Analysis
-
max time kernel
149s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 03:40
General
-
Target
a2f4f30724980a991baba514ed4dc070_NeikiAnalytics.exe
-
Size
55KB
-
MD5
a2f4f30724980a991baba514ed4dc070
-
SHA1
c863008a7618a70cd804206ba7a878ade93f6538
-
SHA256
f9190dff267e2a225fe14ad407e1f78c587f04e24cdc8a481c043e6db2c6ad00
-
SHA512
7ddb43a9526f5a6292c8539a2924e2bfa5f025c943355d5cf34530307198fefb6b6f7d775d34d41690f170345cb7053b4ef2cb9b5831ce900953f69075d16f60
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bd:ymb3NkkiQ3mdBjFIb6tZNd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2f4f30724980a991baba514ed4dc070_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2f4f30724980a991baba514ed4dc070_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlll.exec:\fxxrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbnn.exec:\btbbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddd.exec:\dpddd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtt.exec:\nbbbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbh.exec:\nbbnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtthh.exec:\tbtthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfllxl.exec:\lrfllxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbtt.exec:\ttbbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnhn.exec:\thtnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrrxr.exec:\rxrrrxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnt.exec:\hhttnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhbh.exec:\1nhhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\xrxffrl.exec:\xrxffrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ntthbt.exec:\ntthbt.exe27⤵
- Executes dropped EXE
-
\??\c:\hhnhbb.exec:\hhnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\rxllxxx.exec:\rxllxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\frxxxfx.exec:\frxxxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\nnnnnb.exec:\nnnnnb.exe33⤵
- Executes dropped EXE
-
\??\c:\httthn.exec:\httthn.exe34⤵
- Executes dropped EXE
-
\??\c:\1jjdp.exec:\1jjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\9lrllll.exec:\9lrllll.exe36⤵
- Executes dropped EXE
-
\??\c:\rffxrrl.exec:\rffxrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\thbtht.exec:\thbtht.exe38⤵
- Executes dropped EXE
-
\??\c:\vdpvp.exec:\vdpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\ffxxlll.exec:\ffxxlll.exe40⤵
- Executes dropped EXE
-
\??\c:\htnbht.exec:\htnbht.exe41⤵
- Executes dropped EXE
-
\??\c:\9ppjj.exec:\9ppjj.exe42⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\7dvpd.exec:\7dvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\llrffxl.exec:\llrffxl.exe47⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\fxrflfx.exec:\fxrflfx.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnbbb.exec:\ttnbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\rlllrrf.exec:\rlllrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\hhtbth.exec:\hhtbth.exe55⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe56⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxfxlll.exec:\fxfxlll.exe58⤵
- Executes dropped EXE
-
\??\c:\tbhbtb.exec:\tbhbtb.exe59⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe60⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\lllrfrl.exec:\lllrfrl.exe62⤵
- Executes dropped EXE
-
\??\c:\9nnnbb.exec:\9nnnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe64⤵
- Executes dropped EXE
-
\??\c:\1frlfrr.exec:\1frlfrr.exe65⤵
- Executes dropped EXE
-
\??\c:\xfffffx.exec:\xfffffx.exe66⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe67⤵
-
\??\c:\jddvv.exec:\jddvv.exe68⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe69⤵
-
\??\c:\xlxrflf.exec:\xlxrflf.exe70⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe71⤵
-
\??\c:\vvppp.exec:\vvppp.exe72⤵
-
\??\c:\jpvdv.exec:\jpvdv.exe73⤵
-
\??\c:\xrrlxxf.exec:\xrrlxxf.exe74⤵
-
\??\c:\hbbhbb.exec:\hbbhbb.exe75⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe76⤵
-
\??\c:\rlrfxrx.exec:\rlrfxrx.exe77⤵
-
\??\c:\fffffrl.exec:\fffffrl.exe78⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe79⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe80⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe81⤵
-
\??\c:\xlrlffl.exec:\xlrlffl.exe82⤵
-
\??\c:\1xrrllf.exec:\1xrrllf.exe83⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe84⤵
-
\??\c:\9hhbnn.exec:\9hhbnn.exe85⤵
-
\??\c:\vppjd.exec:\vppjd.exe86⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe87⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe88⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe89⤵
-
\??\c:\ddppj.exec:\ddppj.exe90⤵
-
\??\c:\rfrlfrl.exec:\rfrlfrl.exe91⤵
-
\??\c:\frxrrrr.exec:\frxrrrr.exe92⤵
-
\??\c:\tttttt.exec:\tttttt.exe93⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe94⤵
-
\??\c:\djppd.exec:\djppd.exe95⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe96⤵
-
\??\c:\xlxrfxf.exec:\xlxrfxf.exe97⤵
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe98⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe99⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe100⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe101⤵
-
\??\c:\9rllfff.exec:\9rllfff.exe102⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe103⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe104⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe105⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe106⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe107⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe108⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe109⤵
-
\??\c:\xflffxl.exec:\xflffxl.exe110⤵
-
\??\c:\tbnhbh.exec:\tbnhbh.exe111⤵
-
\??\c:\tnbbtn.exec:\tnbbtn.exe112⤵
-
\??\c:\3vpdv.exec:\3vpdv.exe113⤵
-
\??\c:\1flfxxr.exec:\1flfxxr.exe114⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe115⤵
-
\??\c:\3nnttt.exec:\3nnttt.exe116⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe117⤵
-
\??\c:\7rlfllr.exec:\7rlfllr.exe118⤵
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe119⤵
-
\??\c:\hhhbbb.exec:\hhhbbb.exe120⤵
-
\??\c:\5vdvj.exec:\5vdvj.exe121⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe122⤵
-
\??\c:\5rxrrxr.exec:\5rxrrxr.exe123⤵
-
\??\c:\5ntnhn.exec:\5ntnhn.exe124⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe125⤵
-
\??\c:\vvddj.exec:\vvddj.exe126⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe127⤵
-
\??\c:\3rxllxr.exec:\3rxllxr.exe128⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe129⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe130⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe131⤵
-
\??\c:\flxrxxr.exec:\flxrxxr.exe132⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe133⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe134⤵
-
\??\c:\rfxfxxf.exec:\rfxfxxf.exe135⤵
-
\??\c:\rffxxrl.exec:\rffxxrl.exe136⤵
-
\??\c:\5ttbbh.exec:\5ttbbh.exe137⤵
-
\??\c:\pjddv.exec:\pjddv.exe138⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe139⤵
-
\??\c:\xffffff.exec:\xffffff.exe140⤵
-
\??\c:\nbhbtb.exec:\nbhbtb.exe141⤵
-
\??\c:\jjddv.exec:\jjddv.exe142⤵
-
\??\c:\rllrrff.exec:\rllrrff.exe143⤵
-
\??\c:\vppjd.exec:\vppjd.exe144⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe145⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe146⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe147⤵
-
\??\c:\9tnhhn.exec:\9tnhhn.exe148⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe149⤵
-
\??\c:\1lffxrl.exec:\1lffxrl.exe150⤵
-
\??\c:\9vppv.exec:\9vppv.exe151⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe152⤵
-
\??\c:\httnhn.exec:\httnhn.exe153⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe154⤵
-
\??\c:\pjddp.exec:\pjddp.exe155⤵
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe156⤵
-
\??\c:\3lxxxrr.exec:\3lxxxrr.exe157⤵
-
\??\c:\httttn.exec:\httttn.exe158⤵
-
\??\c:\pppjd.exec:\pppjd.exe159⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe160⤵
-
\??\c:\rllfrlx.exec:\rllfrlx.exe161⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe162⤵
-
\??\c:\1hnhbb.exec:\1hnhbb.exe163⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe164⤵
-
\??\c:\jddvj.exec:\jddvj.exe165⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe166⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe167⤵
-
\??\c:\tntntt.exec:\tntntt.exe168⤵
-
\??\c:\5ppjd.exec:\5ppjd.exe169⤵
-
\??\c:\ffllllx.exec:\ffllllx.exe170⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe171⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe172⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe173⤵
-
\??\c:\5lxrfrr.exec:\5lxrfrr.exe174⤵
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe175⤵
-
\??\c:\nbtnbb.exec:\nbtnbb.exe176⤵
-
\??\c:\djppd.exec:\djppd.exe177⤵
-
\??\c:\xrffxff.exec:\xrffxff.exe178⤵
-
\??\c:\rlfrrrl.exec:\rlfrrrl.exe179⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe180⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe181⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe182⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe183⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe184⤵
-
\??\c:\djjjd.exec:\djjjd.exe185⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe186⤵
-
\??\c:\7lrrlff.exec:\7lrrlff.exe187⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe188⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe189⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe190⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe191⤵
-
\??\c:\5ntbth.exec:\5ntbth.exe192⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe193⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe194⤵
-
\??\c:\lrlrflr.exec:\lrlrflr.exe195⤵
-
\??\c:\tbttnh.exec:\tbttnh.exe196⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe197⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe198⤵
-
\??\c:\9flxxxf.exec:\9flxxxf.exe199⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe200⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe201⤵
-
\??\c:\llrrllr.exec:\llrrllr.exe202⤵
-
\??\c:\fflfxxf.exec:\fflfxxf.exe203⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe204⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe205⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe206⤵
-
\??\c:\3hhbnh.exec:\3hhbnh.exe207⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe208⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe209⤵
-
\??\c:\frfffrx.exec:\frfffrx.exe210⤵
-
\??\c:\ntbbtn.exec:\ntbbtn.exe211⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe212⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe213⤵
-
\??\c:\lflflfl.exec:\lflflfl.exe214⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe215⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe216⤵
-
\??\c:\3vpjv.exec:\3vpjv.exe217⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe218⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe219⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe220⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe221⤵
-
\??\c:\tntbbt.exec:\tntbbt.exe222⤵
-
\??\c:\hbnntn.exec:\hbnntn.exe223⤵
-
\??\c:\fflfrlx.exec:\fflfrlx.exe224⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe225⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe226⤵
-
\??\c:\lrlfrfr.exec:\lrlfrfr.exe227⤵
-
\??\c:\nttnhb.exec:\nttnhb.exe228⤵
-
\??\c:\tntntt.exec:\tntntt.exe229⤵
-
\??\c:\dddjp.exec:\dddjp.exe230⤵
-
\??\c:\lfxlfff.exec:\lfxlfff.exe231⤵
-
\??\c:\htntbn.exec:\htntbn.exe232⤵
-
\??\c:\jpppp.exec:\jpppp.exe233⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe234⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe235⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe236⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe237⤵
-
\??\c:\lrfxlrl.exec:\lrfxlrl.exe238⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe239⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe240⤵
-
\??\c:\jjppp.exec:\jjppp.exe241⤵