Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 04:01
General
-
Target
a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe
-
Size
104KB
-
MD5
a76bb8dcd9ebab2e23f5b61957e01340
-
SHA1
6921794cc030afb738d92a706721051bc1920b7e
-
SHA256
35fbc3a397571ce1941140801b9a02d6104d1423640f88f1ced7421b0147b058
-
SHA512
dfcf6c49ed2e5a90b7823f985992c4880099d4f1a8c8b26dc0a1fc04235b09c3b802f9386405857b5bf8c6c4c499b2dd9506cb9e829153645752aa5c23ee2ea5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfnLnN3oW:ymb3NkkiQ3mdBjFo5KDe88g1fR88
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a76bb8dcd9ebab2e23f5b61957e01340_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxx.exec:\xllfxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbbb.exec:\bhbbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrffx.exec:\frxrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnn.exec:\nhnnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnhh.exec:\bbtnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrrx.exec:\rfrfrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhnn.exec:\bhnhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxxxf.exec:\xlfxxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlllll.exec:\rxlllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffll.exec:\rrfffll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthntt.exec:\nthntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlllf.exec:\rrrlllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbht.exec:\1bhbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffrf.exec:\lllffrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnnh.exec:\tbtnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe25⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe26⤵
- Executes dropped EXE
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\bnnnhh.exec:\bnnnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe29⤵
- Executes dropped EXE
-
\??\c:\7ppjv.exec:\7ppjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhnbb.exec:\nbhnbb.exe33⤵
- Executes dropped EXE
-
\??\c:\ppvdd.exec:\ppvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\lfrflxl.exec:\lfrflxl.exe35⤵
- Executes dropped EXE
-
\??\c:\9fxrffx.exec:\9fxrffx.exe36⤵
- Executes dropped EXE
-
\??\c:\5thbnn.exec:\5thbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\3xfxxxr.exec:\3xfxxxr.exe40⤵
- Executes dropped EXE
-
\??\c:\flffxrl.exec:\flffxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\nbhhbh.exec:\nbhhbh.exe42⤵
- Executes dropped EXE
-
\??\c:\ntbbnn.exec:\ntbbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxrffx.exec:\fxxrffx.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\7nttbb.exec:\7nttbb.exe46⤵
- Executes dropped EXE
-
\??\c:\thhbnh.exec:\thhbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe48⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\xffxlfl.exec:\xffxlfl.exe50⤵
- Executes dropped EXE
-
\??\c:\frfrlll.exec:\frfrlll.exe51⤵
- Executes dropped EXE
-
\??\c:\7thhbt.exec:\7thhbt.exe52⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\7xxrflf.exec:\7xxrflf.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfrrrr.exec:\rxfrrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe57⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe58⤵
- Executes dropped EXE
-
\??\c:\rrfflll.exec:\rrfflll.exe59⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhnht.exec:\hbhnht.exe61⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrfxxr.exec:\rrrfxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe66⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe67⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe68⤵
-
\??\c:\htnbtb.exec:\htnbtb.exe69⤵
-
\??\c:\jppjd.exec:\jppjd.exe70⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe71⤵
-
\??\c:\3xxrxxf.exec:\3xxrxxf.exe72⤵
-
\??\c:\hntbbb.exec:\hntbbb.exe73⤵
-
\??\c:\7jdvv.exec:\7jdvv.exe74⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe75⤵
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe76⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe77⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe78⤵
-
\??\c:\xxrrlrx.exec:\xxrrlrx.exe79⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe80⤵
-
\??\c:\bnbthn.exec:\bnbthn.exe81⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe82⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe83⤵
-
\??\c:\xfxxfff.exec:\xfxxfff.exe84⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe85⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe86⤵
-
\??\c:\djppd.exec:\djppd.exe87⤵
-
\??\c:\ppddd.exec:\ppddd.exe88⤵
-
\??\c:\9fxrxfx.exec:\9fxrxfx.exe89⤵
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe90⤵
-
\??\c:\btbtnt.exec:\btbtnt.exe91⤵
-
\??\c:\bttthh.exec:\bttthh.exe92⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe93⤵
-
\??\c:\fffrxlx.exec:\fffrxlx.exe94⤵
-
\??\c:\tbbhbb.exec:\tbbhbb.exe95⤵
-
\??\c:\bhbbbb.exec:\bhbbbb.exe96⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe97⤵
-
\??\c:\ffrlllf.exec:\ffrlllf.exe98⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe99⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe100⤵
-
\??\c:\vpddp.exec:\vpddp.exe101⤵
-
\??\c:\xrxfxxr.exec:\xrxfxxr.exe102⤵
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe103⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe104⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe105⤵
-
\??\c:\vdppp.exec:\vdppp.exe106⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe107⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe108⤵
-
\??\c:\djvpp.exec:\djvpp.exe109⤵
-
\??\c:\rllxrlf.exec:\rllxrlf.exe110⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe111⤵
-
\??\c:\5tnnhh.exec:\5tnnhh.exe112⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe113⤵
-
\??\c:\xrxrxlf.exec:\xrxrxlf.exe114⤵
-
\??\c:\xlrrffx.exec:\xlrrffx.exe115⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe116⤵
-
\??\c:\5btnnb.exec:\5btnnb.exe117⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe118⤵
-
\??\c:\9lrlffx.exec:\9lrlffx.exe119⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe120⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe121⤵
-
\??\c:\5fxrllf.exec:\5fxrllf.exe122⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe123⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe124⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe125⤵
-
\??\c:\lffxlxr.exec:\lffxlxr.exe126⤵
-
\??\c:\llfffll.exec:\llfffll.exe127⤵
-
\??\c:\httttn.exec:\httttn.exe128⤵
-
\??\c:\tntnbb.exec:\tntnbb.exe129⤵
-
\??\c:\xllfrlf.exec:\xllfrlf.exe130⤵
-
\??\c:\llxrxxr.exec:\llxrxxr.exe131⤵
-
\??\c:\1jjpv.exec:\1jjpv.exe132⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe133⤵
-
\??\c:\rlfxxrr.exec:\rlfxxrr.exe134⤵
-
\??\c:\5flrlfx.exec:\5flrlfx.exe135⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe136⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe137⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe138⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe139⤵
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe140⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe141⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe142⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe143⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe144⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe145⤵
-
\??\c:\xlllrrl.exec:\xlllrrl.exe146⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe147⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe148⤵
-
\??\c:\xxfxrlr.exec:\xxfxrlr.exe149⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe150⤵
-
\??\c:\dpppj.exec:\dpppj.exe151⤵
-
\??\c:\fxlxrrr.exec:\fxlxrrr.exe152⤵
-
\??\c:\nbnhnh.exec:\nbnhnh.exe153⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe154⤵
-
\??\c:\3vdvd.exec:\3vdvd.exe155⤵
-
\??\c:\lflfrrr.exec:\lflfrrr.exe156⤵
-
\??\c:\9flfffx.exec:\9flfffx.exe157⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe158⤵
-
\??\c:\5pddv.exec:\5pddv.exe159⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe160⤵
-
\??\c:\xfxrffx.exec:\xfxrffx.exe161⤵
-
\??\c:\7nhhhn.exec:\7nhhhn.exe162⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe163⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe164⤵
-
\??\c:\rlrlffl.exec:\rlrlffl.exe165⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe166⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe167⤵
-
\??\c:\pjddv.exec:\pjddv.exe168⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe169⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe170⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe171⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe172⤵
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe173⤵
-
\??\c:\rrxxxlr.exec:\rrxxxlr.exe174⤵
-
\??\c:\7hhbtt.exec:\7hhbtt.exe175⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe176⤵
-
\??\c:\dppjj.exec:\dppjj.exe177⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe178⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe179⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe180⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe181⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe182⤵
-
\??\c:\frffllx.exec:\frffllx.exe183⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe184⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe185⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe186⤵
-
\??\c:\1ffxllf.exec:\1ffxllf.exe187⤵
-
\??\c:\rfffxxr.exec:\rfffxxr.exe188⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe189⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe190⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe191⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe192⤵
-
\??\c:\xlfxrrf.exec:\xlfxrrf.exe193⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe194⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe195⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe196⤵
-
\??\c:\lllxrxr.exec:\lllxrxr.exe197⤵
-
\??\c:\rlllrlr.exec:\rlllrlr.exe198⤵
-
\??\c:\bnnnbn.exec:\bnnnbn.exe199⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe200⤵
-
\??\c:\jjppd.exec:\jjppd.exe201⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe202⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe203⤵
-
\??\c:\9htntt.exec:\9htntt.exe204⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe205⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe206⤵
-
\??\c:\rxxrxxf.exec:\rxxrxxf.exe207⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe208⤵
-
\??\c:\hbbbnt.exec:\hbbbnt.exe209⤵
-
\??\c:\7jppd.exec:\7jppd.exe210⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe211⤵
-
\??\c:\rfllffr.exec:\rfllffr.exe212⤵
-
\??\c:\htttnn.exec:\htttnn.exe213⤵
-
\??\c:\7hhhtt.exec:\7hhhtt.exe214⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe215⤵
-
\??\c:\jjppd.exec:\jjppd.exe216⤵
-
\??\c:\lrffxrl.exec:\lrffxrl.exe217⤵
-
\??\c:\rrflffx.exec:\rrflffx.exe218⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe219⤵
-
\??\c:\djpjv.exec:\djpjv.exe220⤵
-
\??\c:\djppj.exec:\djppj.exe221⤵
-
\??\c:\9llfrrl.exec:\9llfrrl.exe222⤵
-
\??\c:\7btntn.exec:\7btntn.exe223⤵
-
\??\c:\hbtthb.exec:\hbtthb.exe224⤵
-
\??\c:\pvppd.exec:\pvppd.exe225⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe226⤵
-
\??\c:\rlrlllr.exec:\rlrlllr.exe227⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe228⤵
-
\??\c:\nnbbtb.exec:\nnbbtb.exe229⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe230⤵
-
\??\c:\jjppd.exec:\jjppd.exe231⤵
-
\??\c:\fxflffr.exec:\fxflffr.exe232⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe233⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe234⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe235⤵
-
\??\c:\rrxxlrf.exec:\rrxxlrf.exe236⤵
-
\??\c:\xflxrlf.exec:\xflxrlf.exe237⤵
-
\??\c:\5hnnhh.exec:\5hnnhh.exe238⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe239⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe240⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe241⤵