Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 12:55
General
-
Target
4f7143f94a9da9575d1f55b80629809abd27de639e899bb8edbc041981a59f37_NeikiAnalytics.exe
-
Size
66KB
-
MD5
e771e29e516cec7e1e32be8f482ca320
-
SHA1
4e631579e48a145d26800cf82a484c1e1e7642fe
-
SHA256
4f7143f94a9da9575d1f55b80629809abd27de639e899bb8edbc041981a59f37
-
SHA512
4ab348c94005d2c3cc2ebae6fadb56d4855646787e370ec506e8d327e9714105533b43aa471a6d99907d6bb8d85d0901eec0a5a39af8337c8b7ca41f415425c0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIw:ymb3NkkiQ3mdBjFIFdJ8bm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f7143f94a9da9575d1f55b80629809abd27de639e899bb8edbc041981a59f37_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f7143f94a9da9575d1f55b80629809abd27de639e899bb8edbc041981a59f37_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpj.exec:\djvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlffx.exec:\7lrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbb.exec:\hnnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhh.exec:\bhnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjj.exec:\jppjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbn.exec:\bbhbbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnt.exec:\bnnnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxfrrf.exec:\3xxfrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhb.exec:\tnnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtnn.exec:\1bbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppvj.exec:\3ppvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrf.exec:\xxfxrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtht.exec:\bbbtht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtn.exec:\tnnhtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjv.exec:\7dpjv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrfrlf.exec:\7xrfrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttb.exec:\hntttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlrrf.exec:\lxrlrrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxxxxf.exec:\5fxxxxf.exe23⤵
- Executes dropped EXE
-
\??\c:\flrrxxf.exec:\flrrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\7bnhhn.exec:\7bnhhn.exe25⤵
- Executes dropped EXE
-
\??\c:\9ppvd.exec:\9ppvd.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\3xfxllf.exec:\3xfxllf.exe28⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe30⤵
- Executes dropped EXE
-
\??\c:\3llfflf.exec:\3llfflf.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhbnh.exec:\hbhbnh.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvjp.exec:\3jvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe36⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe38⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxlrlrl.exec:\fxlrlrl.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrxllr.exec:\ffrxllr.exe41⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe42⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe43⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\lfrfxrl.exec:\lfrfxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\nbttnb.exec:\nbttnb.exe46⤵
- Executes dropped EXE
-
\??\c:\hthbhn.exec:\hthbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe48⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe49⤵
- Executes dropped EXE
-
\??\c:\9ppjp.exec:\9ppjp.exe50⤵
- Executes dropped EXE
-
\??\c:\xlffllx.exec:\xlffllx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbttnt.exec:\nbttnt.exe52⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\9rxxrrx.exec:\9rxxrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\5ffffll.exec:\5ffffll.exe57⤵
- Executes dropped EXE
-
\??\c:\bbhntt.exec:\bbhntt.exe58⤵
- Executes dropped EXE
-
\??\c:\jvvpp.exec:\jvvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe60⤵
- Executes dropped EXE
-
\??\c:\rffxxff.exec:\rffxxff.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\btbbth.exec:\btbbth.exe63⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe64⤵
- Executes dropped EXE
-
\??\c:\3djjj.exec:\3djjj.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrrrll.exec:\ffrrrll.exe66⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe67⤵
-
\??\c:\hnnhbn.exec:\hnnhbn.exe68⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe69⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe70⤵
-
\??\c:\7djjp.exec:\7djjp.exe71⤵
-
\??\c:\5rxxrlf.exec:\5rxxrlf.exe72⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe73⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe74⤵
-
\??\c:\djpjd.exec:\djpjd.exe75⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe76⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe77⤵
-
\??\c:\3hnnhn.exec:\3hnnhn.exe78⤵
-
\??\c:\3vdpd.exec:\3vdpd.exe79⤵
-
\??\c:\rlrffff.exec:\rlrffff.exe80⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe81⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe82⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe83⤵
-
\??\c:\frrfxff.exec:\frrfxff.exe84⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe85⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe86⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe87⤵
-
\??\c:\rlrxxrr.exec:\rlrxxrr.exe88⤵
-
\??\c:\tnnhhn.exec:\tnnhhn.exe89⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe90⤵
-
\??\c:\jvddp.exec:\jvddp.exe91⤵
-
\??\c:\ffllllr.exec:\ffllllr.exe92⤵
-
\??\c:\xrllflx.exec:\xrllflx.exe93⤵
-
\??\c:\tttbtb.exec:\tttbtb.exe94⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe95⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe96⤵
-
\??\c:\xxfxxfr.exec:\xxfxxfr.exe97⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe98⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe99⤵
-
\??\c:\fflfrxf.exec:\fflfrxf.exe100⤵
-
\??\c:\xlxxxrr.exec:\xlxxxrr.exe101⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe102⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe103⤵
-
\??\c:\lfxrrll.exec:\lfxrrll.exe104⤵
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe105⤵
-
\??\c:\3hbbhh.exec:\3hbbhh.exe106⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe107⤵
-
\??\c:\5pddv.exec:\5pddv.exe108⤵
-
\??\c:\xxffrxx.exec:\xxffrxx.exe109⤵
-
\??\c:\7htnbb.exec:\7htnbb.exe110⤵
-
\??\c:\9nbtnn.exec:\9nbtnn.exe111⤵
-
\??\c:\pjppv.exec:\pjppv.exe112⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe113⤵
-
\??\c:\hbttnh.exec:\hbttnh.exe114⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe115⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe116⤵
-
\??\c:\7fxxrrf.exec:\7fxxrrf.exe117⤵
-
\??\c:\rlfxrrf.exec:\rlfxrrf.exe118⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe119⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe120⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe121⤵
-
\??\c:\vvddd.exec:\vvddd.exe122⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe123⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe124⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe125⤵
-
\??\c:\7vvvd.exec:\7vvvd.exe126⤵
-
\??\c:\llllflx.exec:\llllflx.exe127⤵
-
\??\c:\xxrxrlf.exec:\xxrxrlf.exe128⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe129⤵
-
\??\c:\hnhhhn.exec:\hnhhhn.exe130⤵
-
\??\c:\5jppj.exec:\5jppj.exe131⤵
-
\??\c:\vppdp.exec:\vppdp.exe132⤵
-
\??\c:\3lffllx.exec:\3lffllx.exe133⤵
-
\??\c:\flrxllr.exec:\flrxllr.exe134⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe135⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe136⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe137⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe138⤵
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe139⤵
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe140⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe141⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe142⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe143⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe144⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe145⤵
-
\??\c:\rllfxff.exec:\rllfxff.exe146⤵
-
\??\c:\lfxxrrl.exec:\lfxxrrl.exe147⤵
-
\??\c:\3thhnn.exec:\3thhnn.exe148⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe149⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe150⤵
-
\??\c:\3djjv.exec:\3djjv.exe151⤵
-
\??\c:\rllfxxl.exec:\rllfxxl.exe152⤵
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe153⤵
-
\??\c:\thttnt.exec:\thttnt.exe154⤵
-
\??\c:\5hnnhh.exec:\5hnnhh.exe155⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe156⤵
-
\??\c:\lfrxrff.exec:\lfrxrff.exe157⤵
-
\??\c:\lfrllfx.exec:\lfrllfx.exe158⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe159⤵
-
\??\c:\vpddj.exec:\vpddj.exe160⤵
-
\??\c:\xxlllrf.exec:\xxlllrf.exe161⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe162⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe163⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe164⤵
-
\??\c:\dpppj.exec:\dpppj.exe165⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe166⤵
-
\??\c:\rxxxrxx.exec:\rxxxrxx.exe167⤵
-
\??\c:\lfrrrfx.exec:\lfrrrfx.exe168⤵
-
\??\c:\nnnnnh.exec:\nnnnnh.exe169⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe170⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe171⤵
-
\??\c:\ppppj.exec:\ppppj.exe172⤵
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe173⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe174⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe175⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe176⤵
-
\??\c:\xxffxxf.exec:\xxffxxf.exe177⤵
-
\??\c:\nnttbh.exec:\nnttbh.exe178⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe179⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe180⤵
-
\??\c:\rrxxflx.exec:\rrxxflx.exe181⤵
-
\??\c:\flffxfx.exec:\flffxfx.exe182⤵
-
\??\c:\xxxxflf.exec:\xxxxflf.exe183⤵
-
\??\c:\nbtnnn.exec:\nbtnnn.exe184⤵
-
\??\c:\5nbbbh.exec:\5nbbbh.exe185⤵
-
\??\c:\7pddv.exec:\7pddv.exe186⤵
-
\??\c:\rxrrrxr.exec:\rxrrrxr.exe187⤵
-
\??\c:\hnbtbt.exec:\hnbtbt.exe188⤵
-
\??\c:\7djdd.exec:\7djdd.exe189⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe190⤵
-
\??\c:\rrxfllr.exec:\rrxfllr.exe191⤵
-
\??\c:\3fxflxf.exec:\3fxflxf.exe192⤵
-
\??\c:\nnhhhb.exec:\nnhhhb.exe193⤵
-
\??\c:\9hnhbb.exec:\9hnhbb.exe194⤵
-
\??\c:\3djdv.exec:\3djdv.exe195⤵
-
\??\c:\dpddp.exec:\dpddp.exe196⤵
-
\??\c:\lffxlrl.exec:\lffxlrl.exe197⤵
-
\??\c:\3ffffll.exec:\3ffffll.exe198⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe199⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe200⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe201⤵
-
\??\c:\3djdv.exec:\3djdv.exe202⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe203⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe204⤵
-
\??\c:\7fllllr.exec:\7fllllr.exe205⤵
-
\??\c:\nhnnnt.exec:\nhnnnt.exe206⤵
-
\??\c:\3hnhtn.exec:\3hnhtn.exe207⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe208⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe209⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe210⤵
-
\??\c:\llxxrll.exec:\llxxrll.exe211⤵
-
\??\c:\ffrlrrr.exec:\ffrlrrr.exe212⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe213⤵
-
\??\c:\nnnbbb.exec:\nnnbbb.exe214⤵
-
\??\c:\pddvp.exec:\pddvp.exe215⤵
-
\??\c:\xlxrllf.exec:\xlxrllf.exe216⤵
-
\??\c:\5frxflf.exec:\5frxflf.exe217⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe218⤵
-
\??\c:\3hnntb.exec:\3hnntb.exe219⤵
-
\??\c:\5nnnnn.exec:\5nnnnn.exe220⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe221⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe222⤵
-
\??\c:\xfrrrxf.exec:\xfrrrxf.exe223⤵
-
\??\c:\xlrllxx.exec:\xlrllxx.exe224⤵
-
\??\c:\xffxxxx.exec:\xffxxxx.exe225⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe226⤵
-
\??\c:\hhhbht.exec:\hhhbht.exe227⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe228⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe229⤵
-
\??\c:\jddvp.exec:\jddvp.exe230⤵
-
\??\c:\1frrrrf.exec:\1frrrrf.exe231⤵
-
\??\c:\rrrrlff.exec:\rrrrlff.exe232⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe233⤵
-
\??\c:\bbbhbt.exec:\bbbhbt.exe234⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe235⤵
-
\??\c:\jddvv.exec:\jddvv.exe236⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe237⤵
-
\??\c:\lrrxxfl.exec:\lrrxxfl.exe238⤵
-
\??\c:\9nbbbb.exec:\9nbbbb.exe239⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe240⤵