Analysis
-
max time kernel
53s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 08:58
General
-
Target
4536c74a4352c06a908c21c6608877245ac85fc256444abdc26a5271c71a084d_NeikiAnalytics.exe
-
Size
88KB
-
MD5
3611a91148859f861202167b62daa900
-
SHA1
d02e017fc65d97924c20c9672967432edb8abc1f
-
SHA256
4536c74a4352c06a908c21c6608877245ac85fc256444abdc26a5271c71a084d
-
SHA512
b7c27face7c5b30a485c3572b70178c645843335df2563aec49caeeac95d20f4493df0f283a0bf564df143932c25f60e8a224fef0ae938c2d0c4cc14de253c55
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmoLZsO4Yp:ymb3NkkiQ3mdBjF+3TU2iBRioSnZsTYp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 41 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4536c74a4352c06a908c21c6608877245ac85fc256444abdc26a5271c71a084d_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4536c74a4352c06a908c21c6608877245ac85fc256444abdc26a5271c71a084d_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrrrx.exec:\rflrrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfffx.exec:\rllfffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnnt.exec:\5ntnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxflxl.exec:\rfxflxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvd.exec:\dvvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxxffr.exec:\frxxffr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbt.exec:\nnnhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnht.exec:\httnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvd.exec:\djjvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxffl.exec:\rxxxffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrlrl.exec:\lrlrlrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnht.exec:\btbnht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhhb.exec:\nnbhhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdd.exec:\vppdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffrl.exec:\rlfffrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntbnt.exec:\hntbnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnht.exec:\htbnht.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdj.exec:\pppdj.exe23⤵
- Executes dropped EXE
-
\??\c:\llrxxfr.exec:\llrxxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\1rfflrl.exec:\1rfflrl.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbnnt.exec:\hhbnnt.exe26⤵
- Executes dropped EXE
-
\??\c:\pvpjj.exec:\pvpjj.exe27⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrllrf.exec:\xlrllrf.exe29⤵
- Executes dropped EXE
-
\??\c:\tbnhbb.exec:\tbnhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\nttthb.exec:\nttthb.exe31⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe32⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe33⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bhbhbb.exec:\bhbhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\xlfrrrf.exec:\xlfrrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\fflxxfl.exec:\fflxxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe41⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\lxlllll.exec:\lxlllll.exe43⤵
- Executes dropped EXE
-
\??\c:\1rrrrrx.exec:\1rrrrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnttt.exec:\nhnttt.exe45⤵
- Executes dropped EXE
-
\??\c:\bhtttb.exec:\bhtttb.exe46⤵
- Executes dropped EXE
-
\??\c:\9jpjj.exec:\9jpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\lffllrx.exec:\lffllrx.exe48⤵
- Executes dropped EXE
-
\??\c:\xfxrllf.exec:\xfxrllf.exe49⤵
- Executes dropped EXE
-
\??\c:\bnttth.exec:\bnttth.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnhnt.exec:\hbnhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe52⤵
- Executes dropped EXE
-
\??\c:\rlfrlxx.exec:\rlfrlxx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhthbb.exec:\bhthbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\dpjjv.exec:\dpjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\rffffll.exec:\rffffll.exe57⤵
- Executes dropped EXE
-
\??\c:\bnhhnn.exec:\bnhhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe59⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\9llfxxx.exec:\9llfxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\nnttnn.exec:\nnttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\1pppp.exec:\1pppp.exe66⤵
-
\??\c:\xxxrfrr.exec:\xxxrfrr.exe67⤵
-
\??\c:\5xxxrxx.exec:\5xxxrxx.exe68⤵
-
\??\c:\5rrlfff.exec:\5rrlfff.exe69⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe70⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe71⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe72⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe73⤵
-
\??\c:\1frllxl.exec:\1frllxl.exe74⤵
-
\??\c:\rfxrrrr.exec:\rfxrrrr.exe75⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe76⤵
-
\??\c:\tnttnt.exec:\tnttnt.exe77⤵
-
\??\c:\vddvv.exec:\vddvv.exe78⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe79⤵
-
\??\c:\fffxxxr.exec:\fffxxxr.exe80⤵
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe81⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe82⤵
-
\??\c:\7tbbtn.exec:\7tbbtn.exe83⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe84⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe85⤵
-
\??\c:\rlxrlff.exec:\rlxrlff.exe86⤵
-
\??\c:\5fxrrll.exec:\5fxrrll.exe87⤵
-
\??\c:\9nhhbn.exec:\9nhhbn.exe88⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe89⤵
-
\??\c:\1jvvj.exec:\1jvvj.exe90⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe91⤵
-
\??\c:\dppjd.exec:\dppjd.exe92⤵
-
\??\c:\fxllxrf.exec:\fxllxrf.exe93⤵
-
\??\c:\rrrlxrf.exec:\rrrlxrf.exe94⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe95⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe96⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe97⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe98⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe99⤵
-
\??\c:\rxxxrfx.exec:\rxxxrfx.exe100⤵
-
\??\c:\tnnnnb.exec:\tnnnnb.exe101⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe102⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe103⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe104⤵
-
\??\c:\jvddv.exec:\jvddv.exe105⤵
-
\??\c:\7lffllx.exec:\7lffllx.exe106⤵
-
\??\c:\fxffxrr.exec:\fxffxrr.exe107⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe108⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe109⤵
-
\??\c:\dpppv.exec:\dpppv.exe110⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe111⤵
-
\??\c:\7frrrff.exec:\7frrrff.exe112⤵
-
\??\c:\rlrlfff.exec:\rlrlfff.exe113⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe114⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe115⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe116⤵
-
\??\c:\ddddj.exec:\ddddj.exe117⤵
-
\??\c:\vvppj.exec:\vvppj.exe118⤵
-
\??\c:\rlxlffr.exec:\rlxlffr.exe119⤵
-
\??\c:\rlrxrrf.exec:\rlrxrrf.exe120⤵
-
\??\c:\1htttb.exec:\1htttb.exe121⤵
-
\??\c:\3nbnnt.exec:\3nbnnt.exe122⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe123⤵
-
\??\c:\jjddj.exec:\jjddj.exe124⤵
-
\??\c:\xflrrfx.exec:\xflrrfx.exe125⤵
-
\??\c:\lxxrxxl.exec:\lxxrxxl.exe126⤵
-
\??\c:\hntttn.exec:\hntttn.exe127⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe128⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe129⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe130⤵
-
\??\c:\xxxxfll.exec:\xxxxfll.exe131⤵
-
\??\c:\llrxxxx.exec:\llrxxxx.exe132⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe133⤵
-
\??\c:\tbnbbn.exec:\tbnbbn.exe134⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe135⤵
-
\??\c:\ddppp.exec:\ddppp.exe136⤵
-
\??\c:\xxlfxxl.exec:\xxlfxxl.exe137⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe138⤵
-
\??\c:\bhhhth.exec:\bhhhth.exe139⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe140⤵
-
\??\c:\3jvpd.exec:\3jvpd.exe141⤵
-
\??\c:\7pvvv.exec:\7pvvv.exe142⤵
-
\??\c:\xflffff.exec:\xflffff.exe143⤵
-
\??\c:\rrffxxx.exec:\rrffxxx.exe144⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe145⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe146⤵
-
\??\c:\tnnhhh.exec:\tnnhhh.exe147⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe148⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe149⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe150⤵
-
\??\c:\lffxxxr.exec:\lffxxxr.exe151⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe152⤵
-
\??\c:\bntntt.exec:\bntntt.exe153⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe154⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe155⤵
-
\??\c:\7djvp.exec:\7djvp.exe156⤵
-
\??\c:\frlfxxx.exec:\frlfxxx.exe157⤵
-
\??\c:\7xlflrx.exec:\7xlflrx.exe158⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe159⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe160⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe161⤵
-
\??\c:\pppjd.exec:\pppjd.exe162⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe163⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe164⤵
-
\??\c:\xfrrfrr.exec:\xfrrfrr.exe165⤵
-
\??\c:\7hnhtn.exec:\7hnhtn.exe166⤵
-
\??\c:\nbtbtt.exec:\nbtbtt.exe167⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe168⤵
-
\??\c:\djppd.exec:\djppd.exe169⤵
-
\??\c:\rxxfxxx.exec:\rxxfxxx.exe170⤵
-
\??\c:\rrxllrl.exec:\rrxllrl.exe171⤵
-
\??\c:\tnttnb.exec:\tnttnb.exe172⤵
-
\??\c:\btthhh.exec:\btthhh.exe173⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe174⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe175⤵
-
\??\c:\7rxrrxr.exec:\7rxrrxr.exe176⤵
-
\??\c:\fxrrrrr.exec:\fxrrrrr.exe177⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe178⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe179⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe180⤵
-
\??\c:\rfllllr.exec:\rfllllr.exe181⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe182⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe183⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe184⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe185⤵
-
\??\c:\fxrxxff.exec:\fxrxxff.exe186⤵
-
\??\c:\rrflrxl.exec:\rrflrxl.exe187⤵
-
\??\c:\tbhtnt.exec:\tbhtnt.exe188⤵
-
\??\c:\tnntth.exec:\tnntth.exe189⤵
-
\??\c:\pdppd.exec:\pdppd.exe190⤵
-
\??\c:\3dvvp.exec:\3dvvp.exe191⤵
-
\??\c:\xllfffx.exec:\xllfffx.exe192⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe193⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe194⤵
-
\??\c:\btbttb.exec:\btbttb.exe195⤵
-
\??\c:\tnhbhh.exec:\tnhbhh.exe196⤵
-
\??\c:\nnhhbb.exec:\nnhhbb.exe197⤵
-
\??\c:\9vddv.exec:\9vddv.exe198⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe199⤵
-
\??\c:\jddvp.exec:\jddvp.exe200⤵
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe201⤵
-
\??\c:\7xlrrrx.exec:\7xlrrrx.exe202⤵
-
\??\c:\rflrlll.exec:\rflrlll.exe203⤵
-
\??\c:\bhhhhh.exec:\bhhhhh.exe204⤵
-
\??\c:\7nnttn.exec:\7nnttn.exe205⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe206⤵
-
\??\c:\7vdpj.exec:\7vdpj.exe207⤵
-
\??\c:\lrffflr.exec:\lrffflr.exe208⤵
-
\??\c:\flrlrxx.exec:\flrlrxx.exe209⤵
-
\??\c:\rxflrlx.exec:\rxflrlx.exe210⤵
-
\??\c:\hnbtbb.exec:\hnbtbb.exe211⤵
-
\??\c:\nbhtbh.exec:\nbhtbh.exe212⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe213⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe214⤵
-
\??\c:\xxlllxf.exec:\xxlllxf.exe215⤵
-
\??\c:\xrlfflx.exec:\xrlfflx.exe216⤵
-
\??\c:\tnhhbb.exec:\tnhhbb.exe217⤵
-
\??\c:\tbbbbn.exec:\tbbbbn.exe218⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe219⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe220⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe221⤵
-
\??\c:\rffxlxr.exec:\rffxlxr.exe222⤵
-
\??\c:\flfrfrl.exec:\flfrfrl.exe223⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe224⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe225⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe226⤵
-
\??\c:\rrrflrx.exec:\rrrflrx.exe227⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe228⤵
-
\??\c:\bhhbtb.exec:\bhhbtb.exe229⤵
-
\??\c:\3btnnb.exec:\3btnnb.exe230⤵
-
\??\c:\vddvp.exec:\vddvp.exe231⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe232⤵
-
\??\c:\rxlxrrx.exec:\rxlxrrx.exe233⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe234⤵
-
\??\c:\3xfxxff.exec:\3xfxxff.exe235⤵
-
\??\c:\hhbntn.exec:\hhbntn.exe236⤵
-
\??\c:\ddvdj.exec:\ddvdj.exe237⤵
-
\??\c:\flrfxrr.exec:\flrfxrr.exe238⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe239⤵
-
\??\c:\btthbh.exec:\btthbh.exe240⤵