Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
30-06-2024 22:41
General
-
Target
1fc39e4152dcca498d553770e4d1bf98f9fdd7fab29be464a76287517c55dc71_NeikiAnalytics.exe
-
Size
68KB
-
MD5
509330c2a8244a3f2abb2ee081766480
-
SHA1
4733ff946056622cb26f74e0b4d1612f482bbe88
-
SHA256
1fc39e4152dcca498d553770e4d1bf98f9fdd7fab29be464a76287517c55dc71
-
SHA512
401abfcda4c56288de8a85286ba783bab780e43b81f48c201307eface09da9411e0bb8b0001c7bc8710693089e27d938e7ab2085a4c2666217c1e919e9ec2afa
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNYLIALUmYgDt:khOmTsF93UYfwC6GIoutpY4ALUmj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1fc39e4152dcca498d553770e4d1bf98f9fdd7fab29be464a76287517c55dc71_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1fc39e4152dcca498d553770e4d1bf98f9fdd7fab29be464a76287517c55dc71_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrllf.exec:\lxxrllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdd.exec:\vdpdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffxr.exec:\lxlffxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnh.exec:\bthtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbtn.exec:\3hhbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjp.exec:\9ppjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxrx.exec:\xrxrxrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxrl.exec:\xxlfxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbtt.exec:\bbnbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpdj.exec:\3dpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxlr.exec:\rxllxlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnh.exec:\bbtbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjp.exec:\dppjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlxrlr.exec:\xxlxrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnb.exec:\thhbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntn.exec:\tthntn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflxxx.exec:\lrflxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbn.exec:\nnnhbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrxr.exec:\llffrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe24⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe26⤵
- Executes dropped EXE
-
\??\c:\xflxfll.exec:\xflxfll.exe27⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe28⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe30⤵
- Executes dropped EXE
-
\??\c:\rxrflll.exec:\rxrflll.exe31⤵
- Executes dropped EXE
-
\??\c:\bbthnh.exec:\bbthnh.exe32⤵
- Executes dropped EXE
-
\??\c:\djvdj.exec:\djvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\rflxffl.exec:\rflxffl.exe34⤵
- Executes dropped EXE
-
\??\c:\xxxxfrf.exec:\xxxxfrf.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\rlxxxlx.exec:\rlxxxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe40⤵
- Executes dropped EXE
-
\??\c:\fxlffff.exec:\fxlffff.exe41⤵
- Executes dropped EXE
-
\??\c:\llrxxlx.exec:\llrxxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\nthbbn.exec:\nthbbn.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\fflfrrr.exec:\fflfrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\1xlxrff.exec:\1xlxrff.exe46⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\rfrxlrx.exec:\rfrxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\flxflrf.exec:\flxflrf.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbhhn.exec:\hhbhhn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\frrllll.exec:\frrllll.exe53⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe54⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe55⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\rxlllrl.exec:\rxlllrl.exe57⤵
- Executes dropped EXE
-
\??\c:\htttnh.exec:\htttnh.exe58⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe59⤵
- Executes dropped EXE
-
\??\c:\fffrxrx.exec:\fffrxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\bbhthh.exec:\bbhthh.exe62⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe63⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe64⤵
- Executes dropped EXE
-
\??\c:\rflfrxl.exec:\rflfrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\ntnnnb.exec:\ntnnnb.exe66⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe67⤵
-
\??\c:\jppvp.exec:\jppvp.exe68⤵
-
\??\c:\fxffrll.exec:\fxffrll.exe69⤵
-
\??\c:\hthbnb.exec:\hthbnb.exe70⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe71⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe72⤵
-
\??\c:\fxlflrf.exec:\fxlflrf.exe73⤵
-
\??\c:\flrlllf.exec:\flrlllf.exe74⤵
-
\??\c:\hnthhb.exec:\hnthhb.exe75⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe76⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe77⤵
-
\??\c:\xrrrrrx.exec:\xrrrrrx.exe78⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe79⤵
-
\??\c:\hnthnt.exec:\hnthnt.exe80⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe81⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe82⤵
-
\??\c:\lfrrlxx.exec:\lfrrlxx.exe83⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe84⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe85⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe86⤵
-
\??\c:\lfrrxlx.exec:\lfrrxlx.exe87⤵
-
\??\c:\llrxffl.exec:\llrxffl.exe88⤵
-
\??\c:\thhbbn.exec:\thhbbn.exe89⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe90⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe91⤵
-
\??\c:\fxlrfrr.exec:\fxlrfrr.exe92⤵
-
\??\c:\thtbht.exec:\thtbht.exe93⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe94⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe95⤵
-
\??\c:\llfrxll.exec:\llfrxll.exe96⤵
-
\??\c:\btbbbn.exec:\btbbbn.exe97⤵
-
\??\c:\jppjj.exec:\jppjj.exe98⤵
-
\??\c:\lffrxfl.exec:\lffrxfl.exe99⤵
-
\??\c:\7bnhbb.exec:\7bnhbb.exe100⤵
-
\??\c:\9ppjv.exec:\9ppjv.exe101⤵
-
\??\c:\xfflrfr.exec:\xfflrfr.exe102⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe103⤵
-
\??\c:\hbnbth.exec:\hbnbth.exe104⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe105⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe106⤵
-
\??\c:\bbhhtn.exec:\bbhhtn.exe107⤵
-
\??\c:\dddjd.exec:\dddjd.exe108⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe109⤵
-
\??\c:\1tbbbn.exec:\1tbbbn.exe110⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe111⤵
-
\??\c:\xlxlffr.exec:\xlxlffr.exe112⤵
-
\??\c:\btbhhb.exec:\btbhhb.exe113⤵
-
\??\c:\hnbhht.exec:\hnbhht.exe114⤵
-
\??\c:\djjjj.exec:\djjjj.exe115⤵
-
\??\c:\xfxflxf.exec:\xfxflxf.exe116⤵
-
\??\c:\xxfrflf.exec:\xxfrflf.exe117⤵
-
\??\c:\btbhbt.exec:\btbhbt.exe118⤵
-
\??\c:\nbbhhb.exec:\nbbhhb.exe119⤵
-
\??\c:\ddppj.exec:\ddppj.exe120⤵
-
\??\c:\llxrxxf.exec:\llxrxxf.exe121⤵
-
\??\c:\bbttht.exec:\bbttht.exe122⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe123⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe124⤵
-
\??\c:\flrrrxf.exec:\flrrrxf.exe125⤵
-
\??\c:\lrxxxfl.exec:\lrxxxfl.exe126⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe127⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe128⤵
-
\??\c:\ppppv.exec:\ppppv.exe129⤵
-
\??\c:\rlrrxll.exec:\rlrrxll.exe130⤵
-
\??\c:\xrrrrxl.exec:\xrrrrxl.exe131⤵
-
\??\c:\tntntt.exec:\tntntt.exe132⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe133⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe134⤵
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe135⤵
-
\??\c:\xlxffrr.exec:\xlxffrr.exe136⤵
-
\??\c:\tnbhhb.exec:\tnbhhb.exe137⤵
-
\??\c:\vvddj.exec:\vvddj.exe138⤵
-
\??\c:\ppddj.exec:\ppddj.exe139⤵
-
\??\c:\llxxlrl.exec:\llxxlrl.exe140⤵
-
\??\c:\hnbhtt.exec:\hnbhtt.exe141⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe142⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe143⤵
-
\??\c:\llxxxfl.exec:\llxxxfl.exe144⤵
-
\??\c:\btthth.exec:\btthth.exe145⤵
-
\??\c:\bhthtb.exec:\bhthtb.exe146⤵
-
\??\c:\xxfxlxf.exec:\xxfxlxf.exe147⤵
-
\??\c:\nbbhbt.exec:\nbbhbt.exe148⤵
-
\??\c:\jpvdp.exec:\jpvdp.exe149⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe150⤵
-
\??\c:\fllxlrx.exec:\fllxlrx.exe151⤵
-
\??\c:\thhnnt.exec:\thhnnt.exe152⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe153⤵
-
\??\c:\5rrfflr.exec:\5rrfflr.exe154⤵
-
\??\c:\nnhbtn.exec:\nnhbtn.exe155⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe156⤵
-
\??\c:\lrfllll.exec:\lrfllll.exe157⤵
-
\??\c:\xxrxrxr.exec:\xxrxrxr.exe158⤵
-
\??\c:\tbbnnt.exec:\tbbnnt.exe159⤵
-
\??\c:\pdddd.exec:\pdddd.exe160⤵
-
\??\c:\lffxfff.exec:\lffxfff.exe161⤵
-
\??\c:\xxxfxff.exec:\xxxfxff.exe162⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe163⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe164⤵
-
\??\c:\dvddp.exec:\dvddp.exe165⤵
-
\??\c:\rxxxfff.exec:\rxxxfff.exe166⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe167⤵
-
\??\c:\9nbhtb.exec:\9nbhtb.exe168⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe169⤵
-
\??\c:\flflrrl.exec:\flflrrl.exe170⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe171⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe172⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe173⤵
-
\??\c:\lxxffll.exec:\lxxffll.exe174⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe175⤵
-
\??\c:\bbnhbt.exec:\bbnhbt.exe176⤵
-
\??\c:\lfrflrx.exec:\lfrflrx.exe177⤵
-
\??\c:\rfllffx.exec:\rfllffx.exe178⤵
-
\??\c:\lfffflr.exec:\lfffflr.exe179⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe180⤵
-
\??\c:\frxlxfx.exec:\frxlxfx.exe181⤵
-
\??\c:\rlffffr.exec:\rlffffr.exe182⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe183⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe184⤵
-
\??\c:\pvdjp.exec:\pvdjp.exe185⤵
-
\??\c:\lxffrxr.exec:\lxffrxr.exe186⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe187⤵
-
\??\c:\nttttb.exec:\nttttb.exe188⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe189⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe190⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe191⤵
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe192⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe193⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe194⤵
-
\??\c:\ddppv.exec:\ddppv.exe195⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe196⤵
-
\??\c:\frlrlff.exec:\frlrlff.exe197⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe198⤵
-
\??\c:\btnttn.exec:\btnttn.exe199⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe200⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe201⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe202⤵
-
\??\c:\tnhhbh.exec:\tnhhbh.exe203⤵
-
\??\c:\3djdd.exec:\3djdd.exe204⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe205⤵
-
\??\c:\xxrfxxr.exec:\xxrfxxr.exe206⤵
-
\??\c:\bthhth.exec:\bthhth.exe207⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe208⤵
-
\??\c:\lfxrrrf.exec:\lfxrrrf.exe209⤵
-
\??\c:\tbhnth.exec:\tbhnth.exe210⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe211⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe212⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe213⤵
-
\??\c:\vpddd.exec:\vpddd.exe214⤵
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe215⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe216⤵
-
\??\c:\dvddv.exec:\dvddv.exe217⤵
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe218⤵
-
\??\c:\xrxxxfx.exec:\xrxxxfx.exe219⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe220⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe221⤵
-
\??\c:\rxrrflr.exec:\rxrrflr.exe222⤵
-
\??\c:\rlfffrr.exec:\rlfffrr.exe223⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe224⤵
-
\??\c:\djjjp.exec:\djjjp.exe225⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe226⤵
-
\??\c:\5rllrrr.exec:\5rllrrr.exe227⤵
-
\??\c:\hthhth.exec:\hthhth.exe228⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe229⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe230⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe231⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe232⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe233⤵
-
\??\c:\xflxffl.exec:\xflxffl.exe234⤵
-
\??\c:\hbhnnt.exec:\hbhnnt.exe235⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe236⤵
-
\??\c:\xrxflxf.exec:\xrxflxf.exe237⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe238⤵
-
\??\c:\bbtntn.exec:\bbtntn.exe239⤵
-
\??\c:\djjjp.exec:\djjjp.exe240⤵