Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 11:04
General
-
Target
efb9bd590faa892f6b16690c3902ebd0_NeikiAnalytics.exe
-
Size
90KB
-
MD5
efb9bd590faa892f6b16690c3902ebd0
-
SHA1
7d8bbc1181e2331ef37764e1fda97ff7ef7475a7
-
SHA256
52664a1a2e279e5d7921e879b20adfd929edfdc52dddf1e298455d175fa96140
-
SHA512
72e23627b02a715c05cb093ede646dac1c000b77e6646637f1427af7f64a3d70731701c5626141295e649fa68284bc7e2d162fcdda946402d27af29435dc14cf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRB1:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYB5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\efb9bd590faa892f6b16690c3902ebd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\efb9bd590faa892f6b16690c3902ebd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfllxl.exec:\xxfllxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnhb.exec:\7tnnhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrfxl.exec:\rrrrfxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrffrl.exec:\rlrffrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfflr.exec:\rflfflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbh.exec:\hthhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjp.exec:\jdjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfrr.exec:\fxrlfrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbtth.exec:\thbtth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrfxrf.exec:\1lrfxrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvp.exec:\vdjvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlxr.exec:\lfxrlxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnb.exec:\thhtnb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxflf.exec:\rffxflf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnbn.exec:\ttnnbn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpv.exec:\vpjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\llrrlrl.exec:\llrrlrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nnthbb.exec:\nnthbb.exe25⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe26⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrfllf.exec:\ffrfllf.exe28⤵
- Executes dropped EXE
-
\??\c:\hhhbbh.exec:\hhhbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\rlxxrfr.exec:\rlxxrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\5hhbbb.exec:\5hhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlffxf.exec:\fxlffxf.exe36⤵
- Executes dropped EXE
-
\??\c:\3hnttb.exec:\3hnttb.exe37⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxlxf.exec:\lffxlxf.exe39⤵
- Executes dropped EXE
-
\??\c:\rflxlff.exec:\rflxlff.exe40⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe41⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjvj.exec:\jvjvj.exe43⤵
- Executes dropped EXE
-
\??\c:\flllxxx.exec:\flllxxx.exe44⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\3nhtth.exec:\3nhtth.exe46⤵
- Executes dropped EXE
-
\??\c:\dddjj.exec:\dddjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\hbbhhh.exec:\hbbhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\5djpp.exec:\5djpp.exe51⤵
- Executes dropped EXE
-
\??\c:\rrfrfff.exec:\rrfrfff.exe52⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe53⤵
- Executes dropped EXE
-
\??\c:\tbhnhh.exec:\tbhnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe56⤵
- Executes dropped EXE
-
\??\c:\5lffffx.exec:\5lffffx.exe57⤵
- Executes dropped EXE
-
\??\c:\xffrrfx.exec:\xffrrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\hhnttb.exec:\hhnttb.exe59⤵
- Executes dropped EXE
-
\??\c:\tnthbn.exec:\tnthbn.exe60⤵
- Executes dropped EXE
-
\??\c:\xxxxrxx.exec:\xxxxrxx.exe61⤵
- Executes dropped EXE
-
\??\c:\rxxllfx.exec:\rxxllfx.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhbhh.exec:\nhhbhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe64⤵
- Executes dropped EXE
-
\??\c:\fffxxlx.exec:\fffxxlx.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe66⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe67⤵
-
\??\c:\dvppj.exec:\dvppj.exe68⤵
-
\??\c:\pvdjj.exec:\pvdjj.exe69⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe70⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe71⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe72⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe73⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe74⤵
-
\??\c:\rfxrxrl.exec:\rfxrxrl.exe75⤵
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe76⤵
-
\??\c:\nnbbnh.exec:\nnbbnh.exe77⤵
-
\??\c:\djpjj.exec:\djpjj.exe78⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe79⤵
-
\??\c:\rrxrrll.exec:\rrxrrll.exe80⤵
-
\??\c:\lxrrllf.exec:\lxrrllf.exe81⤵
-
\??\c:\tnbthn.exec:\tnbthn.exe82⤵
-
\??\c:\dvddd.exec:\dvddd.exe83⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe84⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe85⤵
-
\??\c:\lflfxrr.exec:\lflfxrr.exe86⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe87⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe88⤵
-
\??\c:\bttthh.exec:\bttthh.exe89⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe90⤵
-
\??\c:\lflllfr.exec:\lflllfr.exe91⤵
-
\??\c:\fllxrlf.exec:\fllxrlf.exe92⤵
-
\??\c:\htnhnn.exec:\htnhnn.exe93⤵
-
\??\c:\tttnbt.exec:\tttnbt.exe94⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe95⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe96⤵
-
\??\c:\1llrlll.exec:\1llrlll.exe97⤵
-
\??\c:\rxlrrrl.exec:\rxlrrrl.exe98⤵
-
\??\c:\tbhthh.exec:\tbhthh.exe99⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe100⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe101⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe102⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe103⤵
-
\??\c:\rrxxfxx.exec:\rrxxfxx.exe104⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe105⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe106⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe107⤵
-
\??\c:\xflrfff.exec:\xflrfff.exe108⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe109⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe110⤵
-
\??\c:\djpdd.exec:\djpdd.exe111⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe112⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe113⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe114⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe115⤵
-
\??\c:\1nbttt.exec:\1nbttt.exe116⤵
-
\??\c:\3tbhhh.exec:\3tbhhh.exe117⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe118⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe119⤵
-
\??\c:\jvdjj.exec:\jvdjj.exe120⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe121⤵
-
\??\c:\3rrlffx.exec:\3rrlffx.exe122⤵
-
\??\c:\ffxfllr.exec:\ffxfllr.exe123⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe124⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe125⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe126⤵
-
\??\c:\jddvv.exec:\jddvv.exe127⤵
-
\??\c:\lllllll.exec:\lllllll.exe128⤵
-
\??\c:\9fxxffr.exec:\9fxxffr.exe129⤵
-
\??\c:\llffxxx.exec:\llffxxx.exe130⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe131⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe132⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe133⤵
-
\??\c:\9dddd.exec:\9dddd.exe134⤵
-
\??\c:\flxxlll.exec:\flxxlll.exe135⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe136⤵
-
\??\c:\bbnhnt.exec:\bbnhnt.exe137⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe138⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe139⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe140⤵
-
\??\c:\xffrxfx.exec:\xffrxfx.exe141⤵
-
\??\c:\fffrlll.exec:\fffrlll.exe142⤵
-
\??\c:\lrlrrll.exec:\lrlrrll.exe143⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe144⤵
-
\??\c:\htnbbb.exec:\htnbbb.exe145⤵
-
\??\c:\vvppd.exec:\vvppd.exe146⤵
-
\??\c:\7vpvp.exec:\7vpvp.exe147⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe148⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe149⤵
-
\??\c:\5xxxffx.exec:\5xxxffx.exe150⤵
-
\??\c:\ttbbht.exec:\ttbbht.exe151⤵
-
\??\c:\nbtbbh.exec:\nbtbbh.exe152⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe153⤵
-
\??\c:\jppjj.exec:\jppjj.exe154⤵
-
\??\c:\ddppp.exec:\ddppp.exe155⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe156⤵
-
\??\c:\xxfflll.exec:\xxfflll.exe157⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe158⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe159⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe160⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe161⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe162⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe163⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe164⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe165⤵
-
\??\c:\fllfrrf.exec:\fllfrrf.exe166⤵
-
\??\c:\frrrffx.exec:\frrrffx.exe167⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe168⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe169⤵
-
\??\c:\pjddv.exec:\pjddv.exe170⤵
-
\??\c:\djdvd.exec:\djdvd.exe171⤵
-
\??\c:\xxlfrrf.exec:\xxlfrrf.exe172⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe173⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe174⤵
-
\??\c:\jppdv.exec:\jppdv.exe175⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe176⤵
-
\??\c:\ffxrrrr.exec:\ffxrrrr.exe177⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe178⤵
-
\??\c:\thhtnn.exec:\thhtnn.exe179⤵
-
\??\c:\bnthht.exec:\bnthht.exe180⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe181⤵
-
\??\c:\lllffll.exec:\lllffll.exe182⤵
-
\??\c:\lrfxrxf.exec:\lrfxrxf.exe183⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe184⤵
-
\??\c:\htttnn.exec:\htttnn.exe185⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe186⤵
-
\??\c:\vvppp.exec:\vvppp.exe187⤵
-
\??\c:\flxlxll.exec:\flxlxll.exe188⤵
-
\??\c:\nbnbhb.exec:\nbnbhb.exe189⤵
-
\??\c:\tnhhhh.exec:\tnhhhh.exe190⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe191⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe192⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe193⤵
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe194⤵
-
\??\c:\5frffrx.exec:\5frffrx.exe195⤵
-
\??\c:\nhbbbn.exec:\nhbbbn.exe196⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe197⤵
-
\??\c:\dvddd.exec:\dvddd.exe198⤵
-
\??\c:\9pdvv.exec:\9pdvv.exe199⤵
-
\??\c:\rrlflfx.exec:\rrlflfx.exe200⤵
-
\??\c:\flfrfff.exec:\flfrfff.exe201⤵
-
\??\c:\ntthht.exec:\ntthht.exe202⤵
-
\??\c:\9hbhbn.exec:\9hbhbn.exe203⤵
-
\??\c:\5djdd.exec:\5djdd.exe204⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe205⤵
-
\??\c:\dvddv.exec:\dvddv.exe206⤵
-
\??\c:\rxrlrlr.exec:\rxrlrlr.exe207⤵
-
\??\c:\3xxxxll.exec:\3xxxxll.exe208⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe209⤵
-
\??\c:\dvppp.exec:\dvppp.exe210⤵
-
\??\c:\vjppj.exec:\vjppj.exe211⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe212⤵
-
\??\c:\1lxxffl.exec:\1lxxffl.exe213⤵
-
\??\c:\fxllfrr.exec:\fxllfrr.exe214⤵
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe215⤵
-
\??\c:\ttbbnt.exec:\ttbbnt.exe216⤵
-
\??\c:\btthtb.exec:\btthtb.exe217⤵
-
\??\c:\vppjj.exec:\vppjj.exe218⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe219⤵
-
\??\c:\xrrxrxr.exec:\xrrxrxr.exe220⤵
-
\??\c:\ffxlrxx.exec:\ffxlrxx.exe221⤵
-
\??\c:\hhbbhh.exec:\hhbbhh.exe222⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe223⤵
-
\??\c:\thhntt.exec:\thhntt.exe224⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe225⤵
-
\??\c:\vjppp.exec:\vjppp.exe226⤵
-
\??\c:\rxlfxff.exec:\rxlfxff.exe227⤵
-
\??\c:\lxrxlfx.exec:\lxrxlfx.exe228⤵
-
\??\c:\llxrrfr.exec:\llxrrfr.exe229⤵
-
\??\c:\hbhtnn.exec:\hbhtnn.exe230⤵
-
\??\c:\hhbnhb.exec:\hhbnhb.exe231⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe232⤵
-
\??\c:\3pppp.exec:\3pppp.exe233⤵
-
\??\c:\rrlfllr.exec:\rrlfllr.exe234⤵
-
\??\c:\llrrlrx.exec:\llrrlrx.exe235⤵
-
\??\c:\xflfxxr.exec:\xflfxxr.exe236⤵
-
\??\c:\bnnntt.exec:\bnnntt.exe237⤵
-
\??\c:\btttnn.exec:\btttnn.exe238⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe239⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe240⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe241⤵