Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 20:38
General
-
Target
09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe
-
Size
348KB
-
MD5
09e448d6acaaa3714663ecb28531a590
-
SHA1
6fcdd4207baba52bdaefae47abd5afc68e80190d
-
SHA256
b145a74f7cf04b6d3a8a8489d6b0c08eab9e23b867cca2a8ea2dbc304d7b972a
-
SHA512
9d4bc69eb176e04e0dc2dbc980c18b3aaadbb53bb7c5554c0e87f3c9b48f52686ef0cf2e5d02c31dd899b4b7851d76d1c000c89f110540f32721c23c90f3ee54
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31TeMN7E1DCqkj5ad427ykS9WOCUyTAoqt:n3C9BRo7MlrWKo+lS0Le4xRSAoq7mjKz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\MusNotification.exeC:\Windows\system32\MusNotification.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\09e448d6acaaa3714663ecb28531a590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttt.exec:\bnbttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjj.exec:\jppjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxfxxx.exec:\xfxfxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnbtb.exec:\9bnbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frxrrl.exec:\5frxrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnhh.exec:\hhtnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlxfx.exec:\frxlxfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhthb.exec:\bnhthb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthnh.exec:\nnthnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpp.exec:\jjvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllffx.exec:\lxllffx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhhh.exec:\9hnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvv.exec:\9vdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvpv.exec:\1pvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrrrr.exec:\flxrrrr.exe23⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\7dpjd.exec:\7dpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\xffxxrr.exec:\xffxxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\9hbhht.exec:\9hbhht.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe29⤵
- Executes dropped EXE
-
\??\c:\9xxllfl.exec:\9xxllfl.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnnbt.exec:\ntnnbt.exe31⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\fxllxrr.exec:\fxllxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbbnb.exec:\tbbbnb.exe35⤵
- Executes dropped EXE
-
\??\c:\djjvj.exec:\djjvj.exe36⤵
- Executes dropped EXE
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe38⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe40⤵
- Executes dropped EXE
-
\??\c:\rfxrfxx.exec:\rfxrfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\ththnb.exec:\ththnb.exe42⤵
- Executes dropped EXE
-
\??\c:\bbntbt.exec:\bbntbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe44⤵
- Executes dropped EXE
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\rfflffx.exec:\rfflffx.exe46⤵
- Executes dropped EXE
-
\??\c:\bnbhnh.exec:\bnbhnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe48⤵
- Executes dropped EXE
-
\??\c:\7vvpp.exec:\7vvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\rxxfrlf.exec:\rxxfrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbtnt.exec:\nhbtnt.exe51⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe52⤵
- Executes dropped EXE
-
\??\c:\7jjjd.exec:\7jjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\xffxrlf.exec:\xffxrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\tbtttt.exec:\tbtttt.exe55⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlfxrx.exec:\lxlfxrx.exe58⤵
- Executes dropped EXE
-
\??\c:\xfffxxx.exec:\xfffxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe60⤵
- Executes dropped EXE
-
\??\c:\hbntnt.exec:\hbntnt.exe61⤵
- Executes dropped EXE
-
\??\c:\7ddpj.exec:\7ddpj.exe62⤵
- Executes dropped EXE
-
\??\c:\xfxrffx.exec:\xfxrffx.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hntntt.exec:\hntntt.exe65⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe66⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe67⤵
-
\??\c:\rxflrfr.exec:\rxflrfr.exe68⤵
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe69⤵
-
\??\c:\1hhbnt.exec:\1hhbnt.exe70⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe71⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe72⤵
-
\??\c:\lxllflx.exec:\lxllflx.exe73⤵
-
\??\c:\llfxffl.exec:\llfxffl.exe74⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe75⤵
-
\??\c:\1llfllx.exec:\1llfllx.exe76⤵
-
\??\c:\7rrlflf.exec:\7rrlflf.exe77⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe78⤵
-
\??\c:\bhthnh.exec:\bhthnh.exe79⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe80⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe81⤵
-
\??\c:\fxrlflf.exec:\fxrlflf.exe82⤵
-
\??\c:\7flfxrl.exec:\7flfxrl.exe83⤵
-
\??\c:\httbnn.exec:\httbnn.exe84⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe85⤵
-
\??\c:\dpddv.exec:\dpddv.exe86⤵
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe87⤵
-
\??\c:\ffxrfrf.exec:\ffxrfrf.exe88⤵
-
\??\c:\tbbhtn.exec:\tbbhtn.exe89⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe90⤵
-
\??\c:\7vdpp.exec:\7vdpp.exe91⤵
-
\??\c:\9fxrfxr.exec:\9fxrfxr.exe92⤵
-
\??\c:\lrrxxfl.exec:\lrrxxfl.exe93⤵
-
\??\c:\xffrrll.exec:\xffrrll.exe94⤵
-
\??\c:\7nhbbb.exec:\7nhbbb.exe95⤵
-
\??\c:\vddvp.exec:\vddvp.exe96⤵
-
\??\c:\vpppp.exec:\vpppp.exe97⤵
-
\??\c:\rllrlxl.exec:\rllrlxl.exe98⤵
-
\??\c:\xrfxlrl.exec:\xrfxlrl.exe99⤵
-
\??\c:\hbbnbt.exec:\hbbnbt.exe100⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe101⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe102⤵
-
\??\c:\1ffxrrx.exec:\1ffxrrx.exe103⤵
-
\??\c:\xrlxrxl.exec:\xrlxrxl.exe104⤵
-
\??\c:\bhhtbt.exec:\bhhtbt.exe105⤵
-
\??\c:\htthbt.exec:\htthbt.exe106⤵
-
\??\c:\jppjv.exec:\jppjv.exe107⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe108⤵
-
\??\c:\lxxlxlr.exec:\lxxlxlr.exe109⤵
-
\??\c:\nhbbhb.exec:\nhbbhb.exe110⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe111⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe112⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe113⤵
-
\??\c:\3lflflf.exec:\3lflflf.exe114⤵
-
\??\c:\fxfllrr.exec:\fxfllrr.exe115⤵
-
\??\c:\tbnbtt.exec:\tbnbtt.exe116⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe117⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe118⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe119⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe120⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe121⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe122⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe123⤵
-
\??\c:\lrxxxrl.exec:\lrxxxrl.exe124⤵
-
\??\c:\nbthbt.exec:\nbthbt.exe125⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe126⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe127⤵
-
\??\c:\rlrfxff.exec:\rlrfxff.exe128⤵
-
\??\c:\bhhhhb.exec:\bhhhhb.exe129⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe130⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe131⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe132⤵
-
\??\c:\rxfxllf.exec:\rxfxllf.exe133⤵
-
\??\c:\xrrlrxr.exec:\xrrlrxr.exe134⤵
-
\??\c:\hnntht.exec:\hnntht.exe135⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe136⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe137⤵
-
\??\c:\rxrflrx.exec:\rxrflrx.exe138⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe139⤵
-
\??\c:\nttbht.exec:\nttbht.exe140⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe141⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe142⤵
-
\??\c:\llfxxll.exec:\llfxxll.exe143⤵
-
\??\c:\lrffrrl.exec:\lrffrrl.exe144⤵
-
\??\c:\nhnbtb.exec:\nhnbtb.exe145⤵
-
\??\c:\9jvpj.exec:\9jvpj.exe146⤵
-
\??\c:\5pvpj.exec:\5pvpj.exe147⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe148⤵
-
\??\c:\xfrffrl.exec:\xfrffrl.exe149⤵
-
\??\c:\bntnbt.exec:\bntnbt.exe150⤵
-
\??\c:\tththh.exec:\tththh.exe151⤵
-
\??\c:\dpppv.exec:\dpppv.exe152⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe153⤵
-
\??\c:\rllffxx.exec:\rllffxx.exe154⤵
-
\??\c:\hnnbtn.exec:\hnnbtn.exe155⤵
-
\??\c:\5thbnh.exec:\5thbnh.exe156⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe157⤵
-
\??\c:\lxxxrll.exec:\lxxxrll.exe158⤵
-
\??\c:\xlllfff.exec:\xlllfff.exe159⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe160⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe161⤵
-
\??\c:\pddvp.exec:\pddvp.exe162⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe163⤵
-
\??\c:\lxrlfff.exec:\lxrlfff.exe164⤵
-
\??\c:\frllrrr.exec:\frllrrr.exe165⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe166⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe167⤵
-
\??\c:\djpjv.exec:\djpjv.exe168⤵
-
\??\c:\lffrxrf.exec:\lffrxrf.exe169⤵
-
\??\c:\fflflfx.exec:\fflflfx.exe170⤵
-
\??\c:\1hnbtn.exec:\1hnbtn.exe171⤵
-
\??\c:\3hhnht.exec:\3hhnht.exe172⤵
-
\??\c:\5jjvj.exec:\5jjvj.exe173⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe174⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe175⤵
-
\??\c:\bnhbnh.exec:\bnhbnh.exe176⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe177⤵
-
\??\c:\vddpd.exec:\vddpd.exe178⤵
-
\??\c:\jpppd.exec:\jpppd.exe179⤵
-
\??\c:\frlxlxl.exec:\frlxlxl.exe180⤵
-
\??\c:\7lrflll.exec:\7lrflll.exe181⤵
-
\??\c:\9nhtnb.exec:\9nhtnb.exe182⤵
-
\??\c:\nthhht.exec:\nthhht.exe183⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe184⤵
-
\??\c:\flfrlxr.exec:\flfrlxr.exe185⤵
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe186⤵
-
\??\c:\nhhbnb.exec:\nhhbnb.exe187⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe188⤵
-
\??\c:\7vpdp.exec:\7vpdp.exe189⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe190⤵
-
\??\c:\frrfxrl.exec:\frrfxrl.exe191⤵
-
\??\c:\rllxrlf.exec:\rllxrlf.exe192⤵
-
\??\c:\9tthtt.exec:\9tthtt.exe193⤵
-
\??\c:\nnhtth.exec:\nnhtth.exe194⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe195⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe196⤵
-
\??\c:\9ffxlfl.exec:\9ffxlfl.exe197⤵
-
\??\c:\tbbtnt.exec:\tbbtnt.exe198⤵
-
\??\c:\bbnhbh.exec:\bbnhbh.exe199⤵
-
\??\c:\vppdv.exec:\vppdv.exe200⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe201⤵
-
\??\c:\lrlfxrl.exec:\lrlfxrl.exe202⤵
-
\??\c:\flfflrx.exec:\flfflrx.exe203⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe204⤵
-
\??\c:\ttthbn.exec:\ttthbn.exe205⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe206⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe207⤵
-
\??\c:\fffrrll.exec:\fffrrll.exe208⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe209⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe210⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe211⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe212⤵
-
\??\c:\lflxlfr.exec:\lflxlfr.exe213⤵
-
\??\c:\tbhttt.exec:\tbhttt.exe214⤵
-
\??\c:\jddvj.exec:\jddvj.exe215⤵
-
\??\c:\rrrfxlx.exec:\rrrfxlx.exe216⤵
-
\??\c:\xllrlrf.exec:\xllrlrf.exe217⤵
-
\??\c:\tnnbbt.exec:\tnnbbt.exe218⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe219⤵
-
\??\c:\frfrfxl.exec:\frfrfxl.exe220⤵
-
\??\c:\btbnbt.exec:\btbnbt.exe221⤵
-
\??\c:\rlxrxrx.exec:\rlxrxrx.exe222⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe223⤵
-
\??\c:\xlxrfxl.exec:\xlxrfxl.exe224⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe225⤵
-
\??\c:\lrflrfl.exec:\lrflrfl.exe226⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe227⤵
-
\??\c:\lxfrfxx.exec:\lxfrfxx.exe228⤵
-
\??\c:\1hbnhh.exec:\1hbnhh.exe229⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe230⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe231⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe232⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe233⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe234⤵
-
\??\c:\xfrrxrf.exec:\xfrrxrf.exe235⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe236⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe237⤵
-
\??\c:\bntnhn.exec:\bntnhn.exe238⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe239⤵
-
\??\c:\5flxfxx.exec:\5flxfxx.exe240⤵