Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 06:24
General
-
Target
902275682dbf9d7e75d19ccc23ed1590_NeikiAnalytics.exe
-
Size
460KB
-
MD5
902275682dbf9d7e75d19ccc23ed1590
-
SHA1
3caa4fd0408a099295d624e5b6451bba3f709396
-
SHA256
e7046ab1408ef6222e313548b6e1fec43f27be8670fa65425e24204aafbe178a
-
SHA512
0dcfd32515ce9f0ee44a489aaf6485fbf161123b56f8f0758d95947e26be56ae13c9401698c0afaf57cec4f49c027ce3b24d0d3a2787d09420f153cc04dd928e
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/TkP:n3C9ytvn8whkbJTaFmr3C9ytvn8whkby
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\902275682dbf9d7e75d19ccc23ed1590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\902275682dbf9d7e75d19ccc23ed1590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlll.exec:\rlrrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbt.exec:\nbhbbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvj.exec:\dpvvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntb.exec:\nnnntb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjj.exec:\jjvjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjd.exec:\7djjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrlrr.exec:\7lrrlrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvd.exec:\9dvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxllr.exec:\llfxllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvd.exec:\3pvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppj.exec:\jdppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrffr.exec:\3fxrffr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvj.exec:\dvvvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rfxxxx.exec:\9rfxxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfffll.exec:\llfffll.exe23⤵
- Executes dropped EXE
-
\??\c:\lflxxxr.exec:\lflxxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe26⤵
- Executes dropped EXE
-
\??\c:\1nhbbh.exec:\1nhbbh.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhnnh.exec:\bhhnnh.exe29⤵
- Executes dropped EXE
-
\??\c:\1jppp.exec:\1jppp.exe30⤵
- Executes dropped EXE
-
\??\c:\1ffflrl.exec:\1ffflrl.exe31⤵
- Executes dropped EXE
-
\??\c:\1nnnnb.exec:\1nnnnb.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrxrfr.exec:\fxrxrfr.exe33⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe34⤵
- Executes dropped EXE
-
\??\c:\lxfxxrf.exec:\lxfxxrf.exe35⤵
- Executes dropped EXE
-
\??\c:\9nnnnh.exec:\9nnnnh.exe36⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe37⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtntn.exec:\hbtntn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\lflrrrl.exec:\lflrrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\ttbtbt.exec:\ttbtbt.exe42⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe44⤵
- Executes dropped EXE
-
\??\c:\nnbbtb.exec:\nnbbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\1fxrflr.exec:\1fxrflr.exe47⤵
- Executes dropped EXE
-
\??\c:\5xllflf.exec:\5xllflf.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbbtb.exec:\bbbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\5llxxff.exec:\5llxxff.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbtbb.exec:\nhbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe53⤵
- Executes dropped EXE
-
\??\c:\5rlllrl.exec:\5rlllrl.exe54⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe56⤵
- Executes dropped EXE
-
\??\c:\lfxllll.exec:\lfxllll.exe57⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe59⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe60⤵
- Executes dropped EXE
-
\??\c:\5xfxxxr.exec:\5xfxxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjvv.exec:\dvjvv.exe63⤵
- Executes dropped EXE
-
\??\c:\7djdv.exec:\7djdv.exe64⤵
- Executes dropped EXE
-
\??\c:\xlrllfr.exec:\xlrllfr.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe66⤵
-
\??\c:\ffffffl.exec:\ffffffl.exe67⤵
-
\??\c:\tbnhtt.exec:\tbnhtt.exe68⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe69⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe70⤵
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe71⤵
-
\??\c:\7hnhhn.exec:\7hnhhn.exe72⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe73⤵
-
\??\c:\7ppdd.exec:\7ppdd.exe74⤵
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe75⤵
-
\??\c:\3btttb.exec:\3btttb.exe76⤵
-
\??\c:\1hhhhn.exec:\1hhhhn.exe77⤵
-
\??\c:\dpddd.exec:\dpddd.exe78⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe79⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe80⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe81⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe82⤵
-
\??\c:\rflffxf.exec:\rflffxf.exe83⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe84⤵
-
\??\c:\jvppj.exec:\jvppj.exe85⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe86⤵
-
\??\c:\7fffxxx.exec:\7fffxxx.exe87⤵
-
\??\c:\hhttth.exec:\hhttth.exe88⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe89⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe90⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe91⤵
-
\??\c:\rllrllr.exec:\rllrllr.exe92⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe93⤵
-
\??\c:\jjppp.exec:\jjppp.exe94⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe95⤵
-
\??\c:\1frrlrl.exec:\1frrlrl.exe96⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe97⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe98⤵
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe99⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe100⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe101⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe102⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe103⤵
-
\??\c:\nbtnnt.exec:\nbtnnt.exe104⤵
-
\??\c:\ddppj.exec:\ddppj.exe105⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe106⤵
-
\??\c:\nntthh.exec:\nntthh.exe107⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe108⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe109⤵
-
\??\c:\lflllll.exec:\lflllll.exe110⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe111⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe112⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe113⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe114⤵
-
\??\c:\bhbbth.exec:\bhbbth.exe115⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe116⤵
-
\??\c:\lrxxlll.exec:\lrxxlll.exe117⤵
-
\??\c:\7lrlflf.exec:\7lrlflf.exe118⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe119⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe120⤵
-
\??\c:\ffrfrxl.exec:\ffrfrxl.exe121⤵
-
\??\c:\3hnnnb.exec:\3hnnnb.exe122⤵
-
\??\c:\tbtbhh.exec:\tbtbhh.exe123⤵
-
\??\c:\djppp.exec:\djppp.exe124⤵
-
\??\c:\xlflxlx.exec:\xlflxlx.exe125⤵
-
\??\c:\bhnnnh.exec:\bhnnnh.exe126⤵
-
\??\c:\ppddd.exec:\ppddd.exe127⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe128⤵
-
\??\c:\xrflfll.exec:\xrflfll.exe129⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe130⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe131⤵
-
\??\c:\9pddp.exec:\9pddp.exe132⤵
-
\??\c:\llrllrl.exec:\llrllrl.exe133⤵
-
\??\c:\9nnnhn.exec:\9nnnhn.exe134⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe135⤵
-
\??\c:\7pvdd.exec:\7pvdd.exe136⤵
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe137⤵
-
\??\c:\9tbbtb.exec:\9tbbtb.exe138⤵
-
\??\c:\vppjv.exec:\vppjv.exe139⤵
-
\??\c:\9rxffrr.exec:\9rxffrr.exe140⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe141⤵
-
\??\c:\ppddd.exec:\ppddd.exe142⤵
-
\??\c:\pvppp.exec:\pvppp.exe143⤵
-
\??\c:\lfrfrlx.exec:\lfrfrlx.exe144⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe145⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe146⤵
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe147⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe148⤵
-
\??\c:\jpddp.exec:\jpddp.exe149⤵
-
\??\c:\lrrrxxx.exec:\lrrrxxx.exe150⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe151⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe152⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe153⤵
-
\??\c:\1flffll.exec:\1flffll.exe154⤵
-
\??\c:\nhhbbh.exec:\nhhbbh.exe155⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe156⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe157⤵
-
\??\c:\ffrrfrf.exec:\ffrrfrf.exe158⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe159⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe160⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe161⤵
-
\??\c:\fffllrr.exec:\fffllrr.exe162⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe163⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe164⤵
-
\??\c:\xxlrrll.exec:\xxlrrll.exe165⤵
-
\??\c:\7lxfxxx.exec:\7lxfxxx.exe166⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe167⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe168⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe169⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe170⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe171⤵
-
\??\c:\vppjj.exec:\vppjj.exe172⤵
-
\??\c:\1rxxrxr.exec:\1rxxrxr.exe173⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe174⤵
-
\??\c:\ppppd.exec:\ppppd.exe175⤵
-
\??\c:\9xlrrxx.exec:\9xlrrxx.exe176⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe177⤵
-
\??\c:\1tnttb.exec:\1tnttb.exe178⤵
-
\??\c:\7pddj.exec:\7pddj.exe179⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe180⤵
-
\??\c:\bhhttb.exec:\bhhttb.exe181⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe182⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe183⤵
-
\??\c:\rxlxflx.exec:\rxlxflx.exe184⤵
-
\??\c:\rrflxxl.exec:\rrflxxl.exe185⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe186⤵
-
\??\c:\vdppp.exec:\vdppp.exe187⤵
-
\??\c:\7rffrxf.exec:\7rffrxf.exe188⤵
-
\??\c:\xxxffff.exec:\xxxffff.exe189⤵
-
\??\c:\thtntb.exec:\thtntb.exe190⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe191⤵
-
\??\c:\xllxrfx.exec:\xllxrfx.exe192⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe193⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe194⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe195⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe196⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe197⤵
-
\??\c:\ntbnhh.exec:\ntbnhh.exe198⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe199⤵
-
\??\c:\rffrlfx.exec:\rffrlfx.exe200⤵
-
\??\c:\rrrlrlf.exec:\rrrlrlf.exe201⤵
-
\??\c:\bhhbtb.exec:\bhhbtb.exe202⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe203⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe204⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe205⤵
-
\??\c:\5hbtnn.exec:\5hbtnn.exe206⤵
-
\??\c:\pddvp.exec:\pddvp.exe207⤵
-
\??\c:\xrfrrrf.exec:\xrfrrrf.exe208⤵
-
\??\c:\nhttht.exec:\nhttht.exe209⤵
-
\??\c:\hnbtnh.exec:\hnbtnh.exe210⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe211⤵
-
\??\c:\xflfrlf.exec:\xflfrlf.exe212⤵
-
\??\c:\nnbtbh.exec:\nnbtbh.exe213⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe214⤵
-
\??\c:\ddddv.exec:\ddddv.exe215⤵
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe216⤵
-
\??\c:\nnnthh.exec:\nnnthh.exe217⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe218⤵
-
\??\c:\1vvjd.exec:\1vvjd.exe219⤵
-
\??\c:\fxlfxxr.exec:\fxlfxxr.exe220⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe221⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe222⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe223⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe224⤵
-
\??\c:\fxrlxlx.exec:\fxrlxlx.exe225⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe226⤵
-
\??\c:\7ppvp.exec:\7ppvp.exe227⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe228⤵
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe229⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe230⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe231⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe232⤵
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe233⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe234⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe235⤵
-
\??\c:\rfrrfff.exec:\rfrrfff.exe236⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe237⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe238⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe239⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe240⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe241⤵