Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
18-05-2024 22:36
General
-
Target
156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe
-
Size
306KB
-
MD5
156affeb13b6923dec4d6efeede62e40
-
SHA1
44830f69ea974a16757cc1f9345b070dce35a977
-
SHA256
a0d919c02abc9022a99a3cd3e2df5823eaea0c3e501728d97438953efaf4928e
-
SHA512
24082e38c5c3ea77d8bbe12cbcc7837192cefbfaba028597d0cfd0a8a419974841aeaa7fbb10899278428822e60db43e128acbde6df10fb579ecc9e699ea9343
-
SSDEEP
6144:n3C9BRo/AIuuOthLmH403Pyr6UWO6jUl7sPgvwNW:n3C9uDVOXLmHBKWyn+PgvuW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\156affeb13b6923dec4d6efeede62e40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvd.exec:\djpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlffx.exec:\fxrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttb.exec:\tntttb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppj.exec:\jvppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhb.exec:\tnbnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7thbtt.exec:\7thbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvpj.exec:\1jvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrf.exec:\rlxxrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtnn.exec:\tnhtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlffx.exec:\rxrlffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtnn.exec:\3tbtnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhn.exec:\nhnhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllx.exec:\rrxxllx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrll.exec:\xlrrrll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnn.exec:\bbtnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppp.exec:\pvppp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrll.exec:\rrllrll.exe23⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpjpp.exec:\jpjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe28⤵
- Executes dropped EXE
-
\??\c:\rllfffr.exec:\rllfffr.exe29⤵
- Executes dropped EXE
-
\??\c:\tntbbt.exec:\tntbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvpv.exec:\ddvpv.exe34⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlfxrx.exec:\rrlfxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\9pppp.exec:\9pppp.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\llllffx.exec:\llllffx.exe40⤵
- Executes dropped EXE
-
\??\c:\nnnttt.exec:\nnnttt.exe41⤵
- Executes dropped EXE
-
\??\c:\1tbtnn.exec:\1tbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe43⤵
- Executes dropped EXE
-
\??\c:\rllfllf.exec:\rllfllf.exe44⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\hhhbbt.exec:\hhhbbt.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\frllfrl.exec:\frllfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\5nhbbb.exec:\5nhbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe54⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrlxxx.exec:\lfrlxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\5rrlflf.exec:\5rrlflf.exe57⤵
- Executes dropped EXE
-
\??\c:\tbtntt.exec:\tbtntt.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe60⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe62⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe63⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\tthhnb.exec:\tthhnb.exe65⤵
- Executes dropped EXE
-
\??\c:\5dpvp.exec:\5dpvp.exe66⤵
-
\??\c:\fxxffxr.exec:\fxxffxr.exe67⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe68⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe69⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe70⤵
-
\??\c:\pppdv.exec:\pppdv.exe71⤵
-
\??\c:\rlllxfx.exec:\rlllxfx.exe72⤵
-
\??\c:\htbttt.exec:\htbttt.exe73⤵
-
\??\c:\jdddv.exec:\jdddv.exe74⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe75⤵
-
\??\c:\3xxrlll.exec:\3xxrlll.exe76⤵
-
\??\c:\xxllxrx.exec:\xxllxrx.exe77⤵
-
\??\c:\9btbtn.exec:\9btbtn.exe78⤵
-
\??\c:\jvddv.exec:\jvddv.exe79⤵
-
\??\c:\rxflrrf.exec:\rxflrrf.exe80⤵
-
\??\c:\lxllfxr.exec:\lxllfxr.exe81⤵
-
\??\c:\nhnhhb.exec:\nhnhhb.exe82⤵
-
\??\c:\nhnbbb.exec:\nhnbbb.exe83⤵
-
\??\c:\pppdv.exec:\pppdv.exe84⤵
-
\??\c:\5rfffff.exec:\5rfffff.exe85⤵
-
\??\c:\bnthth.exec:\bnthth.exe86⤵
-
\??\c:\1djjd.exec:\1djjd.exe87⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe88⤵
-
\??\c:\5xfxlfx.exec:\5xfxlfx.exe89⤵
-
\??\c:\1rlfrxr.exec:\1rlfrxr.exe90⤵
-
\??\c:\frfrfxx.exec:\frfrfxx.exe91⤵
-
\??\c:\vpddv.exec:\vpddv.exe92⤵
-
\??\c:\rrfxrrf.exec:\rrfxrrf.exe93⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe94⤵
-
\??\c:\9ddvp.exec:\9ddvp.exe95⤵
-
\??\c:\5rxlrrl.exec:\5rxlrrl.exe96⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe97⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe98⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe99⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe100⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe101⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe102⤵
-
\??\c:\xlrfxxx.exec:\xlrfxxx.exe103⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe104⤵
-
\??\c:\9vvpj.exec:\9vvpj.exe105⤵
-
\??\c:\dppjj.exec:\dppjj.exe106⤵
-
\??\c:\3lxrfrf.exec:\3lxrfrf.exe107⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe108⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe109⤵
-
\??\c:\7pvjv.exec:\7pvjv.exe110⤵
-
\??\c:\xxfrrrx.exec:\xxfrrrx.exe111⤵
-
\??\c:\1rllfrl.exec:\1rllfrl.exe112⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe113⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe114⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe115⤵
-
\??\c:\rlrllfl.exec:\rlrllfl.exe116⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe117⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe118⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe119⤵
-
\??\c:\lrlffxl.exec:\lrlffxl.exe120⤵
-
\??\c:\vpddj.exec:\vpddj.exe121⤵
-
\??\c:\ffxfxxr.exec:\ffxfxxr.exe122⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe123⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe124⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe125⤵
-
\??\c:\7lllllf.exec:\7lllllf.exe126⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe127⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe128⤵
-
\??\c:\djvpv.exec:\djvpv.exe129⤵
-
\??\c:\rlrllll.exec:\rlrllll.exe130⤵
-
\??\c:\3bhbhb.exec:\3bhbhb.exe131⤵
-
\??\c:\3hnbbb.exec:\3hnbbb.exe132⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe133⤵
-
\??\c:\llllfxr.exec:\llllfxr.exe134⤵
-
\??\c:\rllflxf.exec:\rllflxf.exe135⤵
-
\??\c:\hntnbt.exec:\hntnbt.exe136⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe137⤵
-
\??\c:\dpvjd.exec:\dpvjd.exe138⤵
-
\??\c:\xxrrllr.exec:\xxrrllr.exe139⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe140⤵
-
\??\c:\nbbnhh.exec:\nbbnhh.exe141⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe142⤵
-
\??\c:\xrxxrrf.exec:\xrxxrrf.exe143⤵
-
\??\c:\1ntnbh.exec:\1ntnbh.exe144⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe145⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe146⤵
-
\??\c:\5lrfflf.exec:\5lrfflf.exe147⤵
-
\??\c:\lrrfrrl.exec:\lrrfrrl.exe148⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe149⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe150⤵
-
\??\c:\fxxlxrr.exec:\fxxlxrr.exe151⤵
-
\??\c:\7flfxxx.exec:\7flfxxx.exe152⤵
-
\??\c:\3hbnbb.exec:\3hbnbb.exe153⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe154⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe155⤵
-
\??\c:\rrflfxr.exec:\rrflfxr.exe156⤵
-
\??\c:\hthbhb.exec:\hthbhb.exe157⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe158⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe159⤵
-
\??\c:\9xffxff.exec:\9xffxff.exe160⤵
-
\??\c:\lffxllf.exec:\lffxllf.exe161⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe162⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe163⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe164⤵
-
\??\c:\7rrlfxr.exec:\7rrlfxr.exe165⤵
-
\??\c:\flrlrlf.exec:\flrlrlf.exe166⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe167⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe168⤵
-
\??\c:\9jddj.exec:\9jddj.exe169⤵
-
\??\c:\fxxxxrf.exec:\fxxxxrf.exe170⤵
-
\??\c:\7llfxll.exec:\7llfxll.exe171⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe172⤵
-
\??\c:\btbttt.exec:\btbttt.exe173⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe174⤵
-
\??\c:\5xxlfff.exec:\5xxlfff.exe175⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe176⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe177⤵
-
\??\c:\thhhbt.exec:\thhhbt.exe178⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe179⤵
-
\??\c:\7ffrfxx.exec:\7ffrfxx.exe180⤵
-
\??\c:\rrfxlfx.exec:\rrfxlfx.exe181⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe182⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe183⤵
-
\??\c:\djdpv.exec:\djdpv.exe184⤵
-
\??\c:\xllfxfr.exec:\xllfxfr.exe185⤵
-
\??\c:\llrrxrx.exec:\llrrxrx.exe186⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe187⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe188⤵
-
\??\c:\jddjj.exec:\jddjj.exe189⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe190⤵
-
\??\c:\rllfrll.exec:\rllfrll.exe191⤵
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe192⤵
-
\??\c:\9bnhnn.exec:\9bnhnn.exe193⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe194⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe195⤵
-
\??\c:\ffffxxr.exec:\ffffxxr.exe196⤵
-
\??\c:\3xrlffx.exec:\3xrlffx.exe197⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe198⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe199⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe200⤵
-
\??\c:\xlxrfrl.exec:\xlxrfrl.exe201⤵
-
\??\c:\thhhtb.exec:\thhhtb.exe202⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe203⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe204⤵
-
\??\c:\9rxrflf.exec:\9rxrflf.exe205⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe206⤵
-
\??\c:\5hbnbb.exec:\5hbnbb.exe207⤵
-
\??\c:\7jdvp.exec:\7jdvp.exe208⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe209⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe210⤵
-
\??\c:\thbntn.exec:\thbntn.exe211⤵
-
\??\c:\1nnbtn.exec:\1nnbtn.exe212⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe213⤵
-
\??\c:\lrxlxrr.exec:\lrxlxrr.exe214⤵
-
\??\c:\rxfrlfx.exec:\rxfrlfx.exe215⤵
-
\??\c:\bbbthb.exec:\bbbthb.exe216⤵
-
\??\c:\9ppjd.exec:\9ppjd.exe217⤵
-
\??\c:\pddpd.exec:\pddpd.exe218⤵
-
\??\c:\5fxrlfx.exec:\5fxrlfx.exe219⤵
-
\??\c:\thhbth.exec:\thhbth.exe220⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe221⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe222⤵
-
\??\c:\vppdv.exec:\vppdv.exe223⤵
-
\??\c:\rxfxlff.exec:\rxfxlff.exe224⤵
-
\??\c:\hhtnhb.exec:\hhtnhb.exe225⤵
-
\??\c:\ntbbnb.exec:\ntbbnb.exe226⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe227⤵
-
\??\c:\lxxllff.exec:\lxxllff.exe228⤵
-
\??\c:\nnbtth.exec:\nnbtth.exe229⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe230⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe231⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe232⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe233⤵
-
\??\c:\thbnht.exec:\thbnht.exe234⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe235⤵
-
\??\c:\djdvp.exec:\djdvp.exe236⤵
-
\??\c:\5fxrffx.exec:\5fxrffx.exe237⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe238⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe239⤵
-
\??\c:\frffllx.exec:\frffllx.exe240⤵
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe241⤵