Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
09/05/2024, 20:59
General
-
Target
f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe
-
Size
59KB
-
MD5
f9cab79ffdb3a86775e5a10fdd97f960
-
SHA1
791bb55121a5def4a9787b1dd10f908531272d76
-
SHA256
d1ba04ee89069f4fa51e3eaf318c3a9a4d82b93f4dc478cb984664b7f534c97c
-
SHA512
0d1b4089e4dce1385608962fd757dd7756bc5da431969c67c11ecd2eb130d71ac902e3668bf5bd1f6cf6b51643caf9db685f5d6f93937bbbfaf72ca7ed4d7604
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9UWt:ymb3NkkiQ3mdBjFIvlqm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxllx.exec:\xxfxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttt.exec:\hntttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfllrrl.exec:\xfllrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pppd.exec:\7pppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpd.exec:\9pvpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrx.exec:\xllfrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbthh.exec:\nbbthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpj.exec:\5jvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllll.exec:\lflllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjj.exec:\jjvjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllrrf.exec:\rxllrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnh.exec:\htttnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxx.exec:\xflfxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnhh.exec:\bhhnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbnn.exec:\tbhbnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\frlxllf.exec:\frlxllf.exe24⤵
- Executes dropped EXE
-
\??\c:\nntnbb.exec:\nntnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\ppvjp.exec:\ppvjp.exe26⤵
- Executes dropped EXE
-
\??\c:\7rfxllx.exec:\7rfxllx.exe27⤵
- Executes dropped EXE
-
\??\c:\xlllrrl.exec:\xlllrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\5ntntt.exec:\5ntntt.exe29⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe31⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe32⤵
- Executes dropped EXE
-
\??\c:\9bbtnn.exec:\9bbtnn.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe37⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\flrrfff.exec:\flrrfff.exe39⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe40⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe41⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\llflfrx.exec:\llflfrx.exe44⤵
-
\??\c:\hnhhnh.exec:\hnhhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhbbb.exec:\tnhbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe47⤵
- Executes dropped EXE
-
\??\c:\9rfxlrr.exec:\9rfxlrr.exe48⤵
- Executes dropped EXE
-
\??\c:\rllflfr.exec:\rllflfr.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\bntnbb.exec:\bntnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxrrll.exec:\ffxrrll.exe53⤵
- Executes dropped EXE
-
\??\c:\xfrlrff.exec:\xfrlrff.exe54⤵
- Executes dropped EXE
-
\??\c:\nbhttn.exec:\nbhttn.exe55⤵
- Executes dropped EXE
-
\??\c:\1ppjd.exec:\1ppjd.exe56⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\llrllrl.exec:\llrllrl.exe58⤵
- Executes dropped EXE
-
\??\c:\hhnhnn.exec:\hhnhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\jvpdd.exec:\jvpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\1lrfrrl.exec:\1lrfrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlfxxx.exec:\lxlfxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\1bhtnt.exec:\1bhtnt.exe63⤵
- Executes dropped EXE
-
\??\c:\bnthbt.exec:\bnthbt.exe64⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\1xlfffx.exec:\1xlfffx.exe66⤵
- Executes dropped EXE
-
\??\c:\hhhhhb.exec:\hhhhhb.exe67⤵
-
\??\c:\ntbtnb.exec:\ntbtnb.exe68⤵
-
\??\c:\7djjv.exec:\7djjv.exe69⤵
-
\??\c:\flrlxrl.exec:\flrlxrl.exe70⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe71⤵
-
\??\c:\ntnnnb.exec:\ntnnnb.exe72⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe73⤵
-
\??\c:\djjpd.exec:\djjpd.exe74⤵
-
\??\c:\llffrlf.exec:\llffrlf.exe75⤵
-
\??\c:\btbttt.exec:\btbttt.exe76⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe77⤵
-
\??\c:\lflfrrf.exec:\lflfrrf.exe78⤵
-
\??\c:\1httnn.exec:\1httnn.exe79⤵
-
\??\c:\vpppj.exec:\vpppj.exe80⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe81⤵
-
\??\c:\5llfrrl.exec:\5llfrrl.exe82⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe83⤵
-
\??\c:\9pvpj.exec:\9pvpj.exe84⤵
-
\??\c:\lxxxlll.exec:\lxxxlll.exe85⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe86⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe87⤵
-
\??\c:\rrxxllr.exec:\rrxxllr.exe88⤵
-
\??\c:\ffxrlff.exec:\ffxrlff.exe89⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe90⤵
-
\??\c:\pddvj.exec:\pddvj.exe91⤵
-
\??\c:\9rxrffx.exec:\9rxrffx.exe92⤵
-
\??\c:\1ttnhb.exec:\1ttnhb.exe93⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe94⤵
-
\??\c:\3jpjv.exec:\3jpjv.exe95⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe96⤵
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe97⤵
-
\??\c:\httnhh.exec:\httnhh.exe98⤵
-
\??\c:\5tnhbh.exec:\5tnhbh.exe99⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe100⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe101⤵
-
\??\c:\xfxrffx.exec:\xfxrffx.exe102⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe103⤵
-
\??\c:\1htnhb.exec:\1htnhb.exe104⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe105⤵
-
\??\c:\5pdjd.exec:\5pdjd.exe106⤵
-
\??\c:\5fxlxrl.exec:\5fxlxrl.exe107⤵
-
\??\c:\nnbtnb.exec:\nnbtnb.exe108⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe109⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe110⤵
-
\??\c:\3xfxxxf.exec:\3xfxxxf.exe111⤵
-
\??\c:\5lxxrrr.exec:\5lxxrrr.exe112⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe113⤵
-
\??\c:\vdppd.exec:\vdppd.exe114⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe115⤵
-
\??\c:\flrflxl.exec:\flrflxl.exe116⤵
-
\??\c:\ffrxffr.exec:\ffrxffr.exe117⤵
-
\??\c:\7nhhbb.exec:\7nhhbb.exe118⤵
-
\??\c:\3bbtnh.exec:\3bbtnh.exe119⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe120⤵
-
\??\c:\lfrllfl.exec:\lfrllfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-