Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 10:11
General
-
Target
e50c2ae097fd2a808fbc3a0d559b2020_NeikiAnalytics.exe
-
Size
99KB
-
MD5
e50c2ae097fd2a808fbc3a0d559b2020
-
SHA1
d4a12df09db7465bf810e0954395e7b05142da16
-
SHA256
cbf3c8473c0750fa44fe095059509bb6fc1965dd5ecb5ec24b559869578dc955
-
SHA512
6bc0c6ed817a28d927c834dcaaaa327059d3830d312c475aa0d31ca44d2856bc6e2944a4485277352613f5f117c439ce3bfb88b9a7e4a1e0bdde37570ebcabbc
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHq/4wcD:n3C9BRo7tvnJ99T/KZE/8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e50c2ae097fd2a808fbc3a0d559b2020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e50c2ae097fd2a808fbc3a0d559b2020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnn.exec:\httbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthtbb.exec:\tthtbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrrr.exec:\xrfxrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbb.exec:\btbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrlff.exec:\7fxrlff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbthb.exec:\9tbthb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fllrlr.exec:\3fllrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlllf.exec:\frrlllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnn.exec:\hnnnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvp.exec:\jddvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djjj.exec:\1djjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlrr.exec:\rxrrlrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhtn.exec:\nnnhtn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnhhh.exec:\3hnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjj.exec:\jpjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlrl.exec:\fxrrlrl.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlrxlf.exec:\xxlrxlf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\fxlllrl.exec:\fxlllrl.exe28⤵
- Executes dropped EXE
-
\??\c:\3lllffx.exec:\3lllffx.exe29⤵
- Executes dropped EXE
-
\??\c:\nntntt.exec:\nntntt.exe30⤵
- Executes dropped EXE
-
\??\c:\3jddv.exec:\3jddv.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\lfllfxx.exec:\lfllfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\lrlllrr.exec:\lrlllrr.exe34⤵
- Executes dropped EXE
-
\??\c:\bhnnhh.exec:\bhnnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\1dddd.exec:\1dddd.exe36⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe37⤵
- Executes dropped EXE
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\xxxrffl.exec:\xxxrffl.exe39⤵
- Executes dropped EXE
-
\??\c:\btbhhh.exec:\btbhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\7jpjd.exec:\7jpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xxfxffx.exec:\xxfxffx.exe43⤵
- Executes dropped EXE
-
\??\c:\xlffffx.exec:\xlffffx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe45⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\5flfrrf.exec:\5flfrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe48⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\9vdvd.exec:\9vdvd.exe50⤵
- Executes dropped EXE
-
\??\c:\5pjjj.exec:\5pjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\7flfrrl.exec:\7flfrrl.exe52⤵
- Executes dropped EXE
-
\??\c:\hnhbbt.exec:\hnhbbt.exe53⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\5hnnhh.exec:\5hnnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\nnnbtn.exec:\nnnbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\lrlfxrr.exec:\lrlfxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\lrffrrl.exec:\lrffrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\rxfxxll.exec:\rxfxxll.exe65⤵
- Executes dropped EXE
-
\??\c:\5bnnnn.exec:\5bnnnn.exe66⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe67⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe68⤵
-
\??\c:\9pdvj.exec:\9pdvj.exe69⤵
-
\??\c:\rlfflff.exec:\rlfflff.exe70⤵
-
\??\c:\3thbtt.exec:\3thbtt.exe71⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe72⤵
-
\??\c:\dppjd.exec:\dppjd.exe73⤵
-
\??\c:\xlfflrf.exec:\xlfflrf.exe74⤵
-
\??\c:\rxlxflr.exec:\rxlxflr.exe75⤵
-
\??\c:\thhbnt.exec:\thhbnt.exe76⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe77⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe78⤵
-
\??\c:\9xxrfxr.exec:\9xxrfxr.exe79⤵
-
\??\c:\rrllllx.exec:\rrllllx.exe80⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe81⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe82⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe83⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe84⤵
-
\??\c:\rflxxfr.exec:\rflxxfr.exe85⤵
-
\??\c:\bhbnhh.exec:\bhbnhh.exe86⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe87⤵
-
\??\c:\ppppp.exec:\ppppp.exe88⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe89⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe90⤵
-
\??\c:\7llllff.exec:\7llllff.exe91⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe92⤵
-
\??\c:\ntnhth.exec:\ntnhth.exe93⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe94⤵
-
\??\c:\lfxfxrl.exec:\lfxfxrl.exe95⤵
-
\??\c:\llrlffl.exec:\llrlffl.exe96⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe97⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe98⤵
-
\??\c:\vvppj.exec:\vvppj.exe99⤵
-
\??\c:\xlxrfxf.exec:\xlxrfxf.exe100⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe101⤵
-
\??\c:\ttbttn.exec:\ttbttn.exe102⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe103⤵
-
\??\c:\dppjd.exec:\dppjd.exe104⤵
-
\??\c:\9llfrlf.exec:\9llfrlf.exe105⤵
-
\??\c:\xfrfrlf.exec:\xfrfrlf.exe106⤵
-
\??\c:\thtnbb.exec:\thtnbb.exe107⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe108⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe109⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe110⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe111⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe112⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe113⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe114⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe115⤵
-
\??\c:\hnbhtt.exec:\hnbhtt.exe116⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe117⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe118⤵
-
\??\c:\xlfxxxr.exec:\xlfxxxr.exe119⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe120⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe121⤵
-
\??\c:\bbnthb.exec:\bbnthb.exe122⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe123⤵
-
\??\c:\5jjvp.exec:\5jjvp.exe124⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe125⤵
-
\??\c:\frrrxrr.exec:\frrrxrr.exe126⤵
-
\??\c:\xxlllxx.exec:\xxlllxx.exe127⤵
-
\??\c:\5ttbth.exec:\5ttbth.exe128⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe129⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe130⤵
-
\??\c:\lflfxrx.exec:\lflfxrx.exe131⤵
-
\??\c:\fxxlrrr.exec:\fxxlrrr.exe132⤵
-
\??\c:\1lrrrrl.exec:\1lrrrrl.exe133⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe134⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe135⤵
-
\??\c:\djvjd.exec:\djvjd.exe136⤵
-
\??\c:\7rxrrrr.exec:\7rxrrrr.exe137⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe138⤵
-
\??\c:\fllllll.exec:\fllllll.exe139⤵
-
\??\c:\5ttnnn.exec:\5ttnnn.exe140⤵
-
\??\c:\pppjj.exec:\pppjj.exe141⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe142⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe143⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe144⤵
-
\??\c:\thbhbh.exec:\thbhbh.exe145⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe146⤵
-
\??\c:\1dvpj.exec:\1dvpj.exe147⤵
-
\??\c:\frrlffr.exec:\frrlffr.exe148⤵
-
\??\c:\lxfrrlx.exec:\lxfrrlx.exe149⤵
-
\??\c:\hhthbt.exec:\hhthbt.exe150⤵
-
\??\c:\9bbhnn.exec:\9bbhnn.exe151⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe152⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe153⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe154⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe155⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe156⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe157⤵
-
\??\c:\jddvj.exec:\jddvj.exe158⤵
-
\??\c:\rllfrfx.exec:\rllfrfx.exe159⤵
-
\??\c:\rlfxffx.exec:\rlfxffx.exe160⤵
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe161⤵
-
\??\c:\bhnhhh.exec:\bhnhhh.exe162⤵
-
\??\c:\httnnt.exec:\httnnt.exe163⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe164⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe165⤵
-
\??\c:\rrfrllf.exec:\rrfrllf.exe166⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe167⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe168⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe169⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe170⤵
-
\??\c:\tttthh.exec:\tttthh.exe171⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe172⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe173⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe174⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe175⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe176⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe177⤵
-
\??\c:\djjdd.exec:\djjdd.exe178⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe179⤵
-
\??\c:\rxfrfff.exec:\rxfrfff.exe180⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe181⤵
-
\??\c:\hbntbn.exec:\hbntbn.exe182⤵
-
\??\c:\5bhbtn.exec:\5bhbtn.exe183⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe184⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe185⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe186⤵
-
\??\c:\djjjv.exec:\djjjv.exe187⤵
-
\??\c:\xllfxxf.exec:\xllfxxf.exe188⤵
-
\??\c:\xxxxrll.exec:\xxxxrll.exe189⤵
-
\??\c:\bnhhnn.exec:\bnhhnn.exe190⤵
-
\??\c:\nhhtnb.exec:\nhhtnb.exe191⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe192⤵
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe193⤵
-
\??\c:\fffxfxf.exec:\fffxfxf.exe194⤵
-
\??\c:\nnntht.exec:\nnntht.exe195⤵
-
\??\c:\7hnhbb.exec:\7hnhbb.exe196⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe197⤵
-
\??\c:\rxffxxr.exec:\rxffxxr.exe198⤵
-
\??\c:\frlxrxr.exec:\frlxrxr.exe199⤵
-
\??\c:\hbhbbn.exec:\hbhbbn.exe200⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe201⤵
-
\??\c:\3pppd.exec:\3pppd.exe202⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe203⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe204⤵
-
\??\c:\5xxxrlf.exec:\5xxxrlf.exe205⤵
-
\??\c:\hbttnb.exec:\hbttnb.exe206⤵
-
\??\c:\vppjj.exec:\vppjj.exe207⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe208⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe209⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe210⤵
-
\??\c:\tntntb.exec:\tntntb.exe211⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe212⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe213⤵
-
\??\c:\llxrlll.exec:\llxrlll.exe214⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe215⤵
-
\??\c:\nnbbtb.exec:\nnbbtb.exe216⤵
-
\??\c:\htbtnt.exec:\htbtnt.exe217⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe218⤵
-
\??\c:\3rrlfff.exec:\3rrlfff.exe219⤵
-
\??\c:\9rxrlrl.exec:\9rxrlrl.exe220⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe221⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe222⤵
-
\??\c:\jpppd.exec:\jpppd.exe223⤵
-
\??\c:\1pvdv.exec:\1pvdv.exe224⤵
-
\??\c:\7xlllxx.exec:\7xlllxx.exe225⤵
-
\??\c:\lffxrxl.exec:\lffxrxl.exe226⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe227⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe228⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe229⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe230⤵
-
\??\c:\rlfxrll.exec:\rlfxrll.exe231⤵
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe232⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe233⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe234⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe235⤵
-
\??\c:\jddpj.exec:\jddpj.exe236⤵
-
\??\c:\5lrllll.exec:\5lrllll.exe237⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe238⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe239⤵
-
\??\c:\3vpjj.exec:\3vpjj.exe240⤵
-
\??\c:\1vddp.exec:\1vddp.exe241⤵