Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 03:04
General
-
Target
5e444a7286f7b6f237208e1ca46dab40_NeikiAnalytics.exe
-
Size
68KB
-
MD5
5e444a7286f7b6f237208e1ca46dab40
-
SHA1
18148e71db38b14951bf5168dc51e4ac082f07d0
-
SHA256
97fe2f9b7e857ec41e0e7dc64656ea35de7861e3c2ae51b96af5d066e46c2337
-
SHA512
f07ec4eaff94e9d5633f29fef5def149e82618c2f78e618882f323b15915ab9d7a7ed93fe95537f8d4bdd080770fd218748ddbc4e6fef1b8dd0683f3e3920f5f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/H:ymb3NkkiQ3mdBjF0yjcsMP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e444a7286f7b6f237208e1ca46dab40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e444a7286f7b6f237208e1ca46dab40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllrx.exec:\fxlllrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxx.exec:\lxffxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnnht.exec:\5hnnht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrxf.exec:\xrrrrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbbtb.exec:\5tbbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdvv.exec:\1jdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffffx.exec:\xfffffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnb.exec:\bnbbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvj.exec:\dppvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllfll.exec:\9fllfll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbbhn.exec:\9nbbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdj.exec:\5jjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlllff.exec:\rxlllff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrffr.exec:\rrlrffr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntttt.exec:\1ntttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxfxf.exec:\xrlxfxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttnt.exec:\hbttnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddj.exec:\pjddj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffflx.exec:\llffflx.exe23⤵
- Executes dropped EXE
-
\??\c:\llrfrxl.exec:\llrfrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\1bnhhh.exec:\1bnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\llllflr.exec:\llllflr.exe28⤵
- Executes dropped EXE
-
\??\c:\3hnnhh.exec:\3hnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\llfflrf.exec:\llfflrf.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe33⤵
- Executes dropped EXE
-
\??\c:\lffxxxx.exec:\lffxxxx.exe34⤵
- Executes dropped EXE
-
\??\c:\7xffllx.exec:\7xffllx.exe35⤵
- Executes dropped EXE
-
\??\c:\3htttb.exec:\3htttb.exe36⤵
- Executes dropped EXE
-
\??\c:\bbhttn.exec:\bbhttn.exe37⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe38⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe39⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe43⤵
- Executes dropped EXE
-
\??\c:\llrlxfx.exec:\llrlxfx.exe44⤵
- Executes dropped EXE
-
\??\c:\rllxxrl.exec:\rllxxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\bttbtt.exec:\bttbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\7jjjj.exec:\7jjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfrfff.exec:\lxfrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\xfxrfrf.exec:\xfxrfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe52⤵
- Executes dropped EXE
-
\??\c:\1ddvd.exec:\1ddvd.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlrffx.exec:\xrlrffx.exe54⤵
- Executes dropped EXE
-
\??\c:\lffxlfx.exec:\lffxlfx.exe55⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\5vvpp.exec:\5vvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\xxrlfxr.exec:\xxrlfxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbtnh.exec:\bbbtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\bbbthn.exec:\bbbthn.exe62⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe63⤵
- Executes dropped EXE
-
\??\c:\9fffxff.exec:\9fffxff.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe66⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe67⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe68⤵
-
\??\c:\xrrfrxr.exec:\xrrfrxr.exe69⤵
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe70⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe71⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe72⤵
-
\??\c:\3djdj.exec:\3djdj.exe73⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe74⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe75⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe76⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe77⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe78⤵
-
\??\c:\jddpp.exec:\jddpp.exe79⤵
-
\??\c:\frrfxxx.exec:\frrfxxx.exe80⤵
-
\??\c:\1xrrllf.exec:\1xrrllf.exe81⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe82⤵
-
\??\c:\jddjp.exec:\jddjp.exe83⤵
-
\??\c:\lxfrffx.exec:\lxfrffx.exe84⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe85⤵
-
\??\c:\nnnbhb.exec:\nnnbhb.exe86⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe87⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe88⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe89⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe90⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe91⤵
-
\??\c:\rrfxlfr.exec:\rrfxlfr.exe92⤵
-
\??\c:\5xrlxxr.exec:\5xrlxxr.exe93⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe94⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe95⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe96⤵
-
\??\c:\1xlrxfx.exec:\1xlrxfx.exe97⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe98⤵
-
\??\c:\3tthbt.exec:\3tthbt.exe99⤵
-
\??\c:\3vppp.exec:\3vppp.exe100⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe101⤵
-
\??\c:\ffrllfx.exec:\ffrllfx.exe102⤵
-
\??\c:\rfxlffx.exec:\rfxlffx.exe103⤵
-
\??\c:\hthbnh.exec:\hthbnh.exe104⤵
-
\??\c:\9hbbnn.exec:\9hbbnn.exe105⤵
-
\??\c:\5dddv.exec:\5dddv.exe106⤵
-
\??\c:\1fffxxr.exec:\1fffxxr.exe107⤵
-
\??\c:\3tthnt.exec:\3tthnt.exe108⤵
-
\??\c:\tnnnhb.exec:\tnnnhb.exe109⤵
-
\??\c:\pddvj.exec:\pddvj.exe110⤵
-
\??\c:\xxflfff.exec:\xxflfff.exe111⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe112⤵
-
\??\c:\bnnbnb.exec:\bnnbnb.exe113⤵
-
\??\c:\7ppjj.exec:\7ppjj.exe114⤵
-
\??\c:\7vvpv.exec:\7vvpv.exe115⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe116⤵
-
\??\c:\hhbtnh.exec:\hhbtnh.exe117⤵
-
\??\c:\5hbthh.exec:\5hbthh.exe118⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe119⤵
-
\??\c:\frrlffl.exec:\frrlffl.exe120⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe121⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe122⤵
-
\??\c:\lrlfrlr.exec:\lrlfrlr.exe123⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe124⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe125⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe126⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe127⤵
-
\??\c:\xlllxxr.exec:\xlllxxr.exe128⤵
-
\??\c:\xxfxllr.exec:\xxfxllr.exe129⤵
-
\??\c:\nttnhn.exec:\nttnhn.exe130⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe131⤵
-
\??\c:\pddvj.exec:\pddvj.exe132⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe133⤵
-
\??\c:\rxlrffx.exec:\rxlrffx.exe134⤵
-
\??\c:\rlrlfrl.exec:\rlrlfrl.exe135⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe136⤵
-
\??\c:\thbbbh.exec:\thbbbh.exe137⤵
-
\??\c:\vddvp.exec:\vddvp.exe138⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe139⤵
-
\??\c:\3lfxllf.exec:\3lfxllf.exe140⤵
-
\??\c:\7rxxrll.exec:\7rxxrll.exe141⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe142⤵
-
\??\c:\tnhbth.exec:\tnhbth.exe143⤵
-
\??\c:\vvddp.exec:\vvddp.exe144⤵
-
\??\c:\fxxrfxx.exec:\fxxrfxx.exe145⤵
-
\??\c:\xxxxffl.exec:\xxxxffl.exe146⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe147⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe148⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe149⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe150⤵
-
\??\c:\5xrlffx.exec:\5xrlffx.exe151⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe152⤵
-
\??\c:\btnntt.exec:\btnntt.exe153⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe154⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe155⤵
-
\??\c:\9ppjj.exec:\9ppjj.exe156⤵
-
\??\c:\1xrxrrl.exec:\1xrxrrl.exe157⤵
-
\??\c:\lfllllf.exec:\lfllllf.exe158⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe159⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe160⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe161⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe162⤵
-
\??\c:\9flrrrr.exec:\9flrrrr.exe163⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe164⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe165⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe166⤵
-
\??\c:\pddvv.exec:\pddvv.exe167⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe168⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe169⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe170⤵
-
\??\c:\9nhbnb.exec:\9nhbnb.exe171⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe172⤵
-
\??\c:\rlllfrr.exec:\rlllfrr.exe173⤵
-
\??\c:\5hnnbh.exec:\5hnnbh.exe174⤵
-
\??\c:\pddpj.exec:\pddpj.exe175⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe176⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe177⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe178⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe179⤵
-
\??\c:\hnntbb.exec:\hnntbb.exe180⤵
-
\??\c:\7hhbnb.exec:\7hhbnb.exe181⤵
-
\??\c:\5pvpp.exec:\5pvpp.exe182⤵
-
\??\c:\ffxrffx.exec:\ffxrffx.exe183⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe184⤵
-
\??\c:\jvppd.exec:\jvppd.exe185⤵
-
\??\c:\lfrfrfx.exec:\lfrfrfx.exe186⤵
-
\??\c:\lxfrffx.exec:\lxfrffx.exe187⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe188⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe189⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe190⤵
-
\??\c:\dppjv.exec:\dppjv.exe191⤵
-
\??\c:\llrlllx.exec:\llrlllx.exe192⤵
-
\??\c:\flfxrrf.exec:\flfxrrf.exe193⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe194⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe195⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe196⤵
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe197⤵
-
\??\c:\rrxrxrl.exec:\rrxrxrl.exe198⤵
-
\??\c:\jddvj.exec:\jddvj.exe199⤵
-
\??\c:\7rrlxrl.exec:\7rrlxrl.exe200⤵
-
\??\c:\3ttnht.exec:\3ttnht.exe201⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe202⤵
-
\??\c:\1nnhnn.exec:\1nnhnn.exe203⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe204⤵
-
\??\c:\fxrffxr.exec:\fxrffxr.exe205⤵
-
\??\c:\lxfrrlr.exec:\lxfrrlr.exe206⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe207⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe208⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe209⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe210⤵
-
\??\c:\7xxrllf.exec:\7xxrllf.exe211⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe212⤵
-
\??\c:\1pjvp.exec:\1pjvp.exe213⤵
-
\??\c:\rrxrfff.exec:\rrxrfff.exe214⤵
-
\??\c:\7hthhh.exec:\7hthhh.exe215⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe216⤵
-
\??\c:\rlrfxrl.exec:\rlrfxrl.exe217⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe218⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe219⤵
-
\??\c:\llxffff.exec:\llxffff.exe220⤵
-
\??\c:\xllfxxl.exec:\xllfxxl.exe221⤵
-
\??\c:\xrrrffx.exec:\xrrrffx.exe222⤵
-
\??\c:\btttnh.exec:\btttnh.exe223⤵
-
\??\c:\dvppp.exec:\dvppp.exe224⤵
-
\??\c:\dddpd.exec:\dddpd.exe225⤵
-
\??\c:\xxlrrrl.exec:\xxlrrrl.exe226⤵
-
\??\c:\5llfrrl.exec:\5llfrrl.exe227⤵
-
\??\c:\hthtnt.exec:\hthtnt.exe228⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe229⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe230⤵
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe231⤵
-
\??\c:\9lxrllf.exec:\9lxrllf.exe232⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe233⤵
-
\??\c:\5nnhnh.exec:\5nnhnh.exe234⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe235⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe236⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe237⤵
-
\??\c:\xllrfxr.exec:\xllrfxr.exe238⤵
-
\??\c:\9btbtn.exec:\9btbtn.exe239⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe240⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe241⤵