Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 13:25
General
-
Target
54f39aebde61f67e7bdbe44c82ca08393c61e4048f097749d1bd37a332a7acc0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
025a00289948face7bdf2057c2603820
-
SHA1
979a61b1bea376f8bae9c6c7beeecd9e622176d3
-
SHA256
54f39aebde61f67e7bdbe44c82ca08393c61e4048f097749d1bd37a332a7acc0
-
SHA512
4b6bcffb1a70fa9a88ea9775f0a5586ae109898eda5da9fdf5eee8224f27487cc193adeb522684a63a35875a7603c900998a634f363a493b46d0950bc6fe44e6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8njh:ymb3NkkiQ3mdBjFo7LAIbT6jh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\54f39aebde61f67e7bdbe44c82ca08393c61e4048f097749d1bd37a332a7acc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\54f39aebde61f67e7bdbe44c82ca08393c61e4048f097749d1bd37a332a7acc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbnb.exec:\tbbbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxfxxr.exec:\5fxfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxffl.exec:\xxlxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxlffx.exec:\9xxlffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnttb.exec:\tbnttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpj.exec:\jddpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhh.exec:\btbhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrll.exec:\lxfxrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjp.exec:\vvdjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrlffl.exec:\1rrlffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhh.exec:\bhnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvd.exec:\3jdvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lffffx.exec:\5lffffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnh.exec:\nnttnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nttnt.exec:\1nttnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjp.exec:\vpvjp.exe23⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe24⤵
- Executes dropped EXE
-
\??\c:\rrrxxlf.exec:\rrrxxlf.exe25⤵
- Executes dropped EXE
-
\??\c:\nbnnhb.exec:\nbnnhb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe27⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\ntbhht.exec:\ntbhht.exe33⤵
- Executes dropped EXE
-
\??\c:\5nhbtn.exec:\5nhbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\3jppj.exec:\3jppj.exe35⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe36⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\rrlxffl.exec:\rrlxffl.exe38⤵
- Executes dropped EXE
-
\??\c:\7nhnhh.exec:\7nhnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\tbbtnh.exec:\tbbtnh.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrlxr.exec:\lxlrlxr.exe42⤵
- Executes dropped EXE
-
\??\c:\xlfxlff.exec:\xlfxlff.exe43⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\3htnhh.exec:\3htnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\7vpdd.exec:\7vpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe50⤵
- Executes dropped EXE
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe51⤵
- Executes dropped EXE
-
\??\c:\btbntn.exec:\btbntn.exe52⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\1flfrlf.exec:\1flfrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxlxrf.exec:\xrxlxrf.exe56⤵
- Executes dropped EXE
-
\??\c:\hntnhn.exec:\hntnhn.exe57⤵
- Executes dropped EXE
-
\??\c:\jpddp.exec:\jpddp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxxllll.exec:\lxxllll.exe59⤵
- Executes dropped EXE
-
\??\c:\rllxfff.exec:\rllxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\nbnhth.exec:\nbnhth.exe61⤵
- Executes dropped EXE
-
\??\c:\7tnbnt.exec:\7tnbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrrfxr.exec:\fxrrfxr.exe64⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\9pjjv.exec:\9pjjv.exe66⤵
-
\??\c:\lrllfff.exec:\lrllfff.exe67⤵
-
\??\c:\rfrlxxl.exec:\rfrlxxl.exe68⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe69⤵
-
\??\c:\vvddj.exec:\vvddj.exe70⤵
-
\??\c:\xlrlxfx.exec:\xlrlxfx.exe71⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe72⤵
-
\??\c:\pddvj.exec:\pddvj.exe73⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe74⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe75⤵
-
\??\c:\tbbnhb.exec:\tbbnhb.exe76⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe77⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe78⤵
-
\??\c:\9lrfllr.exec:\9lrfllr.exe79⤵
-
\??\c:\1bbbbb.exec:\1bbbbb.exe80⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe81⤵
-
\??\c:\djjdv.exec:\djjdv.exe82⤵
-
\??\c:\xfffllf.exec:\xfffllf.exe83⤵
-
\??\c:\xxxlfxr.exec:\xxxlfxr.exe84⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe85⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe86⤵
-
\??\c:\vppjd.exec:\vppjd.exe87⤵
-
\??\c:\ffrffrr.exec:\ffrffrr.exe88⤵
-
\??\c:\9rlfrlf.exec:\9rlfrlf.exe89⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe90⤵
-
\??\c:\hthbnh.exec:\hthbnh.exe91⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe92⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe93⤵
-
\??\c:\lfxfxrl.exec:\lfxfxrl.exe94⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe95⤵
-
\??\c:\5bbtbt.exec:\5bbtbt.exe96⤵
-
\??\c:\7ttnhb.exec:\7ttnhb.exe97⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe98⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe99⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe100⤵
-
\??\c:\xrlxrrf.exec:\xrlxrrf.exe101⤵
-
\??\c:\frfxlrf.exec:\frfxlrf.exe102⤵
-
\??\c:\tbbhtt.exec:\tbbhtt.exe103⤵
-
\??\c:\thbthb.exec:\thbthb.exe104⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe105⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe106⤵
-
\??\c:\7rfrfrl.exec:\7rfrfrl.exe107⤵
-
\??\c:\rlrllfl.exec:\rlrllfl.exe108⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe109⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe110⤵
-
\??\c:\xfxrrrl.exec:\xfxrrrl.exe111⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe112⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe113⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe114⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe115⤵
-
\??\c:\9llfrxl.exec:\9llfrxl.exe116⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe117⤵
-
\??\c:\7hbttt.exec:\7hbttt.exe118⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe119⤵
-
\??\c:\7vvpd.exec:\7vvpd.exe120⤵
-
\??\c:\3xrrxll.exec:\3xrrxll.exe121⤵
-
\??\c:\9xrrlfx.exec:\9xrrlfx.exe122⤵
-
\??\c:\7btnbt.exec:\7btnbt.exe123⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe124⤵
-
\??\c:\dddvd.exec:\dddvd.exe125⤵
-
\??\c:\xfllrrr.exec:\xfllrrr.exe126⤵
-
\??\c:\btttbt.exec:\btttbt.exe127⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe128⤵
-
\??\c:\pddvp.exec:\pddvp.exe129⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe130⤵
-
\??\c:\fxlxxrl.exec:\fxlxxrl.exe131⤵
-
\??\c:\5hnhhh.exec:\5hnhhh.exe132⤵
-
\??\c:\nhbnhb.exec:\nhbnhb.exe133⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe134⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe135⤵
-
\??\c:\xlfrfxl.exec:\xlfrfxl.exe136⤵
-
\??\c:\fxxrfxl.exec:\fxxrfxl.exe137⤵
-
\??\c:\7hbnhb.exec:\7hbnhb.exe138⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe139⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe140⤵
-
\??\c:\7ppvj.exec:\7ppvj.exe141⤵
-
\??\c:\7tbbnn.exec:\7tbbnn.exe142⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe143⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe144⤵
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe145⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe146⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe147⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe148⤵
-
\??\c:\rrxllfx.exec:\rrxllfx.exe149⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe150⤵
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe151⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe152⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe153⤵
-
\??\c:\7vjjd.exec:\7vjjd.exe154⤵
-
\??\c:\dddvj.exec:\dddvj.exe155⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe156⤵
-
\??\c:\xrrlxrr.exec:\xrrlxrr.exe157⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe158⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe159⤵
-
\??\c:\9tbthh.exec:\9tbthh.exe160⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe161⤵
-
\??\c:\dpppj.exec:\dpppj.exe162⤵
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe163⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe164⤵
-
\??\c:\9btnbt.exec:\9btnbt.exe165⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe166⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe167⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe168⤵
-
\??\c:\3btnhh.exec:\3btnhh.exe169⤵
-
\??\c:\nhtbbt.exec:\nhtbbt.exe170⤵
-
\??\c:\vjddp.exec:\vjddp.exe171⤵
-
\??\c:\dddvp.exec:\dddvp.exe172⤵
-
\??\c:\flffrxl.exec:\flffrxl.exe173⤵
-
\??\c:\fffxlxr.exec:\fffxlxr.exe174⤵
-
\??\c:\bttthn.exec:\bttthn.exe175⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe176⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe177⤵
-
\??\c:\frxrxxr.exec:\frxrxxr.exe178⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe179⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe180⤵
-
\??\c:\thbnht.exec:\thbnht.exe181⤵
-
\??\c:\jddpv.exec:\jddpv.exe182⤵
-
\??\c:\1dvpv.exec:\1dvpv.exe183⤵
-
\??\c:\9lfxlxr.exec:\9lfxlxr.exe184⤵
-
\??\c:\rlxrflf.exec:\rlxrflf.exe185⤵
-
\??\c:\bbhbnh.exec:\bbhbnh.exe186⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe187⤵
-
\??\c:\3hthbt.exec:\3hthbt.exe188⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe189⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe190⤵
-
\??\c:\xrlxrlr.exec:\xrlxrlr.exe191⤵
-
\??\c:\llfxrrf.exec:\llfxrrf.exe192⤵
-
\??\c:\1htnbh.exec:\1htnbh.exe193⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe194⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe195⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe196⤵
-
\??\c:\xfffxrl.exec:\xfffxrl.exe197⤵
-
\??\c:\xxxrfxr.exec:\xxxrfxr.exe198⤵
-
\??\c:\thtthn.exec:\thtthn.exe199⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe200⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe201⤵
-
\??\c:\vdddp.exec:\vdddp.exe202⤵
-
\??\c:\5pvvj.exec:\5pvvj.exe203⤵
-
\??\c:\fllxxrl.exec:\fllxxrl.exe204⤵
-
\??\c:\fllxrxr.exec:\fllxrxr.exe205⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe206⤵
-
\??\c:\bnnthb.exec:\bnnthb.exe207⤵
-
\??\c:\1tttnh.exec:\1tttnh.exe208⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe209⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe210⤵
-
\??\c:\7llflxr.exec:\7llflxr.exe211⤵
-
\??\c:\lffffxx.exec:\lffffxx.exe212⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe213⤵
-
\??\c:\bbbnbt.exec:\bbbnbt.exe214⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe215⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe216⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe217⤵
-
\??\c:\xxxlffx.exec:\xxxlffx.exe218⤵
-
\??\c:\5lrlxrx.exec:\5lrlxrx.exe219⤵
-
\??\c:\5ttnbt.exec:\5ttnbt.exe220⤵
-
\??\c:\3hhnhn.exec:\3hhnhn.exe221⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe222⤵
-
\??\c:\djdpj.exec:\djdpj.exe223⤵
-
\??\c:\9fxrxrl.exec:\9fxrxrl.exe224⤵
-
\??\c:\3xxfxxr.exec:\3xxfxxr.exe225⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe226⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe227⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe228⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe229⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe230⤵
-
\??\c:\rlllxrf.exec:\rlllxrf.exe231⤵
-
\??\c:\1xlfxrl.exec:\1xlfxrl.exe232⤵
-
\??\c:\3nhhbt.exec:\3nhhbt.exe233⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe234⤵
-
\??\c:\nbhhbh.exec:\nbhhbh.exe235⤵
-
\??\c:\vppjp.exec:\vppjp.exe236⤵
-
\??\c:\7jjdj.exec:\7jjdj.exe237⤵
-
\??\c:\fxlflff.exec:\fxlflff.exe238⤵
-
\??\c:\tnnhnt.exec:\tnnhnt.exe239⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe240⤵