Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 05:23
General
-
Target
b81113e46cace4b5c006ce46ef2618d0_NeikiAnalytics.exe
-
Size
80KB
-
MD5
b81113e46cace4b5c006ce46ef2618d0
-
SHA1
803c1f679da1fa0d3f8389f9fc2a7f3d7add9519
-
SHA256
3a79969b89cf4c560a4a9d1937eb4ff7c904be80563a0ab526668e00d31f3ae4
-
SHA512
26a851e4f7361d5d84f326544845fc9743ab554b4cf2163f12d49ee11dce64b013724cdee1251d916892883462af2f5d75d6e0a41be3b2b08d1b9564c4285cf5
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5K:ymb3NkkiQ3mdBjFoLkmx/g8ZKzK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b81113e46cace4b5c006ce46ef2618d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b81113e46cace4b5c006ce46ef2618d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdj.exec:\vvvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflrrr.exec:\frflrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbh.exec:\tthbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlrx.exec:\xlfxlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtht.exec:\bbbtht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjv.exec:\pdvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxx.exec:\rfffxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnnh.exec:\htbnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhb.exec:\bbhhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrrl.exec:\fxrrrrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbb.exec:\nhbbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllfll.exec:\xlllfll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbtn.exec:\ntnbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlfrx.exec:\xfxlfrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxfrr.exec:\rlxxfrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhnnn.exec:\7bhnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djdv.exec:\7djdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffffff.exec:\lffffff.exe23⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe24⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe27⤵
- Executes dropped EXE
-
\??\c:\7hnbtn.exec:\7hnbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe29⤵
- Executes dropped EXE
-
\??\c:\7thbhn.exec:\7thbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrxllrf.exec:\xrxllrf.exe32⤵
- Executes dropped EXE
-
\??\c:\5nthnh.exec:\5nthnh.exe33⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe34⤵
- Executes dropped EXE
-
\??\c:\rflrflf.exec:\rflrflf.exe35⤵
- Executes dropped EXE
-
\??\c:\xflrlxf.exec:\xflrlxf.exe36⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe38⤵
- Executes dropped EXE
-
\??\c:\1xffxrl.exec:\1xffxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\tththt.exec:\tththt.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbhnh.exec:\tbbhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rffrrrr.exec:\rffrrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\7rfxrrr.exec:\7rfxrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\nnbhth.exec:\nnbhth.exe45⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ntnntn.exec:\ntnntn.exe48⤵
- Executes dropped EXE
-
\??\c:\1pvpj.exec:\1pvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\lrrrxrx.exec:\lrrrxrx.exe51⤵
- Executes dropped EXE
-
\??\c:\tbthbt.exec:\tbthbt.exe52⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe53⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\xffxllr.exec:\xffxllr.exe55⤵
- Executes dropped EXE
-
\??\c:\ththtt.exec:\ththtt.exe56⤵
- Executes dropped EXE
-
\??\c:\hhnnnb.exec:\hhnnnb.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lrlrxrf.exec:\lrlrxrf.exe59⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\btthtn.exec:\btthtn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfxlfx.exec:\fxfxlfx.exe64⤵
- Executes dropped EXE
-
\??\c:\3flxrlx.exec:\3flxrlx.exe65⤵
- Executes dropped EXE
-
\??\c:\hhtthb.exec:\hhtthb.exe66⤵
-
\??\c:\5pvdd.exec:\5pvdd.exe67⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe68⤵
-
\??\c:\ffflxxr.exec:\ffflxxr.exe69⤵
-
\??\c:\nnbthb.exec:\nnbthb.exe70⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe71⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe72⤵
-
\??\c:\fffxrll.exec:\fffxrll.exe73⤵
-
\??\c:\hhtnnt.exec:\hhtnnt.exe74⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe75⤵
-
\??\c:\pppdv.exec:\pppdv.exe76⤵
-
\??\c:\xflxrrr.exec:\xflxrrr.exe77⤵
-
\??\c:\rffrflx.exec:\rffrflx.exe78⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe79⤵
-
\??\c:\vppjv.exec:\vppjv.exe80⤵
-
\??\c:\1jpdp.exec:\1jpdp.exe81⤵
-
\??\c:\xrfflrl.exec:\xrfflrl.exe82⤵
-
\??\c:\nthtth.exec:\nthtth.exe83⤵
-
\??\c:\1jpdp.exec:\1jpdp.exe84⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe85⤵
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe86⤵
-
\??\c:\bhhnhb.exec:\bhhnhb.exe87⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe88⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe89⤵
-
\??\c:\hbtttn.exec:\hbtttn.exe90⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe91⤵
-
\??\c:\lfllxfl.exec:\lfllxfl.exe92⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe93⤵
-
\??\c:\7vpdj.exec:\7vpdj.exe94⤵
-
\??\c:\7llfrrl.exec:\7llfrrl.exe95⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe96⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe97⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe98⤵
-
\??\c:\llllxxf.exec:\llllxxf.exe99⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe100⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe101⤵
-
\??\c:\vppjd.exec:\vppjd.exe102⤵
-
\??\c:\1hhbtn.exec:\1hhbtn.exe103⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe104⤵
-
\??\c:\lfffxfx.exec:\lfffxfx.exe105⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe106⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe107⤵
-
\??\c:\jppjd.exec:\jppjd.exe108⤵
-
\??\c:\rfrrxll.exec:\rfrrxll.exe109⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe110⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe111⤵
-
\??\c:\dppdv.exec:\dppdv.exe112⤵
-
\??\c:\lflrrrl.exec:\lflrrrl.exe113⤵
-
\??\c:\xfrllrx.exec:\xfrllrx.exe114⤵
-
\??\c:\9ttbnn.exec:\9ttbnn.exe115⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe116⤵
-
\??\c:\fxfrlfx.exec:\fxfrlfx.exe117⤵
-
\??\c:\9hhbtt.exec:\9hhbtt.exe118⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe119⤵
-
\??\c:\5rfrllf.exec:\5rfrllf.exe120⤵
-
\??\c:\xllfrfx.exec:\xllfrfx.exe121⤵
-
\??\c:\htbbht.exec:\htbbht.exe122⤵
-
\??\c:\3djjj.exec:\3djjj.exe123⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe124⤵
-
\??\c:\rfxfffx.exec:\rfxfffx.exe125⤵
-
\??\c:\httnhh.exec:\httnhh.exe126⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe127⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe128⤵
-
\??\c:\xlllxlf.exec:\xlllxlf.exe129⤵
-
\??\c:\7rflflx.exec:\7rflflx.exe130⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe131⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe132⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe133⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe134⤵
-
\??\c:\tnhntn.exec:\tnhntn.exe135⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe136⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe137⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe138⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe139⤵
-
\??\c:\fxfxllr.exec:\fxfxllr.exe140⤵
-
\??\c:\tnhnbh.exec:\tnhnbh.exe141⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe142⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe143⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe144⤵
-
\??\c:\9fxrllr.exec:\9fxrllr.exe145⤵
-
\??\c:\bhhnhb.exec:\bhhnhb.exe146⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe147⤵
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe148⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe149⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe150⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe151⤵
-
\??\c:\rrfxrrl.exec:\rrfxrrl.exe152⤵
-
\??\c:\tnhthh.exec:\tnhthh.exe153⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe154⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe155⤵
-
\??\c:\rrxlxxr.exec:\rrxlxxr.exe156⤵
-
\??\c:\xxxrrxr.exec:\xxxrrxr.exe157⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe158⤵
-
\??\c:\9tttnn.exec:\9tttnn.exe159⤵
-
\??\c:\djdvv.exec:\djdvv.exe160⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe161⤵
-
\??\c:\tthnhh.exec:\tthnhh.exe162⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe163⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe164⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe165⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe166⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe167⤵
-
\??\c:\ddppj.exec:\ddppj.exe168⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe169⤵
-
\??\c:\bhttbh.exec:\bhttbh.exe170⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe171⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe172⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe173⤵
-
\??\c:\5vvjd.exec:\5vvjd.exe174⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe175⤵
-
\??\c:\fflflrl.exec:\fflflrl.exe176⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe177⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe178⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe179⤵
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe180⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe181⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe182⤵
-
\??\c:\rfffxxl.exec:\rfffxxl.exe183⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe184⤵
-
\??\c:\vdddd.exec:\vdddd.exe185⤵
-
\??\c:\frfffxx.exec:\frfffxx.exe186⤵
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe187⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe188⤵
-
\??\c:\djdpp.exec:\djdpp.exe189⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe190⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe191⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe192⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe193⤵
-
\??\c:\fxrlfff.exec:\fxrlfff.exe194⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe195⤵
-
\??\c:\bthtnt.exec:\bthtnt.exe196⤵
-
\??\c:\pddvp.exec:\pddvp.exe197⤵
-
\??\c:\jppvv.exec:\jppvv.exe198⤵
-
\??\c:\9lxxlff.exec:\9lxxlff.exe199⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe200⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe201⤵
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe202⤵
-
\??\c:\rlxrrlr.exec:\rlxrrlr.exe203⤵
-
\??\c:\bntbbb.exec:\bntbbb.exe204⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe205⤵
-
\??\c:\fxfflfx.exec:\fxfflfx.exe206⤵
-
\??\c:\bnhbbn.exec:\bnhbbn.exe207⤵
-
\??\c:\hbbbhn.exec:\hbbbhn.exe208⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe209⤵
-
\??\c:\ffrrxrx.exec:\ffrrxrx.exe210⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe211⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe212⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe213⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe214⤵
-
\??\c:\rxfffff.exec:\rxfffff.exe215⤵
-
\??\c:\thnhhn.exec:\thnhhn.exe216⤵
-
\??\c:\vppjv.exec:\vppjv.exe217⤵
-
\??\c:\xxlfrfl.exec:\xxlfrfl.exe218⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe219⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe220⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe221⤵
-
\??\c:\jdppp.exec:\jdppp.exe222⤵
-
\??\c:\1lfrrff.exec:\1lfrrff.exe223⤵
-
\??\c:\htttnt.exec:\htttnt.exe224⤵
-
\??\c:\tthtnb.exec:\tthtnb.exe225⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe226⤵
-
\??\c:\3lllllf.exec:\3lllllf.exe227⤵
-
\??\c:\1xxrfxr.exec:\1xxrfxr.exe228⤵
-
\??\c:\tnnbbn.exec:\tnnbbn.exe229⤵
-
\??\c:\1thnnb.exec:\1thnnb.exe230⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe231⤵
-
\??\c:\7xflrrl.exec:\7xflrrl.exe232⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe233⤵
-
\??\c:\1btnbn.exec:\1btnbn.exe234⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe235⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe236⤵
-
\??\c:\lxlxrxr.exec:\lxlxrxr.exe237⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe238⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe239⤵
-
\??\c:\vvpvv.exec:\vvpvv.exe240⤵
-
\??\c:\lrrfffl.exec:\lrrfffl.exe241⤵