Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 06:21
General
-
Target
0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe
-
Size
70KB
-
MD5
1488de7775fdcf49c50f2fee54027730
-
SHA1
3cdeecdf8b8d06c2c3ade21a9cb0f0154adfdff0
-
SHA256
0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad
-
SHA512
ce56818471e9499ac8deb7d828eb8711f8275d578d447897bbf3ad5db1514a9c460c0cf66458f3389cf1597c31cb6d202b168cea425e9fdc617a3757cc2f5d35
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73tgyYrv:ymb3NkkiQ3mdBjFo73thYD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0ea57f855bd5ce895bc87519588edeacfbcdd859f2acfea278013bd17f68b0ad_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbbb.exec:\bhhbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvv.exec:\djdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffllr.exec:\xxffllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnn.exec:\nnhhnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnn.exec:\thnnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxlll.exec:\9rxxlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdd.exec:\5jjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxxr.exec:\rrfxxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhn.exec:\bnthhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlllf.exec:\xrrlllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddj.exec:\vjddj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrxff.exec:\rffrxff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbh.exec:\hnnhbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpvd.exec:\vdpvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntnn.exec:\thntnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxff.exec:\xxrlxff.exe23⤵
- Executes dropped EXE
-
\??\c:\nbntnn.exec:\nbntnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe26⤵
- Executes dropped EXE
-
\??\c:\xllrxrf.exec:\xllrxrf.exe27⤵
- Executes dropped EXE
-
\??\c:\1llrrff.exec:\1llrrff.exe28⤵
- Executes dropped EXE
-
\??\c:\hhhbtn.exec:\hhhbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe30⤵
- Executes dropped EXE
-
\??\c:\lflfrrl.exec:\lflfrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\3nnnhh.exec:\3nnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\bnhnnh.exec:\bnhnnh.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdpd.exec:\jpdpd.exe34⤵
- Executes dropped EXE
-
\??\c:\fxxlrxf.exec:\fxxlrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\5bhbbh.exec:\5bhbbh.exe36⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe37⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlxxrf.exec:\lxlxxrf.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbhbt.exec:\hhbhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\3nbbnn.exec:\3nbbnn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe43⤵
- Executes dropped EXE
-
\??\c:\frrrrxx.exec:\frrrrxx.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\fxllrrx.exec:\fxllrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\9nhbhn.exec:\9nhbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\flfxxfl.exec:\flfxxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\1ffxllf.exec:\1ffxllf.exe56⤵
- Executes dropped EXE
-
\??\c:\lffflrf.exec:\lffflrf.exe57⤵
- Executes dropped EXE
-
\??\c:\7bbbnt.exec:\7bbbnt.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe60⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe61⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe63⤵
- Executes dropped EXE
-
\??\c:\xlllffx.exec:\xlllffx.exe64⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe65⤵
- Executes dropped EXE
-
\??\c:\hnhtbh.exec:\hnhtbh.exe66⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe67⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe68⤵
-
\??\c:\rlxrlxr.exec:\rlxrlxr.exe69⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe70⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe71⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe72⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe73⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe74⤵
-
\??\c:\3fllffx.exec:\3fllffx.exe75⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe76⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe77⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe78⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe79⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe80⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe81⤵
-
\??\c:\rlxfxfx.exec:\rlxfxfx.exe82⤵
-
\??\c:\5tbhhb.exec:\5tbhhb.exe83⤵
-
\??\c:\thnnnt.exec:\thnnnt.exe84⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe85⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe86⤵
-
\??\c:\fxxxrll.exec:\fxxxrll.exe87⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe88⤵
-
\??\c:\tthhhh.exec:\tthhhh.exe89⤵
-
\??\c:\5jpjd.exec:\5jpjd.exe90⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe91⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe92⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe93⤵
-
\??\c:\jppvd.exec:\jppvd.exe94⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe95⤵
-
\??\c:\flfxrrf.exec:\flfxrrf.exe96⤵
-
\??\c:\thhhhb.exec:\thhhhb.exe97⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe98⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe99⤵
-
\??\c:\3flfxfx.exec:\3flfxfx.exe100⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe101⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe102⤵
-
\??\c:\9jppj.exec:\9jppj.exe103⤵
-
\??\c:\jpddv.exec:\jpddv.exe104⤵
-
\??\c:\flfllll.exec:\flfllll.exe105⤵
-
\??\c:\bttthn.exec:\bttthn.exe106⤵
-
\??\c:\thhhbn.exec:\thhhbn.exe107⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe108⤵
-
\??\c:\jdjvd.exec:\jdjvd.exe109⤵
-
\??\c:\9lrllrr.exec:\9lrllrr.exe110⤵
-
\??\c:\hntntt.exec:\hntntt.exe111⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe112⤵
-
\??\c:\pjppv.exec:\pjppv.exe113⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe114⤵
-
\??\c:\5fxxrll.exec:\5fxxrll.exe115⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe116⤵
-
\??\c:\jdddv.exec:\jdddv.exe117⤵
-
\??\c:\vdjpv.exec:\vdjpv.exe118⤵
-
\??\c:\fffxxll.exec:\fffxxll.exe119⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe120⤵
-
\??\c:\nbbbhh.exec:\nbbbhh.exe121⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe122⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe123⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe124⤵
-
\??\c:\jddvp.exec:\jddvp.exe125⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe126⤵
-
\??\c:\fffflrr.exec:\fffflrr.exe127⤵
-
\??\c:\hnhnhb.exec:\hnhnhb.exe128⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe129⤵
-
\??\c:\rxrlxff.exec:\rxrlxff.exe130⤵
-
\??\c:\7nhhhh.exec:\7nhhhh.exe131⤵
-
\??\c:\1pjjd.exec:\1pjjd.exe132⤵
-
\??\c:\pjddd.exec:\pjddd.exe133⤵
-
\??\c:\rfllxff.exec:\rfllxff.exe134⤵
-
\??\c:\rlllxrx.exec:\rlllxrx.exe135⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe136⤵
-
\??\c:\thhnnn.exec:\thhnnn.exe137⤵
-
\??\c:\9pvvp.exec:\9pvvp.exe138⤵
-
\??\c:\jjppp.exec:\jjppp.exe139⤵
-
\??\c:\lfrllrx.exec:\lfrllrx.exe140⤵
-
\??\c:\lrffrlf.exec:\lrffrlf.exe141⤵
-
\??\c:\thtntt.exec:\thtntt.exe142⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe143⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe144⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe145⤵
-
\??\c:\fflffff.exec:\fflffff.exe146⤵
-
\??\c:\3fllllr.exec:\3fllllr.exe147⤵
-
\??\c:\3nnhtt.exec:\3nnhtt.exe148⤵
-
\??\c:\dvddd.exec:\dvddd.exe149⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe150⤵
-
\??\c:\1nnhbb.exec:\1nnhbb.exe151⤵
-
\??\c:\btbbhb.exec:\btbbhb.exe152⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe153⤵
-
\??\c:\frfxxxf.exec:\frfxxxf.exe154⤵
-
\??\c:\5hbhhb.exec:\5hbhhb.exe155⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe156⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe157⤵
-
\??\c:\ntbthh.exec:\ntbthh.exe158⤵
-
\??\c:\lxfxxff.exec:\lxfxxff.exe159⤵
-
\??\c:\jvvjj.exec:\jvvjj.exe160⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe161⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe162⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe163⤵
-
\??\c:\llrllff.exec:\llrllff.exe164⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe165⤵
-
\??\c:\bntbht.exec:\bntbht.exe166⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe167⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe168⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe169⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe170⤵
-
\??\c:\vdvpj.exec:\vdvpj.exe171⤵
-
\??\c:\jddvp.exec:\jddvp.exe172⤵
-
\??\c:\ffllfxr.exec:\ffllfxr.exe173⤵
-
\??\c:\hthhbh.exec:\hthhbh.exe174⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe175⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe176⤵
-
\??\c:\hbhttt.exec:\hbhttt.exe177⤵
-
\??\c:\jpppj.exec:\jpppj.exe178⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe179⤵
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe180⤵
-
\??\c:\jvddd.exec:\jvddd.exe181⤵
-
\??\c:\9xxrfrf.exec:\9xxrfrf.exe182⤵
-
\??\c:\bbnbhh.exec:\bbnbhh.exe183⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe184⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe185⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe186⤵
-
\??\c:\frrfxfr.exec:\frrfxfr.exe187⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe188⤵
-
\??\c:\9btttb.exec:\9btttb.exe189⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe190⤵
-
\??\c:\7rrrlll.exec:\7rrrlll.exe191⤵
-
\??\c:\rlllfll.exec:\rlllfll.exe192⤵
-
\??\c:\7btbbb.exec:\7btbbb.exe193⤵
-
\??\c:\htttbn.exec:\htttbn.exe194⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe195⤵
-
\??\c:\flrfxll.exec:\flrfxll.exe196⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe197⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe198⤵
-
\??\c:\ppppj.exec:\ppppj.exe199⤵
-
\??\c:\5vdjd.exec:\5vdjd.exe200⤵
-
\??\c:\xfrxrrr.exec:\xfrxrrr.exe201⤵
-
\??\c:\llrrrrl.exec:\llrrrrl.exe202⤵
-
\??\c:\tnhbbh.exec:\tnhbbh.exe203⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe204⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe205⤵
-
\??\c:\xflxxrr.exec:\xflxxrr.exe206⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe207⤵
-
\??\c:\djvvv.exec:\djvvv.exe208⤵
-
\??\c:\9rlfffx.exec:\9rlfffx.exe209⤵
-
\??\c:\rfrllll.exec:\rfrllll.exe210⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe211⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe212⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe213⤵
-
\??\c:\rrfxfrl.exec:\rrfxfrl.exe214⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe215⤵
-
\??\c:\hhbnnb.exec:\hhbnnb.exe216⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe217⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe218⤵
-
\??\c:\rfxxlll.exec:\rfxxlll.exe219⤵
-
\??\c:\hbbbbh.exec:\hbbbbh.exe220⤵
-
\??\c:\bhttbb.exec:\bhttbb.exe221⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe222⤵
-
\??\c:\3dddv.exec:\3dddv.exe223⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe224⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe225⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe226⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe227⤵
-
\??\c:\5lllxxf.exec:\5lllxxf.exe228⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe229⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe230⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe231⤵
-
\??\c:\xlfxrrr.exec:\xlfxrrr.exe232⤵
-
\??\c:\flllfff.exec:\flllfff.exe233⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe234⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe235⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe236⤵
-
\??\c:\5flflll.exec:\5flflll.exe237⤵
-
\??\c:\bbhhbt.exec:\bbhhbt.exe238⤵
-
\??\c:\dvddj.exec:\dvddj.exe239⤵
-
\??\c:\dvddv.exec:\dvddv.exe240⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe241⤵