Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 15:14
General
-
Target
dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe
-
Size
158KB
-
MD5
dfeeee3861cfc3dc291fdd06d4082b50
-
SHA1
e1f13d0bb613867e2758a0895ac8f9a264ea97f9
-
SHA256
dfa399af916afe8ede2654ae74e36b516131ba7c5eeaf2abe51a4471f97ab6c9
-
SHA512
e00bd120f067dc2847a7984d3234626f23b595c45a1fcc6406057de1bf422093e3de453c24b17a11d1d8377bee8159407bc54385d88b9ef645c1379be6b9c207
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIbT2NRUv8XK9wnftqPQhSLcINkSyCmtDWd:n3C9BRo/AIX2MUXownfWQkyCmtDWd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dfeeee3861cfc3dc291fdd06d4082b50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlfrl.exec:\rxrlfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnth.exec:\nhtnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnh.exec:\nnnbnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djvp.exec:\1djvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtnt.exec:\1bbtnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnn.exec:\tntnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllfff.exec:\3rllfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbnh.exec:\tnhbnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtnh.exec:\tthtnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpjv.exec:\5vpjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxffx.exec:\rffxffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fllfrr.exec:\5fllfrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbttnt.exec:\nbttnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnn.exec:\tbbtnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrlf.exec:\xfxxrlf.exe23⤵
- Executes dropped EXE
-
\??\c:\llrlfff.exec:\llrlfff.exe24⤵
- Executes dropped EXE
-
\??\c:\btthbh.exec:\btthbh.exe25⤵
- Executes dropped EXE
-
\??\c:\9vjdv.exec:\9vjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\llfxrlf.exec:\llfxrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\9bhbtt.exec:\9bhbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe29⤵
- Executes dropped EXE
-
\??\c:\9rfxlfx.exec:\9rfxlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\hbhhbt.exec:\hbhhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe32⤵
- Executes dropped EXE
-
\??\c:\5llfrlx.exec:\5llfrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\5nhhhh.exec:\5nhhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\xxffrrf.exec:\xxffrrf.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxrlfr.exec:\rlxrlfr.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhnht.exec:\nhhnht.exe38⤵
- Executes dropped EXE
-
\??\c:\3dvpv.exec:\3dvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\lxlfxxl.exec:\lxlfxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfxfxf.exec:\rlfxfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe42⤵
- Executes dropped EXE
-
\??\c:\ppppp.exec:\ppppp.exe43⤵
- Executes dropped EXE
-
\??\c:\9pvpp.exec:\9pvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxrrll.exec:\lfxrrll.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtnnn.exec:\bbtnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\lrfxfxl.exec:\lrfxfxl.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrllxx.exec:\fxrllxx.exe51⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe53⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrlfff.exec:\xrrlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\hhttnt.exec:\hhttnt.exe56⤵
- Executes dropped EXE
-
\??\c:\bhhhhh.exec:\bhhhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe58⤵
- Executes dropped EXE
-
\??\c:\fffffrr.exec:\fffffrr.exe59⤵
- Executes dropped EXE
-
\??\c:\thhhbb.exec:\thhhbb.exe60⤵
- Executes dropped EXE
-
\??\c:\bnbttt.exec:\bnbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rrllfll.exec:\rrllfll.exe65⤵
- Executes dropped EXE
-
\??\c:\1bbttn.exec:\1bbttn.exe66⤵
-
\??\c:\pjppp.exec:\pjppp.exe67⤵
-
\??\c:\1flrlfx.exec:\1flrlfx.exe68⤵
-
\??\c:\rrxrlff.exec:\rrxrlff.exe69⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe70⤵
-
\??\c:\dpppj.exec:\dpppj.exe71⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe72⤵
-
\??\c:\1nnhtt.exec:\1nnhtt.exe73⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe74⤵
-
\??\c:\9lxrrrx.exec:\9lxrrrx.exe75⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe76⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe77⤵
-
\??\c:\5jpjj.exec:\5jpjj.exe78⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe79⤵
-
\??\c:\fffrrll.exec:\fffrrll.exe80⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe81⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe82⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe83⤵
-
\??\c:\fllfxrr.exec:\fllfxrr.exe84⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe85⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe86⤵
-
\??\c:\fxxrlff.exec:\fxxrlff.exe87⤵
-
\??\c:\ntbthb.exec:\ntbthb.exe88⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe89⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe90⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe91⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe92⤵
-
\??\c:\9nbbhh.exec:\9nbbhh.exe93⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe94⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe95⤵
-
\??\c:\rxxlxxl.exec:\rxxlxxl.exe96⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe97⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe98⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe99⤵
-
\??\c:\pjddp.exec:\pjddp.exe100⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe101⤵
-
\??\c:\htnbbb.exec:\htnbbb.exe102⤵
-
\??\c:\hhnbtb.exec:\hhnbtb.exe103⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe104⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe105⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe106⤵
-
\??\c:\xffxxxx.exec:\xffxxxx.exe107⤵
-
\??\c:\3tbnhn.exec:\3tbnhn.exe108⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe109⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe110⤵
-
\??\c:\9jjpj.exec:\9jjpj.exe111⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe112⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe113⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe114⤵
-
\??\c:\jdddd.exec:\jdddd.exe115⤵
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe116⤵
-
\??\c:\3xrllll.exec:\3xrllll.exe117⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe118⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe119⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe120⤵
-
\??\c:\rflflfx.exec:\rflflfx.exe121⤵
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe122⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe123⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe124⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe125⤵
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe126⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe127⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe128⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe129⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe130⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe131⤵
-
\??\c:\rrfxxxx.exec:\rrfxxxx.exe132⤵
-
\??\c:\tnbbth.exec:\tnbbth.exe133⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe134⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe135⤵
-
\??\c:\5xlllrf.exec:\5xlllrf.exe136⤵
-
\??\c:\xxllrrr.exec:\xxllrrr.exe137⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe138⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe139⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe140⤵
-
\??\c:\lffrrff.exec:\lffrrff.exe141⤵
-
\??\c:\7thbbh.exec:\7thbbh.exe142⤵
-
\??\c:\7tbbtb.exec:\7tbbtb.exe143⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe144⤵
-
\??\c:\vvddd.exec:\vvddd.exe145⤵
-
\??\c:\1xrrlll.exec:\1xrrlll.exe146⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe147⤵
-
\??\c:\1tbtnn.exec:\1tbtnn.exe148⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe149⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe150⤵
-
\??\c:\rrrllff.exec:\rrrllff.exe151⤵
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe152⤵
-
\??\c:\bbbtnb.exec:\bbbtnb.exe153⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe154⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe155⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe156⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe157⤵
-
\??\c:\xrxxrff.exec:\xrxxrff.exe158⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe159⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe160⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe161⤵
-
\??\c:\xxffllx.exec:\xxffllx.exe162⤵
-
\??\c:\flffxxx.exec:\flffxxx.exe163⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe164⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe165⤵
-
\??\c:\1vddv.exec:\1vddv.exe166⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe167⤵
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe168⤵
-
\??\c:\hhntnh.exec:\hhntnh.exe169⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe170⤵
-
\??\c:\djdvp.exec:\djdvp.exe171⤵
-
\??\c:\xrfxxfx.exec:\xrfxxfx.exe172⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe173⤵
-
\??\c:\bhnnnb.exec:\bhnnnb.exe174⤵
-
\??\c:\vvddj.exec:\vvddj.exe175⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe176⤵
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe177⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe178⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe179⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe180⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe181⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe182⤵
-
\??\c:\lfflfxl.exec:\lfflfxl.exe183⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe184⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe185⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe186⤵
-
\??\c:\xflxrrl.exec:\xflxrrl.exe187⤵
-
\??\c:\nhhhht.exec:\nhhhht.exe188⤵
-
\??\c:\btbthh.exec:\btbthh.exe189⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe190⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe191⤵
-
\??\c:\rxffrfx.exec:\rxffrfx.exe192⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe193⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe194⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe195⤵
-
\??\c:\5fxrlfl.exec:\5fxrlfl.exe196⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe197⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe198⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe199⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe200⤵
-
\??\c:\httnhh.exec:\httnhh.exe201⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe202⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe203⤵
-
\??\c:\7ppdv.exec:\7ppdv.exe204⤵
-
\??\c:\5lrlfff.exec:\5lrlfff.exe205⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe206⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe207⤵
-
\??\c:\7vddv.exec:\7vddv.exe208⤵
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe209⤵
-
\??\c:\fxffffx.exec:\fxffffx.exe210⤵
-
\??\c:\bttttb.exec:\bttttb.exe211⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe212⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe213⤵
-
\??\c:\9llrfxr.exec:\9llrfxr.exe214⤵
-
\??\c:\fxfxrrx.exec:\fxfxrrx.exe215⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe216⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe217⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe218⤵
-
\??\c:\xfflffx.exec:\xfflffx.exe219⤵
-
\??\c:\ffxxxrr.exec:\ffxxxrr.exe220⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe221⤵
-
\??\c:\tntntn.exec:\tntntn.exe222⤵
-
\??\c:\jddvj.exec:\jddvj.exe223⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe224⤵
-
\??\c:\hnbtnh.exec:\hnbtnh.exe225⤵
-
\??\c:\5tbtht.exec:\5tbtht.exe226⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe227⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe228⤵
-
\??\c:\rxrllll.exec:\rxrllll.exe229⤵
-
\??\c:\flfxrrl.exec:\flfxrrl.exe230⤵
-
\??\c:\9nnbnn.exec:\9nnbnn.exe231⤵
-
\??\c:\djvpj.exec:\djvpj.exe232⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe233⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe234⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe235⤵
-
\??\c:\3hbthh.exec:\3hbthh.exe236⤵
-
\??\c:\1jpjv.exec:\1jpjv.exe237⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe238⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe239⤵
-
\??\c:\xlrllfr.exec:\xlrllfr.exe240⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe241⤵