Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 12:34
General
-
Target
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe
-
Size
56KB
-
MD5
b0a9a55fbebae79c87ac820fc23cc970
-
SHA1
0034c370f57336bd29b0afbdc9cd4d328e198a55
-
SHA256
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff
-
SHA512
ab834ec8c469838fbe15955b4d807d2ef9fa6330e6db7eeddd4e7879630f51cbcbbba7aab43acb552c1a1fc9461f7b2dfac69f4427c25f3faa93af344cf103ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFeD:ymb3NkkiQ3mdBjFIFeD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxxfx.exec:\xfrxxfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttbth.exec:\3ttbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htthh.exec:\5htthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfrrl.exec:\llxfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnhn.exec:\hhhnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnb.exec:\nhhnnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrrrl.exec:\rllrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhbb.exec:\7hnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlfrr.exec:\frxlfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thhbh.exec:\1thhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjdd.exec:\3jjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxfx.exec:\fxflxfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjj.exec:\1jjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrfx.exec:\fxrrrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe28⤵
- Executes dropped EXE
-
\??\c:\5llrlxl.exec:\5llrlxl.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\frlxfxl.exec:\frlxfxl.exe32⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe36⤵
- Executes dropped EXE
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe38⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe39⤵
- Executes dropped EXE
-
\??\c:\1jppd.exec:\1jppd.exe40⤵
- Executes dropped EXE
-
\??\c:\lllxxxl.exec:\lllxxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\9frrlrl.exec:\9frrlrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnhnh.exec:\hnnhnh.exe43⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe44⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe45⤵
- Executes dropped EXE
-
\??\c:\3vjjj.exec:\3vjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\3rxrlll.exec:\3rxrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\hhntnb.exec:\hhntnb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\rrrrllr.exec:\rrrrllr.exe51⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe54⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\9ffffff.exec:\9ffffff.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnhbn.exec:\nhnhbn.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhbnt.exec:\hbhbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe61⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xxlllrx.exec:\xxlllrx.exe64⤵
- Executes dropped EXE
-
\??\c:\3bhhht.exec:\3bhhht.exe65⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe66⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe67⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe68⤵
-
\??\c:\jdppp.exec:\jdppp.exe69⤵
-
\??\c:\3fllfff.exec:\3fllfff.exe70⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe71⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe72⤵
-
\??\c:\nnttnb.exec:\nnttnb.exe73⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe74⤵
-
\??\c:\djpjd.exec:\djpjd.exe75⤵
-
\??\c:\fxllrrr.exec:\fxllrrr.exe76⤵
-
\??\c:\1fllrrx.exec:\1fllrrx.exe77⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe78⤵
-
\??\c:\9hhhth.exec:\9hhhth.exe79⤵
-
\??\c:\ppppj.exec:\ppppj.exe80⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe81⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe82⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe83⤵
-
\??\c:\htnntb.exec:\htnntb.exe84⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe85⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe86⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe87⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe88⤵
-
\??\c:\fxrxrll.exec:\fxrxrll.exe89⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe90⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe91⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe92⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe93⤵
-
\??\c:\vpddv.exec:\vpddv.exe94⤵
-
\??\c:\fllfxlf.exec:\fllfxlf.exe95⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe96⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe97⤵
-
\??\c:\xfxxrxx.exec:\xfxxrxx.exe98⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe99⤵
-
\??\c:\dddvp.exec:\dddvp.exe100⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe101⤵
-
\??\c:\llrflff.exec:\llrflff.exe102⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe103⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe104⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe105⤵
-
\??\c:\9xlllrx.exec:\9xlllrx.exe106⤵
-
\??\c:\rlrfffx.exec:\rlrfffx.exe107⤵
-
\??\c:\7lfflrf.exec:\7lfflrf.exe108⤵
-
\??\c:\httbtt.exec:\httbtt.exe109⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe110⤵
-
\??\c:\jppjd.exec:\jppjd.exe111⤵
-
\??\c:\9xfxlll.exec:\9xfxlll.exe112⤵
-
\??\c:\7rrlllr.exec:\7rrlllr.exe113⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe114⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe115⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe116⤵
-
\??\c:\llfrlfl.exec:\llfrlfl.exe117⤵
-
\??\c:\xfffffx.exec:\xfffffx.exe118⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe119⤵
-
\??\c:\9bhbhn.exec:\9bhbhn.exe120⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe121⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe122⤵
-
\??\c:\3tbtnn.exec:\3tbtnn.exe123⤵
-
\??\c:\hthnth.exec:\hthnth.exe124⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe125⤵
-
\??\c:\fffllll.exec:\fffllll.exe126⤵
-
\??\c:\1lfxxxr.exec:\1lfxxxr.exe127⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe128⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe129⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe130⤵
-
\??\c:\frrrflx.exec:\frrrflx.exe131⤵
-
\??\c:\7rlffrr.exec:\7rlffrr.exe132⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe133⤵
-
\??\c:\hntthh.exec:\hntthh.exe134⤵
-
\??\c:\jdddv.exec:\jdddv.exe135⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe136⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe137⤵
-
\??\c:\1fxxxrr.exec:\1fxxxrr.exe138⤵
-
\??\c:\bbhhnh.exec:\bbhhnh.exe139⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe140⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe141⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe142⤵
-
\??\c:\xffrlll.exec:\xffrlll.exe143⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe144⤵
-
\??\c:\5tnnnn.exec:\5tnnnn.exe145⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe146⤵
-
\??\c:\rlxrfxf.exec:\rlxrfxf.exe147⤵
-
\??\c:\btthbh.exec:\btthbh.exe148⤵
-
\??\c:\httnbt.exec:\httnbt.exe149⤵
-
\??\c:\jjppd.exec:\jjppd.exe150⤵
-
\??\c:\dppjv.exec:\dppjv.exe151⤵
-
\??\c:\lfxfflr.exec:\lfxfflr.exe152⤵
-
\??\c:\fffffll.exec:\fffffll.exe153⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe154⤵
-
\??\c:\htttnn.exec:\htttnn.exe155⤵
-
\??\c:\9pjjp.exec:\9pjjp.exe156⤵
-
\??\c:\1fffxll.exec:\1fffxll.exe157⤵
-
\??\c:\rflffff.exec:\rflffff.exe158⤵
-
\??\c:\1xxxrxx.exec:\1xxxrxx.exe159⤵
-
\??\c:\5bhbhb.exec:\5bhbhb.exe160⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe161⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe162⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe163⤵
-
\??\c:\rxlxlfr.exec:\rxlxlfr.exe164⤵
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe165⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe166⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe167⤵
-
\??\c:\9jpjd.exec:\9jpjd.exe168⤵
-
\??\c:\jddvp.exec:\jddvp.exe169⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe170⤵
-
\??\c:\frxllrr.exec:\frxllrr.exe171⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe172⤵
-
\??\c:\5hhtnn.exec:\5hhtnn.exe173⤵
-
\??\c:\9jpdv.exec:\9jpdv.exe174⤵
-
\??\c:\lfxrflf.exec:\lfxrflf.exe175⤵
-
\??\c:\1rrllfx.exec:\1rrllfx.exe176⤵
-
\??\c:\flllxxx.exec:\flllxxx.exe177⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe178⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe179⤵
-
\??\c:\7nnhnh.exec:\7nnhnh.exe180⤵
-
\??\c:\5pddv.exec:\5pddv.exe181⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe182⤵
-
\??\c:\rrxllfx.exec:\rrxllfx.exe183⤵
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe184⤵
-
\??\c:\htbhnn.exec:\htbhnn.exe185⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe186⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe187⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe188⤵
-
\??\c:\frrrflf.exec:\frrrflf.exe189⤵
-
\??\c:\7thbbb.exec:\7thbbb.exe190⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe191⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe192⤵
-
\??\c:\xrxrfff.exec:\xrxrfff.exe193⤵
-
\??\c:\xrrxxlf.exec:\xrrxxlf.exe194⤵
-
\??\c:\7bhhhh.exec:\7bhhhh.exe195⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe196⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe197⤵
-
\??\c:\fxxfxxf.exec:\fxxfxxf.exe198⤵
-
\??\c:\bnnnht.exec:\bnnnht.exe199⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe200⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe201⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe202⤵
-
\??\c:\fllfrlf.exec:\fllfrlf.exe203⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe204⤵
-
\??\c:\xrrlllx.exec:\xrrlllx.exe205⤵
-
\??\c:\rllrxxr.exec:\rllrxxr.exe206⤵
-
\??\c:\nnbhbh.exec:\nnbhbh.exe207⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe208⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe209⤵
-
\??\c:\lfrlrll.exec:\lfrlrll.exe210⤵
-
\??\c:\5bhbnh.exec:\5bhbnh.exe211⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe212⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe213⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe214⤵
-
\??\c:\5rfxlrx.exec:\5rfxlrx.exe215⤵
-
\??\c:\rxllrrl.exec:\rxllrrl.exe216⤵
-
\??\c:\3bhttt.exec:\3bhttt.exe217⤵
-
\??\c:\bhbttt.exec:\bhbttt.exe218⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe219⤵
-
\??\c:\1xrxlxr.exec:\1xrxlxr.exe220⤵
-
\??\c:\5flllll.exec:\5flllll.exe221⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe222⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe223⤵
-
\??\c:\vdppj.exec:\vdppj.exe224⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe225⤵
-
\??\c:\9vppp.exec:\9vppp.exe226⤵
-
\??\c:\fxxxffx.exec:\fxxxffx.exe227⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe228⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe229⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe230⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe231⤵
-
\??\c:\9vjvp.exec:\9vjvp.exe232⤵
-
\??\c:\rxxxfrx.exec:\rxxxfrx.exe233⤵
-
\??\c:\lfllrxx.exec:\lfllrxx.exe234⤵
-
\??\c:\5bthbb.exec:\5bthbb.exe235⤵
-
\??\c:\jvdjv.exec:\jvdjv.exe236⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe237⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe238⤵
-
\??\c:\5xllffl.exec:\5xllffl.exe239⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe240⤵