Analysis
-
max time kernel
150s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 14:45
General
-
Target
da5699edeb93f7e8aaf571b69eb53400_NeikiAnalytics.exe
-
Size
966KB
-
MD5
da5699edeb93f7e8aaf571b69eb53400
-
SHA1
af6962ee16b5b76154e3768a97a96de049eb5be8
-
SHA256
5e50836ba5b9b2a6c9ff6face60107c5d419f433d0473742fd023ab233066806
-
SHA512
814b37604b55481c39a21b6b138b111007b488eeba6c8aedd93834e604488147b793b9dcefa7f9a8a42f7d8cd6cdcea97efdf533b5397bc038a628e17c22ea74
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL04iVypNKvzcMwdBS3b3aoqYveXVadBlHD+CURPO0:SgD4bhoqLDqYLagB6Wj1+CysF
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\da5699edeb93f7e8aaf571b69eb53400_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\da5699edeb93f7e8aaf571b69eb53400_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrfxrf.exec:\xrrfxrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbnh.exec:\httbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdd.exec:\djjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llrrrl.exec:\9llrrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllllrr.exec:\lllllrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrll.exec:\xrrrrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxrr.exec:\rxlfxrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrxx.exec:\xxllrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhh.exec:\nhnhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxrxx.exec:\rrlxrxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhh.exec:\nhtbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrxrx.exec:\rrlrxrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbt.exec:\bbtnbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe24⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxffffl.exec:\fxffffl.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe27⤵
- Executes dropped EXE
-
\??\c:\3htntt.exec:\3htntt.exe28⤵
- Executes dropped EXE
-
\??\c:\1jjpj.exec:\1jjpj.exe29⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\5bnttb.exec:\5bnttb.exe31⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbbth.exec:\nbbbth.exe34⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe35⤵
- Executes dropped EXE
-
\??\c:\ffrxrfl.exec:\ffrxrfl.exe36⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrxxxx.exec:\xxrxxxx.exe38⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\5pvvv.exec:\5pvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\fxllllr.exec:\fxllllr.exe41⤵
- Executes dropped EXE
-
\??\c:\9ttbtb.exec:\9ttbtb.exe42⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrllll.exec:\rrrllll.exe44⤵
- Executes dropped EXE
-
\??\c:\3xrrrxr.exec:\3xrrrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe46⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxxllr.exec:\rlxxllr.exe48⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe50⤵
- Executes dropped EXE
-
\??\c:\7ffxlfx.exec:\7ffxlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe52⤵
- Executes dropped EXE
-
\??\c:\rrxlrrl.exec:\rrxlrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\flrllfx.exec:\flrllfx.exe56⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\5xfllrr.exec:\5xfllrr.exe59⤵
- Executes dropped EXE
-
\??\c:\7hnhhn.exec:\7hnhhn.exe60⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe61⤵
- Executes dropped EXE
-
\??\c:\tbbnnh.exec:\tbbnnh.exe62⤵
- Executes dropped EXE
-
\??\c:\1jjvp.exec:\1jjvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe66⤵
-
\??\c:\xflllll.exec:\xflllll.exe67⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe68⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe69⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe70⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe71⤵
-
\??\c:\xflllfl.exec:\xflllfl.exe72⤵
-
\??\c:\tbbbtt.exec:\tbbbtt.exe73⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe74⤵
-
\??\c:\xxlffll.exec:\xxlffll.exe75⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe76⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe77⤵
-
\??\c:\llrlrrl.exec:\llrlrrl.exe78⤵
-
\??\c:\nnbbnn.exec:\nnbbnn.exe79⤵
-
\??\c:\pdppv.exec:\pdppv.exe80⤵
-
\??\c:\xrxrfll.exec:\xrxrfll.exe81⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe82⤵
-
\??\c:\1vvvv.exec:\1vvvv.exe83⤵
-
\??\c:\9bhnnt.exec:\9bhnnt.exe84⤵
-
\??\c:\vvddd.exec:\vvddd.exe85⤵
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe86⤵
-
\??\c:\3hhhhh.exec:\3hhhhh.exe87⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe88⤵
-
\??\c:\bhtttt.exec:\bhtttt.exe89⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe90⤵
-
\??\c:\5lrlfxx.exec:\5lrlfxx.exe91⤵
-
\??\c:\ttbnnt.exec:\ttbnnt.exe92⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe93⤵
-
\??\c:\ntthhb.exec:\ntthhb.exe94⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe95⤵
-
\??\c:\frxfffx.exec:\frxfffx.exe96⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe97⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe98⤵
-
\??\c:\fflxxll.exec:\fflxxll.exe99⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe100⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe101⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe102⤵
-
\??\c:\7vvjd.exec:\7vvjd.exe103⤵
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe104⤵
-
\??\c:\7nbttt.exec:\7nbttt.exe105⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe106⤵
-
\??\c:\rrlrxrl.exec:\rrlrxrl.exe107⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe108⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe109⤵
-
\??\c:\lrlllll.exec:\lrlllll.exe110⤵
-
\??\c:\7thhbb.exec:\7thhbb.exe111⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe112⤵
-
\??\c:\nthhbh.exec:\nthhbh.exe113⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe114⤵
-
\??\c:\flxfffx.exec:\flxfffx.exe115⤵
-
\??\c:\httnbn.exec:\httnbn.exe116⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe117⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe118⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe119⤵
-
\??\c:\dppjd.exec:\dppjd.exe120⤵
-
\??\c:\9xxxlrr.exec:\9xxxlrr.exe121⤵
-
\??\c:\nthhhn.exec:\nthhhn.exe122⤵
-
\??\c:\3ppvj.exec:\3ppvj.exe123⤵
-
\??\c:\7rlllrr.exec:\7rlllrr.exe124⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe125⤵
-
\??\c:\frlffxr.exec:\frlffxr.exe126⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe127⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe128⤵
-
\??\c:\rrflrrx.exec:\rrflrrx.exe129⤵
-
\??\c:\hbnhnb.exec:\hbnhnb.exe130⤵
-
\??\c:\rllrfrx.exec:\rllrfrx.exe131⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe132⤵
-
\??\c:\pjppp.exec:\pjppp.exe133⤵
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe134⤵
-
\??\c:\5nhhbb.exec:\5nhhbb.exe135⤵
-
\??\c:\lxlrrfl.exec:\lxlrrfl.exe136⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe137⤵
-
\??\c:\jpddv.exec:\jpddv.exe138⤵
-
\??\c:\3frlrrx.exec:\3frlrrx.exe139⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe140⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe141⤵
-
\??\c:\htnhnn.exec:\htnhnn.exe142⤵
-
\??\c:\pddvp.exec:\pddvp.exe143⤵
-
\??\c:\9rrlfxx.exec:\9rrlfxx.exe144⤵
-
\??\c:\hnnnhh.exec:\hnnnhh.exe145⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe146⤵
-
\??\c:\9xrlxrl.exec:\9xrlxrl.exe147⤵
-
\??\c:\ntnhhh.exec:\ntnhhh.exe148⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe149⤵
-
\??\c:\lxlxfxf.exec:\lxlxfxf.exe150⤵
-
\??\c:\1hnhhn.exec:\1hnhhn.exe151⤵
-
\??\c:\5xlfflf.exec:\5xlfflf.exe152⤵
-
\??\c:\9hbbtn.exec:\9hbbtn.exe153⤵
-
\??\c:\djjdv.exec:\djjdv.exe154⤵
-
\??\c:\3lxflxf.exec:\3lxflxf.exe155⤵
-
\??\c:\btbnnh.exec:\btbnnh.exe156⤵
-
\??\c:\vppjj.exec:\vppjj.exe157⤵
-
\??\c:\rfxlxxx.exec:\rfxlxxx.exe158⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe159⤵
-
\??\c:\jvddd.exec:\jvddd.exe160⤵
-
\??\c:\ntbnbt.exec:\ntbnbt.exe161⤵
-
\??\c:\9vjvv.exec:\9vjvv.exe162⤵
-
\??\c:\lfllfrr.exec:\lfllfrr.exe163⤵
-
\??\c:\9nbthh.exec:\9nbthh.exe164⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe165⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe166⤵
-
\??\c:\pppjd.exec:\pppjd.exe167⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe168⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe169⤵
-
\??\c:\jjppj.exec:\jjppj.exe170⤵
-
\??\c:\fflffxx.exec:\fflffxx.exe171⤵
-
\??\c:\pddvp.exec:\pddvp.exe172⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe173⤵
-
\??\c:\bbhhht.exec:\bbhhht.exe174⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe175⤵
-
\??\c:\3fxfflf.exec:\3fxfflf.exe176⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe177⤵
-
\??\c:\3pppp.exec:\3pppp.exe178⤵
-
\??\c:\hhtnnb.exec:\hhtnnb.exe179⤵
-
\??\c:\5jvvv.exec:\5jvvv.exe180⤵
-
\??\c:\lffllfl.exec:\lffllfl.exe181⤵
-
\??\c:\7htntt.exec:\7htntt.exe182⤵
-
\??\c:\vpvdd.exec:\vpvdd.exe183⤵
-
\??\c:\1ffrfrl.exec:\1ffrfrl.exe184⤵
-
\??\c:\ntntnt.exec:\ntntnt.exe185⤵
-
\??\c:\jdppp.exec:\jdppp.exe186⤵
-
\??\c:\5xrrlrr.exec:\5xrrlrr.exe187⤵
-
\??\c:\vdjjp.exec:\vdjjp.exe188⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe189⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe190⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe191⤵
-
\??\c:\lxfllrx.exec:\lxfllrx.exe192⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe193⤵
-
\??\c:\vvddj.exec:\vvddj.exe194⤵
-
\??\c:\fxfllrr.exec:\fxfllrr.exe195⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe196⤵
-
\??\c:\jjddp.exec:\jjddp.exe197⤵
-
\??\c:\fxffxll.exec:\fxffxll.exe198⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe199⤵
-
\??\c:\rrfflrr.exec:\rrfflrr.exe200⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe201⤵
-
\??\c:\vddvd.exec:\vddvd.exe202⤵
-
\??\c:\rxxfxxr.exec:\rxxfxxr.exe203⤵
-
\??\c:\3bhbbh.exec:\3bhbbh.exe204⤵
-
\??\c:\fllfffx.exec:\fllfffx.exe205⤵
-
\??\c:\tttnbb.exec:\tttnbb.exe206⤵
-
\??\c:\dpppj.exec:\dpppj.exe207⤵
-
\??\c:\5xfflrx.exec:\5xfflrx.exe208⤵
-
\??\c:\nnbtnh.exec:\nnbtnh.exe209⤵
-
\??\c:\lrrllll.exec:\lrrllll.exe210⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe211⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe212⤵
-
\??\c:\fffxllx.exec:\fffxllx.exe213⤵
-
\??\c:\lfxrlff.exec:\lfxrlff.exe214⤵
-
\??\c:\jppjd.exec:\jppjd.exe215⤵
-
\??\c:\djjdd.exec:\djjdd.exe216⤵
-
\??\c:\5fxrllx.exec:\5fxrllx.exe217⤵
-
\??\c:\jpppj.exec:\jpppj.exe218⤵
-
\??\c:\7xxrffx.exec:\7xxrffx.exe219⤵
-
\??\c:\bttnhb.exec:\bttnhb.exe220⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe221⤵
-
\??\c:\lfxrllx.exec:\lfxrllx.exe222⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe223⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe224⤵
-
\??\c:\1xfrlrf.exec:\1xfrlrf.exe225⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe226⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe227⤵
-
\??\c:\xxxxrll.exec:\xxxxrll.exe228⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe229⤵
-
\??\c:\9djdv.exec:\9djdv.exe230⤵
-
\??\c:\1ffxrlr.exec:\1ffxrlr.exe231⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe232⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe233⤵
-
\??\c:\xlffxxx.exec:\xlffxxx.exe234⤵
-
\??\c:\thntnh.exec:\thntnh.exe235⤵
-
\??\c:\vvppj.exec:\vvppj.exe236⤵
-
\??\c:\9ffxxlf.exec:\9ffxxlf.exe237⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe238⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe239⤵
-
\??\c:\rrrrfxf.exec:\rrrrfxf.exe240⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe241⤵