Analysis
-
max time kernel
149s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 03:08
General
-
Target
5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe
-
Size
56KB
-
MD5
5eef8191e12bcea07d3af23002803010
-
SHA1
9b0756d39b9fb400f971a5ca17488197cdb5b81c
-
SHA256
d6f093f86d3408033cfad63d4ee610b773ed0db4d3c2cc278fa451d1554bcb80
-
SHA512
c9a5c3edb2d1c116029bfa6635d00e45d255e038a0d49fda311e7eae215526daf557d8fc02f8cf4291d173ba747e6d9f5f08bd0a6aa35e954e37abfbf33dea8e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVnEz:ymb3NkkiQ3mdBjF0crEz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5eef8191e12bcea07d3af23002803010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrll.exec:\xffxrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhhn.exec:\hhbhhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfll.exec:\llflfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhh.exec:\hnhhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxlfr.exec:\xflxlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhh.exec:\bbnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjj.exec:\1vpjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrrxx.exec:\fffrrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtt.exec:\ntbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppj.exec:\djppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllllf.exec:\ffllllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfffl.exec:\fxlfffl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttt.exec:\bttttt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvd.exec:\jvpvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdd.exec:\vpvdd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxxx.exec:\rrllxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbh.exec:\nhnhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\hnbbtt.exec:\hnbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxfxxx.exec:\xxxfxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\7bhhbb.exec:\7bhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\5bhhhh.exec:\5bhhhh.exe28⤵
- Executes dropped EXE
-
\??\c:\llrlrrx.exec:\llrlrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\llrrlll.exec:\llrrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\frlllll.exec:\frlllll.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe34⤵
- Executes dropped EXE
-
\??\c:\rffffll.exec:\rffffll.exe35⤵
- Executes dropped EXE
-
\??\c:\1nbbnt.exec:\1nbbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\htttnb.exec:\htttnb.exe37⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrfffl.exec:\rlrfffl.exe40⤵
- Executes dropped EXE
-
\??\c:\bbnhth.exec:\bbnhth.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\1vdvv.exec:\1vdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\xlxrfff.exec:\xlxrfff.exe44⤵
- Executes dropped EXE
-
\??\c:\3thhbb.exec:\3thhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\lxffxff.exec:\lxffxff.exe49⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe50⤵
- Executes dropped EXE
-
\??\c:\hbntht.exec:\hbntht.exe51⤵
- Executes dropped EXE
-
\??\c:\9vpvp.exec:\9vpvp.exe52⤵
- Executes dropped EXE
-
\??\c:\lllfrxr.exec:\lllfrxr.exe53⤵
- Executes dropped EXE
-
\??\c:\ntnbth.exec:\ntnbth.exe54⤵
- Executes dropped EXE
-
\??\c:\djvpd.exec:\djvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rlxllff.exec:\rlxllff.exe57⤵
- Executes dropped EXE
-
\??\c:\btnbhh.exec:\btnbhh.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpdv.exec:\vjpdv.exe59⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhbht.exec:\hbhbht.exe63⤵
- Executes dropped EXE
-
\??\c:\7ddvv.exec:\7ddvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe66⤵
-
\??\c:\7tbttt.exec:\7tbttt.exe67⤵
-
\??\c:\vppjj.exec:\vppjj.exe68⤵
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe69⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe70⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe71⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe72⤵
-
\??\c:\lxlxrff.exec:\lxlxrff.exe73⤵
-
\??\c:\fxrllff.exec:\fxrllff.exe74⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe75⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe76⤵
-
\??\c:\dppdv.exec:\dppdv.exe77⤵
-
\??\c:\lflrlrl.exec:\lflrlrl.exe78⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe79⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe80⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe81⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe82⤵
-
\??\c:\9lxrxlr.exec:\9lxrxlr.exe83⤵
-
\??\c:\frrxxxr.exec:\frrxxxr.exe84⤵
-
\??\c:\7nhhhn.exec:\7nhhhn.exe85⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe86⤵
-
\??\c:\3lflxff.exec:\3lflxff.exe87⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe88⤵
-
\??\c:\ddddv.exec:\ddddv.exe89⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe90⤵
-
\??\c:\fxrxrrl.exec:\fxrxrrl.exe91⤵
-
\??\c:\3nbbtt.exec:\3nbbtt.exe92⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe93⤵
-
\??\c:\9xrrllr.exec:\9xrrllr.exe94⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe95⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe96⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe97⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe98⤵
-
\??\c:\bbnnbh.exec:\bbnnbh.exe99⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe100⤵
-
\??\c:\rrrrrxl.exec:\rrrrrxl.exe101⤵
-
\??\c:\xlxxxlr.exec:\xlxxxlr.exe102⤵
-
\??\c:\hbhtht.exec:\hbhtht.exe103⤵
-
\??\c:\bthtbb.exec:\bthtbb.exe104⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe105⤵
-
\??\c:\fxfffrf.exec:\fxfffrf.exe106⤵
-
\??\c:\ffxxflf.exec:\ffxxflf.exe107⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe108⤵
-
\??\c:\btbbtn.exec:\btbbtn.exe109⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe110⤵
-
\??\c:\7xfxrrf.exec:\7xfxrrf.exe111⤵
-
\??\c:\rrfxrxf.exec:\rrfxrxf.exe112⤵
-
\??\c:\bbttht.exec:\bbttht.exe113⤵
-
\??\c:\7rrrrxr.exec:\7rrrrxr.exe114⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe115⤵
-
\??\c:\btbbth.exec:\btbbth.exe116⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe117⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe118⤵
-
\??\c:\jvppj.exec:\jvppj.exe119⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe120⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe121⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe122⤵
-
\??\c:\nbtbtt.exec:\nbtbtt.exe123⤵
-
\??\c:\dpppd.exec:\dpppd.exe124⤵
-
\??\c:\lxlxrxx.exec:\lxlxrxx.exe125⤵
-
\??\c:\9lfxffl.exec:\9lfxffl.exe126⤵
-
\??\c:\tbtbhh.exec:\tbtbhh.exe127⤵
-
\??\c:\9llrrrf.exec:\9llrrrf.exe128⤵
-
\??\c:\xrxfxfl.exec:\xrxfxfl.exe129⤵
-
\??\c:\1hbnnn.exec:\1hbnnn.exe130⤵
-
\??\c:\9vppp.exec:\9vppp.exe131⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe132⤵
-
\??\c:\xxxrflf.exec:\xxxrflf.exe133⤵
-
\??\c:\hntbhn.exec:\hntbhn.exe134⤵
-
\??\c:\7bbtnh.exec:\7bbtnh.exe135⤵
-
\??\c:\1pvpv.exec:\1pvpv.exe136⤵
-
\??\c:\ffrffff.exec:\ffrffff.exe137⤵
-
\??\c:\lllllll.exec:\lllllll.exe138⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe139⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe140⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe141⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe142⤵
-
\??\c:\pvjvj.exec:\pvjvj.exe143⤵
-
\??\c:\xxffxff.exec:\xxffxff.exe144⤵
-
\??\c:\fxxfxfx.exec:\fxxfxfx.exe145⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe146⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe147⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe148⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe149⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe150⤵
-
\??\c:\dddvd.exec:\dddvd.exe151⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe152⤵
-
\??\c:\7xrlflx.exec:\7xrlflx.exe153⤵
-
\??\c:\rrxrffx.exec:\rrxrffx.exe154⤵
-
\??\c:\1tbttn.exec:\1tbttn.exe155⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe156⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe157⤵
-
\??\c:\xxflrlr.exec:\xxflrlr.exe158⤵
-
\??\c:\lffffff.exec:\lffffff.exe159⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe160⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe161⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe162⤵
-
\??\c:\fflllxf.exec:\fflllxf.exe163⤵
-
\??\c:\hntttt.exec:\hntttt.exe164⤵
-
\??\c:\ttbbth.exec:\ttbbth.exe165⤵
-
\??\c:\jddvv.exec:\jddvv.exe166⤵
-
\??\c:\9rxrlff.exec:\9rxrlff.exe167⤵
-
\??\c:\rrrffxr.exec:\rrrffxr.exe168⤵
-
\??\c:\1hhhhn.exec:\1hhhhn.exe169⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe170⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe171⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe172⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe173⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe174⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe175⤵
-
\??\c:\pdddv.exec:\pdddv.exe176⤵
-
\??\c:\vppjd.exec:\vppjd.exe177⤵
-
\??\c:\lfrlllf.exec:\lfrlllf.exe178⤵
-
\??\c:\lflflff.exec:\lflflff.exe179⤵
-
\??\c:\hbbnnb.exec:\hbbnnb.exe180⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe181⤵
-
\??\c:\jvddp.exec:\jvddp.exe182⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe183⤵
-
\??\c:\xrlfllx.exec:\xrlfllx.exe184⤵
-
\??\c:\xflrxxf.exec:\xflrxxf.exe185⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe186⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe187⤵
-
\??\c:\pddpj.exec:\pddpj.exe188⤵
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe189⤵
-
\??\c:\lxfrfrl.exec:\lxfrfrl.exe190⤵
-
\??\c:\5xxlffr.exec:\5xxlffr.exe191⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe192⤵
-
\??\c:\hnnntb.exec:\hnnntb.exe193⤵
-
\??\c:\jppjd.exec:\jppjd.exe194⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe195⤵
-
\??\c:\llxxflr.exec:\llxxflr.exe196⤵
-
\??\c:\thnntt.exec:\thnntt.exe197⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe198⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe199⤵
-
\??\c:\jddvp.exec:\jddvp.exe200⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe201⤵
-
\??\c:\7ffxxll.exec:\7ffxxll.exe202⤵
-
\??\c:\9nhhbb.exec:\9nhhbb.exe203⤵
-
\??\c:\1btnnt.exec:\1btnnt.exe204⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe205⤵
-
\??\c:\xxxlrlr.exec:\xxxlrlr.exe206⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe207⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe208⤵
-
\??\c:\vpppj.exec:\vpppj.exe209⤵
-
\??\c:\1jppj.exec:\1jppj.exe210⤵
-
\??\c:\5rfllll.exec:\5rfllll.exe211⤵
-
\??\c:\fxxfxff.exec:\fxxfxff.exe212⤵
-
\??\c:\hbnnbn.exec:\hbnnbn.exe213⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe214⤵
-
\??\c:\vpddd.exec:\vpddd.exe215⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe216⤵
-
\??\c:\rllflll.exec:\rllflll.exe217⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe218⤵
-
\??\c:\3tbbhh.exec:\3tbbhh.exe219⤵
-
\??\c:\vddvp.exec:\vddvp.exe220⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe221⤵
-
\??\c:\rlrlfll.exec:\rlrlfll.exe222⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe223⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe224⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe225⤵
-
\??\c:\ppppj.exec:\ppppj.exe226⤵
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe227⤵
-
\??\c:\llfllll.exec:\llfllll.exe228⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe229⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe230⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe231⤵
-
\??\c:\jpddd.exec:\jpddd.exe232⤵
-
\??\c:\frxflxx.exec:\frxflxx.exe233⤵
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe234⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe235⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe236⤵
-
\??\c:\dddvv.exec:\dddvv.exe237⤵
-
\??\c:\jvddp.exec:\jvddp.exe238⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe239⤵
-
\??\c:\fffxlll.exec:\fffxlll.exe240⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe241⤵