Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 05:44
General
-
Target
85e6475cd9899438fc683e6de457afc0_NeikiAnalytics.exe
-
Size
965KB
-
MD5
85e6475cd9899438fc683e6de457afc0
-
SHA1
1ff8198f934cc0590cabe0f7ae54df71d6d805a3
-
SHA256
cefc746af8cddddaf957c263871dab613d8d3cfae1f86209029fa94dd4bebbb8
-
SHA512
f5efacaffccbdbec9b3ff5588ff42a5c4a29053908480b3b848049c9223833753bb89666ba7a3c763a41ebb079339cc36e9979f213c99aa53b7b2635a1e0d92e
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWpI:SgdnJVwLgdnJq9fu7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\85e6475cd9899438fc683e6de457afc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\85e6475cd9899438fc683e6de457afc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnb.exec:\hbnhnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxl.exec:\fxfxxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthhh.exec:\ttthhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbt.exec:\hhnnbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxx.exec:\lllfxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxlll.exec:\xlxxlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfll.exec:\llllfll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtnn.exec:\bbhtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfxlf.exec:\lfxfxlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtbh.exec:\thbtbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbt.exec:\hthnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrll.exec:\fxrrrll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnn.exec:\ntnbnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllfff.exec:\rfllfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhnn.exec:\bbnhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtntt.exec:\bbtntt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrlx.exec:\fxfrrlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lrffxff.exec:\lrffxff.exe24⤵
- Executes dropped EXE
-
\??\c:\nnnhhh.exec:\nnnhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\fxfxffl.exec:\fxfxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\nntntt.exec:\nntntt.exe27⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrlrlr.exec:\ffrlrlr.exe29⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe30⤵
- Executes dropped EXE
-
\??\c:\rrllfxx.exec:\rrllfxx.exe31⤵
- Executes dropped EXE
-
\??\c:\nnbnnn.exec:\nnbnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\7tnhhh.exec:\7tnhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\llffxll.exec:\llffxll.exe34⤵
- Executes dropped EXE
-
\??\c:\5thbhn.exec:\5thbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\5nttbb.exec:\5nttbb.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\7fllflf.exec:\7fllflf.exe39⤵
- Executes dropped EXE
-
\??\c:\1hhbbb.exec:\1hhbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\1tnntt.exec:\1tnntt.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\flrllfl.exec:\flrllfl.exe44⤵
- Executes dropped EXE
-
\??\c:\3tnnhn.exec:\3tnnhn.exe45⤵
- Executes dropped EXE
-
\??\c:\lffxxxf.exec:\lffxxxf.exe46⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe47⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe48⤵
- Executes dropped EXE
-
\??\c:\fxflxlf.exec:\fxflxlf.exe49⤵
- Executes dropped EXE
-
\??\c:\ththbt.exec:\ththbt.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe51⤵
- Executes dropped EXE
-
\??\c:\7rfxffl.exec:\7rfxffl.exe52⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\5dpjd.exec:\5dpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe57⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe58⤵
- Executes dropped EXE
-
\??\c:\5lrlllf.exec:\5lrlllf.exe59⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe60⤵
- Executes dropped EXE
-
\??\c:\frrfxrl.exec:\frrfxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\bhhhbh.exec:\bhhhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhhhh.exec:\nbhhhh.exe63⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\5djjd.exec:\5djjd.exe66⤵
-
\??\c:\7xffrxx.exec:\7xffrxx.exe67⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe68⤵
-
\??\c:\vdddd.exec:\vdddd.exe69⤵
-
\??\c:\xlrrxrl.exec:\xlrrxrl.exe70⤵
-
\??\c:\htbttt.exec:\htbttt.exe71⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe72⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe73⤵
-
\??\c:\5llfffx.exec:\5llfffx.exe74⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe75⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe76⤵
-
\??\c:\bhbnbb.exec:\bhbnbb.exe77⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe78⤵
-
\??\c:\1frxxff.exec:\1frxxff.exe79⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe80⤵
-
\??\c:\pjpdj.exec:\pjpdj.exe81⤵
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe82⤵
-
\??\c:\thbnhb.exec:\thbnhb.exe83⤵
-
\??\c:\3dvpp.exec:\3dvpp.exe84⤵
-
\??\c:\rrfxxff.exec:\rrfxxff.exe85⤵
-
\??\c:\nnbnnh.exec:\nnbnnh.exe86⤵
-
\??\c:\jdppp.exec:\jdppp.exe87⤵
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe88⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe89⤵
-
\??\c:\vpppj.exec:\vpppj.exe90⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe91⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe92⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe93⤵
-
\??\c:\rxffxlx.exec:\rxffxlx.exe94⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe95⤵
-
\??\c:\xxrxxrr.exec:\xxrxxrr.exe96⤵
-
\??\c:\htttnn.exec:\htttnn.exe97⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe98⤵
-
\??\c:\1rfxlrx.exec:\1rfxlrx.exe99⤵
-
\??\c:\btnnhn.exec:\btnnhn.exe100⤵
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe101⤵
-
\??\c:\tnthnh.exec:\tnthnh.exe102⤵
-
\??\c:\1vdpd.exec:\1vdpd.exe103⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe104⤵
-
\??\c:\hhthth.exec:\hhthth.exe105⤵
-
\??\c:\llfffff.exec:\llfffff.exe106⤵
-
\??\c:\thnhhn.exec:\thnhhn.exe107⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe108⤵
-
\??\c:\frlfxxr.exec:\frlfxxr.exe109⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe110⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe111⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe112⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe113⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe114⤵
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe115⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe116⤵
-
\??\c:\5pvjj.exec:\5pvjj.exe117⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe118⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe119⤵
-
\??\c:\rfxrxrx.exec:\rfxrxrx.exe120⤵
-
\??\c:\jdddd.exec:\jdddd.exe121⤵
-
\??\c:\pvdpp.exec:\pvdpp.exe122⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe123⤵
-
\??\c:\7djdv.exec:\7djdv.exe124⤵
-
\??\c:\frrrrxr.exec:\frrrrxr.exe125⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe126⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe127⤵
-
\??\c:\ffffxfx.exec:\ffffxfx.exe128⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe129⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe130⤵
-
\??\c:\xflfxxf.exec:\xflfxxf.exe131⤵
-
\??\c:\hhnbhh.exec:\hhnbhh.exe132⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe133⤵
-
\??\c:\1xxxxxx.exec:\1xxxxxx.exe134⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe135⤵
-
\??\c:\vpppv.exec:\vpppv.exe136⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe137⤵
-
\??\c:\9hnnnt.exec:\9hnnnt.exe138⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe139⤵
-
\??\c:\lflffff.exec:\lflffff.exe140⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe141⤵
-
\??\c:\frxrrxx.exec:\frxrrxx.exe142⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe143⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe144⤵
-
\??\c:\lffxrxr.exec:\lffxrxr.exe145⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe146⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe147⤵
-
\??\c:\bttbbn.exec:\bttbbn.exe148⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe149⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe150⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe151⤵
-
\??\c:\dppjv.exec:\dppjv.exe152⤵
-
\??\c:\nbttnn.exec:\nbttnn.exe153⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe154⤵
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe155⤵
-
\??\c:\nnhnbt.exec:\nnhnbt.exe156⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe157⤵
-
\??\c:\ffxrrrf.exec:\ffxrrrf.exe158⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe159⤵
-
\??\c:\rxrlfxl.exec:\rxrlfxl.exe160⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe161⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe162⤵
-
\??\c:\bbthnh.exec:\bbthnh.exe163⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe164⤵
-
\??\c:\3lrlxrx.exec:\3lrlxrx.exe165⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe166⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe167⤵
-
\??\c:\xrrlrrf.exec:\xrrlrrf.exe168⤵
-
\??\c:\ddppp.exec:\ddppp.exe169⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe170⤵
-
\??\c:\nhhbnb.exec:\nhhbnb.exe171⤵
-
\??\c:\llfrxrl.exec:\llfrxrl.exe172⤵
-
\??\c:\fxfxrrf.exec:\fxfxrrf.exe173⤵
-
\??\c:\9nbthb.exec:\9nbthb.exe174⤵
-
\??\c:\flfxrlx.exec:\flfxrlx.exe175⤵
-
\??\c:\bntbhb.exec:\bntbhb.exe176⤵
-
\??\c:\dppdv.exec:\dppdv.exe177⤵
-
\??\c:\xxfrlfx.exec:\xxfrlfx.exe178⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe179⤵
-
\??\c:\dppjd.exec:\dppjd.exe180⤵
-
\??\c:\fllxrff.exec:\fllxrff.exe181⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe182⤵
-
\??\c:\fffxrll.exec:\fffxrll.exe183⤵
-
\??\c:\bnnbth.exec:\bnnbth.exe184⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe185⤵
-
\??\c:\fxlffxx.exec:\fxlffxx.exe186⤵
-
\??\c:\ntbntn.exec:\ntbntn.exe187⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe188⤵
-
\??\c:\nnbbbn.exec:\nnbbbn.exe189⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe190⤵
-
\??\c:\jppjv.exec:\jppjv.exe191⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe192⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe193⤵
-
\??\c:\xfrlxrx.exec:\xfrlxrx.exe194⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe195⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe196⤵
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe197⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe198⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe199⤵
-
\??\c:\rflrfxl.exec:\rflrfxl.exe200⤵
-
\??\c:\jddvp.exec:\jddvp.exe201⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe202⤵
-
\??\c:\hbtbnh.exec:\hbtbnh.exe203⤵
-
\??\c:\3pjvd.exec:\3pjvd.exe204⤵
-
\??\c:\5frlxxf.exec:\5frlxxf.exe205⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe206⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe207⤵
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe208⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe209⤵
-
\??\c:\llxlxrx.exec:\llxlxrx.exe210⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe211⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe212⤵
-
\??\c:\lllffrx.exec:\lllffrx.exe213⤵
-
\??\c:\pddjv.exec:\pddjv.exe214⤵
-
\??\c:\lxfrlff.exec:\lxfrlff.exe215⤵
-
\??\c:\hnhtnb.exec:\hnhtnb.exe216⤵
-
\??\c:\vdddv.exec:\vdddv.exe217⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe218⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe219⤵
-
\??\c:\frfrxxx.exec:\frfrxxx.exe220⤵
-
\??\c:\tbtbhh.exec:\tbtbhh.exe221⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe222⤵
-
\??\c:\5bhhbt.exec:\5bhhbt.exe223⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe224⤵
-
\??\c:\xlxfrrl.exec:\xlxfrrl.exe225⤵
-
\??\c:\1bhtnh.exec:\1bhtnh.exe226⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe227⤵
-
\??\c:\3xxxlxr.exec:\3xxxlxr.exe228⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe229⤵
-
\??\c:\rfxxxrl.exec:\rfxxxrl.exe230⤵
-
\??\c:\httttt.exec:\httttt.exe231⤵
-
\??\c:\vppdv.exec:\vppdv.exe232⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe233⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe234⤵
-
\??\c:\1djvp.exec:\1djvp.exe235⤵
-
\??\c:\rrllxff.exec:\rrllxff.exe236⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe237⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe238⤵
-
\??\c:\5xxrllf.exec:\5xxrllf.exe239⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe240⤵
-
\??\c:\xfrfxfr.exec:\xfrfxfr.exe241⤵