Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 10:21
General
-
Target
352fe4a0a1b45e04b96b39022784bd0d812aeb11a895d47751846110ce7a9210_NeikiAnalytics.exe
-
Size
78KB
-
MD5
4181c51e533d3b1c573fa0a5d97b4600
-
SHA1
f11504725d6d3594afa84bee9674043d9e6b37a6
-
SHA256
352fe4a0a1b45e04b96b39022784bd0d812aeb11a895d47751846110ce7a9210
-
SHA512
5e59a13db3471c250bf15468753b5350422399a6e46311b63c4b9d45e278a6d5de12744e0c17102e0b09b526c5c44fa955b0e426432d9713ea2e1ac58be77cdb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2wVEJ6FlLgbI:ymb3NkkiQ3mdBjF+3TU2KEJ6WI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\352fe4a0a1b45e04b96b39022784bd0d812aeb11a895d47751846110ce7a9210_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\352fe4a0a1b45e04b96b39022784bd0d812aeb11a895d47751846110ce7a9210_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhbb.exec:\3nnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdj.exec:\7jjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxlflf.exec:\9rxlflf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlllf.exec:\lrrlllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtt.exec:\nnhbtt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthh.exec:\btbthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppj.exec:\1pppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrllf.exec:\llxrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbttt.exec:\bhbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrffx.exec:\xllrffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtt.exec:\bnhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlllf.exec:\7lrlllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrxr.exec:\fxxxrxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe24⤵
- Executes dropped EXE
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe26⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\lffrllx.exec:\lffrllx.exe29⤵
- Executes dropped EXE
-
\??\c:\1htnhh.exec:\1htnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe31⤵
- Executes dropped EXE
-
\??\c:\lffxlll.exec:\lffxlll.exe32⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe34⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrrxr.exec:\rlrrrxr.exe36⤵
- Executes dropped EXE
-
\??\c:\tntnht.exec:\tntnht.exe37⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe39⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe41⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe45⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe47⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe48⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe49⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrlxxl.exec:\rlrlxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe52⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\lrrlxxr.exec:\lrrlxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\1tbhtt.exec:\1tbhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\xxffllf.exec:\xxffllf.exe62⤵
- Executes dropped EXE
-
\??\c:\1fffxxr.exec:\1fffxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\bnnhhn.exec:\bnnhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe66⤵
-
\??\c:\rxrrlll.exec:\rxrrlll.exe67⤵
-
\??\c:\lllfxff.exec:\lllfxff.exe68⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe69⤵
-
\??\c:\9ntttt.exec:\9ntttt.exe70⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe71⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe72⤵
-
\??\c:\1xxlfxr.exec:\1xxlfxr.exe73⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe74⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe75⤵
-
\??\c:\pjddv.exec:\pjddv.exe76⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe77⤵
-
\??\c:\3rrlrrl.exec:\3rrlrrl.exe78⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe79⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe80⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe81⤵
-
\??\c:\xxlrfrf.exec:\xxlrfrf.exe82⤵
-
\??\c:\bnbnhh.exec:\bnbnhh.exe83⤵
-
\??\c:\1pppj.exec:\1pppj.exe84⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe85⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe86⤵
-
\??\c:\7bnnhh.exec:\7bnnhh.exe87⤵
-
\??\c:\9vddp.exec:\9vddp.exe88⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe89⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe90⤵
-
\??\c:\hntttt.exec:\hntttt.exe91⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe92⤵
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe93⤵
-
\??\c:\nbhthh.exec:\nbhthh.exe94⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe95⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe96⤵
-
\??\c:\lxrlffx.exec:\lxrlffx.exe97⤵
-
\??\c:\xxxxxff.exec:\xxxxxff.exe98⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe99⤵
-
\??\c:\5pdjv.exec:\5pdjv.exe100⤵
-
\??\c:\1xffrlr.exec:\1xffrlr.exe101⤵
-
\??\c:\9xlllfl.exec:\9xlllfl.exe102⤵
-
\??\c:\nttbtt.exec:\nttbtt.exe103⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe104⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe105⤵
-
\??\c:\bhnthb.exec:\bhnthb.exe106⤵
-
\??\c:\htbnth.exec:\htbnth.exe107⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe108⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe109⤵
-
\??\c:\lflfxll.exec:\lflfxll.exe110⤵
-
\??\c:\5rllxrl.exec:\5rllxrl.exe111⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe112⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe113⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe114⤵
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe115⤵
-
\??\c:\fffxrfx.exec:\fffxrfx.exe116⤵
-
\??\c:\jpddd.exec:\jpddd.exe117⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe118⤵
-
\??\c:\fllfxll.exec:\fllfxll.exe119⤵
-
\??\c:\5tnhbb.exec:\5tnhbb.exe120⤵
-
\??\c:\5ppjd.exec:\5ppjd.exe121⤵
-
\??\c:\rlrfrff.exec:\rlrfrff.exe122⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe123⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe124⤵
-
\??\c:\xrflfll.exec:\xrflfll.exe125⤵
-
\??\c:\xrlrlxl.exec:\xrlrlxl.exe126⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe127⤵
-
\??\c:\jjddj.exec:\jjddj.exe128⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe129⤵
-
\??\c:\9lrlllf.exec:\9lrlllf.exe130⤵
-
\??\c:\bnnnbb.exec:\bnnnbb.exe131⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe132⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe133⤵
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe134⤵
-
\??\c:\lxxrrll.exec:\lxxrrll.exe135⤵
-
\??\c:\hnhnth.exec:\hnhnth.exe136⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe137⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe138⤵
-
\??\c:\9rxlfff.exec:\9rxlfff.exe139⤵
-
\??\c:\nhbnbn.exec:\nhbnbn.exe140⤵
-
\??\c:\rlxxrxx.exec:\rlxxrxx.exe141⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe142⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe143⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe144⤵
-
\??\c:\5fxlfrr.exec:\5fxlfrr.exe145⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe146⤵
-
\??\c:\7vjjj.exec:\7vjjj.exe147⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe148⤵
-
\??\c:\7llllff.exec:\7llllff.exe149⤵
-
\??\c:\7lrlfff.exec:\7lrlfff.exe150⤵
-
\??\c:\3hnhbb.exec:\3hnhbb.exe151⤵
-
\??\c:\1hhtbb.exec:\1hhtbb.exe152⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe153⤵
-
\??\c:\3xfxxxf.exec:\3xfxxxf.exe154⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe155⤵
-
\??\c:\7nnnhh.exec:\7nnnhh.exe156⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe157⤵
-
\??\c:\xflllrr.exec:\xflllrr.exe158⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe159⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe160⤵
-
\??\c:\vjppv.exec:\vjppv.exe161⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe162⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe163⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe164⤵
-
\??\c:\3jvpj.exec:\3jvpj.exe165⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe166⤵
-
\??\c:\xxfxxrf.exec:\xxfxxrf.exe167⤵
-
\??\c:\rxrlfff.exec:\rxrlfff.exe168⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe169⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe170⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe171⤵
-
\??\c:\7llfxrr.exec:\7llfxrr.exe172⤵
-
\??\c:\1ffrlxx.exec:\1ffrlxx.exe173⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe174⤵
-
\??\c:\btttnn.exec:\btttnn.exe175⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe176⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe177⤵
-
\??\c:\htttnn.exec:\htttnn.exe178⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe179⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe180⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe181⤵
-
\??\c:\llllxxx.exec:\llllxxx.exe182⤵
-
\??\c:\nbtnhb.exec:\nbtnhb.exe183⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe184⤵
-
\??\c:\1dddd.exec:\1dddd.exe185⤵
-
\??\c:\7jjjv.exec:\7jjjv.exe186⤵
-
\??\c:\fffxrll.exec:\fffxrll.exe187⤵
-
\??\c:\lfllfrl.exec:\lfllfrl.exe188⤵
-
\??\c:\9tnhhh.exec:\9tnhhh.exe189⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe190⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe191⤵
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe192⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe193⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe194⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe195⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe196⤵
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe197⤵
-
\??\c:\7rrlfrl.exec:\7rrlfrl.exe198⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe199⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe200⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe201⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe202⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe203⤵
-
\??\c:\7lxrrrx.exec:\7lxrrrx.exe204⤵
-
\??\c:\lfrrlll.exec:\lfrrlll.exe205⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe206⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe207⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe208⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe209⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe210⤵
-
\??\c:\xxfxrrx.exec:\xxfxrrx.exe211⤵
-
\??\c:\rlrrfrr.exec:\rlrrfrr.exe212⤵
-
\??\c:\htttnn.exec:\htttnn.exe213⤵
-
\??\c:\9tbbbb.exec:\9tbbbb.exe214⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe215⤵
-
\??\c:\vvddd.exec:\vvddd.exe216⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe217⤵
-
\??\c:\rfffrxr.exec:\rfffrxr.exe218⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe219⤵
-
\??\c:\pddvj.exec:\pddvj.exe220⤵
-
\??\c:\7rrxllr.exec:\7rrxllr.exe221⤵
-
\??\c:\fxllllf.exec:\fxllllf.exe222⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe223⤵
-
\??\c:\bnnnnt.exec:\bnnnnt.exe224⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe225⤵
-
\??\c:\vpddd.exec:\vpddd.exe226⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe227⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe228⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe229⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe230⤵
-
\??\c:\fffxrfr.exec:\fffxrfr.exe231⤵
-
\??\c:\rrflxlx.exec:\rrflxlx.exe232⤵
-
\??\c:\tbbbbt.exec:\tbbbbt.exe233⤵
-
\??\c:\9bbtnn.exec:\9bbtnn.exe234⤵
-
\??\c:\3vddv.exec:\3vddv.exe235⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe236⤵
-
\??\c:\frllxlr.exec:\frllxlr.exe237⤵
-
\??\c:\rllxrrr.exec:\rllxrrr.exe238⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe239⤵
-
\??\c:\9tbtth.exec:\9tbtth.exe240⤵