Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09/05/2024, 10:41
General
-
Target
15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe
-
Size
87KB
-
MD5
15007bca6d2449388e9898c1626216d0
-
SHA1
9dbce738c331433febbccb80e045ec0dbd158657
-
SHA256
2a212aff3225e17884ead79dc2236a9d3fe510b91dcfb1e93f9625b6a94602f0
-
SHA512
f83dd73e9e646d9e689e7a22a008796ea18bca4eba70cf8156401b1c7261739c56b41d0370423d13384d4bd5415633f652dc4a9c8ee949fad1e1e63ef48f62a9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjveD:ymb3NkkiQ3mdBjFo73yX+vQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\15007bca6d2449388e9898c1626216d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnh.exec:\tnttnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddvv.exec:\5ddvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fffxll.exec:\5fffxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxxxx.exec:\3rxxxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nntnh.exec:\7nntnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbn.exec:\tnhbbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvdd.exec:\jpvdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllll.exec:\xlrllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxxrl.exec:\rffxxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtbb.exec:\hhbtbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddv.exec:\pdddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflrf.exec:\rrfflrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrllll.exec:\xrrllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbb.exec:\hbbbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddj.exec:\vdddj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfrllf.exec:\3xfrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrffll.exec:\rxrffll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnhh.exec:\bbnnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhn.exec:\nhnhhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjd.exec:\dvvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllllf.exec:\llllllf.exe23⤵
- Executes dropped EXE
-
\??\c:\ntbnnn.exec:\ntbnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe26⤵
- Executes dropped EXE
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\7tttnn.exec:\7tttnn.exe28⤵
- Executes dropped EXE
-
\??\c:\9tbtnn.exec:\9tbtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\5ddjv.exec:\5ddjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfffff.exec:\xrfffff.exe32⤵
- Executes dropped EXE
-
\??\c:\3flxxrr.exec:\3flxxrr.exe33⤵
- Executes dropped EXE
-
\??\c:\5bhbbh.exec:\5bhbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\bbttbt.exec:\bbttbt.exe35⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe36⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe37⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe38⤵
- Executes dropped EXE
-
\??\c:\1ntnbb.exec:\1ntnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\7bbttt.exec:\7bbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\9jjpd.exec:\9jjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe42⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe44⤵
- Executes dropped EXE
-
\??\c:\3hhbnh.exec:\3hhbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\jvdpd.exec:\jvdpd.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\rrxlxrl.exec:\rrxlxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\9xxrxrr.exec:\9xxrxrr.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbthh.exec:\ntbthh.exe50⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe52⤵
- Executes dropped EXE
-
\??\c:\frxlxlf.exec:\frxlxlf.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnbnt.exec:\bhnbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\1ppjv.exec:\1ppjv.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlxxrr.exec:\xrlxxrr.exe58⤵
- Executes dropped EXE
-
\??\c:\7xrlxrl.exec:\7xrlxrl.exe59⤵
- Executes dropped EXE
-
\??\c:\bhbthb.exec:\bhbthb.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxxlfx.exec:\lfxxlfx.exe63⤵
- Executes dropped EXE
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\1hbtnh.exec:\1hbtnh.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe66⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe67⤵
-
\??\c:\frrlxxr.exec:\frrlxxr.exe68⤵
-
\??\c:\3llrllf.exec:\3llrllf.exe69⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe70⤵
-
\??\c:\nbthtt.exec:\nbthtt.exe71⤵
-
\??\c:\7bthtn.exec:\7bthtn.exe72⤵
-
\??\c:\pppdd.exec:\pppdd.exe73⤵
-
\??\c:\9ffrlfx.exec:\9ffrlfx.exe74⤵
-
\??\c:\tnbthb.exec:\tnbthb.exe75⤵
-
\??\c:\9tnbtb.exec:\9tnbtb.exe76⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe77⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe78⤵
-
\??\c:\lllxlfr.exec:\lllxlfr.exe79⤵
-
\??\c:\5fflfrl.exec:\5fflfrl.exe80⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe81⤵
-
\??\c:\bbbhnn.exec:\bbbhnn.exe82⤵
-
\??\c:\1djdd.exec:\1djdd.exe83⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe84⤵
-
\??\c:\1xrlxxr.exec:\1xrlxxr.exe85⤵
-
\??\c:\lrrfrlf.exec:\lrrfrlf.exe86⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe87⤵
-
\??\c:\bnntbh.exec:\bnntbh.exe88⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe89⤵
-
\??\c:\djddj.exec:\djddj.exe90⤵
-
\??\c:\lfxrfxr.exec:\lfxrfxr.exe91⤵
-
\??\c:\fllxrlx.exec:\fllxrlx.exe92⤵
-
\??\c:\3tthbb.exec:\3tthbb.exe93⤵
-
\??\c:\nnnbtn.exec:\nnnbtn.exe94⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe95⤵
-
\??\c:\7xrlxlx.exec:\7xrlxlx.exe96⤵
-
\??\c:\nthbnn.exec:\nthbnn.exe97⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe98⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe99⤵
-
\??\c:\rfrllff.exec:\rfrllff.exe100⤵
-
\??\c:\llfxlxl.exec:\llfxlxl.exe101⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe102⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe103⤵
-
\??\c:\xrlxlfx.exec:\xrlxlfx.exe104⤵
-
\??\c:\frfrlfx.exec:\frfrlfx.exe105⤵
-
\??\c:\djddv.exec:\djddv.exe106⤵
-
\??\c:\7vddp.exec:\7vddp.exe107⤵
-
\??\c:\llffxxl.exec:\llffxxl.exe108⤵
-
\??\c:\9xrlxrl.exec:\9xrlxrl.exe109⤵
-
\??\c:\9bbbnh.exec:\9bbbnh.exe110⤵
-
\??\c:\9vvjv.exec:\9vvjv.exe111⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe112⤵
-
\??\c:\rrxxffl.exec:\rrxxffl.exe113⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe114⤵
-
\??\c:\pvvvj.exec:\pvvvj.exe115⤵
-
\??\c:\lfrrfrf.exec:\lfrrfrf.exe116⤵
-
\??\c:\xlfxfxr.exec:\xlfxfxr.exe117⤵
-
\??\c:\9bhthb.exec:\9bhthb.exe118⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe119⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe120⤵
-
\??\c:\9xlxrfx.exec:\9xlxrfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-