Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:27
General
-
Target
ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe
-
Size
68KB
-
MD5
ac39b289bc71770f5d7242c48f8dbb70
-
SHA1
b4c166e5426a153ba2f93aa86274c62e43915fe7
-
SHA256
1f76c0949280ad24a805d3631e3b521857e992b87218a234862b9e6976298f79
-
SHA512
99fcbcf24c77e66998a2dfdc4212b8d05571df9cf811531608510f2fc51a5954d06c3caccc5baf65cd977cd810f011c29855f80eff3cb651d98524d9f16e2991
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk358nLA89+b:ymb3NkkiQ3mdBjFIvl358nLA89K
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ac39b289bc71770f5d7242c48f8dbb70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvv.exec:\vddvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxrf.exec:\rfrrxrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbntn.exec:\thbntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlffxx.exec:\9rlffxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrlfx.exec:\rxlrlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhb.exec:\bhtnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntht.exec:\nnntht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhnn.exec:\bbnhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddd.exec:\jjddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrf.exec:\rlxflrf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhtbt.exec:\hbhtbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfffr.exec:\lxlfffr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtt.exec:\htbbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthn.exec:\nhtthn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe24⤵
- Executes dropped EXE
-
\??\c:\llffrxr.exec:\llffrxr.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\pvpdd.exec:\pvpdd.exe28⤵
- Executes dropped EXE
-
\??\c:\xfrrffl.exec:\xfrrffl.exe29⤵
- Executes dropped EXE
-
\??\c:\tbbtnn.exec:\tbbtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe31⤵
- Executes dropped EXE
-
\??\c:\7pvpd.exec:\7pvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxrfff.exec:\xrxrfff.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhbbt.exec:\bnhbbt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\lffflfr.exec:\lffflfr.exe38⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe40⤵
- Executes dropped EXE
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\3lxrxxf.exec:\3lxrxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\htbhhb.exec:\htbhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe44⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe45⤵
- Executes dropped EXE
-
\??\c:\lrrxlxl.exec:\lrrxlxl.exe46⤵
- Executes dropped EXE
-
\??\c:\rxxrxlr.exec:\rxxrxlr.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbbbt.exec:\bnbbbt.exe48⤵
- Executes dropped EXE
-
\??\c:\9pvpj.exec:\9pvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\3dpdv.exec:\3dpdv.exe50⤵
- Executes dropped EXE
-
\??\c:\3lrxrrr.exec:\3lrxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnbb.exec:\nnnnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrxlff.exec:\lfrxlff.exe53⤵
- Executes dropped EXE
-
\??\c:\frrfxxx.exec:\frrfxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\bhhtht.exec:\bhhtht.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe56⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe58⤵
- Executes dropped EXE
-
\??\c:\9flxxxr.exec:\9flxxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\hhntbh.exec:\hhntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\bthttt.exec:\bthttt.exe61⤵
- Executes dropped EXE
-
\??\c:\7dpjp.exec:\7dpjp.exe62⤵
- Executes dropped EXE
-
\??\c:\rllxrxl.exec:\rllxrxl.exe63⤵
- Executes dropped EXE
-
\??\c:\frlffff.exec:\frlffff.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnhhb.exec:\ntnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe66⤵
-
\??\c:\rrrlfxl.exec:\rrrlfxl.exe67⤵
-
\??\c:\lfxlffl.exec:\lfxlffl.exe68⤵
-
\??\c:\9bhnhh.exec:\9bhnhh.exe69⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe70⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe71⤵
-
\??\c:\rfrlxrx.exec:\rfrlxrx.exe72⤵
-
\??\c:\hnntnb.exec:\hnntnb.exe73⤵
-
\??\c:\7hhnhh.exec:\7hhnhh.exe74⤵
-
\??\c:\1pvpv.exec:\1pvpv.exe75⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe76⤵
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe77⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe78⤵
-
\??\c:\5lrrrxr.exec:\5lrrrxr.exe79⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe80⤵
-
\??\c:\bnhtht.exec:\bnhtht.exe81⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe82⤵
-
\??\c:\7pvjd.exec:\7pvjd.exe83⤵
-
\??\c:\7lfxrlx.exec:\7lfxrlx.exe84⤵
-
\??\c:\xrlffrl.exec:\xrlffrl.exe85⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe86⤵
-
\??\c:\1ppjj.exec:\1ppjj.exe87⤵
-
\??\c:\frllxrr.exec:\frllxrr.exe88⤵
-
\??\c:\tnnbhb.exec:\tnnbhb.exe89⤵
-
\??\c:\bnhhbn.exec:\bnhhbn.exe90⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe91⤵
-
\??\c:\lllrlll.exec:\lllrlll.exe92⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe93⤵
-
\??\c:\9nhhhh.exec:\9nhhhh.exe94⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe95⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe96⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe97⤵
-
\??\c:\fxxrlff.exec:\fxxrlff.exe98⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe99⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe100⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe101⤵
-
\??\c:\ppppj.exec:\ppppj.exe102⤵
-
\??\c:\pddvp.exec:\pddvp.exe103⤵
-
\??\c:\lrfrrfx.exec:\lrfrrfx.exe104⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe105⤵
-
\??\c:\5btnbb.exec:\5btnbb.exe106⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe107⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe108⤵
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe109⤵
-
\??\c:\3rrlfxr.exec:\3rrlfxr.exe110⤵
-
\??\c:\hnttnh.exec:\hnttnh.exe111⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe112⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe113⤵
-
\??\c:\rlrlrlf.exec:\rlrlrlf.exe114⤵
-
\??\c:\ffffrrl.exec:\ffffrrl.exe115⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe116⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe117⤵
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe118⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe119⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe120⤵
-
\??\c:\lflxxxf.exec:\lflxxxf.exe121⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe122⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe123⤵
-
\??\c:\fllrffr.exec:\fllrffr.exe124⤵
-
\??\c:\fflllll.exec:\fflllll.exe125⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe126⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe127⤵
-
\??\c:\ddppj.exec:\ddppj.exe128⤵
-
\??\c:\xrlrrff.exec:\xrlrrff.exe129⤵
-
\??\c:\lrxxxff.exec:\lrxxxff.exe130⤵
-
\??\c:\tbttnt.exec:\tbttnt.exe131⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe132⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe133⤵
-
\??\c:\1dddv.exec:\1dddv.exe134⤵
-
\??\c:\rflfxxr.exec:\rflfxxr.exe135⤵
-
\??\c:\rflfxfr.exec:\rflfxfr.exe136⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe137⤵
-
\??\c:\hnbhhn.exec:\hnbhhn.exe138⤵
-
\??\c:\rllxxxr.exec:\rllxxxr.exe139⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe140⤵
-
\??\c:\htbttb.exec:\htbttb.exe141⤵
-
\??\c:\3vpvj.exec:\3vpvj.exe142⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe143⤵
-
\??\c:\xrlrrrr.exec:\xrlrrrr.exe144⤵
-
\??\c:\thhthh.exec:\thhthh.exe145⤵
-
\??\c:\pvjdp.exec:\pvjdp.exe146⤵
-
\??\c:\xxlllrr.exec:\xxlllrr.exe147⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe148⤵
-
\??\c:\nbbhht.exec:\nbbhht.exe149⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe150⤵
-
\??\c:\lxxxxll.exec:\lxxxxll.exe151⤵
-
\??\c:\5frrxff.exec:\5frrxff.exe152⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe153⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe154⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe155⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe156⤵
-
\??\c:\thhnhb.exec:\thhnhb.exe157⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe158⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe159⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe160⤵
-
\??\c:\vppjj.exec:\vppjj.exe161⤵
-
\??\c:\5fffxxx.exec:\5fffxxx.exe162⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe163⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe164⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe165⤵
-
\??\c:\llllxlx.exec:\llllxlx.exe166⤵
-
\??\c:\fxlfxlf.exec:\fxlfxlf.exe167⤵
-
\??\c:\ntnbnn.exec:\ntnbnn.exe168⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe169⤵
-
\??\c:\llxrxxf.exec:\llxrxxf.exe170⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe171⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe172⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe173⤵
-
\??\c:\xrrxxfl.exec:\xrrxxfl.exe174⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe175⤵
-
\??\c:\xrxxxll.exec:\xrxxxll.exe176⤵
-
\??\c:\hntttb.exec:\hntttb.exe177⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe178⤵
-
\??\c:\xflrrfx.exec:\xflrrfx.exe179⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe180⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe181⤵
-
\??\c:\9xfffxx.exec:\9xfffxx.exe182⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe183⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe184⤵
-
\??\c:\xfxrxlf.exec:\xfxrxlf.exe185⤵
-
\??\c:\ffrllrx.exec:\ffrllrx.exe186⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe187⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe188⤵
-
\??\c:\5lrrrrr.exec:\5lrrrrr.exe189⤵
-
\??\c:\7ntttt.exec:\7ntttt.exe190⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe191⤵
-
\??\c:\5lfrlrx.exec:\5lfrlrx.exe192⤵
-
\??\c:\thbnnb.exec:\thbnnb.exe193⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe194⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe195⤵
-
\??\c:\vddvp.exec:\vddvp.exe196⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe197⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe198⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe199⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe200⤵
-
\??\c:\ffrrfll.exec:\ffrrfll.exe201⤵
-
\??\c:\hthnnt.exec:\hthnnt.exe202⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe203⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe204⤵
-
\??\c:\5llfxxr.exec:\5llfxxr.exe205⤵
-
\??\c:\xllffrr.exec:\xllffrr.exe206⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe207⤵
-
\??\c:\7thhbh.exec:\7thhbh.exe208⤵
-
\??\c:\djpjj.exec:\djpjj.exe209⤵
-
\??\c:\fffxxxr.exec:\fffxxxr.exe210⤵
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe211⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe212⤵
-
\??\c:\bhnhht.exec:\bhnhht.exe213⤵
-
\??\c:\jvddd.exec:\jvddd.exe214⤵
-
\??\c:\vjdjd.exec:\vjdjd.exe215⤵
-
\??\c:\lxlxxrl.exec:\lxlxxrl.exe216⤵
-
\??\c:\pddvj.exec:\pddvj.exe217⤵
-
\??\c:\9vddd.exec:\9vddd.exe218⤵
-
\??\c:\xrllfll.exec:\xrllfll.exe219⤵
-
\??\c:\rrxxlrl.exec:\rrxxlrl.exe220⤵
-
\??\c:\hbhtth.exec:\hbhtth.exe221⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe222⤵
-
\??\c:\lxlxllx.exec:\lxlxllx.exe223⤵
-
\??\c:\rllrrrr.exec:\rllrrrr.exe224⤵
-
\??\c:\llxflrx.exec:\llxflrx.exe225⤵
-
\??\c:\tbhtth.exec:\tbhtth.exe226⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe227⤵
-
\??\c:\lllflrx.exec:\lllflrx.exe228⤵
-
\??\c:\flrlrxl.exec:\flrlrxl.exe229⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe230⤵
-
\??\c:\jpddv.exec:\jpddv.exe231⤵
-
\??\c:\rxfxlrl.exec:\rxfxlrl.exe232⤵
-
\??\c:\rffrrrf.exec:\rffrrrf.exe233⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe234⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe235⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe236⤵
-
\??\c:\1rrrlfx.exec:\1rrrlfx.exe237⤵
-
\??\c:\tthhhb.exec:\tthhhb.exe238⤵
-
\??\c:\hnthnt.exec:\hnthnt.exe239⤵
-
\??\c:\djppp.exec:\djppp.exe240⤵
-
\??\c:\7xfffll.exec:\7xfffll.exe241⤵