Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 13:48
General
-
Target
58ed7b6f646ffc0338430c92a90bc8c8c04d3bf5981c3c2493f8ac5412475d2c_NeikiAnalytics.exe
-
Size
54KB
-
MD5
e1ba42173b0e44b27904fa6dfafc7900
-
SHA1
22e94519aac6cfaa94bd2300c5121c8e96e1b4a8
-
SHA256
58ed7b6f646ffc0338430c92a90bc8c8c04d3bf5981c3c2493f8ac5412475d2c
-
SHA512
09c409ffaadc5317a779008eeb50ef6c139b33318612c5f6b10467d12907d8ba5d5d8c8f6346f5ed52f1221ab572c84d0d7775e3bab897430592497c9f5d8c4a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIF5:ymb3NkkiQ3mdBjFIF5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\58ed7b6f646ffc0338430c92a90bc8c8c04d3bf5981c3c2493f8ac5412475d2c_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\58ed7b6f646ffc0338430c92a90bc8c8c04d3bf5981c3c2493f8ac5412475d2c_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrlll.exec:\xlxrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdp.exec:\jppdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvp.exec:\pjpvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxrl.exec:\lrxrxrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlfff.exec:\flxlfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrxff.exec:\fffrxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhth.exec:\nbhhth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlxrrl.exec:\1rlxrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnh.exec:\tnttnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxlxf.exec:\flrxlxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrfrr.exec:\xfrrfrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththtt.exec:\ththtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjvp.exec:\5vjvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrrlx.exec:\rxfrrlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlfxxf.exec:\3rlfxxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnthh.exec:\tbnthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxxrx.exec:\fllxxrx.exe23⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe24⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe25⤵
- Executes dropped EXE
-
\??\c:\rxfrffx.exec:\rxfrffx.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxrlll.exec:\xlxrlll.exe27⤵
- Executes dropped EXE
-
\??\c:\btthbn.exec:\btthbn.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe29⤵
- Executes dropped EXE
-
\??\c:\rfrllll.exec:\rfrllll.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe31⤵
- Executes dropped EXE
-
\??\c:\flrlfff.exec:\flrlfff.exe32⤵
- Executes dropped EXE
-
\??\c:\fxfxlxr.exec:\fxfxlxr.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe34⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1lfxrrl.exec:\1lfxrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe39⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe40⤵
- Executes dropped EXE
-
\??\c:\7fffrrl.exec:\7fffrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\5lllrlr.exec:\5lllrlr.exe42⤵
- Executes dropped EXE
-
\??\c:\7bbtnn.exec:\7bbtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\9dvjj.exec:\9dvjj.exe44⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe45⤵
- Executes dropped EXE
-
\??\c:\llfrlff.exec:\llfrlff.exe46⤵
- Executes dropped EXE
-
\??\c:\9tttnt.exec:\9tttnt.exe47⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\3pdvj.exec:\3pdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\tttnhh.exec:\tttnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\thnhtt.exec:\thnhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe53⤵
- Executes dropped EXE
-
\??\c:\9llrlll.exec:\9llrlll.exe54⤵
- Executes dropped EXE
-
\??\c:\rrlxrrl.exec:\rrlxrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\9ttttt.exec:\9ttttt.exe56⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\lfffrlf.exec:\lfffrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\1fllfff.exec:\1fllfff.exe59⤵
- Executes dropped EXE
-
\??\c:\bhtbtt.exec:\bhtbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe62⤵
- Executes dropped EXE
-
\??\c:\flrlrfr.exec:\flrlrfr.exe63⤵
- Executes dropped EXE
-
\??\c:\hhtbhb.exec:\hhtbhb.exe64⤵
- Executes dropped EXE
-
\??\c:\thnttb.exec:\thnttb.exe65⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe66⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe67⤵
-
\??\c:\fflfxlf.exec:\fflfxlf.exe68⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe69⤵
-
\??\c:\7tbhtt.exec:\7tbhtt.exe70⤵
-
\??\c:\7ppjv.exec:\7ppjv.exe71⤵
-
\??\c:\rffxlrl.exec:\rffxlrl.exe72⤵
-
\??\c:\lrlfffx.exec:\lrlfffx.exe73⤵
-
\??\c:\5bhhbb.exec:\5bhhbb.exe74⤵
-
\??\c:\thhtnn.exec:\thhtnn.exe75⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe76⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe77⤵
-
\??\c:\1fllxxx.exec:\1fllxxx.exe78⤵
-
\??\c:\1lfxflf.exec:\1lfxflf.exe79⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe80⤵
-
\??\c:\1vvpp.exec:\1vvpp.exe81⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe82⤵
-
\??\c:\bbbbnt.exec:\bbbbnt.exe83⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe84⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe85⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe86⤵
-
\??\c:\lxlxrlf.exec:\lxlxrlf.exe87⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe88⤵
-
\??\c:\btbttt.exec:\btbttt.exe89⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe90⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe91⤵
-
\??\c:\5xxrrlf.exec:\5xxrrlf.exe92⤵
-
\??\c:\bthhbh.exec:\bthhbh.exe93⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe94⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe95⤵
-
\??\c:\fxfxffl.exec:\fxfxffl.exe96⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe97⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe98⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe99⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe100⤵
-
\??\c:\3nhbtt.exec:\3nhbtt.exe101⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe102⤵
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe103⤵
-
\??\c:\9hnnhh.exec:\9hnnhh.exe104⤵
-
\??\c:\bnttnt.exec:\bnttnt.exe105⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe106⤵
-
\??\c:\rfffrxr.exec:\rfffrxr.exe107⤵
-
\??\c:\frlfxfx.exec:\frlfxfx.exe108⤵
-
\??\c:\btbttt.exec:\btbttt.exe109⤵
-
\??\c:\hhttnh.exec:\hhttnh.exe110⤵
-
\??\c:\1vddv.exec:\1vddv.exe111⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe112⤵
-
\??\c:\9fffrrr.exec:\9fffrrr.exe113⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe114⤵
-
\??\c:\nhtnnh.exec:\nhtnnh.exe115⤵
-
\??\c:\pvddd.exec:\pvddd.exe116⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe117⤵
-
\??\c:\1xrfrlf.exec:\1xrfrlf.exe118⤵
-
\??\c:\rrlflxx.exec:\rrlflxx.exe119⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe120⤵
-
\??\c:\3htthb.exec:\3htthb.exe121⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe122⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe123⤵
-
\??\c:\jppvv.exec:\jppvv.exe124⤵
-
\??\c:\lfxrffl.exec:\lfxrffl.exe125⤵
-
\??\c:\7lfflll.exec:\7lfflll.exe126⤵
-
\??\c:\nnhbhb.exec:\nnhbhb.exe127⤵
-
\??\c:\7tbthb.exec:\7tbthb.exe128⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe129⤵
-
\??\c:\jddvp.exec:\jddvp.exe130⤵
-
\??\c:\rrfxffl.exec:\rrfxffl.exe131⤵
-
\??\c:\dppvv.exec:\dppvv.exe132⤵
-
\??\c:\7xxlffx.exec:\7xxlffx.exe133⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe134⤵
-
\??\c:\hbhnbt.exec:\hbhnbt.exe135⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe136⤵
-
\??\c:\ddddp.exec:\ddddp.exe137⤵
-
\??\c:\fxxxlrr.exec:\fxxxlrr.exe138⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe139⤵
-
\??\c:\9nnhtb.exec:\9nnhtb.exe140⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe141⤵
-
\??\c:\xfxxlll.exec:\xfxxlll.exe142⤵
-
\??\c:\ffrxxlx.exec:\ffrxxlx.exe143⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe144⤵
-
\??\c:\tbtnbt.exec:\tbtnbt.exe145⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe146⤵
-
\??\c:\flrlrff.exec:\flrlrff.exe147⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe148⤵
-
\??\c:\tbnhhb.exec:\tbnhhb.exe149⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe150⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe151⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe152⤵
-
\??\c:\flrrffx.exec:\flrrffx.exe153⤵
-
\??\c:\lxfflfx.exec:\lxfflfx.exe154⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe155⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe156⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe157⤵
-
\??\c:\llxxllr.exec:\llxxllr.exe158⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe159⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe160⤵
-
\??\c:\lfxrllf.exec:\lfxrllf.exe161⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe162⤵
-
\??\c:\7pvjp.exec:\7pvjp.exe163⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe164⤵
-
\??\c:\lxfxlll.exec:\lxfxlll.exe165⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe166⤵
-
\??\c:\hbtttn.exec:\hbtttn.exe167⤵
-
\??\c:\djjdd.exec:\djjdd.exe168⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe169⤵
-
\??\c:\xfrfrrf.exec:\xfrfrrf.exe170⤵
-
\??\c:\tntnht.exec:\tntnht.exe171⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe172⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe173⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe174⤵
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe175⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe176⤵
-
\??\c:\thtthh.exec:\thtthh.exe177⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe178⤵
-
\??\c:\vpddp.exec:\vpddp.exe179⤵
-
\??\c:\xlrrlrx.exec:\xlrrlrx.exe180⤵
-
\??\c:\xrrrrll.exec:\xrrrrll.exe181⤵
-
\??\c:\ththtt.exec:\ththtt.exe182⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe183⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe184⤵
-
\??\c:\5vppj.exec:\5vppj.exe185⤵
-
\??\c:\xlrfxrr.exec:\xlrfxrr.exe186⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe187⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe188⤵
-
\??\c:\5fxxrrr.exec:\5fxxrrr.exe189⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe190⤵
-
\??\c:\htnnnh.exec:\htnnnh.exe191⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe192⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe193⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe194⤵
-
\??\c:\1llfrxr.exec:\1llfrxr.exe195⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe196⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe197⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe198⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe199⤵
-
\??\c:\xxrxrlf.exec:\xxrxrlf.exe200⤵
-
\??\c:\hnbhhh.exec:\hnbhhh.exe201⤵
-
\??\c:\9htnht.exec:\9htnht.exe202⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe203⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe204⤵
-
\??\c:\frlfrxr.exec:\frlfrxr.exe205⤵
-
\??\c:\xlfffxr.exec:\xlfffxr.exe206⤵
-
\??\c:\nhtbtn.exec:\nhtbtn.exe207⤵
-
\??\c:\dvppd.exec:\dvppd.exe208⤵
-
\??\c:\jdddp.exec:\jdddp.exe209⤵
-
\??\c:\xrrfrff.exec:\xrrfrff.exe210⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe211⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe212⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe213⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe214⤵
-
\??\c:\lxxrffx.exec:\lxxrffx.exe215⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe216⤵
-
\??\c:\3nhhtb.exec:\3nhhtb.exe217⤵
-
\??\c:\ddppp.exec:\ddppp.exe218⤵
-
\??\c:\3vppd.exec:\3vppd.exe219⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe220⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe221⤵
-
\??\c:\htttnn.exec:\htttnn.exe222⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe223⤵
-
\??\c:\9vpdd.exec:\9vpdd.exe224⤵
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe225⤵
-
\??\c:\xfflfff.exec:\xfflfff.exe226⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe227⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe228⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe229⤵
-
\??\c:\lxxllrl.exec:\lxxllrl.exe230⤵
-
\??\c:\5hnhbh.exec:\5hnhbh.exe231⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe232⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe233⤵
-
\??\c:\ntthhh.exec:\ntthhh.exe234⤵
-
\??\c:\vpppj.exec:\vpppj.exe235⤵
-
\??\c:\fxrlxxf.exec:\fxrlxxf.exe236⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe237⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe238⤵
-
\??\c:\fffrlxx.exec:\fffrlxx.exe239⤵
-
\??\c:\thbthh.exec:\thbthh.exe240⤵