Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
09-05-2024 13:46
General
-
Target
4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe
-
Size
94KB
-
MD5
4d0b19513986ae2c19b443cb5c889e20
-
SHA1
82b23a64d9eb327c930b2a53c4d911b862ba10ac
-
SHA256
2e62c70fad803ab3ace1d9492d3f6a18d6296ce05273549579e0e2a67fe0ab66
-
SHA512
a61668f02a754f70fa6c9d30098b0f9a65b68ad1f20d64688eadd2f923ef74bacd22fd9ac443f21f6c7e11fb820a72f69801662b7a449f12902c50d9edf98303
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtq:ymb3NkkiQ3mdBjFIWeFGyAsJAg2q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttt.exec:\htbttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdj.exec:\dvvdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfxr.exec:\llrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxr.exec:\lffxfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbtb.exec:\htbbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbbh.exec:\thnbbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpd.exec:\3vvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnh.exec:\tntnnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppj.exec:\1pppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrxf.exec:\rxxrrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhn.exec:\thhbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvj.exec:\pppvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfffxl.exec:\llfffxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntnh.exec:\1tntnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpp.exec:\djvpp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhttt.exec:\thhttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nttnn.exec:\7nttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe23⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrlflr.exec:\xrrlflr.exe25⤵
- Executes dropped EXE
-
\??\c:\bbbttn.exec:\bbbttn.exe26⤵
- Executes dropped EXE
-
\??\c:\vjvjd.exec:\vjvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\3hnhbt.exec:\3hnhbt.exe29⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe32⤵
- Executes dropped EXE
-
\??\c:\5rlflxr.exec:\5rlflxr.exe33⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\3llffxx.exec:\3llffxx.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxfflf.exec:\fxxfflf.exe39⤵
- Executes dropped EXE
-
\??\c:\9ffxxrx.exec:\9ffxxrx.exe40⤵
- Executes dropped EXE
-
\??\c:\bttnnt.exec:\bttnnt.exe41⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe42⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe43⤵
- Executes dropped EXE
-
\??\c:\5pddp.exec:\5pddp.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxrflf.exec:\rlxrflf.exe45⤵
- Executes dropped EXE
-
\??\c:\rrxllrx.exec:\rrxllrx.exe46⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\1ntbnb.exec:\1ntbnb.exe48⤵
- Executes dropped EXE
-
\??\c:\jjdvv.exec:\jjdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\7ffxxfx.exec:\7ffxxfx.exe51⤵
- Executes dropped EXE
-
\??\c:\7rfxllf.exec:\7rfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnnht.exec:\nnnnht.exe53⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe54⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nnbtnh.exec:\nnbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\9hnhbb.exec:\9hnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\rfffxxl.exec:\rfffxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\9ffxllx.exec:\9ffxllx.exe63⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe66⤵
-
\??\c:\3fllxxr.exec:\3fllxxr.exe67⤵
-
\??\c:\nbbbth.exec:\nbbbth.exe68⤵
-
\??\c:\pvvpd.exec:\pvvpd.exe69⤵
-
\??\c:\jjddj.exec:\jjddj.exe70⤵
-
\??\c:\rfxrffx.exec:\rfxrffx.exe71⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe72⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe73⤵
-
\??\c:\dddvd.exec:\dddvd.exe74⤵
-
\??\c:\jddvp.exec:\jddvp.exe75⤵
-
\??\c:\7fllxxr.exec:\7fllxxr.exe76⤵
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe77⤵
-
\??\c:\3bhbhh.exec:\3bhbhh.exe78⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe79⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe80⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe81⤵
-
\??\c:\ffrxrrl.exec:\ffrxrrl.exe82⤵
-
\??\c:\lxlllll.exec:\lxlllll.exe83⤵
-
\??\c:\bthbtn.exec:\bthbtn.exe84⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe85⤵
-
\??\c:\dddpj.exec:\dddpj.exe86⤵
-
\??\c:\3fxrlff.exec:\3fxrlff.exe87⤵
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe88⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe89⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe90⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe91⤵
-
\??\c:\1lrlllf.exec:\1lrlllf.exe92⤵
-
\??\c:\5bbthh.exec:\5bbthh.exe93⤵
-
\??\c:\htbnbb.exec:\htbnbb.exe94⤵
-
\??\c:\9jdpj.exec:\9jdpj.exe95⤵
-
\??\c:\3xfrrrr.exec:\3xfrrrr.exe96⤵
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe97⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe98⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe99⤵
-
\??\c:\vppdp.exec:\vppdp.exe100⤵
-
\??\c:\frflllf.exec:\frflllf.exe101⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe102⤵
-
\??\c:\btbttn.exec:\btbttn.exe103⤵
-
\??\c:\7hbtnn.exec:\7hbtnn.exe104⤵
-
\??\c:\vddvp.exec:\vddvp.exe105⤵
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe106⤵
-
\??\c:\xxffxfx.exec:\xxffxfx.exe107⤵
-
\??\c:\7ntnhh.exec:\7ntnhh.exe108⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe109⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe110⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe111⤵
-
\??\c:\rrffffl.exec:\rrffffl.exe112⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe113⤵
-
\??\c:\bbhbth.exec:\bbhbth.exe114⤵
-
\??\c:\3hnhtn.exec:\3hnhtn.exe115⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe116⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe117⤵
-
\??\c:\rllfxxr.exec:\rllfxxr.exe118⤵
-
\??\c:\lfflfrr.exec:\lfflfrr.exe119⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe120⤵
-
\??\c:\5nhbnn.exec:\5nhbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-