Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 12:22
General
-
Target
bbf1826f77fc1200a1501e9ed5a3c1c0_NeikiAnalytics.exe
-
Size
279KB
-
MD5
bbf1826f77fc1200a1501e9ed5a3c1c0
-
SHA1
27e0c711cdda423a3bafb5e88a5680fe7d9b0439
-
SHA256
b0b4d7411ba834090df0b34a3b31e7a120732b50f7ea06be30305b5ec56b57e6
-
SHA512
279431f887ff46d846607d174996a2a5acb5ab5fb00c2bd8ed17d560b006de54ee68bb2018fab61e6e124d02bb0c1587c30677969c8f0baee849a5f172ad373d
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpV:B4wFHoSoXW434wFHoS3eg4aeFaKHpV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bbf1826f77fc1200a1501e9ed5a3c1c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bbf1826f77fc1200a1501e9ed5a3c1c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbn.exec:\tbhhbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpv.exec:\jdvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfxr.exec:\rxrlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjv.exec:\djpjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnnt.exec:\tnhnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpj.exec:\pvdpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnn.exec:\tbnbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjpp.exec:\vdjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfrf.exec:\rxxrfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnhn.exec:\bhhnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhbh.exec:\bbhhbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjd.exec:\vpvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrffl.exec:\lxfrffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvd.exec:\dpdvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhhh.exec:\3bnhhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjpj.exec:\5pjpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxffff.exec:\lrxffff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhh.exec:\hbnnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\7pdpj.exec:\7pdpj.exe24⤵
- Executes dropped EXE
-
\??\c:\llrfxrl.exec:\llrfxrl.exe25⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe26⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe28⤵
- Executes dropped EXE
-
\??\c:\9djdp.exec:\9djdp.exe29⤵
- Executes dropped EXE
-
\??\c:\3hhbnn.exec:\3hhbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\7xrfxxl.exec:\7xrfxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe33⤵
- Executes dropped EXE
-
\??\c:\flfxlrl.exec:\flfxlrl.exe34⤵
- Executes dropped EXE
-
\??\c:\1tttnn.exec:\1tttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\htthbb.exec:\htthbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\5xlffxx.exec:\5xlffxx.exe38⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe41⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnnbt.exec:\hnnnbt.exe43⤵
- Executes dropped EXE
-
\??\c:\7pvpv.exec:\7pvpv.exe44⤵
- Executes dropped EXE
-
\??\c:\frxllfx.exec:\frxllfx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrxrxl.exec:\rlrxrxl.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhttn.exec:\nhhttn.exe47⤵
- Executes dropped EXE
-
\??\c:\vddvv.exec:\vddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rffxrfx.exec:\rffxrfx.exe49⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\rxxlfrl.exec:\rxxlfrl.exe51⤵
- Executes dropped EXE
-
\??\c:\btbhht.exec:\btbhht.exe52⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe53⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe54⤵
- Executes dropped EXE
-
\??\c:\1xrlffr.exec:\1xrlffr.exe55⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\rllxrlf.exec:\rllxrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe60⤵
- Executes dropped EXE
-
\??\c:\ntbnhh.exec:\ntbnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe62⤵
- Executes dropped EXE
-
\??\c:\flrlxrf.exec:\flrlxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\9xxlxff.exec:\9xxlxff.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbnhn.exec:\bnbnhn.exe65⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe66⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe67⤵
-
\??\c:\xxlxxxf.exec:\xxlxxxf.exe68⤵
-
\??\c:\7flfffl.exec:\7flfffl.exe69⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe70⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe71⤵
-
\??\c:\vppdp.exec:\vppdp.exe72⤵
-
\??\c:\xrlfxrx.exec:\xrlfxrx.exe73⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe74⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe75⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe76⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe77⤵
-
\??\c:\rlxrffr.exec:\rlxrffr.exe78⤵
-
\??\c:\5hhbnn.exec:\5hhbnn.exe79⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe80⤵
-
\??\c:\pddpd.exec:\pddpd.exe81⤵
-
\??\c:\rflxrlx.exec:\rflxrlx.exe82⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe83⤵
-
\??\c:\bbbhbh.exec:\bbbhbh.exe84⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe85⤵
-
\??\c:\xlfxllf.exec:\xlfxllf.exe86⤵
-
\??\c:\hthnhn.exec:\hthnhn.exe87⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe88⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe89⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe90⤵
-
\??\c:\bnhtbh.exec:\bnhtbh.exe91⤵
-
\??\c:\htnhhb.exec:\htnhhb.exe92⤵
-
\??\c:\xrlrlxr.exec:\xrlrlxr.exe93⤵
-
\??\c:\flrllfx.exec:\flrllfx.exe94⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe95⤵
-
\??\c:\vvppd.exec:\vvppd.exe96⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe97⤵
-
\??\c:\lfllxrx.exec:\lfllxrx.exe98⤵
-
\??\c:\btbttn.exec:\btbttn.exe99⤵
-
\??\c:\hbhbtb.exec:\hbhbtb.exe100⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe101⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe102⤵
-
\??\c:\fflllll.exec:\fflllll.exe103⤵
-
\??\c:\1rrrllr.exec:\1rrrllr.exe104⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe105⤵
-
\??\c:\vppjd.exec:\vppjd.exe106⤵
-
\??\c:\jddvp.exec:\jddvp.exe107⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe108⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe109⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe110⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe111⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe112⤵
-
\??\c:\ffllffx.exec:\ffllffx.exe113⤵
-
\??\c:\lllfrrl.exec:\lllfrrl.exe114⤵
-
\??\c:\nntnbt.exec:\nntnbt.exe115⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe116⤵
-
\??\c:\djdpp.exec:\djdpp.exe117⤵
-
\??\c:\frrrffr.exec:\frrrffr.exe118⤵
-
\??\c:\5rxrrrr.exec:\5rxrrrr.exe119⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe120⤵
-
\??\c:\bhthbb.exec:\bhthbb.exe121⤵
-
\??\c:\dpppj.exec:\dpppj.exe122⤵
-
\??\c:\fxxfxxr.exec:\fxxfxxr.exe123⤵
-
\??\c:\rflffff.exec:\rflffff.exe124⤵
-
\??\c:\thhnbn.exec:\thhnbn.exe125⤵
-
\??\c:\7btbnt.exec:\7btbnt.exe126⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe127⤵
-
\??\c:\3pdvp.exec:\3pdvp.exe128⤵
-
\??\c:\lffxlrr.exec:\lffxlrr.exe129⤵
-
\??\c:\rxxlfxl.exec:\rxxlfxl.exe130⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe131⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe132⤵
-
\??\c:\vdpdv.exec:\vdpdv.exe133⤵
-
\??\c:\frxlfxx.exec:\frxlfxx.exe134⤵
-
\??\c:\5ttttt.exec:\5ttttt.exe135⤵
-
\??\c:\nhhnhb.exec:\nhhnhb.exe136⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe137⤵
-
\??\c:\ffffrlf.exec:\ffffrlf.exe138⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe139⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe140⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe141⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe142⤵
-
\??\c:\rrxxxfx.exec:\rrxxxfx.exe143⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe144⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe145⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe146⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe147⤵
-
\??\c:\lrxrfxr.exec:\lrxrfxr.exe148⤵
-
\??\c:\btnbnn.exec:\btnbnn.exe149⤵
-
\??\c:\pvddd.exec:\pvddd.exe150⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe151⤵
-
\??\c:\lxrfrfr.exec:\lxrfrfr.exe152⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe153⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe154⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe155⤵
-
\??\c:\flfflff.exec:\flfflff.exe156⤵
-
\??\c:\tnnbbn.exec:\tnnbbn.exe157⤵
-
\??\c:\hhthth.exec:\hhthth.exe158⤵
-
\??\c:\djdpj.exec:\djdpj.exe159⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe160⤵
-
\??\c:\3btbht.exec:\3btbht.exe161⤵
-
\??\c:\ntnbtn.exec:\ntnbtn.exe162⤵
-
\??\c:\7djpd.exec:\7djpd.exe163⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe164⤵
-
\??\c:\rlrfrlf.exec:\rlrfrlf.exe165⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe166⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe167⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe168⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe169⤵
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe170⤵
-
\??\c:\hhhthb.exec:\hhhthb.exe171⤵
-
\??\c:\7nhtnt.exec:\7nhtnt.exe172⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe173⤵
-
\??\c:\rlxrllr.exec:\rlxrllr.exe174⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe175⤵
-
\??\c:\9nnhbt.exec:\9nnhbt.exe176⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe177⤵
-
\??\c:\llfxfxf.exec:\llfxfxf.exe178⤵
-
\??\c:\xfrlxrr.exec:\xfrlxrr.exe179⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe180⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe181⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe182⤵
-
\??\c:\9xrrrfx.exec:\9xrrrfx.exe183⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe184⤵
-
\??\c:\tbnhtn.exec:\tbnhtn.exe185⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe186⤵
-
\??\c:\rrxrfxl.exec:\rrxrfxl.exe187⤵
-
\??\c:\rrlfffl.exec:\rrlfffl.exe188⤵
-
\??\c:\1hbtnh.exec:\1hbtnh.exe189⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe190⤵
-
\??\c:\jpddj.exec:\jpddj.exe191⤵
-
\??\c:\llrfrrx.exec:\llrfrrx.exe192⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe193⤵
-
\??\c:\tbthtt.exec:\tbthtt.exe194⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe195⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe196⤵
-
\??\c:\xrrllrl.exec:\xrrllrl.exe197⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe198⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe199⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe200⤵
-
\??\c:\rrxlxxr.exec:\rrxlxxr.exe201⤵
-
\??\c:\5rrlfxr.exec:\5rrlfxr.exe202⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe203⤵
-
\??\c:\1hbnbn.exec:\1hbnbn.exe204⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe205⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe206⤵
-
\??\c:\rfrfxlx.exec:\rfrfxlx.exe207⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe208⤵
-
\??\c:\3nbnbb.exec:\3nbnbb.exe209⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe210⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe211⤵
-
\??\c:\rrxrfxl.exec:\rrxrfxl.exe212⤵
-
\??\c:\xlxffrf.exec:\xlxffrf.exe213⤵
-
\??\c:\5httnt.exec:\5httnt.exe214⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe215⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe216⤵
-
\??\c:\9lrlxlf.exec:\9lrlxlf.exe217⤵
-
\??\c:\3bhbbt.exec:\3bhbbt.exe218⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe219⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe220⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe221⤵
-
\??\c:\9rrffxl.exec:\9rrffxl.exe222⤵
-
\??\c:\ttthbt.exec:\ttthbt.exe223⤵
-
\??\c:\htnhhh.exec:\htnhhh.exe224⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe225⤵
-
\??\c:\5flxlfx.exec:\5flxlfx.exe226⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe227⤵
-
\??\c:\3tthbt.exec:\3tthbt.exe228⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe229⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe230⤵
-
\??\c:\pddpd.exec:\pddpd.exe231⤵
-
\??\c:\xllxxrx.exec:\xllxxrx.exe232⤵
-
\??\c:\ttbntb.exec:\ttbntb.exe233⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe234⤵
-
\??\c:\3vppj.exec:\3vppj.exe235⤵
-
\??\c:\1ffxlfx.exec:\1ffxlfx.exe236⤵
-
\??\c:\lxfxllx.exec:\lxfxllx.exe237⤵
-
\??\c:\ntnhbb.exec:\ntnhbb.exe238⤵
-
\??\c:\djpjp.exec:\djpjp.exe239⤵
-
\??\c:\9djvp.exec:\9djvp.exe240⤵
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe241⤵