Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 17:58
General
-
Target
0d66425ee0b32c8d7016d2d8d1f6e8e0_NeikiAnalytics.exe
-
Size
401KB
-
MD5
0d66425ee0b32c8d7016d2d8d1f6e8e0
-
SHA1
025569f002dd9c8f198a51754cb4a57900b3bf52
-
SHA256
bf445d3408c8881faa710c0e436f9484c5b217b4b65ead5415e4f6dcdb008651
-
SHA512
935eaeae21ec4097813f91db18519faf3adfbed9fa17cff56f91887ce98717ccbb47c68b065d62e21cbcedf4e36c1ed045d7f774ef16deca8379f21068d07662
-
SSDEEP
6144:Jcm4FmowdHoSEubDcAkOCOu0EajNVBZr6y2WXxLO1UqW9E33:T4wFHoSEubD2P33
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d66425ee0b32c8d7016d2d8d1f6e8e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0d66425ee0b32c8d7016d2d8d1f6e8e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxlf.exec:\rlffxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrrx.exec:\rrfxrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpj.exec:\dvjpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllflrf.exec:\rllflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxffl.exec:\lffxffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbbh.exec:\hnbbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxr.exec:\xflfxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxffr.exec:\rffxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxfxr.exec:\rxfxfxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnnbh.exec:\3nnnbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdvp.exec:\3vdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppp.exec:\1pppp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllfx.exec:\rrrllfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfllr.exec:\lrlfllr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\vjpjp.exec:\vjpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xflffll.exec:\xflffll.exe25⤵
- Executes dropped EXE
-
\??\c:\nntnhb.exec:\nntnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\tbnbhn.exec:\tbnbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\rxrrllf.exec:\rxrrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\5bnhnt.exec:\5bnhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe32⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\5xllfff.exec:\5xllfff.exe34⤵
- Executes dropped EXE
-
\??\c:\rrrlxfx.exec:\rrrlxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe37⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhhnn.exec:\nnhhnn.exe40⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\rflrlll.exec:\rflrlll.exe44⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\fffxrrr.exec:\fffxrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\1hnhtt.exec:\1hnhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\nthhtt.exec:\nthhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe52⤵
- Executes dropped EXE
-
\??\c:\xlxxrrl.exec:\xlxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\tbbhhn.exec:\tbbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe56⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\frlfrrr.exec:\frlfrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbbbt.exec:\tnbbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\bbbtbb.exec:\bbbtbb.exe60⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxxrfx.exec:\rrxxrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\1ntnbb.exec:\1ntnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\hhnhnh.exec:\hhnhnh.exe65⤵
- Executes dropped EXE
-
\??\c:\djpjj.exec:\djpjj.exe66⤵
-
\??\c:\rlxxffl.exec:\rlxxffl.exe67⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe68⤵
-
\??\c:\pvddv.exec:\pvddv.exe69⤵
-
\??\c:\xrllxxr.exec:\xrllxxr.exe70⤵
-
\??\c:\1btnnb.exec:\1btnnb.exe71⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe72⤵
-
\??\c:\vpddv.exec:\vpddv.exe73⤵
-
\??\c:\rrxrrxx.exec:\rrxrrxx.exe74⤵
-
\??\c:\nnttnb.exec:\nnttnb.exe75⤵
-
\??\c:\5hhhbt.exec:\5hhhbt.exe76⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe77⤵
-
\??\c:\lfrrfrl.exec:\lfrrfrl.exe78⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe79⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe80⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe81⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe82⤵
-
\??\c:\vjppj.exec:\vjppj.exe83⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe84⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe85⤵
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe86⤵
-
\??\c:\vppjd.exec:\vppjd.exe87⤵
-
\??\c:\vppdv.exec:\vppdv.exe88⤵
-
\??\c:\frxrxrr.exec:\frxrxrr.exe89⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe90⤵
-
\??\c:\jpjdj.exec:\jpjdj.exe91⤵
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe92⤵
-
\??\c:\xxlfxfx.exec:\xxlfxfx.exe93⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe94⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe95⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe96⤵
-
\??\c:\5frlffx.exec:\5frlffx.exe97⤵
-
\??\c:\1flxxxr.exec:\1flxxxr.exe98⤵
-
\??\c:\tthhtt.exec:\tthhtt.exe99⤵
-
\??\c:\djpvv.exec:\djpvv.exe100⤵
-
\??\c:\rfxlxlx.exec:\rfxlxlx.exe101⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe102⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe103⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe104⤵
-
\??\c:\fflfxlf.exec:\fflfxlf.exe105⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe106⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe107⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe108⤵
-
\??\c:\1rflfll.exec:\1rflfll.exe109⤵
-
\??\c:\hhntnn.exec:\hhntnn.exe110⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe111⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe112⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe113⤵
-
\??\c:\rrrlffx.exec:\rrrlffx.exe114⤵
-
\??\c:\ffrlfff.exec:\ffrlfff.exe115⤵
-
\??\c:\tbtbtt.exec:\tbtbtt.exe116⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe117⤵
-
\??\c:\1pddp.exec:\1pddp.exe118⤵
-
\??\c:\lflfllf.exec:\lflfllf.exe119⤵
-
\??\c:\btthth.exec:\btthth.exe120⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe121⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe122⤵
-
\??\c:\lrrrffx.exec:\lrrrffx.exe123⤵
-
\??\c:\btthbb.exec:\btthbb.exe124⤵
-
\??\c:\1vddv.exec:\1vddv.exe125⤵
-
\??\c:\rxllffl.exec:\rxllffl.exe126⤵
-
\??\c:\rxlxxxr.exec:\rxlxxxr.exe127⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe128⤵
-
\??\c:\djpjv.exec:\djpjv.exe129⤵
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe130⤵
-
\??\c:\rrrrlll.exec:\rrrrlll.exe131⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe132⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe133⤵
-
\??\c:\lfrlrxf.exec:\lfrlrxf.exe134⤵
-
\??\c:\hnbbtn.exec:\hnbbtn.exe135⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe136⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe137⤵
-
\??\c:\lrlxxrl.exec:\lrlxxrl.exe138⤵
-
\??\c:\btbbtb.exec:\btbbtb.exe139⤵
-
\??\c:\bntttt.exec:\bntttt.exe140⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe141⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe142⤵
-
\??\c:\7htttt.exec:\7htttt.exe143⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe144⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe145⤵
-
\??\c:\9fllrrx.exec:\9fllrrx.exe146⤵
-
\??\c:\tbtttb.exec:\tbtttb.exe147⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe148⤵
-
\??\c:\9vjvv.exec:\9vjvv.exe149⤵
-
\??\c:\ffrlllr.exec:\ffrlllr.exe150⤵
-
\??\c:\7flfxxx.exec:\7flfxxx.exe151⤵
-
\??\c:\thbthh.exec:\thbthh.exe152⤵
-
\??\c:\ppddj.exec:\ppddj.exe153⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe154⤵
-
\??\c:\fflllff.exec:\fflllff.exe155⤵
-
\??\c:\vddvp.exec:\vddvp.exe156⤵
-
\??\c:\dddvp.exec:\dddvp.exe157⤵
-
\??\c:\7rfrffx.exec:\7rfrffx.exe158⤵
-
\??\c:\nbnbtt.exec:\nbnbtt.exe159⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe160⤵
-
\??\c:\pdddv.exec:\pdddv.exe161⤵
-
\??\c:\3fllfxx.exec:\3fllfxx.exe162⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe163⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe164⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe165⤵
-
\??\c:\ffrlrfr.exec:\ffrlrfr.exe166⤵
-
\??\c:\bntnnb.exec:\bntnnb.exe167⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe168⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe169⤵
-
\??\c:\9flxrlx.exec:\9flxrlx.exe170⤵
-
\??\c:\nbntnt.exec:\nbntnt.exe171⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe172⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe173⤵
-
\??\c:\xrfflfl.exec:\xrfflfl.exe174⤵
-
\??\c:\btbttb.exec:\btbttb.exe175⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe176⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe177⤵
-
\??\c:\7rxrxxr.exec:\7rxrxxr.exe178⤵
-
\??\c:\tbtnth.exec:\tbtnth.exe179⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe180⤵
-
\??\c:\xxrrlxr.exec:\xxrrlxr.exe181⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe182⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe183⤵
-
\??\c:\9rxrlrr.exec:\9rxrlrr.exe184⤵
-
\??\c:\lrxxrxr.exec:\lrxxrxr.exe185⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe186⤵
-
\??\c:\7ddvp.exec:\7ddvp.exe187⤵
-
\??\c:\thnntt.exec:\thnntt.exe188⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe189⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe190⤵
-
\??\c:\3xxrffx.exec:\3xxrffx.exe191⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe192⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe193⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe194⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe195⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe196⤵
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe197⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe198⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe199⤵
-
\??\c:\9xxrrrx.exec:\9xxrrrx.exe200⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe201⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe202⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe203⤵
-
\??\c:\flrxrrl.exec:\flrxrrl.exe204⤵
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe205⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe206⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe207⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe208⤵
-
\??\c:\xrxfrrr.exec:\xrxfrrr.exe209⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe210⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe211⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe212⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe213⤵
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe214⤵
-
\??\c:\xrxxrll.exec:\xrxxrll.exe215⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe216⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe217⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe218⤵
-
\??\c:\lllfxxx.exec:\lllfxxx.exe219⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe220⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe221⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe222⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe223⤵
-
\??\c:\7xffffl.exec:\7xffffl.exe224⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe225⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe226⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe227⤵
-
\??\c:\lllfrlf.exec:\lllfrlf.exe228⤵
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe229⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe230⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe231⤵
-
\??\c:\frlffff.exec:\frlffff.exe232⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe233⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe234⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe235⤵
-
\??\c:\xfxrlll.exec:\xfxrlll.exe236⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe237⤵
-
\??\c:\5thbbb.exec:\5thbbb.exe238⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe239⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe240⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe241⤵