Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 03:03
General
-
Target
5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
5e0aa7a8f8fab8977e653ae7651a3ab0
-
SHA1
5d47e2df66490c4708dadc65dbc8216c815051e4
-
SHA256
48a6cd4c621c0893732381aff1a2ff3cce9a8d04e0733413b41c2e6938aa38aa
-
SHA512
97dbc7a507dadf71e0d6a5c5cef0424157b00149100fa4c95ab0f5200881947ac63be5fdab234f98e28c5e3d893ca67166db9ffe52de4b88c4c7ede539cb17c1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5+:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e0aa7a8f8fab8977e653ae7651a3ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlrl.exec:\frxrlrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbttn.exec:\bhbttn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdd.exec:\vjjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxllfl.exec:\rlxllfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnhb.exec:\nbtnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvj.exec:\pdjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflfxf.exec:\ffflfxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdv.exec:\vjpdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtbb.exec:\hhbtbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvv.exec:\dvjvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlff.exec:\flrrlff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttth.exec:\hbttth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdv.exec:\vdvdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxf.exec:\xrlfxxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhthn.exec:\bnhthn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnbnn.exec:\7hnbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrlf.exec:\lfrfrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxlxrf.exec:\xlxlxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\3tbthh.exec:\3tbthh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe30⤵
- Executes dropped EXE
-
\??\c:\3jvpv.exec:\3jvpv.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxxlfx.exec:\rlxxlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe33⤵
- Executes dropped EXE
-
\??\c:\vddvd.exec:\vddvd.exe34⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe36⤵
- Executes dropped EXE
-
\??\c:\rffxlfr.exec:\rffxlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\3jvpj.exec:\3jvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\1vjdv.exec:\1vjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\llrrrrr.exec:\llrrrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe44⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe45⤵
- Executes dropped EXE
-
\??\c:\fflfxxx.exec:\fflfxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\rrrrllf.exec:\rrrrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\frllxff.exec:\frllxff.exe49⤵
- Executes dropped EXE
-
\??\c:\rxlllrl.exec:\rxlllrl.exe50⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe51⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe52⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe53⤵
- Executes dropped EXE
-
\??\c:\1frlfff.exec:\1frlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\flllllf.exec:\flllllf.exe55⤵
- Executes dropped EXE
-
\??\c:\3bbbtb.exec:\3bbbtb.exe56⤵
- Executes dropped EXE
-
\??\c:\hnhthb.exec:\hnhthb.exe57⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\9vdpv.exec:\9vdpv.exe59⤵
- Executes dropped EXE
-
\??\c:\9llfxfx.exec:\9llfxfx.exe60⤵
- Executes dropped EXE
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe63⤵
- Executes dropped EXE
-
\??\c:\djvdd.exec:\djvdd.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe66⤵
-
\??\c:\7xffflr.exec:\7xffflr.exe67⤵
-
\??\c:\xrlflll.exec:\xrlflll.exe68⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe69⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe70⤵
-
\??\c:\9pppd.exec:\9pppd.exe71⤵
-
\??\c:\vvddd.exec:\vvddd.exe72⤵
-
\??\c:\vppjd.exec:\vppjd.exe73⤵
-
\??\c:\xfxfxlr.exec:\xfxfxlr.exe74⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe75⤵
-
\??\c:\tnttth.exec:\tnttth.exe76⤵
-
\??\c:\btbbht.exec:\btbbht.exe77⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe78⤵
-
\??\c:\7jpdd.exec:\7jpdd.exe79⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe80⤵
-
\??\c:\9rxrfff.exec:\9rxrfff.exe81⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe82⤵
-
\??\c:\7bhbtt.exec:\7bhbtt.exe83⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe84⤵
-
\??\c:\9jvpj.exec:\9jvpj.exe85⤵
-
\??\c:\3llfrrr.exec:\3llfrrr.exe86⤵
-
\??\c:\btnbbb.exec:\btnbbb.exe87⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe88⤵
-
\??\c:\1vjpj.exec:\1vjpj.exe89⤵
-
\??\c:\3llfxxr.exec:\3llfxxr.exe90⤵
-
\??\c:\lrllflf.exec:\lrllflf.exe91⤵
-
\??\c:\9htbtn.exec:\9htbtn.exe92⤵
-
\??\c:\bntttb.exec:\bntttb.exe93⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe94⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe95⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe96⤵
-
\??\c:\9rfxrll.exec:\9rfxrll.exe97⤵
-
\??\c:\rrxxxfx.exec:\rrxxxfx.exe98⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe99⤵
-
\??\c:\httnnn.exec:\httnnn.exe100⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe101⤵
-
\??\c:\xlrxlll.exec:\xlrxlll.exe102⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe103⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe104⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe105⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe106⤵
-
\??\c:\vvppj.exec:\vvppj.exe107⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe108⤵
-
\??\c:\rflfxxl.exec:\rflfxxl.exe109⤵
-
\??\c:\xxfxxrr.exec:\xxfxxrr.exe110⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe111⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe112⤵
-
\??\c:\jddvp.exec:\jddvp.exe113⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe114⤵
-
\??\c:\3jvpp.exec:\3jvpp.exe115⤵
-
\??\c:\1rffllr.exec:\1rffllr.exe116⤵
-
\??\c:\rflffll.exec:\rflffll.exe117⤵
-
\??\c:\bbnnnt.exec:\bbnnnt.exe118⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe119⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe120⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe121⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe122⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe123⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe124⤵
-
\??\c:\lxxlrlf.exec:\lxxlrlf.exe125⤵
-
\??\c:\rfxxxfx.exec:\rfxxxfx.exe126⤵
-
\??\c:\3ntnhh.exec:\3ntnhh.exe127⤵
-
\??\c:\7hbbnn.exec:\7hbbnn.exe128⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe129⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe130⤵
-
\??\c:\fxxrlrr.exec:\fxxrlrr.exe131⤵
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe132⤵
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe133⤵
-
\??\c:\3nnnhh.exec:\3nnnhh.exe134⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe135⤵
-
\??\c:\7jddj.exec:\7jddj.exe136⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe137⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe138⤵
-
\??\c:\xfxxxxr.exec:\xfxxxxr.exe139⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe140⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe141⤵
-
\??\c:\3flfxxr.exec:\3flfxxr.exe142⤵
-
\??\c:\rrrfllx.exec:\rrrfllx.exe143⤵
-
\??\c:\7bbbtb.exec:\7bbbtb.exe144⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe145⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe146⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe147⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe148⤵
-
\??\c:\flfffll.exec:\flfffll.exe149⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe150⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe151⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe152⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe153⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe154⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe155⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe156⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe157⤵
-
\??\c:\3hhbnn.exec:\3hhbnn.exe158⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe159⤵
-
\??\c:\7ppvp.exec:\7ppvp.exe160⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe161⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe162⤵
-
\??\c:\btthbn.exec:\btthbn.exe163⤵
-
\??\c:\vddpj.exec:\vddpj.exe164⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe165⤵
-
\??\c:\llrrxxf.exec:\llrrxxf.exe166⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe167⤵
-
\??\c:\btbttn.exec:\btbttn.exe168⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe169⤵
-
\??\c:\pjppp.exec:\pjppp.exe170⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe171⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe172⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe173⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe174⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe175⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe176⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe177⤵
-
\??\c:\frrrrxx.exec:\frrrrxx.exe178⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe179⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe180⤵
-
\??\c:\ppppp.exec:\ppppp.exe181⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe182⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe183⤵
-
\??\c:\ffffffx.exec:\ffffffx.exe184⤵
-
\??\c:\9ntttt.exec:\9ntttt.exe185⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe186⤵
-
\??\c:\1vppd.exec:\1vppd.exe187⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe188⤵
-
\??\c:\9llrfrr.exec:\9llrfrr.exe189⤵
-
\??\c:\1xllrrf.exec:\1xllrrf.exe190⤵
-
\??\c:\1dddj.exec:\1dddj.exe191⤵
-
\??\c:\xfxrrll.exec:\xfxrrll.exe192⤵
-
\??\c:\xxrxrff.exec:\xxrxrff.exe193⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe194⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe195⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe196⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe197⤵
-
\??\c:\ffffxff.exec:\ffffxff.exe198⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe199⤵
-
\??\c:\3bhbbh.exec:\3bhbbh.exe200⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe201⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe202⤵
-
\??\c:\lfffffx.exec:\lfffffx.exe203⤵
-
\??\c:\5lxxxfx.exec:\5lxxxfx.exe204⤵
-
\??\c:\nnntbt.exec:\nnntbt.exe205⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe206⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe207⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe208⤵
-
\??\c:\xrrrfff.exec:\xrrrfff.exe209⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe210⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe211⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe212⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe213⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe214⤵
-
\??\c:\ddddd.exec:\ddddd.exe215⤵
-
\??\c:\xrffxff.exec:\xrffxff.exe216⤵
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe217⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe218⤵
-
\??\c:\9ntnnn.exec:\9ntnnn.exe219⤵
-
\??\c:\1nnnhn.exec:\1nnnhn.exe220⤵
-
\??\c:\djvpp.exec:\djvpp.exe221⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe222⤵
-
\??\c:\5rfxrrl.exec:\5rfxrrl.exe223⤵
-
\??\c:\nthbhn.exec:\nthbhn.exe224⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe225⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe226⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe227⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe228⤵
-
\??\c:\3ffxffx.exec:\3ffxffx.exe229⤵
-
\??\c:\3xxxxrr.exec:\3xxxxrr.exe230⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe231⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe232⤵
-
\??\c:\vvddd.exec:\vvddd.exe233⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe234⤵
-
\??\c:\xllffff.exec:\xllffff.exe235⤵
-
\??\c:\lfllfff.exec:\lfllfff.exe236⤵
-
\??\c:\5bbbbt.exec:\5bbbbt.exe237⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe238⤵
-
\??\c:\3jvvv.exec:\3jvvv.exe239⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe240⤵
-
\??\c:\5rrlflf.exec:\5rrlflf.exe241⤵