Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 07:55
General
-
Target
a654b62bf6064fa9082ee936d8ab97c0_NeikiAnalytics.exe
-
Size
57KB
-
MD5
a654b62bf6064fa9082ee936d8ab97c0
-
SHA1
6410f4403c2a911aaeb9e1643a7cdfc0242475b1
-
SHA256
1814929119c48a8ab98967acd17ab9a3c18b077cfc9f8468a19d32b3b6f8a68e
-
SHA512
aceca49dd4f0b85275ef6b250720818b8e3151bdd81f24b3dda3beb2758de7cd9eed519824b19b47802d8368f155c4b2af155de631094d5b925852b892fe706c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFh:ymb3NkkiQ3mdBjFIvIFh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a654b62bf6064fa9082ee936d8ab97c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a654b62bf6064fa9082ee936d8ab97c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbhb.exec:\nhnbhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdjp.exec:\5jdjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxlr.exec:\ffffxlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttntn.exec:\5ttntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbbb.exec:\bhbbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbbt.exec:\3hhbbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvv.exec:\5vdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjv.exec:\vvpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxrr.exec:\xxllxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthht.exec:\btthht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvp.exec:\3pjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjvj.exec:\9jjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhntb.exec:\nbhntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjp.exec:\dppjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llfrlf.exec:\5llfrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhb.exec:\hhhbhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnn.exec:\tbhbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjp.exec:\vpvjp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrfxxr.exec:\9lrfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\5hhbtt.exec:\5hhbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe26⤵
- Executes dropped EXE
-
\??\c:\7rfxrxr.exec:\7rfxrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnhthb.exec:\hnhthb.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe29⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe30⤵
- Executes dropped EXE
-
\??\c:\ffffffl.exec:\ffffffl.exe31⤵
- Executes dropped EXE
-
\??\c:\9hhtnn.exec:\9hhtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe34⤵
- Executes dropped EXE
-
\??\c:\lxxllff.exec:\lxxllff.exe35⤵
- Executes dropped EXE
-
\??\c:\rxrxlfx.exec:\rxrxlfx.exe36⤵
- Executes dropped EXE
-
\??\c:\tbnhbt.exec:\tbnhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe39⤵
- Executes dropped EXE
-
\??\c:\frrrrll.exec:\frrrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\7bnhtn.exec:\7bnhtn.exe41⤵
- Executes dropped EXE
-
\??\c:\bnnnbb.exec:\bnnnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jppvd.exec:\jppvd.exe43⤵
- Executes dropped EXE
-
\??\c:\7pvjd.exec:\7pvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\5fxlxlf.exec:\5fxlxlf.exe45⤵
- Executes dropped EXE
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhthh.exec:\nhhthh.exe47⤵
- Executes dropped EXE
-
\??\c:\7ddvv.exec:\7ddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe49⤵
- Executes dropped EXE
-
\??\c:\rfxrrrf.exec:\rfxrrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\5lllrxr.exec:\5lllrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\nbntnt.exec:\nbntnt.exe52⤵
- Executes dropped EXE
-
\??\c:\dvvjp.exec:\dvvjp.exe53⤵
- Executes dropped EXE
-
\??\c:\xlfxrxx.exec:\xlfxrxx.exe54⤵
- Executes dropped EXE
-
\??\c:\ttbnhb.exec:\ttbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\5pdjj.exec:\5pdjj.exe57⤵
- Executes dropped EXE
-
\??\c:\lxrlrlf.exec:\lxrlrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhbbt.exec:\nhhbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\1ntnbt.exec:\1ntnbt.exe60⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe62⤵
- Executes dropped EXE
-
\??\c:\flrrlll.exec:\flrrlll.exe63⤵
- Executes dropped EXE
-
\??\c:\xllrxrl.exec:\xllrxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\7btnbt.exec:\7btnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\1nnbnh.exec:\1nnbnh.exe66⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe67⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe68⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe69⤵
-
\??\c:\rfxllrr.exec:\rfxllrr.exe70⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe71⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe72⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe73⤵
-
\??\c:\3flxxrl.exec:\3flxxrl.exe74⤵
-
\??\c:\frfxlfx.exec:\frfxlfx.exe75⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe76⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe77⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe78⤵
-
\??\c:\dppjd.exec:\dppjd.exe79⤵
-
\??\c:\9fxrxlx.exec:\9fxrxlx.exe80⤵
-
\??\c:\7nhtnt.exec:\7nhtnt.exe81⤵
-
\??\c:\hhhnnb.exec:\hhhnnb.exe82⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe83⤵
-
\??\c:\9lrlxrl.exec:\9lrlxrl.exe84⤵
-
\??\c:\9fxlrll.exec:\9fxlrll.exe85⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe86⤵
-
\??\c:\ntbnhh.exec:\ntbnhh.exe87⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe88⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe89⤵
-
\??\c:\rflxxxx.exec:\rflxxxx.exe90⤵
-
\??\c:\7hhtnh.exec:\7hhtnh.exe91⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe92⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe93⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe94⤵
-
\??\c:\7rlxlfx.exec:\7rlxlfx.exe95⤵
-
\??\c:\9tnhbh.exec:\9tnhbh.exe96⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe97⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe98⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe99⤵
-
\??\c:\xlfrfrl.exec:\xlfrfrl.exe100⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe101⤵
-
\??\c:\bhhtht.exec:\bhhtht.exe102⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe103⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe104⤵
-
\??\c:\5xxrlll.exec:\5xxrlll.exe105⤵
-
\??\c:\lxrlrlr.exec:\lxrlrlr.exe106⤵
-
\??\c:\tnbbth.exec:\tnbbth.exe107⤵
-
\??\c:\5nnhhn.exec:\5nnhhn.exe108⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe109⤵
-
\??\c:\7llxffr.exec:\7llxffr.exe110⤵
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe111⤵
-
\??\c:\3nbnbt.exec:\3nbnbt.exe112⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe113⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe114⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe115⤵
-
\??\c:\fxxrffr.exec:\fxxrffr.exe116⤵
-
\??\c:\xllfxfr.exec:\xllfxfr.exe117⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe118⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe119⤵
-
\??\c:\bhhnbt.exec:\bhhnbt.exe120⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe121⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe122⤵
-
\??\c:\rlrxrxf.exec:\rlrxrxf.exe123⤵
-
\??\c:\thnhtn.exec:\thnhtn.exe124⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe125⤵
-
\??\c:\rrrfrlf.exec:\rrrfrlf.exe126⤵
-
\??\c:\frlxlfx.exec:\frlxlfx.exe127⤵
-
\??\c:\tnhhtn.exec:\tnhhtn.exe128⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe129⤵
-
\??\c:\1jpvj.exec:\1jpvj.exe130⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe131⤵
-
\??\c:\9flfrrx.exec:\9flfrrx.exe132⤵
-
\??\c:\5nnhhb.exec:\5nnhhb.exe133⤵
-
\??\c:\1btntn.exec:\1btntn.exe134⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe135⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe136⤵
-
\??\c:\rxfxrrl.exec:\rxfxrrl.exe137⤵
-
\??\c:\fffxlxr.exec:\fffxlxr.exe138⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe139⤵
-
\??\c:\ntnbth.exec:\ntnbth.exe140⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe141⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe142⤵
-
\??\c:\1lrfrlf.exec:\1lrfrlf.exe143⤵
-
\??\c:\xrxxrlr.exec:\xrxxrlr.exe144⤵
-
\??\c:\tnhnhh.exec:\tnhnhh.exe145⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe146⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe147⤵
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe148⤵
-
\??\c:\xrxrxrf.exec:\xrxrxrf.exe149⤵
-
\??\c:\thbthb.exec:\thbthb.exe150⤵
-
\??\c:\bnhthb.exec:\bnhthb.exe151⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe152⤵
-
\??\c:\rxxfffr.exec:\rxxfffr.exe153⤵
-
\??\c:\9rlxrrf.exec:\9rlxrrf.exe154⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe155⤵
-
\??\c:\5bbntt.exec:\5bbntt.exe156⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe157⤵
-
\??\c:\1jjvv.exec:\1jjvv.exe158⤵
-
\??\c:\5llfrll.exec:\5llfrll.exe159⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe160⤵
-
\??\c:\9tbnnh.exec:\9tbnnh.exe161⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe162⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe163⤵
-
\??\c:\3jdpd.exec:\3jdpd.exe164⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe165⤵
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe166⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe167⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe168⤵
-
\??\c:\7tthhb.exec:\7tthhb.exe169⤵
-
\??\c:\dppjv.exec:\dppjv.exe170⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe171⤵
-
\??\c:\9lrrfxf.exec:\9lrrfxf.exe172⤵
-
\??\c:\frxflxx.exec:\frxflxx.exe173⤵
-
\??\c:\tbtnbb.exec:\tbtnbb.exe174⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe175⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe176⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe177⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe178⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe179⤵
-
\??\c:\9hnntn.exec:\9hnntn.exe180⤵
-
\??\c:\htbthh.exec:\htbthh.exe181⤵
-
\??\c:\vddvj.exec:\vddvj.exe182⤵
-
\??\c:\pppjj.exec:\pppjj.exe183⤵
-
\??\c:\xrrrfrl.exec:\xrrrfrl.exe184⤵
-
\??\c:\rrrxllx.exec:\rrrxllx.exe185⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe186⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe187⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe188⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe189⤵
-
\??\c:\vppjj.exec:\vppjj.exe190⤵
-
\??\c:\1djjj.exec:\1djjj.exe191⤵
-
\??\c:\llxlxrl.exec:\llxlxrl.exe192⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe193⤵
-
\??\c:\hhtbth.exec:\hhtbth.exe194⤵
-
\??\c:\hntnht.exec:\hntnht.exe195⤵
-
\??\c:\flrrrll.exec:\flrrrll.exe196⤵
-
\??\c:\7nnbtt.exec:\7nnbtt.exe197⤵
-
\??\c:\5nbtbt.exec:\5nbtbt.exe198⤵
-
\??\c:\nnnhtn.exec:\nnnhtn.exe199⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe200⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe201⤵
-
\??\c:\rllflfr.exec:\rllflfr.exe202⤵
-
\??\c:\rlfrrrf.exec:\rlfrrrf.exe203⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe204⤵
-
\??\c:\9hnhbt.exec:\9hnhbt.exe205⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe206⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe207⤵
-
\??\c:\9lfrfxr.exec:\9lfrfxr.exe208⤵
-
\??\c:\frrrxxl.exec:\frrrxxl.exe209⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe210⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe211⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe212⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe213⤵
-
\??\c:\frlfrrf.exec:\frlfrrf.exe214⤵
-
\??\c:\9ntthb.exec:\9ntthb.exe215⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe216⤵
-
\??\c:\1jdvj.exec:\1jdvj.exe217⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe218⤵
-
\??\c:\7lfxlfr.exec:\7lfxlfr.exe219⤵
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe220⤵
-
\??\c:\bbhhbn.exec:\bbhhbn.exe221⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe222⤵
-
\??\c:\vjjjp.exec:\vjjjp.exe223⤵
-
\??\c:\flfrfxr.exec:\flfrfxr.exe224⤵
-
\??\c:\rfrffxx.exec:\rfrffxx.exe225⤵
-
\??\c:\9hbtnh.exec:\9hbtnh.exe226⤵
-
\??\c:\5nnhtn.exec:\5nnhtn.exe227⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe228⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe229⤵
-
\??\c:\xfxlxxx.exec:\xfxlxxx.exe230⤵
-
\??\c:\rffxllx.exec:\rffxllx.exe231⤵
-
\??\c:\vvddv.exec:\vvddv.exe232⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe233⤵
-
\??\c:\thhntt.exec:\thhntt.exe234⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe235⤵
-
\??\c:\httnhh.exec:\httnhh.exe236⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe237⤵
-
\??\c:\djdjj.exec:\djdjj.exe238⤵
-
\??\c:\ffrxlll.exec:\ffrxlll.exe239⤵
-
\??\c:\flllfff.exec:\flllfff.exe240⤵
-
\??\c:\rrfffff.exec:\rrfffff.exe241⤵