Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19-05-2024 17:44
General
-
Target
09e6aa3d3e60dc00b470934de5d97ab0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
09e6aa3d3e60dc00b470934de5d97ab0
-
SHA1
a5c57105f78a40df83342e475f2e722fd273eb48
-
SHA256
d8e4c0814cf07fa59cfd057e446b77983b093671accfe7fe2422d3790a39e786
-
SHA512
17644028e926a86d34abf0cff7bef52c6f03a1089d89354bd88da7a94f192c4dd73e6057a27413996b2ae8fc23e698f79b092065c1e4d54fea5d943ec227d801
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE87X:9hOmTsF93UYfwC6GIoutz5yLpOSDRX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09e6aa3d3e60dc00b470934de5d97ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09e6aa3d3e60dc00b470934de5d97ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhh.exec:\nbnhhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrrf.exec:\fxlfrrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlffx.exec:\rrrlffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhbb.exec:\thhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxr.exec:\llfxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttt.exec:\tttttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frlfxr.exec:\1frlfxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbtt.exec:\hhhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlrl.exec:\lfxrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhbb.exec:\ntbhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbt.exec:\btbbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdd.exec:\jpjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrlf.exec:\rffxrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhb.exec:\thnhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxxxl.exec:\5ffxxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\flxxllx.exec:\flxxllx.exe24⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjdj.exec:\dpjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lllfrlx.exec:\lllfrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe31⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe34⤵
- Executes dropped EXE
-
\??\c:\rxrrrxr.exec:\rxrrrxr.exe35⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\flrrffl.exec:\flrrffl.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\nbnnnn.exec:\nbnnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\dppvv.exec:\dppvv.exe42⤵
- Executes dropped EXE
-
\??\c:\pddpv.exec:\pddpv.exe43⤵
- Executes dropped EXE
-
\??\c:\5rxlffx.exec:\5rxlffx.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxrlfl.exec:\xxxrlfl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxxflf.exec:\rlxxflf.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrxrrr.exec:\lfrxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\tbbbnn.exec:\tbbbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\hhnnbh.exec:\hhnnbh.exe52⤵
- Executes dropped EXE
-
\??\c:\nthtnh.exec:\nthtnh.exe53⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe54⤵
- Executes dropped EXE
-
\??\c:\rrfxffl.exec:\rrfxffl.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrffff.exec:\rlrffff.exe56⤵
- Executes dropped EXE
-
\??\c:\htnhhh.exec:\htnhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\ntbttn.exec:\ntbttn.exe58⤵
- Executes dropped EXE
-
\??\c:\nbntbt.exec:\nbntbt.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe60⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\3fxrllf.exec:\3fxrllf.exe62⤵
- Executes dropped EXE
-
\??\c:\ffffxrf.exec:\ffffxrf.exe63⤵
- Executes dropped EXE
-
\??\c:\9pppp.exec:\9pppp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbtbt.exec:\tnbtbt.exe66⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe67⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe68⤵
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe69⤵
-
\??\c:\fxxlrlf.exec:\fxxlrlf.exe70⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe71⤵
-
\??\c:\bhbbnn.exec:\bhbbnn.exe72⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe73⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe74⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe75⤵
-
\??\c:\frlfrrl.exec:\frlfrrl.exe76⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe77⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe78⤵
-
\??\c:\9jvpj.exec:\9jvpj.exe79⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe80⤵
-
\??\c:\lrxrfll.exec:\lrxrfll.exe81⤵
-
\??\c:\xlrrllf.exec:\xlrrllf.exe82⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe83⤵
-
\??\c:\tbnhht.exec:\tbnhht.exe84⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe85⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe86⤵
-
\??\c:\fxrlxxx.exec:\fxrlxxx.exe87⤵
-
\??\c:\flllffr.exec:\flllffr.exe88⤵
-
\??\c:\xffffxl.exec:\xffffxl.exe89⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe90⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe91⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe92⤵
-
\??\c:\frlxrrf.exec:\frlxrrf.exe93⤵
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe94⤵
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe95⤵
-
\??\c:\hnhhtt.exec:\hnhhtt.exe96⤵
-
\??\c:\httnbb.exec:\httnbb.exe97⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe98⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe99⤵
-
\??\c:\fxlfrrl.exec:\fxlfrrl.exe100⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe101⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe102⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe103⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe104⤵
-
\??\c:\xrxrfff.exec:\xrxrfff.exe105⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe106⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe107⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe108⤵
-
\??\c:\pdddv.exec:\pdddv.exe109⤵
-
\??\c:\lrrxrll.exec:\lrrxrll.exe110⤵
-
\??\c:\xrxlxxf.exec:\xrxlxxf.exe111⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe112⤵
-
\??\c:\tbhhnh.exec:\tbhhnh.exe113⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe114⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe115⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe116⤵
-
\??\c:\xfxlxrx.exec:\xfxlxrx.exe117⤵
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe118⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe119⤵
-
\??\c:\bhbhtn.exec:\bhbhtn.exe120⤵
-
\??\c:\9pdpp.exec:\9pdpp.exe121⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe122⤵
-
\??\c:\rxxrxrl.exec:\rxxrxrl.exe123⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe124⤵
-
\??\c:\xlxrxxf.exec:\xlxrxxf.exe125⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe126⤵
-
\??\c:\nnthtb.exec:\nnthtb.exe127⤵
-
\??\c:\vddjd.exec:\vddjd.exe128⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe129⤵
-
\??\c:\fxfrlxl.exec:\fxfrlxl.exe130⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe131⤵
-
\??\c:\5bhhtn.exec:\5bhhtn.exe132⤵
-
\??\c:\djjpj.exec:\djjpj.exe133⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe134⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe135⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe136⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe137⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe138⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe139⤵
-
\??\c:\9fffxxx.exec:\9fffxxx.exe140⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe141⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe142⤵
-
\??\c:\pddvp.exec:\pddvp.exe143⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe144⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe145⤵
-
\??\c:\rfflfrl.exec:\rfflfrl.exe146⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe147⤵
-
\??\c:\rxxlrfx.exec:\rxxlrfx.exe148⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe149⤵
-
\??\c:\tbbtnb.exec:\tbbtnb.exe150⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe151⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe152⤵
-
\??\c:\frxrlxx.exec:\frxrlxx.exe153⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe154⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe155⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe156⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe157⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe158⤵
-
\??\c:\xrrlfrr.exec:\xrrlfrr.exe159⤵
-
\??\c:\9xflffx.exec:\9xflffx.exe160⤵
-
\??\c:\htttnt.exec:\htttnt.exe161⤵
-
\??\c:\3bnhnn.exec:\3bnhnn.exe162⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe163⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe164⤵
-
\??\c:\lxlfrrf.exec:\lxlfrrf.exe165⤵
-
\??\c:\ntnthn.exec:\ntnthn.exe166⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe167⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe168⤵
-
\??\c:\vddpd.exec:\vddpd.exe169⤵
-
\??\c:\ffrrffx.exec:\ffrrffx.exe170⤵
-
\??\c:\ffrxffr.exec:\ffrxffr.exe171⤵
-
\??\c:\fflxrrl.exec:\fflxrrl.exe172⤵
-
\??\c:\tbbbbn.exec:\tbbbbn.exe173⤵
-
\??\c:\djppj.exec:\djppj.exe174⤵
-
\??\c:\vvppj.exec:\vvppj.exe175⤵
-
\??\c:\fffxrlf.exec:\fffxrlf.exe176⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe177⤵
-
\??\c:\5btbbb.exec:\5btbbb.exe178⤵
-
\??\c:\9jdvp.exec:\9jdvp.exe179⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe180⤵
-
\??\c:\lxrfrlf.exec:\lxrfrlf.exe181⤵
-
\??\c:\flrlfxf.exec:\flrlfxf.exe182⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe183⤵
-
\??\c:\3hhbnh.exec:\3hhbnh.exe184⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe185⤵
-
\??\c:\djpjp.exec:\djpjp.exe186⤵
-
\??\c:\lfffxrl.exec:\lfffxrl.exe187⤵
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe188⤵
-
\??\c:\1rrllfr.exec:\1rrllfr.exe189⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe190⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe191⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe192⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe193⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe194⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe195⤵
-
\??\c:\3lxrllf.exec:\3lxrllf.exe196⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe197⤵
-
\??\c:\llfffff.exec:\llfffff.exe198⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe199⤵
-
\??\c:\pdddv.exec:\pdddv.exe200⤵
-
\??\c:\1flflll.exec:\1flflll.exe201⤵
-
\??\c:\rfffflf.exec:\rfffflf.exe202⤵
-
\??\c:\5nnhbt.exec:\5nnhbt.exe203⤵
-
\??\c:\pvppj.exec:\pvppj.exe204⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe205⤵
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe206⤵
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe207⤵
-
\??\c:\htnnhn.exec:\htnnhn.exe208⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe209⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe210⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe211⤵
-
\??\c:\ppdjj.exec:\ppdjj.exe212⤵
-
\??\c:\djvdj.exec:\djvdj.exe213⤵
-
\??\c:\rlrrfxx.exec:\rlrrfxx.exe214⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe215⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe216⤵
-
\??\c:\llxrrfx.exec:\llxrrfx.exe217⤵
-
\??\c:\3bhbbb.exec:\3bhbbb.exe218⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe219⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe220⤵
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe221⤵
-
\??\c:\thhntt.exec:\thhntt.exe222⤵
-
\??\c:\9vjjd.exec:\9vjjd.exe223⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe224⤵
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe225⤵
-
\??\c:\rlllfxl.exec:\rlllfxl.exe226⤵
-
\??\c:\llllffx.exec:\llllffx.exe227⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe228⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe229⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe230⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe231⤵
-
\??\c:\jdddp.exec:\jdddp.exe232⤵
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe233⤵
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe234⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe235⤵
-
\??\c:\ttnbhh.exec:\ttnbhh.exe236⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe237⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe238⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe239⤵
-
\??\c:\lxlfxxl.exec:\lxlfxxl.exe240⤵
-
\??\c:\7flrlrr.exec:\7flrlrr.exe241⤵