Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 08:21
General
-
Target
ab63c36aa18cf04e45795df234a2b3e0_NeikiAnalytics.exe
-
Size
345KB
-
MD5
ab63c36aa18cf04e45795df234a2b3e0
-
SHA1
faac6eb89c469cfd99f2ddc82af4273a634630ef
-
SHA256
64cecbb1afe5c3ce90a57400060c166cdc4f3d31119dcbf6d8076fdcf47c44f2
-
SHA512
e753907e0e5b3a2c146a3895a4802a1d85f6b3662e34837d1bd52cd080cced403b60bec3adf86b996ebae23fd3aa2c7370742dc0ef2d2d8bb4a9980332168a34
-
SSDEEP
6144:n3C9BRo/AIX2MUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhXjmnwJQyIK:n3C9uDnUXoSWlnwJv90aKToFqwfIB0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab63c36aa18cf04e45795df234a2b3e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ab63c36aa18cf04e45795df234a2b3e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdd.exec:\jpjdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrlrl.exec:\7xrrlrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffxx.exec:\lllffxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbh.exec:\hhhhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvpd.exec:\3dvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllrrf.exec:\9fllrrf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflllll.exec:\rflllll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbnnt.exec:\ttbnnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dddv.exec:\9dddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlxl.exec:\rflxlxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlflll.exec:\xxlflll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxxxl.exec:\rffxxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllllr.exec:\fxllllr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjp.exec:\dpdjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnt.exec:\bttnnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpd.exec:\vjvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlflfl.exec:\3xlflfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttt.exec:\thtttt.exe23⤵
- Executes dropped EXE
-
\??\c:\hhbbbh.exec:\hhbbbh.exe24⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\flfrfrf.exec:\flfrfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\7xrrllf.exec:\7xrrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\9nhhbb.exec:\9nhhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\lllfxfx.exec:\lllfxfx.exe31⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe34⤵
- Executes dropped EXE
-
\??\c:\rxlfxrr.exec:\rxlfxrr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\bhnbhh.exec:\bhnbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe38⤵
- Executes dropped EXE
-
\??\c:\rllxfxx.exec:\rllxfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\lflfllr.exec:\lflfllr.exe40⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpvp.exec:\ddpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\xlrlxxl.exec:\xlrlxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe45⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvjdd.exec:\vvjdd.exe47⤵
- Executes dropped EXE
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe48⤵
- Executes dropped EXE
-
\??\c:\lxffxxx.exec:\lxffxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\1dpvp.exec:\1dpvp.exe52⤵
- Executes dropped EXE
-
\??\c:\3flfrrl.exec:\3flfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe54⤵
- Executes dropped EXE
-
\??\c:\7pdpj.exec:\7pdpj.exe55⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\lrflllf.exec:\lrflllf.exe57⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbnbt.exec:\bbbnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe63⤵
- Executes dropped EXE
-
\??\c:\llllxfx.exec:\llllxfx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhnhh.exec:\nnhnhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe66⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe67⤵
-
\??\c:\frlfxff.exec:\frlfxff.exe68⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe69⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe70⤵
-
\??\c:\jjppp.exec:\jjppp.exe71⤵
-
\??\c:\9lrlxxr.exec:\9lrlxxr.exe72⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe73⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe74⤵
-
\??\c:\jvppp.exec:\jvppp.exe75⤵
-
\??\c:\xxfflfr.exec:\xxfflfr.exe76⤵
-
\??\c:\bntbbn.exec:\bntbbn.exe77⤵
-
\??\c:\1tbbnt.exec:\1tbbnt.exe78⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe79⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe80⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe81⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe82⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe83⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe84⤵
-
\??\c:\9xfxrrl.exec:\9xfxrrl.exe85⤵
-
\??\c:\xxlxxrf.exec:\xxlxxrf.exe86⤵
-
\??\c:\hhtbtt.exec:\hhtbtt.exe87⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe88⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe89⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe90⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe91⤵
-
\??\c:\3jppp.exec:\3jppp.exe92⤵
-
\??\c:\9fxrlxx.exec:\9fxrlxx.exe93⤵
-
\??\c:\tnnthb.exec:\tnnthb.exe94⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe95⤵
-
\??\c:\vvddd.exec:\vvddd.exe96⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe97⤵
-
\??\c:\1tttnh.exec:\1tttnh.exe98⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe99⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe100⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe101⤵
-
\??\c:\5lxffff.exec:\5lxffff.exe102⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe103⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe104⤵
-
\??\c:\llfffff.exec:\llfffff.exe105⤵
-
\??\c:\llrlllf.exec:\llrlllf.exe106⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe107⤵
-
\??\c:\hhhhtb.exec:\hhhhtb.exe108⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe109⤵
-
\??\c:\rllrlll.exec:\rllrlll.exe110⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe111⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe112⤵
-
\??\c:\1pvvj.exec:\1pvvj.exe113⤵
-
\??\c:\rrxxrff.exec:\rrxxrff.exe114⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe115⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe116⤵
-
\??\c:\dddpd.exec:\dddpd.exe117⤵
-
\??\c:\fllrlfx.exec:\fllrlfx.exe118⤵
-
\??\c:\hbnhhb.exec:\hbnhhb.exe119⤵
-
\??\c:\pjddv.exec:\pjddv.exe120⤵
-
\??\c:\pddvj.exec:\pddvj.exe121⤵
-
\??\c:\xlrlxrl.exec:\xlrlxrl.exe122⤵
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe123⤵
-
\??\c:\bbbnhn.exec:\bbbnhn.exe124⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe125⤵
-
\??\c:\1vpdp.exec:\1vpdp.exe126⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe127⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe128⤵
-
\??\c:\1nbtht.exec:\1nbtht.exe129⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe130⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe131⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe132⤵
-
\??\c:\httthh.exec:\httthh.exe133⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe134⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe135⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe136⤵
-
\??\c:\llfxfrf.exec:\llfxfrf.exe137⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe138⤵
-
\??\c:\9tthnn.exec:\9tthnn.exe139⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe140⤵
-
\??\c:\rxfrrlx.exec:\rxfrrlx.exe141⤵
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe142⤵
-
\??\c:\ththnh.exec:\ththnh.exe143⤵
-
\??\c:\vppjv.exec:\vppjv.exe144⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe145⤵
-
\??\c:\7xrlxrf.exec:\7xrlxrf.exe146⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe147⤵
-
\??\c:\7ffxxxx.exec:\7ffxxxx.exe148⤵
-
\??\c:\1ddvv.exec:\1ddvv.exe149⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe150⤵
-
\??\c:\tbhhtt.exec:\tbhhtt.exe151⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe152⤵
-
\??\c:\lfrxxrr.exec:\lfrxxrr.exe153⤵
-
\??\c:\lxrfrrl.exec:\lxrfrrl.exe154⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe155⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe156⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe157⤵
-
\??\c:\rfxlfrl.exec:\rfxlfrl.exe158⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe159⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe160⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe161⤵
-
\??\c:\fffrlxr.exec:\fffrlxr.exe162⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe163⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe164⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe165⤵
-
\??\c:\djjvd.exec:\djjvd.exe166⤵
-
\??\c:\xxrxffr.exec:\xxrxffr.exe167⤵
-
\??\c:\ntntnh.exec:\ntntnh.exe168⤵
-
\??\c:\1btnhb.exec:\1btnhb.exe169⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe170⤵
-
\??\c:\pdddv.exec:\pdddv.exe171⤵
-
\??\c:\xllxrrl.exec:\xllxrrl.exe172⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe173⤵
-
\??\c:\5ttthh.exec:\5ttthh.exe174⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe175⤵
-
\??\c:\xllfrrf.exec:\xllfrrf.exe176⤵
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe177⤵
-
\??\c:\5tnhbt.exec:\5tnhbt.exe178⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe179⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe180⤵
-
\??\c:\7ffxrxr.exec:\7ffxrxr.exe181⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe182⤵
-
\??\c:\nbbnbh.exec:\nbbnbh.exe183⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe184⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe185⤵
-
\??\c:\llrlllx.exec:\llrlllx.exe186⤵
-
\??\c:\1llxlfr.exec:\1llxlfr.exe187⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe188⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe189⤵
-
\??\c:\xxrflff.exec:\xxrflff.exe190⤵
-
\??\c:\9xxxlrl.exec:\9xxxlrl.exe191⤵
-
\??\c:\nbnthn.exec:\nbnthn.exe192⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe193⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe194⤵
-
\??\c:\xxffxfx.exec:\xxffxfx.exe195⤵
-
\??\c:\bhhnhb.exec:\bhhnhb.exe196⤵
-
\??\c:\thhttt.exec:\thhttt.exe197⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe198⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe199⤵
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe200⤵
-
\??\c:\9bbnhb.exec:\9bbnhb.exe201⤵
-
\??\c:\bttntt.exec:\bttntt.exe202⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe203⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe204⤵
-
\??\c:\fxlfrfl.exec:\fxlfrfl.exe205⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe206⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe207⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe208⤵
-
\??\c:\flxrlrl.exec:\flxrlrl.exe209⤵
-
\??\c:\lxxllrl.exec:\lxxllrl.exe210⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe211⤵
-
\??\c:\djjvj.exec:\djjvj.exe212⤵
-
\??\c:\djpdp.exec:\djpdp.exe213⤵
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe214⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe215⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe216⤵
-
\??\c:\dppjv.exec:\dppjv.exe217⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe218⤵
-
\??\c:\1rlfxxr.exec:\1rlfxxr.exe219⤵
-
\??\c:\nhhthb.exec:\nhhthb.exe220⤵
-
\??\c:\djvjd.exec:\djvjd.exe221⤵
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe222⤵
-
\??\c:\3lfxrlf.exec:\3lfxrlf.exe223⤵
-
\??\c:\nnhbnh.exec:\nnhbnh.exe224⤵
-
\??\c:\7jvjp.exec:\7jvjp.exe225⤵
-
\??\c:\lxllfxr.exec:\lxllfxr.exe226⤵
-
\??\c:\1xxrrll.exec:\1xxrrll.exe227⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe228⤵
-
\??\c:\bnbthb.exec:\bnbthb.exe229⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe230⤵
-
\??\c:\xlxrxxr.exec:\xlxrxxr.exe231⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe232⤵
-
\??\c:\thntnb.exec:\thntnb.exe233⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe234⤵
-
\??\c:\pdddv.exec:\pdddv.exe235⤵
-
\??\c:\xlffxrr.exec:\xlffxrr.exe236⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe237⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe238⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe239⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe240⤵
-
\??\c:\rlrlxrl.exec:\rlrlxrl.exe241⤵