exec:\rlrlxfx.exe156⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe157⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe158⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe159⤵
-
\??\c:\llrrlrf.exec:\llrrlrf.exe160⤵
-
\??\c:\rfffffl.exec:\rfffffl.exe161⤵
-
\??\c:\5hbhhh.exec:\5hbhhh.exe162⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe163⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe164⤵
-
\??\c:\xrxxxlr.exec:\xrxxxlr.exe165⤵
-
\??\c:\bbnhhn.exec:\bbnhhn.exe166⤵
-
\??\c:\tnnnnb.exec:\tnnnnb.exe167⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe168⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe169⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe170⤵
-
\??\c:\ffffrrl.exec:\ffffrrl.exe171⤵
-
\??\c:\rrrrfxr.exec:\rrrrfxr.exe172⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe173⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe174⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe175⤵
-
\??\c:\7flxllf.exec:\7flxllf.exe176⤵
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe177⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe178⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe179⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe180⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe181⤵
-
\??\c:\frllfff.exec:\frllfff.exe182⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe183⤵
-
\??\c:\1tbtbt.exec:\1tbtbt.exe184⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe185⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe186⤵
-
\??\c:\jddvd.exec:\jddvd.exe187⤵
-
\??\c:\9fxxllf.exec:\9fxxllf.exe188⤵
-
\??\c:\7xrrllx.exec:\7xrrllx.exe189⤵
-
\??\c:\thhnhn.exec:\thhnhn.exe190⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe191⤵
-
\??\c:\dddvv.exec:\dddvv.exe192⤵
-
\??\c:\lflfxrl.exec:\lflfxrl.exe193⤵
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe194⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe195⤵
-
\??\c:\7thbnn.exec:\7thbnn.exe196⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe197⤵
-
\??\c:\fflfxrr.exec:\fflfxrr.exe198⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe199⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe200⤵
-
\??\c:\vppjj.exec:\vppjj.exe201⤵
-
\??\c:\7djjd.exec:\7djjd.exe202⤵
-
\??\c:\rlfrllf.exec:\rlfrllf.exe203⤵
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe204⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe205⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe206⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe207⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe208⤵
-
\??\c:\3llfxxf.exec:\3llfxxf.exe209⤵
-
\??\c:\fxffxfl.exec:\fxffxfl.exe210⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe211⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe212⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe213⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe214⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe215⤵
-
\??\c:\7llrrrr.exec:\7llrrrr.exe216⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe217⤵
-
\??\c:\3btttt.exec:\3btttt.exe218⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe219⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe220⤵
-
\??\c:\flffxff.exec:\flffxff.exe221⤵
-
\??\c:\9xrrllf.exec:\9xrrllf.exe222⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe223⤵
-
\??\c:\tntbbt.exec:\tntbbt.exe224⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe225⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe226⤵
-
\??\c:\1xllfff.exec:\1xllfff.exe227⤵
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe228⤵
-
\??\c:\3bnhbt.exec:\3bnhbt.exe229⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe230⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe231⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe232⤵
-
\??\c:\fxrxrrl.exec:\fxrxrrl.exe233⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe234⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe235⤵
-
\??\c:\rlfxlxr.exec:\rlfxlxr.exe236⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe237⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe238⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe239⤵
-
\??\c:\7hhbtn.exec:\7hhbtn.exe240⤵
-
\??\c:\1vjdj.exec:\1vjdj.exe241⤵