Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 15:25
General
-
Target
e2c5b7ea01deb2fd21859fd58c3cf4f0_NeikiAnalytics.exe
-
Size
537KB
-
MD5
e2c5b7ea01deb2fd21859fd58c3cf4f0
-
SHA1
ad7db572d2aa10d82fbd4609cf15f14484e1c7dd
-
SHA256
f6e54a24dfbfad59920a59fcdb8b0056b8c92f920b9908ac3e31af09793dc35f
-
SHA512
bd0c585cdb3bceeb5f81171789062dec8be93f3c46e42988a4fc13fc20d7238bb2aa7b4a92d6cbb9906c9a99b804058ecd6dccf573c2e1fc1465da98461e9182
-
SSDEEP
12288:y4wFHoS3eFp3IDvSbh5nP+UbGTHoSouKs8N0u/D6vIZd:HFp3lzZbGa5sod
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2c5b7ea01deb2fd21859fd58c3cf4f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e2c5b7ea01deb2fd21859fd58c3cf4f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btnhb.exec:\3btnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnt.exec:\hhnhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffrl.exec:\rrfffrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnnh.exec:\nbtnnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvv.exec:\jvdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthtt.exec:\htthtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbb.exec:\tbnhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthbb.exec:\hhthbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbnh.exec:\bhnbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdp.exec:\9jpdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthbb.exec:\htthbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdp.exec:\vpvdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe23⤵
- Executes dropped EXE
-
\??\c:\llxrrxl.exec:\llxrrxl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhthn.exec:\hbhthn.exe25⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe27⤵
- Executes dropped EXE
-
\??\c:\rffrlfx.exec:\rffrlfx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbthbn.exec:\hbthbn.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\htbtth.exec:\htbtth.exe33⤵
- Executes dropped EXE
-
\??\c:\rxlflfl.exec:\rxlflfl.exe34⤵
- Executes dropped EXE
-
\??\c:\1lrlflf.exec:\1lrlflf.exe35⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxlxxf.exec:\lrxlxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnbt.exec:\hntnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe42⤵
- Executes dropped EXE
-
\??\c:\lfrlxrl.exec:\lfrlxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnhnh.exec:\nhnhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\rxrfxrr.exec:\rxrfxrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nbthbn.exec:\nbthbn.exe46⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\lrfxrxl.exec:\lrfxrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\nhnhhb.exec:\nhnhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\9hnhtn.exec:\9hnhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrxlfx.exec:\fxrxlfx.exe52⤵
- Executes dropped EXE
-
\??\c:\tbhttn.exec:\tbhttn.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\xxfxrxr.exec:\xxfxrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\xlfxlfr.exec:\xlfxlfr.exe56⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe57⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe58⤵
- Executes dropped EXE
-
\??\c:\frrfxlf.exec:\frrfxlf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhtnhb.exec:\bhtnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe61⤵
- Executes dropped EXE
-
\??\c:\rllxrlx.exec:\rllxrlx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbbthb.exec:\nbbthb.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlxrlx.exec:\xrlxrlx.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbttn.exec:\ttbttn.exe66⤵
-
\??\c:\djdvj.exec:\djdvj.exe67⤵
-
\??\c:\lxffxrr.exec:\lxffxrr.exe68⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe69⤵
-
\??\c:\dddvp.exec:\dddvp.exe70⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe71⤵
-
\??\c:\btbttt.exec:\btbttt.exe72⤵
-
\??\c:\vdppd.exec:\vdppd.exe73⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe74⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe75⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe76⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe77⤵
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe78⤵
-
\??\c:\hbbhbt.exec:\hbbhbt.exe79⤵
-
\??\c:\nbtnbn.exec:\nbtnbn.exe80⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe81⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe82⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe83⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe84⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe85⤵
-
\??\c:\flllffx.exec:\flllffx.exe86⤵
-
\??\c:\nbhthh.exec:\nbhthh.exe87⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe88⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe89⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe90⤵
-
\??\c:\frrfrrf.exec:\frrfrrf.exe91⤵
-
\??\c:\1tnhbb.exec:\1tnhbb.exe92⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe93⤵
-
\??\c:\djpdp.exec:\djpdp.exe94⤵
-
\??\c:\3xrlxrl.exec:\3xrlxrl.exe95⤵
-
\??\c:\nbtnbt.exec:\nbtnbt.exe96⤵
-
\??\c:\pddvp.exec:\pddvp.exe97⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe98⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe99⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe100⤵
-
\??\c:\dvppj.exec:\dvppj.exe101⤵
-
\??\c:\rrfxxrl.exec:\rrfxxrl.exe102⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe103⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe104⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe105⤵
-
\??\c:\flffxxl.exec:\flffxxl.exe106⤵
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe107⤵
-
\??\c:\thbtnt.exec:\thbtnt.exe108⤵
-
\??\c:\djpdv.exec:\djpdv.exe109⤵
-
\??\c:\vddvp.exec:\vddvp.exe110⤵
-
\??\c:\rrxrrlr.exec:\rrxrrlr.exe111⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe112⤵
-
\??\c:\djpdp.exec:\djpdp.exe113⤵
-
\??\c:\9djpj.exec:\9djpj.exe114⤵
-
\??\c:\frrrxff.exec:\frrrxff.exe115⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe116⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe117⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe118⤵
-
\??\c:\5rrlxrf.exec:\5rrlxrf.exe119⤵
-
\??\c:\xllfxxr.exec:\xllfxxr.exe120⤵
-
\??\c:\thnhtn.exec:\thnhtn.exe121⤵
-
\??\c:\1jjvj.exec:\1jjvj.exe122⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe123⤵
-
\??\c:\7frlffx.exec:\7frlffx.exe124⤵
-
\??\c:\nhtnbt.exec:\nhtnbt.exe125⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe126⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe127⤵
-
\??\c:\lxxrfxl.exec:\lxxrfxl.exe128⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe129⤵
-
\??\c:\hnbhbt.exec:\hnbhbt.exe130⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe131⤵
-
\??\c:\xrxffrx.exec:\xrxffrx.exe132⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe133⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe134⤵
-
\??\c:\lffrlrf.exec:\lffrlrf.exe135⤵
-
\??\c:\flrlfxx.exec:\flrlfxx.exe136⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe137⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe138⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe139⤵
-
\??\c:\httnhb.exec:\httnhb.exe140⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe141⤵
-
\??\c:\3pdvj.exec:\3pdvj.exe142⤵
-
\??\c:\3lrfxxl.exec:\3lrfxxl.exe143⤵
-
\??\c:\bbbnhb.exec:\bbbnhb.exe144⤵
-
\??\c:\djpdp.exec:\djpdp.exe145⤵
-
\??\c:\ffrfxrf.exec:\ffrfxrf.exe146⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe147⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe148⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe149⤵
-
\??\c:\fffrlfx.exec:\fffrlfx.exe150⤵
-
\??\c:\bhthbt.exec:\bhthbt.exe151⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe152⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe153⤵
-
\??\c:\lllfxxl.exec:\lllfxxl.exe154⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe155⤵
-
\??\c:\vjvjd.exec:\vjvjd.exe156⤵
-
\??\c:\rrlxrlf.exec:\rrlxrlf.exe157⤵
-
\??\c:\fxxrxxl.exec:\fxxrxxl.exe158⤵
-
\??\c:\ttnttn.exec:\ttnttn.exe159⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe160⤵
-
\??\c:\7flfffl.exec:\7flfffl.exe161⤵
-
\??\c:\rxxflff.exec:\rxxflff.exe162⤵
-
\??\c:\3bttnh.exec:\3bttnh.exe163⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe164⤵
-
\??\c:\rlfrlfr.exec:\rlfrlfr.exe165⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe166⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe167⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe168⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe169⤵
-
\??\c:\xxxlrxf.exec:\xxxlrxf.exe170⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe171⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe172⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe173⤵
-
\??\c:\llfxlll.exec:\llfxlll.exe174⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe175⤵
-
\??\c:\btnbnb.exec:\btnbnb.exe176⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe177⤵
-
\??\c:\xlfrflr.exec:\xlfrflr.exe178⤵
-
\??\c:\lxrlfxl.exec:\lxrlfxl.exe179⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe180⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe181⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe182⤵
-
\??\c:\lrrlxfl.exec:\lrrlxfl.exe183⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe184⤵
-
\??\c:\5hnnbb.exec:\5hnnbb.exe185⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe186⤵
-
\??\c:\lflfxfx.exec:\lflfxfx.exe187⤵
-
\??\c:\lllxlfr.exec:\lllxlfr.exe188⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe189⤵
-
\??\c:\djpjv.exec:\djpjv.exe190⤵
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe191⤵
-
\??\c:\hbnbnh.exec:\hbnbnh.exe192⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe193⤵
-
\??\c:\pddjv.exec:\pddjv.exe194⤵
-
\??\c:\xfxrfxl.exec:\xfxrfxl.exe195⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe196⤵
-
\??\c:\5bhttt.exec:\5bhttt.exe197⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe198⤵
-
\??\c:\xrlxrlf.exec:\xrlxrlf.exe199⤵
-
\??\c:\hbtbtn.exec:\hbtbtn.exe200⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe201⤵
-
\??\c:\rxffrlf.exec:\rxffrlf.exe202⤵
-
\??\c:\rllxrlf.exec:\rllxrlf.exe203⤵
-
\??\c:\ththht.exec:\ththht.exe204⤵
-
\??\c:\3vpdv.exec:\3vpdv.exe205⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe206⤵
-
\??\c:\lfffrlx.exec:\lfffrlx.exe207⤵
-
\??\c:\1ttthh.exec:\1ttthh.exe208⤵
-
\??\c:\bnnbth.exec:\bnnbth.exe209⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe210⤵
-
\??\c:\lffrfxr.exec:\lffrfxr.exe211⤵
-
\??\c:\nbbtht.exec:\nbbtht.exe212⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe213⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe214⤵
-
\??\c:\1rfrfxl.exec:\1rfrfxl.exe215⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe216⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe217⤵
-
\??\c:\jddvp.exec:\jddvp.exe218⤵
-
\??\c:\rlllllr.exec:\rlllllr.exe219⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe220⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe221⤵
-
\??\c:\jddvj.exec:\jddvj.exe222⤵
-
\??\c:\3lfxfxr.exec:\3lfxfxr.exe223⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe224⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe225⤵
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe226⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe227⤵
-
\??\c:\bhhnhh.exec:\bhhnhh.exe228⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe229⤵
-
\??\c:\lllfrrl.exec:\lllfrrl.exe230⤵
-
\??\c:\btthbt.exec:\btthbt.exe231⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe232⤵
-
\??\c:\lxlxffl.exec:\lxlxffl.exe233⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe234⤵
-
\??\c:\nntntn.exec:\nntntn.exe235⤵
-
\??\c:\vppdv.exec:\vppdv.exe236⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe237⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe238⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe239⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe240⤵
-
\??\c:\xxxfffx.exec:\xxxfffx.exe241⤵