Analysis
-
max time kernel
150s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 12:25
General
-
Target
4a13e48281069f21e0d2f779de4d45b2b79d5e1161bcc94300ca69a93a0b9b43_NeikiAnalytics.exe
-
Size
54KB
-
MD5
ee254f686b0ac3310acfee675bf2b900
-
SHA1
41c49e1ca3b4782d69927de5c22a36422eeb5b45
-
SHA256
4a13e48281069f21e0d2f779de4d45b2b79d5e1161bcc94300ca69a93a0b9b43
-
SHA512
cc63b05d768e6d442965251ab4041c638fc6f324f5f1f55686df3ddba346535c1035b1e108d9f520f9120f88242c88d2fd9f82acceec5498940c4303da7b4d88
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFyZ:ymb3NkkiQ3mdBjFIFm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a13e48281069f21e0d2f779de4d45b2b79d5e1161bcc94300ca69a93a0b9b43_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a13e48281069f21e0d2f779de4d45b2b79d5e1161bcc94300ca69a93a0b9b43_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlffff.exec:\fxlffff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhtt.exec:\hthhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbh.exec:\hbhbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpp.exec:\vjdpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjj.exec:\pvdjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lllfff.exec:\1lllfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntbn.exec:\ntntbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhb.exec:\nhhbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlffx.exec:\3rrlffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnn.exec:\hhnnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnbb.exec:\thnnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpp.exec:\7dvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttnt.exec:\bbttnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnbh.exec:\5bnnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvp.exec:\vpvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrl.exec:\lffxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhhh.exec:\nnhhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe24⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe25⤵
- Executes dropped EXE
-
\??\c:\flflxrr.exec:\flflxrr.exe26⤵
- Executes dropped EXE
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe28⤵
- Executes dropped EXE
-
\??\c:\tbbbtn.exec:\tbbbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe30⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe31⤵
- Executes dropped EXE
-
\??\c:\xlfflxx.exec:\xlfflxx.exe32⤵
- Executes dropped EXE
-
\??\c:\1flfrll.exec:\1flfrll.exe33⤵
- Executes dropped EXE
-
\??\c:\htbntn.exec:\htbntn.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnhtb.exec:\nnnhtb.exe35⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\3rllxxx.exec:\3rllxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\ffllflf.exec:\ffllflf.exe38⤵
- Executes dropped EXE
-
\??\c:\5ntthh.exec:\5ntthh.exe39⤵
- Executes dropped EXE
-
\??\c:\7bthnh.exec:\7bthnh.exe40⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe41⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rllfxxx.exec:\rllfxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\rflxrfx.exec:\rflxrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\9rlxlfr.exec:\9rlxlfr.exe45⤵
- Executes dropped EXE
-
\??\c:\9htnhh.exec:\9htnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjpj.exec:\jdjpj.exe48⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\llxxflf.exec:\llxxflf.exe50⤵
- Executes dropped EXE
-
\??\c:\1rxffxr.exec:\1rxffxr.exe51⤵
- Executes dropped EXE
-
\??\c:\5rrrrxr.exec:\5rrrrxr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe53⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\djvpd.exec:\djvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\jjjdj.exec:\jjjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlrrrxx.exec:\xlrrrxx.exe57⤵
- Executes dropped EXE
-
\??\c:\9xllrrx.exec:\9xllrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhbbb.exec:\tbhbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe63⤵
- Executes dropped EXE
-
\??\c:\rrfxflf.exec:\rrfxflf.exe64⤵
- Executes dropped EXE
-
\??\c:\llxlxrx.exec:\llxlxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\hbnbbn.exec:\hbnbbn.exe66⤵
-
\??\c:\vvppp.exec:\vvppp.exe67⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe68⤵
-
\??\c:\vppjd.exec:\vppjd.exe69⤵
-
\??\c:\1rxxrrr.exec:\1rxxrrr.exe70⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe71⤵
-
\??\c:\5bnnbt.exec:\5bnnbt.exe72⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe73⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe74⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe75⤵
-
\??\c:\xffxrrl.exec:\xffxrrl.exe76⤵
-
\??\c:\btbttt.exec:\btbttt.exe77⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe78⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe79⤵
-
\??\c:\ddppj.exec:\ddppj.exe80⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe81⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe82⤵
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe83⤵
-
\??\c:\nntbtn.exec:\nntbtn.exe84⤵
-
\??\c:\jddvv.exec:\jddvv.exe85⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe86⤵
-
\??\c:\5fxrfxr.exec:\5fxrfxr.exe87⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe88⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe89⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe90⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe91⤵
-
\??\c:\jddjp.exec:\jddjp.exe92⤵
-
\??\c:\lxrllrl.exec:\lxrllrl.exe93⤵
-
\??\c:\xxlfffr.exec:\xxlfffr.exe94⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe95⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe96⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe97⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe98⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe99⤵
-
\??\c:\rlrrllf.exec:\rlrrllf.exe100⤵
-
\??\c:\nnttth.exec:\nnttth.exe101⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe102⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe103⤵
-
\??\c:\3vdvp.exec:\3vdvp.exe104⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe105⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe106⤵
-
\??\c:\1xxrlxx.exec:\1xxrlxx.exe107⤵
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe108⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe109⤵
-
\??\c:\3fxlxrl.exec:\3fxlxrl.exe110⤵
-
\??\c:\frfllfr.exec:\frfllfr.exe111⤵
-
\??\c:\rlrlllf.exec:\rlrlllf.exe112⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe113⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe114⤵
-
\??\c:\7pppj.exec:\7pppj.exe115⤵
-
\??\c:\5djvd.exec:\5djvd.exe116⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe117⤵
-
\??\c:\rlxfllr.exec:\rlxfllr.exe118⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe119⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe120⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe121⤵
-
\??\c:\5hhhtn.exec:\5hhhtn.exe122⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe123⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe124⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe125⤵
-
\??\c:\3rxrflf.exec:\3rxrflf.exe126⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe127⤵
-
\??\c:\thnhbh.exec:\thnhbh.exe128⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe129⤵
-
\??\c:\tnnbhn.exec:\tnnbhn.exe130⤵
-
\??\c:\jppjd.exec:\jppjd.exe131⤵
-
\??\c:\7vpjd.exec:\7vpjd.exe132⤵
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe133⤵
-
\??\c:\1llfxxf.exec:\1llfxxf.exe134⤵
-
\??\c:\bbnhbb.exec:\bbnhbb.exe135⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe136⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe137⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe138⤵
-
\??\c:\lrfxlfx.exec:\lrfxlfx.exe139⤵
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe140⤵
-
\??\c:\5rxlllr.exec:\5rxlllr.exe141⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe142⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe143⤵
-
\??\c:\9tbtnn.exec:\9tbtnn.exe144⤵
-
\??\c:\dddjp.exec:\dddjp.exe145⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe146⤵
-
\??\c:\9frrrxr.exec:\9frrrxr.exe147⤵
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe148⤵
-
\??\c:\rrrlfff.exec:\rrrlfff.exe149⤵
-
\??\c:\nhthbt.exec:\nhthbt.exe150⤵
-
\??\c:\tnhbbn.exec:\tnhbbn.exe151⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe152⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe153⤵
-
\??\c:\ffrlxxx.exec:\ffrlxxx.exe154⤵
-
\??\c:\fflxrlf.exec:\fflxrlf.exe155⤵
-
\??\c:\xrlllfr.exec:\xrlllfr.exe156⤵
-
\??\c:\tbnnnt.exec:\tbnnnt.exe157⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe158⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe159⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe160⤵
-
\??\c:\1jjjv.exec:\1jjjv.exe161⤵
-
\??\c:\lrrfrlf.exec:\lrrfrlf.exe162⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe163⤵
-
\??\c:\1ffrllf.exec:\1ffrllf.exe164⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe165⤵
-
\??\c:\hntnhn.exec:\hntnhn.exe166⤵
-
\??\c:\djvvj.exec:\djvvj.exe167⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe168⤵
-
\??\c:\vdpvd.exec:\vdpvd.exe169⤵
-
\??\c:\xffxlrr.exec:\xffxlrr.exe170⤵
-
\??\c:\5llxrlx.exec:\5llxrlx.exe171⤵
-
\??\c:\bhnbbn.exec:\bhnbbn.exe172⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe173⤵
-
\??\c:\dppjd.exec:\dppjd.exe174⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe175⤵
-
\??\c:\ffrlfll.exec:\ffrlfll.exe176⤵
-
\??\c:\lllrrxx.exec:\lllrrxx.exe177⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe178⤵
-
\??\c:\nntnnn.exec:\nntnnn.exe179⤵
-
\??\c:\xxxxllr.exec:\xxxxllr.exe180⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe181⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe182⤵
-
\??\c:\pjjjp.exec:\pjjjp.exe183⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe184⤵
-
\??\c:\fflrxxf.exec:\fflrxxf.exe185⤵
-
\??\c:\3lxxfxl.exec:\3lxxfxl.exe186⤵
-
\??\c:\3tbbtt.exec:\3tbbtt.exe187⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe188⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe189⤵
-
\??\c:\9pppv.exec:\9pppv.exe190⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe191⤵
-
\??\c:\lllfxxf.exec:\lllfxxf.exe192⤵
-
\??\c:\7rxrrrx.exec:\7rxrrrx.exe193⤵
-
\??\c:\7flffff.exec:\7flffff.exe194⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe195⤵
-
\??\c:\thnttb.exec:\thnttb.exe196⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe197⤵
-
\??\c:\djddp.exec:\djddp.exe198⤵
-
\??\c:\vvppj.exec:\vvppj.exe199⤵
-
\??\c:\7fxfffx.exec:\7fxfffx.exe200⤵
-
\??\c:\rxxxlll.exec:\rxxxlll.exe201⤵
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe202⤵
-
\??\c:\nhtnhb.exec:\nhtnhb.exe203⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe204⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe205⤵
-
\??\c:\jddvp.exec:\jddvp.exe206⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe207⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe208⤵
-
\??\c:\9lxxrrr.exec:\9lxxrrr.exe209⤵
-
\??\c:\flrxlxf.exec:\flrxlxf.exe210⤵
-
\??\c:\7rllfll.exec:\7rllfll.exe211⤵
-
\??\c:\1nnttt.exec:\1nnttt.exe212⤵
-
\??\c:\hnthnb.exec:\hnthnb.exe213⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe214⤵
-
\??\c:\jpppj.exec:\jpppj.exe215⤵
-
\??\c:\jppjd.exec:\jppjd.exe216⤵
-
\??\c:\rrxrrxr.exec:\rrxrrxr.exe217⤵
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe218⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe219⤵
-
\??\c:\nbhbhh.exec:\nbhbhh.exe220⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe221⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe222⤵
-
\??\c:\dddjv.exec:\dddjv.exe223⤵
-
\??\c:\xfxrlxf.exec:\xfxrlxf.exe224⤵
-
\??\c:\xxxllff.exec:\xxxllff.exe225⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe226⤵
-
\??\c:\bhbtnt.exec:\bhbtnt.exe227⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe228⤵
-
\??\c:\ddjvp.exec:\ddjvp.exe229⤵
-
\??\c:\rlrlflr.exec:\rlrlflr.exe230⤵
-
\??\c:\lllfxfx.exec:\lllfxfx.exe231⤵
-
\??\c:\xlxxrxl.exec:\xlxxrxl.exe232⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe233⤵
-
\??\c:\tbhbhn.exec:\tbhbhn.exe234⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe235⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe236⤵
-
\??\c:\vpppd.exec:\vpppd.exe237⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe238⤵
-
\??\c:\rlxffff.exec:\rlxffff.exe239⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe240⤵