Analysis
-
max time kernel
150s -
max time network
49s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 02:54
General
-
Target
302728774051c2cc38334fcaaae8356d8175eead8f866daf02c35dad75e21228_NeikiAnalytics.exe
-
Size
79KB
-
MD5
fbed864e8ab53eeb5d32483a3ce11630
-
SHA1
65f0b59238f8b7564fd5b78657ccdf702cac0f82
-
SHA256
302728774051c2cc38334fcaaae8356d8175eead8f866daf02c35dad75e21228
-
SHA512
8dcdf65b854adfbe9c5d01f4893794a9d8f503df7f94441a646be3539f96baeb775353145104007815e4b4b91ac871e6fdb6e1bc5f2713159068d76ce144cbd0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA89T:ymb3NkkiQ3mdBjFIIp9L9QrrA8B
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\302728774051c2cc38334fcaaae8356d8175eead8f866daf02c35dad75e21228_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\302728774051c2cc38334fcaaae8356d8175eead8f866daf02c35dad75e21228_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnt.exec:\bnnnnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrll.exec:\rlfxrll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhh.exec:\bnnhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtbb.exec:\hbbtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxflx.exec:\fffxflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrr.exec:\llxflrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbbt.exec:\bntbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrr.exec:\lfxrrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfllll.exec:\9xfllll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnb.exec:\tthnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflffxr.exec:\lflffxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxxrxx.exec:\3xxxrxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnh.exec:\tnntnh.exe23⤵
- Executes dropped EXE
-
\??\c:\nnbthh.exec:\nnbthh.exe24⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\1jpdd.exec:\1jpdd.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe27⤵
- Executes dropped EXE
-
\??\c:\1lfxxxr.exec:\1lfxxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\bbnttt.exec:\bbnttt.exe29⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe31⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe32⤵
- Executes dropped EXE
-
\??\c:\rrxxlfr.exec:\rrxxlfr.exe33⤵
- Executes dropped EXE
-
\??\c:\lrrxxrf.exec:\lrrxxrf.exe34⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe38⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\xxffxrx.exec:\xxffxrx.exe40⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe41⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe45⤵
- Executes dropped EXE
-
\??\c:\lrlfflr.exec:\lrlfflr.exe46⤵
- Executes dropped EXE
-
\??\c:\lrfffll.exec:\lrfffll.exe47⤵
- Executes dropped EXE
-
\??\c:\nntbbh.exec:\nntbbh.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbbtb.exec:\bbbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\ffrrrff.exec:\ffrrrff.exe53⤵
- Executes dropped EXE
-
\??\c:\frllxfr.exec:\frllxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\9btnhb.exec:\9btnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\hbbtbb.exec:\hbbtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe58⤵
- Executes dropped EXE
-
\??\c:\3ppjp.exec:\3ppjp.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrxffx.exec:\fxrxffx.exe60⤵
- Executes dropped EXE
-
\??\c:\rlffxrr.exec:\rlffxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\thhnnt.exec:\thhnnt.exe62⤵
- Executes dropped EXE
-
\??\c:\hnnhnh.exec:\hnnhnh.exe63⤵
- Executes dropped EXE
-
\??\c:\hthnhn.exec:\hthnhn.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe66⤵
-
\??\c:\xflfflf.exec:\xflfflf.exe67⤵
-
\??\c:\rlxrffr.exec:\rlxrffr.exe68⤵
-
\??\c:\hbbhhb.exec:\hbbhhb.exe69⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe70⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe71⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe72⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe73⤵
-
\??\c:\7rlxrxr.exec:\7rlxrxr.exe74⤵
-
\??\c:\1lxrlrl.exec:\1lxrlrl.exe75⤵
-
\??\c:\3nttbb.exec:\3nttbb.exe76⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe77⤵
-
\??\c:\jppjd.exec:\jppjd.exe78⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe79⤵
-
\??\c:\lrllrxr.exec:\lrllrxr.exe80⤵
-
\??\c:\5rrrrfx.exec:\5rrrrfx.exe81⤵
-
\??\c:\3ffxxxr.exec:\3ffxxxr.exe82⤵
-
\??\c:\ttnttb.exec:\ttnttb.exe83⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe84⤵
-
\??\c:\jddpj.exec:\jddpj.exe85⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe86⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe87⤵
-
\??\c:\xrxfflr.exec:\xrxfflr.exe88⤵
-
\??\c:\rflfffx.exec:\rflfffx.exe89⤵
-
\??\c:\hhbnnh.exec:\hhbnnh.exe90⤵
-
\??\c:\tnhtth.exec:\tnhtth.exe91⤵
-
\??\c:\djppp.exec:\djppp.exe92⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe93⤵
-
\??\c:\jdddp.exec:\jdddp.exe94⤵
-
\??\c:\ffflfff.exec:\ffflfff.exe95⤵
-
\??\c:\ffrlflf.exec:\ffrlflf.exe96⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe97⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe98⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe99⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe100⤵
-
\??\c:\jddvv.exec:\jddvv.exe101⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe102⤵
-
\??\c:\flxxlrf.exec:\flxxlrf.exe103⤵
-
\??\c:\nbhnnh.exec:\nbhnnh.exe104⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe105⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe106⤵
-
\??\c:\pjppv.exec:\pjppv.exe107⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe108⤵
-
\??\c:\xxlxrxl.exec:\xxlxrxl.exe109⤵
-
\??\c:\lxflfxx.exec:\lxflfxx.exe110⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe111⤵
-
\??\c:\bbhhnn.exec:\bbhhnn.exe112⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe113⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe114⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe115⤵
-
\??\c:\9llfxfx.exec:\9llfxfx.exe116⤵
-
\??\c:\rlxrlff.exec:\rlxrlff.exe117⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe118⤵
-
\??\c:\nhhbbn.exec:\nhhbbn.exe119⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe120⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe121⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe122⤵
-
\??\c:\lrffrxx.exec:\lrffrxx.exe123⤵
-
\??\c:\xrxrxfx.exec:\xrxrxfx.exe124⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe125⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe126⤵
-
\??\c:\nnhtnt.exec:\nnhtnt.exe127⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe128⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe129⤵
-
\??\c:\5xrxxff.exec:\5xrxxff.exe130⤵
-
\??\c:\lfxrxxx.exec:\lfxrxxx.exe131⤵
-
\??\c:\frfxrlf.exec:\frfxrlf.exe132⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe133⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe134⤵
-
\??\c:\9jdvd.exec:\9jdvd.exe135⤵
-
\??\c:\7vddd.exec:\7vddd.exe136⤵
-
\??\c:\jpppj.exec:\jpppj.exe137⤵
-
\??\c:\rxfflrr.exec:\rxfflrr.exe138⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe139⤵
-
\??\c:\lfllflf.exec:\lfllflf.exe140⤵
-
\??\c:\3ttnbt.exec:\3ttnbt.exe141⤵
-
\??\c:\hbhhbh.exec:\hbhhbh.exe142⤵
-
\??\c:\9ddpp.exec:\9ddpp.exe143⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe144⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe145⤵
-
\??\c:\3xlfxfx.exec:\3xlfxfx.exe146⤵
-
\??\c:\3lrlfll.exec:\3lrlfll.exe147⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe148⤵
-
\??\c:\nttbtt.exec:\nttbtt.exe149⤵
-
\??\c:\bbbttb.exec:\bbbttb.exe150⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe151⤵
-
\??\c:\vppjd.exec:\vppjd.exe152⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe153⤵
-
\??\c:\dppjv.exec:\dppjv.exe154⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe155⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe156⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe157⤵
-
\??\c:\1lllxxx.exec:\1lllxxx.exe158⤵
-
\??\c:\lxllrrr.exec:\lxllrrr.exe159⤵
-
\??\c:\1xflxxr.exec:\1xflxxr.exe160⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe161⤵
-
\??\c:\tbnhhh.exec:\tbnhhh.exe162⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe163⤵
-
\??\c:\jppjd.exec:\jppjd.exe164⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe165⤵
-
\??\c:\5ffxxfx.exec:\5ffxxfx.exe166⤵
-
\??\c:\lfrlrlf.exec:\lfrlrlf.exe167⤵
-
\??\c:\lxflrxf.exec:\lxflrxf.exe168⤵
-
\??\c:\hnthhb.exec:\hnthhb.exe169⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe170⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe171⤵
-
\??\c:\djjjd.exec:\djjjd.exe172⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe173⤵
-
\??\c:\xlfffll.exec:\xlfffll.exe174⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe175⤵
-
\??\c:\bnhnhb.exec:\bnhnhb.exe176⤵
-
\??\c:\ttthth.exec:\ttthth.exe177⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe178⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe179⤵
-
\??\c:\jvppj.exec:\jvppj.exe180⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe181⤵
-
\??\c:\3rrlfxl.exec:\3rrlfxl.exe182⤵
-
\??\c:\1frlffx.exec:\1frlffx.exe183⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe184⤵
-
\??\c:\1bbbtn.exec:\1bbbtn.exe185⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe186⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe187⤵
-
\??\c:\jddvv.exec:\jddvv.exe188⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe189⤵
-
\??\c:\lffxrrr.exec:\lffxrrr.exe190⤵
-
\??\c:\frxxlll.exec:\frxxlll.exe191⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe192⤵
-
\??\c:\btntnn.exec:\btntnn.exe193⤵
-
\??\c:\pjppd.exec:\pjppd.exe194⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe195⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe196⤵
-
\??\c:\rllrrfx.exec:\rllrrfx.exe197⤵
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe198⤵
-
\??\c:\rrllxxr.exec:\rrllxxr.exe199⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe200⤵
-
\??\c:\hbthhh.exec:\hbthhh.exe201⤵
-
\??\c:\btbttn.exec:\btbttn.exe202⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe203⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe204⤵
-
\??\c:\rfxrxxx.exec:\rfxrxxx.exe205⤵
-
\??\c:\xrxrlfr.exec:\xrxrlfr.exe206⤵
-
\??\c:\lxlfxrf.exec:\lxlfxrf.exe207⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe208⤵
-
\??\c:\hnbthh.exec:\hnbthh.exe209⤵
-
\??\c:\btbttb.exec:\btbttb.exe210⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe211⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe212⤵
-
\??\c:\xrxrrxf.exec:\xrxrrxf.exe213⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe214⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe215⤵
-
\??\c:\3nhbtn.exec:\3nhbtn.exe216⤵
-
\??\c:\7tnntb.exec:\7tnntb.exe217⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe218⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe219⤵
-
\??\c:\rfxrfxl.exec:\rfxrfxl.exe220⤵
-
\??\c:\1lrffff.exec:\1lrffff.exe221⤵
-
\??\c:\llllfff.exec:\llllfff.exe222⤵
-
\??\c:\tnbttt.exec:\tnbttt.exe223⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe224⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe225⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe226⤵
-
\??\c:\rrxrxrl.exec:\rrxrxrl.exe227⤵
-
\??\c:\5thbnh.exec:\5thbnh.exe228⤵
-
\??\c:\3htnhh.exec:\3htnhh.exe229⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe230⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe231⤵
-
\??\c:\rrrlxrx.exec:\rrrlxrx.exe232⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe233⤵
-
\??\c:\thnntt.exec:\thnntt.exe234⤵
-
\??\c:\pppjj.exec:\pppjj.exe235⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe236⤵
-
\??\c:\lflffrr.exec:\lflffrr.exe237⤵
-
\??\c:\ffllrfx.exec:\ffllrfx.exe238⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe239⤵
-
\??\c:\3tnbth.exec:\3tnbth.exe240⤵