Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09-05-2024 22:15
General
-
Target
0d24812ff9a62bf9c8ec60ca5392b950_NeikiAnalytics.exe
-
Size
81KB
-
MD5
0d24812ff9a62bf9c8ec60ca5392b950
-
SHA1
3e41e8a79936cc3eb8c45da06e58575263ded0ea
-
SHA256
406d715393fb856dbebc89556b7aedc1dee79d9d6a843efe59fc7cb4e2168ffa
-
SHA512
f386361e467e5c281340e18cef33052cb22009cf084c0e37f5f0f0ce41d5994ee2e9f923e6cc69d3c680b5a32c7839db43a1f871cf61807a1ac00979632e280b
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQHW:ChOmTsF93UYfwC6GIoutAe07zVIqW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0d24812ff9a62bf9c8ec60ca5392b950_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0d24812ff9a62bf9c8ec60ca5392b950_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffr.exec:\fxlxffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtn.exec:\nbhbtn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffxxf.exec:\1xffxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthbb.exec:\nbthbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhttb.exec:\hhhttb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrlfr.exec:\rrrrlfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtb.exec:\tbbbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlxxx.exec:\xrrlxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnt.exec:\btttnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvv.exec:\5vvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvd.exec:\djjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxlll.exec:\rxfxlll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjv.exec:\vjdjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffxllf.exec:\1ffxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvjv.exec:\1jvjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxxfr.exec:\lxlxxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe25⤵
- Executes dropped EXE
-
\??\c:\rfxrlff.exec:\rfxrlff.exe26⤵
- Executes dropped EXE
-
\??\c:\rfrlxrr.exec:\rfrlxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe31⤵
- Executes dropped EXE
-
\??\c:\lxlxllx.exec:\lxlxllx.exe32⤵
- Executes dropped EXE
-
\??\c:\7ddpj.exec:\7ddpj.exe33⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe34⤵
- Executes dropped EXE
-
\??\c:\frfllrr.exec:\frfllrr.exe35⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\1vppd.exec:\1vppd.exe39⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe40⤵
- Executes dropped EXE
-
\??\c:\xflrfxx.exec:\xflrfxx.exe41⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe42⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe44⤵
- Executes dropped EXE
-
\??\c:\rxfffxf.exec:\rxfffxf.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe46⤵
- Executes dropped EXE
-
\??\c:\bbtbbt.exec:\bbtbbt.exe47⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe49⤵
- Executes dropped EXE
-
\??\c:\3xrlfxr.exec:\3xrlfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\hnnhtn.exec:\hnnhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\3hbtbt.exec:\3hbtbt.exe52⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\llxfxfx.exec:\llxfxfx.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnbbh.exec:\ttnbbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\lxllrfr.exec:\lxllrfr.exe58⤵
- Executes dropped EXE
-
\??\c:\frlfxrl.exec:\frlfxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\9nhthb.exec:\9nhthb.exe60⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlffrl.exec:\xxlffrl.exe63⤵
- Executes dropped EXE
-
\??\c:\hbbthn.exec:\hbbthn.exe64⤵
- Executes dropped EXE
-
\??\c:\bntnhb.exec:\bntnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe66⤵
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe67⤵
-
\??\c:\lxlfxrf.exec:\lxlfxrf.exe68⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe69⤵
-
\??\c:\jddvv.exec:\jddvv.exe70⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe71⤵
-
\??\c:\xlxrrrl.exec:\xlxrrrl.exe72⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe73⤵
-
\??\c:\5btnbt.exec:\5btnbt.exe74⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe75⤵
-
\??\c:\3fflffx.exec:\3fflffx.exe76⤵
-
\??\c:\lllrrxl.exec:\lllrrxl.exe77⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe78⤵
-
\??\c:\7ntnhb.exec:\7ntnhb.exe79⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe80⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe81⤵
-
\??\c:\lfllfrl.exec:\lfllfrl.exe82⤵
-
\??\c:\lxfxrfx.exec:\lxfxrfx.exe83⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe84⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe85⤵
-
\??\c:\3vvvj.exec:\3vvvj.exe86⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe87⤵
-
\??\c:\fflfllf.exec:\fflfllf.exe88⤵
-
\??\c:\rflrlll.exec:\rflrlll.exe89⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe90⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe91⤵
-
\??\c:\xrrrlfx.exec:\xrrrlfx.exe92⤵
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe93⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe94⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe95⤵
-
\??\c:\djpjd.exec:\djpjd.exe96⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe97⤵
-
\??\c:\7rxllll.exec:\7rxllll.exe98⤵
-
\??\c:\ffxrlxr.exec:\ffxrlxr.exe99⤵
-
\??\c:\bnhhhn.exec:\bnhhhn.exe100⤵
-
\??\c:\tbhnnb.exec:\tbhnnb.exe101⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe102⤵
-
\??\c:\vppjv.exec:\vppjv.exe103⤵
-
\??\c:\rrxrffl.exec:\rrxrffl.exe104⤵
-
\??\c:\1llllll.exec:\1llllll.exe105⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe106⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe107⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe108⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe109⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe110⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe111⤵
-
\??\c:\ntthtt.exec:\ntthtt.exe112⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe113⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe114⤵
-
\??\c:\vppdv.exec:\vppdv.exe115⤵
-
\??\c:\frllxrr.exec:\frllxrr.exe116⤵
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe117⤵
-
\??\c:\7bhbnn.exec:\7bhbnn.exe118⤵
-
\??\c:\djdvj.exec:\djdvj.exe119⤵
-
\??\c:\jddvj.exec:\jddvj.exe120⤵
-
\??\c:\3vvpd.exec:\3vvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-