Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 17:13
General
-
Target
fdb7ab0849fe756d2299e1bad7a70860_NeikiAnalytics.exe
-
Size
75KB
-
MD5
fdb7ab0849fe756d2299e1bad7a70860
-
SHA1
0463f0758f7781dca1ec0e13db852e08a4972bf1
-
SHA256
4ed4e7b131d6192cdce6dfd699c96e8cca6e33f58c89a49ef14f8564048235fc
-
SHA512
257c70203e61ca15986895b7fe6371be68b0b4f378372b330cbd754cf3ec87a86bf5c2b9c46e2abf880cc2331cdebe09390cfac4d50e8292373fe292207ae68a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rIN0:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCuG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fdb7ab0849fe756d2299e1bad7a70860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fdb7ab0849fe756d2299e1bad7a70860_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvp.exec:\vvpvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrlx.exec:\lflfrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjv.exec:\ppjjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrllrl.exec:\frrllrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlffxx.exec:\3xlffxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbnn.exec:\htnbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxrlf.exec:\lrfxrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthhb.exec:\5bthhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpj.exec:\djvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllxr.exec:\fflllxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhhn.exec:\1bhhhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvv.exec:\5jvvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frllrr.exec:\3frllrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrxxr.exec:\5rrrxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbh.exec:\bnbbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxxlll.exec:\9fxxlll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrll.exec:\rfflrll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe23⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe24⤵
- Executes dropped EXE
-
\??\c:\flfflxx.exec:\flfflxx.exe25⤵
- Executes dropped EXE
-
\??\c:\ntbhbb.exec:\ntbhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxllll.exec:\ffxllll.exe29⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\llffxfx.exec:\llffxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\5flrrrl.exec:\5flrrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\nnbbbn.exec:\nnbbbn.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe38⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe39⤵
- Executes dropped EXE
-
\??\c:\5vjdd.exec:\5vjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\xflrlll.exec:\xflrlll.exe41⤵
- Executes dropped EXE
-
\??\c:\lflrlll.exec:\lflrlll.exe42⤵
- Executes dropped EXE
-
\??\c:\bhtbhn.exec:\bhtbhn.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe44⤵
- Executes dropped EXE
-
\??\c:\1dpvv.exec:\1dpvv.exe45⤵
- Executes dropped EXE
-
\??\c:\xrxxfff.exec:\xrxxfff.exe46⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\hhbttb.exec:\hhbttb.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe50⤵
- Executes dropped EXE
-
\??\c:\xrlxfxx.exec:\xrlxfxx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe54⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe55⤵
- Executes dropped EXE
-
\??\c:\rrrrlxx.exec:\rrrrlxx.exe56⤵
- Executes dropped EXE
-
\??\c:\1xffxff.exec:\1xffxff.exe57⤵
- Executes dropped EXE
-
\??\c:\hnhnht.exec:\hnhnht.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\frxrrrr.exec:\frxrrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrrffx.exec:\xlrrffx.exe63⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe66⤵
-
\??\c:\3vddv.exec:\3vddv.exe67⤵
-
\??\c:\7lxrxfx.exec:\7lxrxfx.exe68⤵
-
\??\c:\lxffflf.exec:\lxffflf.exe69⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe70⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe71⤵
-
\??\c:\1jppj.exec:\1jppj.exe72⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe73⤵
-
\??\c:\1rxxrrx.exec:\1rxxrrx.exe74⤵
-
\??\c:\9frrlff.exec:\9frrlff.exe75⤵
-
\??\c:\1llfxxx.exec:\1llfxxx.exe76⤵
-
\??\c:\9thnnt.exec:\9thnnt.exe77⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe78⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe79⤵
-
\??\c:\xrllxff.exec:\xrllxff.exe80⤵
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe81⤵
-
\??\c:\htbthh.exec:\htbthh.exe82⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe83⤵
-
\??\c:\1jppp.exec:\1jppp.exe84⤵
-
\??\c:\rlffxfx.exec:\rlffxfx.exe85⤵
-
\??\c:\tnbtbn.exec:\tnbtbn.exe86⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe87⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe88⤵
-
\??\c:\lrxflrr.exec:\lrxflrr.exe89⤵
-
\??\c:\7xlllll.exec:\7xlllll.exe90⤵
-
\??\c:\nbbhhn.exec:\nbbhhn.exe91⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe92⤵
-
\??\c:\vvppd.exec:\vvppd.exe93⤵
-
\??\c:\7llxrxl.exec:\7llxrxl.exe94⤵
-
\??\c:\nbbtth.exec:\nbbtth.exe95⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe96⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe97⤵
-
\??\c:\3jppp.exec:\3jppp.exe98⤵
-
\??\c:\xlfxlxr.exec:\xlfxlxr.exe99⤵
-
\??\c:\9rrrrrr.exec:\9rrrrrr.exe100⤵
-
\??\c:\nnnnnb.exec:\nnnnnb.exe101⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe102⤵
-
\??\c:\jdppv.exec:\jdppv.exe103⤵
-
\??\c:\lxrllrx.exec:\lxrllrx.exe104⤵
-
\??\c:\xrxrrfx.exec:\xrxrrfx.exe105⤵
-
\??\c:\1bbbbb.exec:\1bbbbb.exe106⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe107⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe108⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe109⤵
-
\??\c:\xxfxxxr.exec:\xxfxxxr.exe110⤵
-
\??\c:\nhtttb.exec:\nhtttb.exe111⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe112⤵
-
\??\c:\dddvv.exec:\dddvv.exe113⤵
-
\??\c:\fflrffr.exec:\fflrffr.exe114⤵
-
\??\c:\1rfllrr.exec:\1rfllrr.exe115⤵
-
\??\c:\btbnht.exec:\btbnht.exe116⤵
-
\??\c:\nnhhnn.exec:\nnhhnn.exe117⤵
-
\??\c:\7ddvv.exec:\7ddvv.exe118⤵
-
\??\c:\fflfxff.exec:\fflfxff.exe119⤵
-
\??\c:\llrfllx.exec:\llrfllx.exe120⤵
-
\??\c:\btttnh.exec:\btttnh.exe121⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe122⤵
-
\??\c:\3pvvv.exec:\3pvvv.exe123⤵
-
\??\c:\dvddp.exec:\dvddp.exe124⤵
-
\??\c:\lflffrl.exec:\lflffrl.exe125⤵
-
\??\c:\frrxxxf.exec:\frrxxxf.exe126⤵
-
\??\c:\xllrrxr.exec:\xllrrxr.exe127⤵
-
\??\c:\3btttb.exec:\3btttb.exe128⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe129⤵
-
\??\c:\pjddd.exec:\pjddd.exe130⤵
-
\??\c:\jddvj.exec:\jddvj.exe131⤵
-
\??\c:\fxxrllr.exec:\fxxrllr.exe132⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe133⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe134⤵
-
\??\c:\9ntntt.exec:\9ntntt.exe135⤵
-
\??\c:\9dddd.exec:\9dddd.exe136⤵
-
\??\c:\vpddj.exec:\vpddj.exe137⤵
-
\??\c:\frxrlrl.exec:\frxrlrl.exe138⤵
-
\??\c:\xrffllf.exec:\xrffllf.exe139⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe140⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe141⤵
-
\??\c:\vppjd.exec:\vppjd.exe142⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe143⤵
-
\??\c:\llfxxxr.exec:\llfxxxr.exe144⤵
-
\??\c:\xxrlffx.exec:\xxrlffx.exe145⤵
-
\??\c:\nhthhb.exec:\nhthhb.exe146⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe147⤵
-
\??\c:\dvppj.exec:\dvppj.exe148⤵
-
\??\c:\jddvv.exec:\jddvv.exe149⤵
-
\??\c:\7xfxrrf.exec:\7xfxrrf.exe150⤵
-
\??\c:\3rxxrrl.exec:\3rxxrrl.exe151⤵
-
\??\c:\3nhnhn.exec:\3nhnhn.exe152⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe153⤵
-
\??\c:\lxffffl.exec:\lxffffl.exe154⤵
-
\??\c:\7rrrlll.exec:\7rrrlll.exe155⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe156⤵
-
\??\c:\5hhnhh.exec:\5hhnhh.exe157⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe158⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe159⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe160⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe161⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe162⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe163⤵
-
\??\c:\1vddd.exec:\1vddd.exe164⤵
-
\??\c:\fxllrxl.exec:\fxllrxl.exe165⤵
-
\??\c:\1xxrlrl.exec:\1xxrlrl.exe166⤵
-
\??\c:\7lrxrxr.exec:\7lrxrxr.exe167⤵
-
\??\c:\9hhtnn.exec:\9hhtnn.exe168⤵
-
\??\c:\nbnntn.exec:\nbnntn.exe169⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe170⤵
-
\??\c:\1dpdj.exec:\1dpdj.exe171⤵
-
\??\c:\7lrlxrl.exec:\7lrlxrl.exe172⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe173⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe174⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe175⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe176⤵
-
\??\c:\9pjjj.exec:\9pjjj.exe177⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe178⤵
-
\??\c:\lfrrrxl.exec:\lfrrrxl.exe179⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe180⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe181⤵
-
\??\c:\xrrfxxx.exec:\xrrfxxx.exe182⤵
-
\??\c:\xrxxxll.exec:\xrxxxll.exe183⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe184⤵
-
\??\c:\1tbbtt.exec:\1tbbtt.exe185⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe186⤵
-
\??\c:\dpddv.exec:\dpddv.exe187⤵
-
\??\c:\rfxlrff.exec:\rfxlrff.exe188⤵
-
\??\c:\bbbbnh.exec:\bbbbnh.exe189⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe190⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe191⤵
-
\??\c:\5xxxllx.exec:\5xxxllx.exe192⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe193⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe194⤵
-
\??\c:\flrxxxx.exec:\flrxxxx.exe195⤵
-
\??\c:\7djdd.exec:\7djdd.exe196⤵
-
\??\c:\rflllll.exec:\rflllll.exe197⤵
-
\??\c:\llfrxxf.exec:\llfrxxf.exe198⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe199⤵
-
\??\c:\vddjv.exec:\vddjv.exe200⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe201⤵
-
\??\c:\rffrrlf.exec:\rffrrlf.exe202⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe203⤵
-
\??\c:\nbbnnb.exec:\nbbnnb.exe204⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe205⤵
-
\??\c:\9xffffl.exec:\9xffffl.exe206⤵
-
\??\c:\rfrxflf.exec:\rfrxflf.exe207⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe208⤵
-
\??\c:\5djpv.exec:\5djpv.exe209⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe210⤵
-
\??\c:\xlxrfff.exec:\xlxrfff.exe211⤵
-
\??\c:\7lllfff.exec:\7lllfff.exe212⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe213⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe214⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe215⤵
-
\??\c:\xlxrfrr.exec:\xlxrfrr.exe216⤵
-
\??\c:\7frrrrr.exec:\7frrrrr.exe217⤵
-
\??\c:\bbbhhb.exec:\bbbhhb.exe218⤵
-
\??\c:\9htbnn.exec:\9htbnn.exe219⤵
-
\??\c:\jddvj.exec:\jddvj.exe220⤵
-
\??\c:\dddjv.exec:\dddjv.exe221⤵
-
\??\c:\jddvp.exec:\jddvp.exe222⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe223⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe224⤵
-
\??\c:\btttbh.exec:\btttbh.exe225⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe226⤵
-
\??\c:\jvddd.exec:\jvddd.exe227⤵
-
\??\c:\xrfxlll.exec:\xrfxlll.exe228⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe229⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe230⤵
-
\??\c:\vppvj.exec:\vppvj.exe231⤵
-
\??\c:\3flrlxx.exec:\3flrlxx.exe232⤵
-
\??\c:\9rxrrfl.exec:\9rxrrfl.exe233⤵
-
\??\c:\btbtnb.exec:\btbtnb.exe234⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe235⤵
-
\??\c:\thttnn.exec:\thttnn.exe236⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe237⤵
-
\??\c:\pppdd.exec:\pppdd.exe238⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe239⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe240⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe241⤵