Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
20-05-2024 11:20
General
-
Target
f31a438a9b5aebd5ddd6a2b6fe5f3ea0_NeikiAnalytics.exe
-
Size
77KB
-
MD5
f31a438a9b5aebd5ddd6a2b6fe5f3ea0
-
SHA1
8b5ccbe5854b42fe1cb34c33fd83f6d013cf1036
-
SHA256
5e26fdfedc4d9f7d84158f04a552c97fa19a32768fd90143145494d46def4379
-
SHA512
c9c058f5b097aacc2624d0bfc52420e54e383fdd26cff2b95e718ef96fdacfa8b7b6a8618fb27a11511636df40b8f732c22d61e8c05f304b150ad49eaf80efd3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgJb31HgxGc+gmvZQCAu:ymb3NkkiQ3mdBjFIUb31HgxL+gmvZjAu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f31a438a9b5aebd5ddd6a2b6fe5f3ea0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f31a438a9b5aebd5ddd6a2b6fe5f3ea0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnh.exec:\bthbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhb.exec:\nbhhhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dddv.exec:\7dddv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhbh.exec:\5thhbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvvp.exec:\7vvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllfr.exec:\lrrllfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbhb.exec:\bbtbhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxxff.exec:\xlxxxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbt.exec:\hnntbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlffr.exec:\rlrlffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btnhb.exec:\7btnhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bthtn.exec:\1bthtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrxf.exec:\lllrrxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbb.exec:\hhhbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\1jvvp.exec:\1jvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\lrxrxxl.exec:\lrxrxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\9ttnnh.exec:\9ttnnh.exe26⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrfxrf.exec:\rlrfxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\9xxrffr.exec:\9xxrffr.exe29⤵
- Executes dropped EXE
-
\??\c:\tnttnh.exec:\tnttnh.exe30⤵
- Executes dropped EXE
-
\??\c:\9vppj.exec:\9vppj.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\1rxrrll.exec:\1rxrrll.exe33⤵
- Executes dropped EXE
-
\??\c:\ttthht.exec:\ttthht.exe34⤵
- Executes dropped EXE
-
\??\c:\jpjdp.exec:\jpjdp.exe35⤵
- Executes dropped EXE
-
\??\c:\jpvpv.exec:\jpvpv.exe36⤵
- Executes dropped EXE
-
\??\c:\3vdpp.exec:\3vdpp.exe37⤵
- Executes dropped EXE
-
\??\c:\3xffrxr.exec:\3xffrxr.exe38⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\7tbtnn.exec:\7tbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe41⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxrlxr.exec:\rlxrlxr.exe43⤵
- Executes dropped EXE
-
\??\c:\3hnhbb.exec:\3hnhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\rlllffl.exec:\rlllffl.exe46⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3jvjd.exec:\3jvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbthn.exec:\nbbthn.exe51⤵
- Executes dropped EXE
-
\??\c:\bhhtht.exec:\bhhtht.exe52⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\rxfrfrr.exec:\rxfrfrr.exe54⤵
- Executes dropped EXE
-
\??\c:\lrxlrrr.exec:\lrxlrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\jppvv.exec:\jppvv.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlfrlf.exec:\lxlfrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\9rxxxxx.exec:\9rxxxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe61⤵
- Executes dropped EXE
-
\??\c:\nbthnh.exec:\nbthnh.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe63⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rxrrflf.exec:\rxrrflf.exe65⤵
- Executes dropped EXE
-
\??\c:\xxxrrlx.exec:\xxxrrlx.exe66⤵
-
\??\c:\hnbhhh.exec:\hnbhhh.exe67⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe68⤵
-
\??\c:\jddvj.exec:\jddvj.exe69⤵
-
\??\c:\xfllxrl.exec:\xfllxrl.exe70⤵
-
\??\c:\3xrlxrl.exec:\3xrlxrl.exe71⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe72⤵
-
\??\c:\3dvjv.exec:\3dvjv.exe73⤵
-
\??\c:\fxxxxrr.exec:\fxxxxrr.exe74⤵
-
\??\c:\xllrffx.exec:\xllrffx.exe75⤵
-
\??\c:\rrlllll.exec:\rrlllll.exe76⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe77⤵
-
\??\c:\hnhbnh.exec:\hnhbnh.exe78⤵
-
\??\c:\djpdj.exec:\djpdj.exe79⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe80⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe81⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe82⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe83⤵
-
\??\c:\xffflxl.exec:\xffflxl.exe84⤵
-
\??\c:\5fxrllf.exec:\5fxrllf.exe85⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe86⤵
-
\??\c:\vdpdj.exec:\vdpdj.exe87⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe88⤵
-
\??\c:\llxlfff.exec:\llxlfff.exe89⤵
-
\??\c:\5rrrffx.exec:\5rrrffx.exe90⤵
-
\??\c:\9nbnbt.exec:\9nbnbt.exe91⤵
-
\??\c:\1hbnbn.exec:\1hbnbn.exe92⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe93⤵
-
\??\c:\7vdpv.exec:\7vdpv.exe94⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe95⤵
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe96⤵
-
\??\c:\3llfxrl.exec:\3llfxrl.exe97⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe98⤵
-
\??\c:\btbnht.exec:\btbnht.exe99⤵
-
\??\c:\jddvj.exec:\jddvj.exe100⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe101⤵
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe102⤵
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe103⤵
-
\??\c:\htbthb.exec:\htbthb.exe104⤵
-
\??\c:\hnnhnt.exec:\hnnhnt.exe105⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe106⤵
-
\??\c:\5djvv.exec:\5djvv.exe107⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe108⤵
-
\??\c:\7rllffx.exec:\7rllffx.exe109⤵
-
\??\c:\hhbntn.exec:\hhbntn.exe110⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe111⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe112⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe113⤵
-
\??\c:\lxrfxxx.exec:\lxrfxxx.exe114⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe115⤵
-
\??\c:\hntbbn.exec:\hntbbn.exe116⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe117⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe118⤵
-
\??\c:\1rfxlfl.exec:\1rfxlfl.exe119⤵
-
\??\c:\3xlfxxr.exec:\3xlfxxr.exe120⤵
-
\??\c:\9bbthb.exec:\9bbthb.exe121⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe122⤵
-
\??\c:\jppvd.exec:\jppvd.exe123⤵
-
\??\c:\llxffxr.exec:\llxffxr.exe124⤵
-
\??\c:\7lrlfxl.exec:\7lrlfxl.exe125⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe126⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe127⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe128⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe129⤵
-
\??\c:\3xxffrx.exec:\3xxffrx.exe130⤵
-
\??\c:\hntttb.exec:\hntttb.exe131⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe132⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe133⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe134⤵
-
\??\c:\lxrllfx.exec:\lxrllfx.exe135⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe136⤵
-
\??\c:\lrfxffx.exec:\lrfxffx.exe137⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe138⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe139⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe140⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe141⤵
-
\??\c:\ffrfxff.exec:\ffrfxff.exe142⤵
-
\??\c:\frxrffx.exec:\frxrffx.exe143⤵
-
\??\c:\1hhbth.exec:\1hhbth.exe144⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe145⤵
-
\??\c:\dppjd.exec:\dppjd.exe146⤵
-
\??\c:\flrflff.exec:\flrflff.exe147⤵
-
\??\c:\rllflll.exec:\rllflll.exe148⤵
-
\??\c:\bnhhtt.exec:\bnhhtt.exe149⤵
-
\??\c:\3bbtnn.exec:\3bbtnn.exe150⤵
-
\??\c:\7ddpv.exec:\7ddpv.exe151⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe152⤵
-
\??\c:\lflfxfr.exec:\lflfxfr.exe153⤵
-
\??\c:\nbtntt.exec:\nbtntt.exe154⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe155⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe156⤵
-
\??\c:\rxlrrrr.exec:\rxlrrrr.exe157⤵
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe158⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe159⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe160⤵
-
\??\c:\xfrfxlx.exec:\xfrfxlx.exe161⤵
-
\??\c:\bhbhtt.exec:\bhbhtt.exe162⤵
-
\??\c:\5vpvj.exec:\5vpvj.exe163⤵
-
\??\c:\3rrllfx.exec:\3rrllfx.exe164⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe165⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe166⤵
-
\??\c:\ttnbbb.exec:\ttnbbb.exe167⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe168⤵
-
\??\c:\xflrxrr.exec:\xflrxrr.exe169⤵
-
\??\c:\hbhnhb.exec:\hbhnhb.exe170⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe171⤵
-
\??\c:\vjdvv.exec:\vjdvv.exe172⤵
-
\??\c:\rrlrfxr.exec:\rrlrfxr.exe173⤵
-
\??\c:\fxrrlfr.exec:\fxrrlfr.exe174⤵
-
\??\c:\7bnnht.exec:\7bnnht.exe175⤵
-
\??\c:\bththh.exec:\bththh.exe176⤵
-
\??\c:\5vvjv.exec:\5vvjv.exe177⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe178⤵
-
\??\c:\xxrffrx.exec:\xxrffrx.exe179⤵
-
\??\c:\flxrfrl.exec:\flxrfrl.exe180⤵
-
\??\c:\bththn.exec:\bththn.exe181⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe182⤵
-
\??\c:\vppjv.exec:\vppjv.exe183⤵
-
\??\c:\xfrlxrl.exec:\xfrlxrl.exe184⤵
-
\??\c:\flxrlfr.exec:\flxrlfr.exe185⤵
-
\??\c:\xrlfxfx.exec:\xrlfxfx.exe186⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe187⤵
-
\??\c:\hnhthn.exec:\hnhthn.exe188⤵
-
\??\c:\dvppd.exec:\dvppd.exe189⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe190⤵
-
\??\c:\xrlxrxf.exec:\xrlxrxf.exe191⤵
-
\??\c:\rxrrlfx.exec:\rxrrlfx.exe192⤵
-
\??\c:\httnbh.exec:\httnbh.exe193⤵
-
\??\c:\tntntn.exec:\tntntn.exe194⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe195⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe196⤵
-
\??\c:\flfxrrl.exec:\flfxrrl.exe197⤵
-
\??\c:\tttthb.exec:\tttthb.exe198⤵
-
\??\c:\httnnn.exec:\httnnn.exe199⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe200⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe201⤵
-
\??\c:\1ffxlfx.exec:\1ffxlfx.exe202⤵
-
\??\c:\lflfxrl.exec:\lflfxrl.exe203⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe204⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe205⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe206⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe207⤵
-
\??\c:\rflxllx.exec:\rflxllx.exe208⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe209⤵
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe210⤵
-
\??\c:\9ntnbt.exec:\9ntnbt.exe211⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe212⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe213⤵
-
\??\c:\rfxrllf.exec:\rfxrllf.exe214⤵
-
\??\c:\xrlfxrf.exec:\xrlfxrf.exe215⤵
-
\??\c:\bbhbnt.exec:\bbhbnt.exe216⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe217⤵
-
\??\c:\3flxxrr.exec:\3flxxrr.exe218⤵
-
\??\c:\lxxrrlf.exec:\lxxrrlf.exe219⤵
-
\??\c:\3hnnhh.exec:\3hnnhh.exe220⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe221⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe222⤵
-
\??\c:\9rrlfff.exec:\9rrlfff.exe223⤵
-
\??\c:\7rrrlff.exec:\7rrrlff.exe224⤵
-
\??\c:\hnnhhh.exec:\hnnhhh.exe225⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe226⤵
-
\??\c:\vddpd.exec:\vddpd.exe227⤵
-
\??\c:\vppjj.exec:\vppjj.exe228⤵
-
\??\c:\rrrrrrl.exec:\rrrrrrl.exe229⤵
-
\??\c:\xrffrlf.exec:\xrffrlf.exe230⤵
-
\??\c:\3bhhbh.exec:\3bhhbh.exe231⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe232⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe233⤵
-
\??\c:\lxxxllf.exec:\lxxxllf.exe234⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe235⤵
-
\??\c:\5nntnt.exec:\5nntnt.exe236⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe237⤵
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe238⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe239⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe240⤵
-
\??\c:\nnhnht.exec:\nnhnht.exe241⤵