Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
09-05-2024 21:49
General
-
Target
07280948dbbbb63677bf33481c3abd30_NeikiAnalytics.exe
-
Size
333KB
-
MD5
07280948dbbbb63677bf33481c3abd30
-
SHA1
b5ef76637a2776d34c14838b43f065040ebf20ec
-
SHA256
74fbbd5fe1fa75660b1cc11f50d4e9766b4aec8c8141a49d831a0d5a5c94f23a
-
SHA512
d610a97ad818d5169cb3d0dd2d6052214400521e7b30616d7064801af78d469857afb1351a7021d1de2b980b28fa0d5827b49186a9201ec2afb7e6960613f7d6
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1i/t:x4wFHoS3eFaKHpv/VycgE8ot
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\07280948dbbbb63677bf33481c3abd30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\07280948dbbbb63677bf33481c3abd30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjddv.exec:\vjddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjd.exec:\vjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrllf.exec:\lrxrllf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhh.exec:\hbbnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllff.exec:\lfrllff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtt.exec:\tnbbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrrll.exec:\flfrrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbnn.exec:\3nbbnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxx.exec:\lfffxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrrrl.exec:\frxrrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfrf.exec:\ffrrfrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrll.exec:\xlrrrll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbtb.exec:\thnbtb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lflrxxr.exec:\lflrxxr.exe24⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\xflfxxr.exec:\xflfxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\fffrllf.exec:\fffrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe38⤵
- Executes dropped EXE
-
\??\c:\7vdpj.exec:\7vdpj.exe39⤵
- Executes dropped EXE
-
\??\c:\bttnhh.exec:\bttnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe42⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\rfrllll.exec:\rfrllll.exe45⤵
- Executes dropped EXE
-
\??\c:\lxxrrfx.exec:\lxxrrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\thbbbb.exec:\thbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3llfxxr.exec:\3llfxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe51⤵
- Executes dropped EXE
-
\??\c:\lrrllfx.exec:\lrrllfx.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe53⤵
- Executes dropped EXE
-
\??\c:\9nhbtt.exec:\9nhbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe55⤵
- Executes dropped EXE
-
\??\c:\5rrlxxx.exec:\5rrlxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\bbttnt.exec:\bbttnt.exe57⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe59⤵
- Executes dropped EXE
-
\??\c:\9fflrrf.exec:\9fflrrf.exe60⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\rxfrfxr.exec:\rxfrfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe66⤵
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe67⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe68⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe69⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe70⤵
-
\??\c:\frrlffl.exec:\frrlffl.exe71⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe72⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe73⤵
-
\??\c:\7vpjj.exec:\7vpjj.exe74⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe75⤵
-
\??\c:\fffrlll.exec:\fffrlll.exe76⤵
-
\??\c:\nhbttt.exec:\nhbttt.exe77⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe78⤵
-
\??\c:\9xxrllx.exec:\9xxrllx.exe79⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe80⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe81⤵
-
\??\c:\fllxffx.exec:\fllxffx.exe82⤵
-
\??\c:\1rxxxxf.exec:\1rxxxxf.exe83⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe84⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe85⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe86⤵
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe87⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe88⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe89⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe90⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe91⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe92⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe93⤵
-
\??\c:\jppjd.exec:\jppjd.exe94⤵
-
\??\c:\3lllfff.exec:\3lllfff.exe95⤵
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe96⤵
-
\??\c:\tntttt.exec:\tntttt.exe97⤵
-
\??\c:\9djjd.exec:\9djjd.exe98⤵
-
\??\c:\lffffxx.exec:\lffffxx.exe99⤵
-
\??\c:\hbbhtn.exec:\hbbhtn.exe100⤵
-
\??\c:\htbbnh.exec:\htbbnh.exe101⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe102⤵
-
\??\c:\lxfxxrl.exec:\lxfxxrl.exe103⤵
-
\??\c:\hbbhht.exec:\hbbhht.exe104⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe105⤵
-
\??\c:\9vddd.exec:\9vddd.exe106⤵
-
\??\c:\rrrxflr.exec:\rrrxflr.exe107⤵
-
\??\c:\rrxxxff.exec:\rrxxxff.exe108⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe109⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe110⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe111⤵
-
\??\c:\rrxxflx.exec:\rrxxflx.exe112⤵
-
\??\c:\llrlrll.exec:\llrlrll.exe113⤵
-
\??\c:\7bnhbt.exec:\7bnhbt.exe114⤵
-
\??\c:\djddp.exec:\djddp.exe115⤵
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe116⤵
-
\??\c:\rxlrlff.exec:\rxlrlff.exe117⤵
-
\??\c:\7nthth.exec:\7nthth.exe118⤵
-
\??\c:\jjppj.exec:\jjppj.exe119⤵
-
\??\c:\1vjvd.exec:\1vjvd.exe120⤵
-
\??\c:\lffrlll.exec:\lffrlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-