Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 02:49
General
-
Target
7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe
-
Size
70KB
-
MD5
7bbc0794be0decc6cdeef75d88ba6620
-
SHA1
56ddf8d1a08a4d98087384be6ebfda11aa3c26b8
-
SHA256
6836cf9c4082c9deca48d8d8500542d6b4f76c5abe56b5640199e778d11a5ce5
-
SHA512
adaba19961403a14398fb34a45a7031d9e54d3c33f766def437e447eec4eeac3935e67bca1fdc5a2958e8b412668028fb62a8a8fc17e283077019396954b67a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWr:ymb3NkkiQ3mdBjFIynIK+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntttt.exec:\7ntttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxlfx.exec:\9xfxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnn.exec:\bnnnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllr.exec:\rlllllr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdv.exec:\jvvdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbt.exec:\tnnhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpd.exec:\djvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllrx.exec:\llrllrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfxx.exec:\rlllfxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbb.exec:\nhnnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffl.exec:\llllffl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrflx.exec:\fffrflx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxlxl.exec:\xfrxlxl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtntt.exec:\hhtntt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpv.exec:\jpdpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpj.exec:\djjpj.exe23⤵
- Executes dropped EXE
-
\??\c:\9llfxxx.exec:\9llfxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\tbtbtn.exec:\tbtbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbhn.exec:\hbtbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\1ddpp.exec:\1ddpp.exe27⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\lllrllf.exec:\lllrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\lrxlflf.exec:\lrxlflf.exe31⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe32⤵
- Executes dropped EXE
-
\??\c:\bhhhbt.exec:\bhhhbt.exe33⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\xlllflx.exec:\xlllflx.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhnnn.exec:\nhhnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbttn.exec:\nnbttn.exe38⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe40⤵
- Executes dropped EXE
-
\??\c:\fxffxrl.exec:\fxffxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe43⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxlfff.exec:\rlxlfff.exe45⤵
- Executes dropped EXE
-
\??\c:\tbhhhh.exec:\tbhhhh.exe46⤵
- Executes dropped EXE
-
\??\c:\1jpvj.exec:\1jpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe48⤵
- Executes dropped EXE
-
\??\c:\1hbtnh.exec:\1hbtnh.exe49⤵
- Executes dropped EXE
-
\??\c:\9pppp.exec:\9pppp.exe50⤵
- Executes dropped EXE
-
\??\c:\llrflxr.exec:\llrflxr.exe51⤵
- Executes dropped EXE
-
\??\c:\7htttb.exec:\7htttb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe54⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe55⤵
- Executes dropped EXE
-
\??\c:\nnbbtt.exec:\nnbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\ntbthh.exec:\ntbthh.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\pvjjp.exec:\pvjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\9xfrffr.exec:\9xfrffr.exe62⤵
- Executes dropped EXE
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\thtnbb.exec:\thtnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe66⤵
-
\??\c:\lfrrffx.exec:\lfrrffx.exe67⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe68⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe69⤵
-
\??\c:\dvddv.exec:\dvddv.exe70⤵
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe71⤵
-
\??\c:\frlffxx.exec:\frlffxx.exe72⤵
-
\??\c:\btthhh.exec:\btthhh.exe73⤵
-
\??\c:\9djjv.exec:\9djjv.exe74⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe75⤵
-
\??\c:\7lrxrrr.exec:\7lrxrrr.exe76⤵
-
\??\c:\9xxfxxx.exec:\9xxfxxx.exe77⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe78⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe79⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe80⤵
-
\??\c:\lxfxlll.exec:\lxfxlll.exe81⤵
-
\??\c:\lfffxrr.exec:\lfffxrr.exe82⤵
-
\??\c:\7ntttn.exec:\7ntttn.exe83⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe84⤵
-
\??\c:\rxxlrlr.exec:\rxxlrlr.exe85⤵
-
\??\c:\fxffxll.exec:\fxffxll.exe86⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe87⤵
-
\??\c:\9pjdd.exec:\9pjdd.exe88⤵
-
\??\c:\3pddp.exec:\3pddp.exe89⤵
-
\??\c:\xfrrxxf.exec:\xfrrxxf.exe90⤵
-
\??\c:\1ffxxlf.exec:\1ffxxlf.exe91⤵
-
\??\c:\hnhhbt.exec:\hnhhbt.exe92⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe93⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe94⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe95⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe96⤵
-
\??\c:\nhnhht.exec:\nhnhht.exe97⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe98⤵
-
\??\c:\xfrfrll.exec:\xfrfrll.exe99⤵
-
\??\c:\1rrxrlf.exec:\1rrxrlf.exe100⤵
-
\??\c:\nnttnb.exec:\nnttnb.exe101⤵
-
\??\c:\bbhnhn.exec:\bbhnhn.exe102⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe103⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe104⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe105⤵
-
\??\c:\frfxxfx.exec:\frfxxfx.exe106⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe107⤵
-
\??\c:\1thhhh.exec:\1thhhh.exe108⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe109⤵
-
\??\c:\7pppj.exec:\7pppj.exe110⤵
-
\??\c:\frxrrlx.exec:\frxrrlx.exe111⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe112⤵
-
\??\c:\bbhnhh.exec:\bbhnhh.exe113⤵
-
\??\c:\jppvp.exec:\jppvp.exe114⤵
-
\??\c:\frrlrrr.exec:\frrlrrr.exe115⤵
-
\??\c:\hhhhht.exec:\hhhhht.exe116⤵
-
\??\c:\9bhbtt.exec:\9bhbtt.exe117⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe118⤵
-
\??\c:\rflrrfl.exec:\rflrrfl.exe119⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe120⤵
-
\??\c:\hnnttn.exec:\hnnttn.exe121⤵
-
\??\c:\5djjd.exec:\5djjd.exe122⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe123⤵
-
\??\c:\xxxfrrf.exec:\xxxfrrf.exe124⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe125⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe126⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe127⤵
-
\??\c:\fflfxrl.exec:\fflfxrl.exe128⤵
-
\??\c:\tnbhhn.exec:\tnbhhn.exe129⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe130⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe131⤵
-
\??\c:\7lrrlxx.exec:\7lrrlxx.exe132⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe133⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe134⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe135⤵
-
\??\c:\ffrrfff.exec:\ffrrfff.exe136⤵
-
\??\c:\thtnth.exec:\thtnth.exe137⤵
-
\??\c:\bthntb.exec:\bthntb.exe138⤵
-
\??\c:\ppddd.exec:\ppddd.exe139⤵
-
\??\c:\rlrllff.exec:\rlrllff.exe140⤵
-
\??\c:\9llllrl.exec:\9llllrl.exe141⤵
-
\??\c:\5hnnbb.exec:\5hnnbb.exe142⤵
-
\??\c:\xrllllf.exec:\xrllllf.exe143⤵
-
\??\c:\rrrllff.exec:\rrrllff.exe144⤵
-
\??\c:\bhnbnh.exec:\bhnbnh.exe145⤵
-
\??\c:\btnttn.exec:\btnttn.exe146⤵
-
\??\c:\bthhtn.exec:\bthhtn.exe147⤵
-
\??\c:\ddppd.exec:\ddppd.exe148⤵
-
\??\c:\djjjj.exec:\djjjj.exe149⤵
-
\??\c:\xxrrffl.exec:\xxrrffl.exe150⤵
-
\??\c:\llxrrxf.exec:\llxrrxf.exe151⤵
-
\??\c:\tttttt.exec:\tttttt.exe152⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe153⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe154⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe155⤵
-
\??\c:\lxlrfff.exec:\lxlrfff.exe156⤵
-
\??\c:\xxffllx.exec:\xxffllx.exe157⤵
-
\??\c:\nnthnt.exec:\nnthnt.exe158⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe159⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe160⤵
-
\??\c:\7xlllrl.exec:\7xlllrl.exe161⤵
-
\??\c:\xrxxffx.exec:\xrxxffx.exe162⤵
-
\??\c:\1hntnt.exec:\1hntnt.exe163⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe164⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe165⤵
-
\??\c:\tbbthn.exec:\tbbthn.exe166⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe167⤵
-
\??\c:\btttnh.exec:\btttnh.exe168⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe169⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe170⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe171⤵
-
\??\c:\pdddp.exec:\pdddp.exe172⤵
-
\??\c:\1rfrlff.exec:\1rfrlff.exe173⤵
-
\??\c:\hbhtnt.exec:\hbhtnt.exe174⤵
-
\??\c:\jppjj.exec:\jppjj.exe175⤵
-
\??\c:\9xrfxrf.exec:\9xrfxrf.exe176⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe177⤵
-
\??\c:\htnhtn.exec:\htnhtn.exe178⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe179⤵
-
\??\c:\3llfxxx.exec:\3llfxxx.exe180⤵
-
\??\c:\7rfllll.exec:\7rfllll.exe181⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe182⤵
-
\??\c:\ppppj.exec:\ppppj.exe183⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe184⤵
-
\??\c:\9flrllf.exec:\9flrllf.exe185⤵
-
\??\c:\5nnnhn.exec:\5nnnhn.exe186⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe187⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe188⤵
-
\??\c:\rrlrfll.exec:\rrlrfll.exe189⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe190⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe191⤵
-
\??\c:\7pddd.exec:\7pddd.exe192⤵
-
\??\c:\fxffllf.exec:\fxffllf.exe193⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe194⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe195⤵
-
\??\c:\vjdpd.exec:\vjdpd.exe196⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe197⤵
-
\??\c:\rrxxrrx.exec:\rrxxrrx.exe198⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe199⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe200⤵
-
\??\c:\3xrrffx.exec:\3xrrffx.exe201⤵
-
\??\c:\xfxrrfl.exec:\xfxrrfl.exe202⤵
-
\??\c:\bttttt.exec:\bttttt.exe203⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe204⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe205⤵
-
\??\c:\llffrxx.exec:\llffrxx.exe206⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe207⤵
-
\??\c:\bnhhnh.exec:\bnhhnh.exe208⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe209⤵
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe210⤵
-
\??\c:\lrxxxxx.exec:\lrxxxxx.exe211⤵
-
\??\c:\1bnhhn.exec:\1bnhhn.exe212⤵
-
\??\c:\vdddv.exec:\vdddv.exe213⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe214⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe215⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe216⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe217⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe218⤵
-
\??\c:\frllfxr.exec:\frllfxr.exe219⤵
-
\??\c:\xlxlrfx.exec:\xlxlrfx.exe220⤵
-
\??\c:\bnnnnb.exec:\bnnnnb.exe221⤵
-
\??\c:\pvddd.exec:\pvddd.exe222⤵
-
\??\c:\3fffxxr.exec:\3fffxxr.exe223⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe224⤵
-
\??\c:\thhbht.exec:\thhbht.exe225⤵
-
\??\c:\vvppp.exec:\vvppp.exe226⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe227⤵
-
\??\c:\frxxxxx.exec:\frxxxxx.exe228⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe229⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe230⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe231⤵
-
\??\c:\rffxxxx.exec:\rffxxxx.exe232⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe233⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe234⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe235⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe236⤵
-
\??\c:\rxrxrlx.exec:\rxrxrlx.exe237⤵
-
\??\c:\lrrxfxf.exec:\lrrxfxf.exe238⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe239⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe240⤵