Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 05:45
General
-
Target
20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe
-
Size
75KB
-
MD5
20c2ae1adf98979e676e81903e75a800
-
SHA1
90a9e1d227a8f2734fce9e66ce95a9d13125c822
-
SHA256
066e197becd04e501bb1faf937568c4b021aaac23b7765ee6b7f911fda05e686
-
SHA512
4bcad320fece15228c96188cebb7d8bfff8f69bc66fdee5138dcd48afc5746b29eb0f882c792528726bd8579e37b30b70a73dacf125fc7cf0eb609d6e22aa8dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1A2:ymb3NkkiQ3mdBjFIsIVbpUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfxx.exec:\rxxrfxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhnn.exec:\1hhhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhhh.exec:\nhhhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddv.exec:\3vddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxlflf.exec:\5lxlflf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnthn.exec:\1bnthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbbh.exec:\7tnbbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrfff.exec:\rlxrfff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frffxff.exec:\frffxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffflr.exec:\rrffflr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxfxx.exec:\rxlxfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjj.exec:\5vjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxrrl.exec:\1ffxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhbb.exec:\btbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnbt.exec:\1hbnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddd.exec:\pjddd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntbn.exec:\bbntbn.exe23⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe24⤵
- Executes dropped EXE
-
\??\c:\rflfrrl.exec:\rflfrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\nnhthh.exec:\nnhthh.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\rrxxrxr.exec:\rrxxrxr.exe28⤵
- Executes dropped EXE
-
\??\c:\tbtnhh.exec:\tbtnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrlrrr.exec:\lfrlrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe34⤵
- Executes dropped EXE
-
\??\c:\ffffllr.exec:\ffffllr.exe35⤵
- Executes dropped EXE
-
\??\c:\fxllfll.exec:\fxllfll.exe36⤵
- Executes dropped EXE
-
\??\c:\9tnnnt.exec:\9tnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xxlflfl.exec:\xxlflfl.exe40⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe41⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe43⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\llxrrlf.exec:\llxrrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\7nhbhh.exec:\7nhbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe47⤵
- Executes dropped EXE
-
\??\c:\5xlrrxx.exec:\5xlrrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbbhn.exec:\nbbbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe50⤵
- Executes dropped EXE
-
\??\c:\3rxrllf.exec:\3rxrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlrffl.exec:\xxlrffl.exe52⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe54⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe55⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\5xlrrrr.exec:\5xlrrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjjj.exec:\jpjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\fxlfflf.exec:\fxlfflf.exe60⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe64⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe65⤵
- Executes dropped EXE
-
\??\c:\xxllrxf.exec:\xxllrxf.exe66⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe67⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe68⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe69⤵
-
\??\c:\xrlxrrr.exec:\xrlxrrr.exe70⤵
-
\??\c:\9tttnt.exec:\9tttnt.exe71⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe72⤵
-
\??\c:\lflllrf.exec:\lflllrf.exe73⤵
-
\??\c:\rllfffr.exec:\rllfffr.exe74⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe75⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe76⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe77⤵
-
\??\c:\rlxxlrr.exec:\rlxxlrr.exe78⤵
-
\??\c:\xxxlffx.exec:\xxxlffx.exe79⤵
-
\??\c:\1tttnt.exec:\1tttnt.exe80⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe81⤵
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe82⤵
-
\??\c:\frrrlrl.exec:\frrrlrl.exe83⤵
-
\??\c:\htbtth.exec:\htbtth.exe84⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe85⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe86⤵
-
\??\c:\ddppd.exec:\ddppd.exe87⤵
-
\??\c:\5xlfxxx.exec:\5xlfxxx.exe88⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe89⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe90⤵
-
\??\c:\9jvvp.exec:\9jvvp.exe91⤵
-
\??\c:\7pvvd.exec:\7pvvd.exe92⤵
-
\??\c:\xxlflxl.exec:\xxlflxl.exe93⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe94⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe95⤵
-
\??\c:\ttnhbt.exec:\ttnhbt.exe96⤵
-
\??\c:\djjdv.exec:\djjdv.exe97⤵
-
\??\c:\xflrxxx.exec:\xflrxxx.exe98⤵
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe99⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe100⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe101⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe102⤵
-
\??\c:\vddvv.exec:\vddvv.exe103⤵
-
\??\c:\lflflff.exec:\lflflff.exe104⤵
-
\??\c:\lllfffx.exec:\lllfffx.exe105⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe106⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe107⤵
-
\??\c:\7dppv.exec:\7dppv.exe108⤵
-
\??\c:\xlxlrll.exec:\xlxlrll.exe109⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe110⤵
-
\??\c:\llflxll.exec:\llflxll.exe111⤵
-
\??\c:\9hbtbb.exec:\9hbtbb.exe112⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe113⤵
-
\??\c:\5xffrxf.exec:\5xffrxf.exe114⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe115⤵
-
\??\c:\btnhtt.exec:\btnhtt.exe116⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe117⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe118⤵
-
\??\c:\lllxrxr.exec:\lllxrxr.exe119⤵
-
\??\c:\tbhbbt.exec:\tbhbbt.exe120⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe121⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe122⤵
-
\??\c:\frrrlxx.exec:\frrrlxx.exe123⤵
-
\??\c:\rfffxlr.exec:\rfffxlr.exe124⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe125⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe126⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe127⤵
-
\??\c:\9vjdv.exec:\9vjdv.exe128⤵
-
\??\c:\llrrrlr.exec:\llrrrlr.exe129⤵
-
\??\c:\xrrlllf.exec:\xrrlllf.exe130⤵
-
\??\c:\btttnn.exec:\btttnn.exe131⤵
-
\??\c:\btnhnt.exec:\btnhnt.exe132⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe133⤵
-
\??\c:\rrxrrrf.exec:\rrxrrrf.exe134⤵
-
\??\c:\ththbh.exec:\ththbh.exe135⤵
-
\??\c:\5vddj.exec:\5vddj.exe136⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe137⤵
-
\??\c:\lrlffff.exec:\lrlffff.exe138⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe139⤵
-
\??\c:\9ttbtt.exec:\9ttbtt.exe140⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe141⤵
-
\??\c:\9lllfxx.exec:\9lllfxx.exe142⤵
-
\??\c:\rrxffff.exec:\rrxffff.exe143⤵
-
\??\c:\bbthhb.exec:\bbthhb.exe144⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe145⤵
-
\??\c:\7vppp.exec:\7vppp.exe146⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe147⤵
-
\??\c:\rxxfrxf.exec:\rxxfrxf.exe148⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe149⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe150⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe151⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe152⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe153⤵
-
\??\c:\5hhtnn.exec:\5hhtnn.exe154⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe155⤵
-
\??\c:\flxrllx.exec:\flxrllx.exe156⤵
-
\??\c:\3lxrlff.exec:\3lxrlff.exe157⤵
-
\??\c:\tbhhnt.exec:\tbhhnt.exe158⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe159⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe160⤵
-
\??\c:\7jppp.exec:\7jppp.exe161⤵
-
\??\c:\rllfxrx.exec:\rllfxrx.exe162⤵
-
\??\c:\lxrrrlx.exec:\lxrrrlx.exe163⤵
-
\??\c:\ntnthh.exec:\ntnthh.exe164⤵
-
\??\c:\5hnnbb.exec:\5hnnbb.exe165⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe166⤵
-
\??\c:\5pvvp.exec:\5pvvp.exe167⤵
-
\??\c:\3rfflrf.exec:\3rfflrf.exe168⤵
-
\??\c:\rrffxlf.exec:\rrffxlf.exe169⤵
-
\??\c:\5tbbbh.exec:\5tbbbh.exe170⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe171⤵
-
\??\c:\vdppj.exec:\vdppj.exe172⤵
-
\??\c:\xfxxlll.exec:\xfxxlll.exe173⤵
-
\??\c:\nhbbnb.exec:\nhbbnb.exe174⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe175⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe176⤵
-
\??\c:\pppjj.exec:\pppjj.exe177⤵
-
\??\c:\rlxrlrx.exec:\rlxrlrx.exe178⤵
-
\??\c:\9djdd.exec:\9djdd.exe179⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe180⤵
-
\??\c:\nnbhhn.exec:\nnbhhn.exe181⤵
-
\??\c:\pvvjp.exec:\pvvjp.exe182⤵
-
\??\c:\llfflrl.exec:\llfflrl.exe183⤵
-
\??\c:\bhntnn.exec:\bhntnn.exe184⤵
-
\??\c:\djjjv.exec:\djjjv.exe185⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe186⤵
-
\??\c:\lxffrrl.exec:\lxffrrl.exe187⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe188⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe189⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe190⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe191⤵
-
\??\c:\rfxlfll.exec:\rfxlfll.exe192⤵
-
\??\c:\rrllfxx.exec:\rrllfxx.exe193⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe194⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe195⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe196⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe197⤵
-
\??\c:\ffxfffx.exec:\ffxfffx.exe198⤵
-
\??\c:\ntthhb.exec:\ntthhb.exe199⤵
-
\??\c:\bhbhhn.exec:\bhbhhn.exe200⤵
-
\??\c:\ddddv.exec:\ddddv.exe201⤵
-
\??\c:\xxrffff.exec:\xxrffff.exe202⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe203⤵
-
\??\c:\tbbhhh.exec:\tbbhhh.exe204⤵
-
\??\c:\pdddd.exec:\pdddd.exe205⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe206⤵
-
\??\c:\1xfxrxr.exec:\1xfxrxr.exe207⤵
-
\??\c:\lxffxfx.exec:\lxffxfx.exe208⤵
-
\??\c:\tnthtb.exec:\tnthtb.exe209⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe210⤵
-
\??\c:\jjddj.exec:\jjddj.exe211⤵
-
\??\c:\rrrrxlr.exec:\rrrrxlr.exe212⤵
-
\??\c:\rlfrrrr.exec:\rlfrrrr.exe213⤵
-
\??\c:\tttntn.exec:\tttntn.exe214⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe215⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe216⤵
-
\??\c:\pjddj.exec:\pjddj.exe217⤵
-
\??\c:\fllrxlr.exec:\fllrxlr.exe218⤵
-
\??\c:\fffxxxx.exec:\fffxxxx.exe219⤵
-
\??\c:\5frrrff.exec:\5frrrff.exe220⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe221⤵
-
\??\c:\9vvpd.exec:\9vvpd.exe222⤵
-
\??\c:\5pddp.exec:\5pddp.exe223⤵
-
\??\c:\3lrrflr.exec:\3lrrflr.exe224⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe225⤵
-
\??\c:\tbbhht.exec:\tbbhht.exe226⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe227⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe228⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe229⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe230⤵
-
\??\c:\lfffxxr.exec:\lfffxxr.exe231⤵
-
\??\c:\tnhtbt.exec:\tnhtbt.exe232⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe233⤵
-
\??\c:\ppppj.exec:\ppppj.exe234⤵
-
\??\c:\1vvpj.exec:\1vvpj.exe235⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe236⤵
-
\??\c:\fxlrrrl.exec:\fxlrrrl.exe237⤵
-
\??\c:\frxrllr.exec:\frxrllr.exe238⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe239⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe240⤵