Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 12:12
General
-
Target
b9d1674e4b9e06cefaaa86ee35c9e0b0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
b9d1674e4b9e06cefaaa86ee35c9e0b0
-
SHA1
8ff79d37730ef34c36168f5f9886ca9dfb842d01
-
SHA256
b7cd41758d07cf1b25af8aed65ce1be8bf7e9f8610c597750bd1f83e3ba92d97
-
SHA512
55011ad562b00a6b8ceea7fbd976a795651a66551623daa755e8fb25719442cf0986867cf4d00e678465eace9de83bf5e31c8f1aa2875c087bc9714e2985998f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA0:ymb3NkkiQ3mdBjFIIp9L9QrrA0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b9d1674e4b9e06cefaaa86ee35c9e0b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b9d1674e4b9e06cefaaa86ee35c9e0b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllll.exec:\fxrllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbb.exec:\hbntbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfffl.exec:\fxlfffl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtbbb.exec:\bhtbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpp.exec:\ddvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflflff.exec:\rflflff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbbb.exec:\httbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhhhh.exec:\3nhhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppp.exec:\vjppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffxx.exec:\rlfffxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxffl.exec:\xrxxffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbttt.exec:\hhbttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffff.exec:\lllffff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5btttt.exec:\5btttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllfff.exec:\9fllfff.exe23⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhtttt.exec:\nhtttt.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe26⤵
- Executes dropped EXE
-
\??\c:\3rrlffx.exec:\3rrlffx.exe27⤵
- Executes dropped EXE
-
\??\c:\fllrrrl.exec:\fllrrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe30⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\rllrlxx.exec:\rllrlxx.exe32⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxxllx.exec:\rlxxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\3dppj.exec:\3dppj.exe40⤵
- Executes dropped EXE
-
\??\c:\5pdpp.exec:\5pdpp.exe41⤵
- Executes dropped EXE
-
\??\c:\3xxrrrr.exec:\3xxrrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\bbtbbh.exec:\bbtbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe46⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe47⤵
- Executes dropped EXE
-
\??\c:\lxrlfff.exec:\lxrlfff.exe48⤵
- Executes dropped EXE
-
\??\c:\9nnhnn.exec:\9nnhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe51⤵
- Executes dropped EXE
-
\??\c:\9xxlxxx.exec:\9xxlxxx.exe52⤵
- Executes dropped EXE
-
\??\c:\frxrrlf.exec:\frxrrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe54⤵
- Executes dropped EXE
-
\??\c:\1ntntt.exec:\1ntntt.exe55⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe57⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\bnbhbh.exec:\bnbhbh.exe59⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\llrlxxx.exec:\llrlxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\bhnnhh.exec:\bhnnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe66⤵
-
\??\c:\frrrfll.exec:\frrrfll.exe67⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe68⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe69⤵
-
\??\c:\9hhhhn.exec:\9hhhhn.exe70⤵
-
\??\c:\vdddv.exec:\vdddv.exe71⤵
-
\??\c:\xrlfffr.exec:\xrlfffr.exe72⤵
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe73⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe74⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe75⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe76⤵
-
\??\c:\lffllll.exec:\lffllll.exe77⤵
-
\??\c:\9tbbbb.exec:\9tbbbb.exe78⤵
-
\??\c:\htbttn.exec:\htbttn.exe79⤵
-
\??\c:\llrxfll.exec:\llrxfll.exe80⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe81⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe82⤵
-
\??\c:\vdppj.exec:\vdppj.exe83⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe84⤵
-
\??\c:\xxlfxxx.exec:\xxlfxxx.exe85⤵
-
\??\c:\frfxllx.exec:\frfxllx.exe86⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe87⤵
-
\??\c:\hbbbbh.exec:\hbbbbh.exe88⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe89⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe90⤵
-
\??\c:\5ffxxxx.exec:\5ffxxxx.exe91⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe92⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe93⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe94⤵
-
\??\c:\vvppj.exec:\vvppj.exe95⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe96⤵
-
\??\c:\lffxxxf.exec:\lffxxxf.exe97⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe98⤵
-
\??\c:\3nbbbb.exec:\3nbbbb.exe99⤵
-
\??\c:\btttnb.exec:\btttnb.exe100⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe101⤵
-
\??\c:\vppvv.exec:\vppvv.exe102⤵
-
\??\c:\xxflflr.exec:\xxflflr.exe103⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe104⤵
-
\??\c:\pvppp.exec:\pvppp.exe105⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe106⤵
-
\??\c:\9tbbnt.exec:\9tbbnt.exe107⤵
-
\??\c:\bhbnnn.exec:\bhbnnn.exe108⤵
-
\??\c:\dpppp.exec:\dpppp.exe109⤵
-
\??\c:\fxrfllr.exec:\fxrfllr.exe110⤵
-
\??\c:\bbnbbn.exec:\bbnbbn.exe111⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe112⤵
-
\??\c:\dvppp.exec:\dvppp.exe113⤵
-
\??\c:\7dvdv.exec:\7dvdv.exe114⤵
-
\??\c:\fffllll.exec:\fffllll.exe115⤵
-
\??\c:\rflrlll.exec:\rflrlll.exe116⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe117⤵
-
\??\c:\btnhht.exec:\btnhht.exe118⤵
-
\??\c:\1nnhnt.exec:\1nnhnt.exe119⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe120⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe121⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe122⤵
-
\??\c:\xxfrxxr.exec:\xxfrxxr.exe123⤵
-
\??\c:\rfrxxff.exec:\rfrxxff.exe124⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe125⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe126⤵
-
\??\c:\dpppp.exec:\dpppp.exe127⤵
-
\??\c:\lfflrrl.exec:\lfflrrl.exe128⤵
-
\??\c:\lfrrfff.exec:\lfrrfff.exe129⤵
-
\??\c:\1hbnnn.exec:\1hbnnn.exe130⤵
-
\??\c:\thnntn.exec:\thnntn.exe131⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe132⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe133⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe134⤵
-
\??\c:\rfxrrxf.exec:\rfxrrxf.exe135⤵
-
\??\c:\lllrlxl.exec:\lllrlxl.exe136⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe137⤵
-
\??\c:\bhnhbn.exec:\bhnhbn.exe138⤵
-
\??\c:\vppdv.exec:\vppdv.exe139⤵
-
\??\c:\xfrrllf.exec:\xfrrllf.exe140⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe141⤵
-
\??\c:\nthnnn.exec:\nthnnn.exe142⤵
-
\??\c:\thhhnn.exec:\thhhnn.exe143⤵
-
\??\c:\jjppj.exec:\jjppj.exe144⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe145⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe146⤵
-
\??\c:\xxrlrrr.exec:\xxrlrrr.exe147⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe148⤵
-
\??\c:\httttb.exec:\httttb.exe149⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe150⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe151⤵
-
\??\c:\jppjj.exec:\jppjj.exe152⤵
-
\??\c:\xrrlfll.exec:\xrrlfll.exe153⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe154⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe155⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe156⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe157⤵
-
\??\c:\pddvv.exec:\pddvv.exe158⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe159⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe160⤵
-
\??\c:\xxxrrrx.exec:\xxxrrrx.exe161⤵
-
\??\c:\tthbbt.exec:\tthbbt.exe162⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe163⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe164⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe165⤵
-
\??\c:\xllfflf.exec:\xllfflf.exe166⤵
-
\??\c:\5xxxxll.exec:\5xxxxll.exe167⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe168⤵
-
\??\c:\hhhnnt.exec:\hhhnnt.exe169⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe170⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe171⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe172⤵
-
\??\c:\rffrlll.exec:\rffrlll.exe173⤵
-
\??\c:\btbbnh.exec:\btbbnh.exe174⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe175⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe176⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe177⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe178⤵
-
\??\c:\7xfxxll.exec:\7xfxxll.exe179⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe180⤵
-
\??\c:\htntnn.exec:\htntnn.exe181⤵
-
\??\c:\djdvd.exec:\djdvd.exe182⤵
-
\??\c:\dvddv.exec:\dvddv.exe183⤵
-
\??\c:\rrxrflr.exec:\rrxrflr.exe184⤵
-
\??\c:\thnntb.exec:\thnntb.exe185⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe186⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe187⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe188⤵
-
\??\c:\1lxxflr.exec:\1lxxflr.exe189⤵
-
\??\c:\fxrlffx.exec:\fxrlffx.exe190⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe191⤵
-
\??\c:\nnnnth.exec:\nnnnth.exe192⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe193⤵
-
\??\c:\llllfff.exec:\llllfff.exe194⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe195⤵
-
\??\c:\lflllll.exec:\lflllll.exe196⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe197⤵
-
\??\c:\vpddv.exec:\vpddv.exe198⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe199⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe200⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe201⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe202⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe203⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe204⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe205⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe206⤵
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe207⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe208⤵
-
\??\c:\vvddj.exec:\vvddj.exe209⤵
-
\??\c:\7llrrll.exec:\7llrrll.exe210⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe211⤵
-
\??\c:\vpddp.exec:\vpddp.exe212⤵
-
\??\c:\pjddv.exec:\pjddv.exe213⤵
-
\??\c:\llfxrrl.exec:\llfxrrl.exe214⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe215⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe216⤵
-
\??\c:\rrfxxxf.exec:\rrfxxxf.exe217⤵
-
\??\c:\ntttbh.exec:\ntttbh.exe218⤵
-
\??\c:\ntnbbt.exec:\ntnbbt.exe219⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe220⤵
-
\??\c:\9btttt.exec:\9btttt.exe221⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe222⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe223⤵
-
\??\c:\ffxflrx.exec:\ffxflrx.exe224⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe225⤵
-
\??\c:\xrxxllr.exec:\xrxxllr.exe226⤵
-
\??\c:\fxflfff.exec:\fxflfff.exe227⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe228⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe229⤵
-
\??\c:\fxfllll.exec:\fxfllll.exe230⤵
-
\??\c:\9rrrllx.exec:\9rrrllx.exe231⤵
-
\??\c:\rllflff.exec:\rllflff.exe232⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe233⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe234⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe235⤵
-
\??\c:\3rxxflr.exec:\3rxxflr.exe236⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe237⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe238⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe239⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe240⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe241⤵