Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 03:10
General
-
Target
9b80ac1ee16f657875d37d5fa186d160_NeikiAnalytics.exe
-
Size
128KB
-
MD5
9b80ac1ee16f657875d37d5fa186d160
-
SHA1
902ff5c0fdf372ca4e184ba2b88dc2ce3d836d83
-
SHA256
28100da958eba1071676042e3cbbe2af7320c2fcc772714ff4da79b3f54eb9b5
-
SHA512
e503c3028e29161a4bd419a804b84248a5a46d0b2bdba38685766158376a45a6ea7767b959d4bbf8cb54d26bae561222a0b580b131e74efc603ae7bd61b79c8b
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtd:n3C9BRW0j/uVEZFJvb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9b80ac1ee16f657875d37d5fa186d160_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9b80ac1ee16f657875d37d5fa186d160_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjj.exec:\vjpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnn.exec:\bttnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxflfxr.exec:\rxflfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhn.exec:\nhhhhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpvv.exec:\5dpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllf.exec:\rlllllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttb.exec:\nhtttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrrl.exec:\rffxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbtb.exec:\9nhbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrfffx.exec:\xfrfffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbht.exec:\nnbbht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbbb.exec:\bttbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjj.exec:\7ppjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrrr.exec:\llxrrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhb.exec:\tnhhhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe23⤵
- Executes dropped EXE
-
\??\c:\1rfrrxx.exec:\1rfrrxx.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhnnt.exec:\hhhnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\frxxllf.exec:\frxxllf.exe27⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\rrxfxfl.exec:\rrxfxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnntb.exec:\nnnntb.exe31⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe33⤵
- Executes dropped EXE
-
\??\c:\lrffrlr.exec:\lrffrlr.exe34⤵
- Executes dropped EXE
-
\??\c:\9tbtnh.exec:\9tbtnh.exe35⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe36⤵
- Executes dropped EXE
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\frxxrxr.exec:\frxxrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\bhttbt.exec:\bhttbt.exe39⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe40⤵
- Executes dropped EXE
-
\??\c:\1rrllxr.exec:\1rrllxr.exe41⤵
-
\??\c:\flxrlrl.exec:\flxrlrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhtbh.exec:\hbhtbh.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxxllf.exec:\lfxxllf.exe45⤵
- Executes dropped EXE
-
\??\c:\hhntbn.exec:\hhntbn.exe46⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxlrlf.exec:\xlxlrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe50⤵
- Executes dropped EXE
-
\??\c:\tttnhb.exec:\tttnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhth.exec:\tnnhth.exe53⤵
- Executes dropped EXE
-
\??\c:\3tntnt.exec:\3tntnt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxrllx.exec:\fxxrllx.exe57⤵
- Executes dropped EXE
-
\??\c:\9tttnn.exec:\9tttnn.exe58⤵
- Executes dropped EXE
-
\??\c:\bnbbnh.exec:\bnbbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe62⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe63⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe65⤵
- Executes dropped EXE
-
\??\c:\xfxxxxr.exec:\xfxxxxr.exe66⤵
- Executes dropped EXE
-
\??\c:\ffrrflx.exec:\ffrrflx.exe67⤵
-
\??\c:\hnbbnn.exec:\hnbbnn.exe68⤵
-
\??\c:\dppjd.exec:\dppjd.exe69⤵
-
\??\c:\flrllll.exec:\flrllll.exe70⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe71⤵
-
\??\c:\5vppj.exec:\5vppj.exe72⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe73⤵
-
\??\c:\rllllrr.exec:\rllllrr.exe74⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe75⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe76⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe77⤵
-
\??\c:\lllfflf.exec:\lllfflf.exe78⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe79⤵
-
\??\c:\xxxrflf.exec:\xxxrflf.exe80⤵
-
\??\c:\xlrllrx.exec:\xlrllrx.exe81⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe82⤵
-
\??\c:\ffxfllr.exec:\ffxfllr.exe83⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe84⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe85⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe86⤵
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe87⤵
-
\??\c:\btbttt.exec:\btbttt.exe88⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe89⤵
-
\??\c:\vvppj.exec:\vvppj.exe90⤵
-
\??\c:\fxllllx.exec:\fxllllx.exe91⤵
-
\??\c:\3tbbbh.exec:\3tbbbh.exe92⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe93⤵
-
\??\c:\lxrxlxl.exec:\lxrxlxl.exe94⤵
-
\??\c:\lfflxrx.exec:\lfflxrx.exe95⤵
-
\??\c:\bhhbbn.exec:\bhhbbn.exe96⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe97⤵
-
\??\c:\9pvpv.exec:\9pvpv.exe98⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe99⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe100⤵
-
\??\c:\3btnnn.exec:\3btnnn.exe101⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe102⤵
-
\??\c:\jppvp.exec:\jppvp.exe103⤵
-
\??\c:\lflfxff.exec:\lflfxff.exe104⤵
-
\??\c:\tntnhn.exec:\tntnhn.exe105⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe106⤵
-
\??\c:\bbbnnt.exec:\bbbnnt.exe107⤵
-
\??\c:\httnnn.exec:\httnnn.exe108⤵
-
\??\c:\jddvd.exec:\jddvd.exe109⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe110⤵
-
\??\c:\bbnhht.exec:\bbnhht.exe111⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe112⤵
-
\??\c:\rffxrrf.exec:\rffxrrf.exe113⤵
-
\??\c:\xxllrxx.exec:\xxllrxx.exe114⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe115⤵
-
\??\c:\djpvv.exec:\djpvv.exe116⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe117⤵
-
\??\c:\rlxlflf.exec:\rlxlflf.exe118⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe119⤵
-
\??\c:\hhnbhn.exec:\hhnbhn.exe120⤵
-
\??\c:\vdpvj.exec:\vdpvj.exe121⤵
-
\??\c:\xlrrlrr.exec:\xlrrlrr.exe122⤵
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe123⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe124⤵
-
\??\c:\djppd.exec:\djppd.exe125⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe126⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe127⤵
-
\??\c:\1tbbbh.exec:\1tbbbh.exe128⤵
-
\??\c:\9nttnt.exec:\9nttnt.exe129⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe130⤵
-
\??\c:\xffllrr.exec:\xffllrr.exe131⤵
-
\??\c:\xffxlrf.exec:\xffxlrf.exe132⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe133⤵
-
\??\c:\1btthb.exec:\1btthb.exe134⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe135⤵
-
\??\c:\rxflrrl.exec:\rxflrrl.exe136⤵
-
\??\c:\rxlxfrx.exec:\rxlxfrx.exe137⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe138⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe139⤵
-
\??\c:\3vddp.exec:\3vddp.exe140⤵
-
\??\c:\lflfxll.exec:\lflfxll.exe141⤵
-
\??\c:\rrfrfxl.exec:\rrfrfxl.exe142⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe143⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe144⤵
-
\??\c:\xrlfrxf.exec:\xrlfrxf.exe145⤵
-
\??\c:\1rxrlrx.exec:\1rxrlrx.exe146⤵
-
\??\c:\tthnnn.exec:\tthnnn.exe147⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe148⤵
-
\??\c:\9vddv.exec:\9vddv.exe149⤵
-
\??\c:\xrlfrxl.exec:\xrlfrxl.exe150⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe151⤵
-
\??\c:\hnhtbb.exec:\hnhtbb.exe152⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe153⤵
-
\??\c:\rrrrffl.exec:\rrrrffl.exe154⤵
-
\??\c:\7rfxlll.exec:\7rfxlll.exe155⤵
-
\??\c:\bbbnbn.exec:\bbbnbn.exe156⤵
-
\??\c:\3vddv.exec:\3vddv.exe157⤵
-
\??\c:\jppvv.exec:\jppvv.exe158⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe159⤵
-
\??\c:\7fxxxxx.exec:\7fxxxxx.exe160⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe161⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe162⤵
-
\??\c:\5dddd.exec:\5dddd.exe163⤵
-
\??\c:\5jppv.exec:\5jppv.exe164⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe165⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe166⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe167⤵
-
\??\c:\rxrlxxx.exec:\rxrlxxx.exe168⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe169⤵
-
\??\c:\bhntnb.exec:\bhntnb.exe170⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe171⤵
-
\??\c:\jddjj.exec:\jddjj.exe172⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe173⤵
-
\??\c:\9xfxxxl.exec:\9xfxxxl.exe174⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe175⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe176⤵
-
\??\c:\frrrrff.exec:\frrrrff.exe177⤵
-
\??\c:\rfrlllf.exec:\rfrlllf.exe178⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe179⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe180⤵
-
\??\c:\pdppv.exec:\pdppv.exe181⤵
-
\??\c:\rflffff.exec:\rflffff.exe182⤵
-
\??\c:\frllrrf.exec:\frllrrf.exe183⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe184⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe185⤵
-
\??\c:\frrrrrl.exec:\frrrrrl.exe186⤵
-
\??\c:\nntttt.exec:\nntttt.exe187⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe188⤵
-
\??\c:\flxxfff.exec:\flxxfff.exe189⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe190⤵
-
\??\c:\dpddd.exec:\dpddd.exe191⤵
-
\??\c:\ttnthn.exec:\ttnthn.exe192⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe193⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe194⤵
-
\??\c:\jddvv.exec:\jddvv.exe195⤵
-
\??\c:\1ffxllf.exec:\1ffxllf.exe196⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe197⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe198⤵
-
\??\c:\htttnn.exec:\htttnn.exe199⤵
-
\??\c:\djpjj.exec:\djpjj.exe200⤵
-
\??\c:\vjppp.exec:\vjppp.exe201⤵
-
\??\c:\9rxxxxx.exec:\9rxxxxx.exe202⤵
-
\??\c:\lfrlrrl.exec:\lfrlrrl.exe203⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe204⤵
-
\??\c:\nbhhtb.exec:\nbhhtb.exe205⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe206⤵
-
\??\c:\9dppj.exec:\9dppj.exe207⤵
-
\??\c:\5rrlrxr.exec:\5rrlrxr.exe208⤵
-
\??\c:\flxxxxx.exec:\flxxxxx.exe209⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe210⤵
-
\??\c:\tbnnhh.exec:\tbnnhh.exe211⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe212⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe213⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe214⤵
-
\??\c:\rrrxrll.exec:\rrrxrll.exe215⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe216⤵
-
\??\c:\3hbbbh.exec:\3hbbbh.exe217⤵
-
\??\c:\vpppj.exec:\vpppj.exe218⤵
-
\??\c:\jjppj.exec:\jjppj.exe219⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe220⤵
-
\??\c:\frrllll.exec:\frrllll.exe221⤵
-
\??\c:\ttbhbb.exec:\ttbhbb.exe222⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe223⤵
-
\??\c:\jdddv.exec:\jdddv.exe224⤵
-
\??\c:\fffxxrr.exec:\fffxxrr.exe225⤵
-
\??\c:\ffffxfx.exec:\ffffxfx.exe226⤵
-
\??\c:\bhhhtb.exec:\bhhhtb.exe227⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe228⤵
-
\??\c:\3djpj.exec:\3djpj.exe229⤵
-
\??\c:\1jppj.exec:\1jppj.exe230⤵
-
\??\c:\xfrxxlf.exec:\xfrxxlf.exe231⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe232⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe233⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe234⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe235⤵
-
\??\c:\lflfxlf.exec:\lflfxlf.exe236⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe237⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe238⤵
-
\??\c:\tttttt.exec:\tttttt.exe239⤵
-
\??\c:\7pppd.exec:\7pppd.exe240⤵
-
\??\c:\3jpdv.exec:\3jpdv.exe241⤵