Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10-05-2024 22:36
General
-
Target
1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe
-
Size
387KB
-
MD5
1d6fd8a4089a9e08a7b7d16886336cf0
-
SHA1
89f85c831c905b774bbc16b9ad0ba81662c6f213
-
SHA256
8885e8737714d141d4da35e0238d0e4c3ff05e0766af7b39c553ccd7f63fc917
-
SHA512
24ee3df09b2a43209e2c1380c003ad8ed726481be7b616c6fc2ef989cbcc96b2788a2c54f6c953ca5929f2964774f264b4306f096934a4c041266b2b899b940d
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVw0:n3C9uYA7okVqdKwaO5CVt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 35 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flxflxf.exec:\flxflxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxff.exec:\fxxxxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxflr.exec:\rlrxflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\284820.exec:\284820.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\202200.exec:\202200.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u466004.exec:\u466004.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\06404.exec:\06404.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\206048.exec:\206048.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\246222.exec:\246222.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60266.exec:\60266.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48806.exec:\48806.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\200482.exec:\200482.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8288226.exec:\8288226.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbh.exec:\tnhnbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthnh.exec:\nbthnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4666666.exec:\4666666.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhhn.exec:\tnbhhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\460246.exec:\460246.exe23⤵
- Executes dropped EXE
-
\??\c:\404246.exec:\404246.exe24⤵
- Executes dropped EXE
-
\??\c:\9jjjj.exec:\9jjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe26⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\62448.exec:\62448.exe28⤵
- Executes dropped EXE
-
\??\c:\04482.exec:\04482.exe29⤵
- Executes dropped EXE
-
\??\c:\00820.exec:\00820.exe30⤵
- Executes dropped EXE
-
\??\c:\5rrlllf.exec:\5rrlllf.exe31⤵
- Executes dropped EXE
-
\??\c:\3dpjd.exec:\3dpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\6280460.exec:\6280460.exe33⤵
- Executes dropped EXE
-
\??\c:\a2826.exec:\a2826.exe34⤵
- Executes dropped EXE
-
\??\c:\008280.exec:\008280.exe35⤵
- Executes dropped EXE
-
\??\c:\824044.exec:\824044.exe36⤵
- Executes dropped EXE
-
\??\c:\fflxrrx.exec:\fflxrrx.exe37⤵
- Executes dropped EXE
-
\??\c:\468280.exec:\468280.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxxrl.exec:\lffxxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\44248.exec:\44248.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe41⤵
- Executes dropped EXE
-
\??\c:\nbttnh.exec:\nbttnh.exe42⤵
- Executes dropped EXE
-
\??\c:\808806.exec:\808806.exe43⤵
- Executes dropped EXE
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\222600.exec:\222600.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe46⤵
- Executes dropped EXE
-
\??\c:\02464.exec:\02464.exe47⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe49⤵
- Executes dropped EXE
-
\??\c:\2682800.exec:\2682800.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe51⤵
- Executes dropped EXE
-
\??\c:\lffxrrf.exec:\lffxrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\088282.exec:\088282.exe53⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\bbbhhh.exec:\bbbhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\04882.exec:\04882.exe56⤵
- Executes dropped EXE
-
\??\c:\484826.exec:\484826.exe57⤵
- Executes dropped EXE
-
\??\c:\04004.exec:\04004.exe58⤵
- Executes dropped EXE
-
\??\c:\6486280.exec:\6486280.exe59⤵
- Executes dropped EXE
-
\??\c:\464488.exec:\464488.exe60⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\840008.exec:\840008.exe62⤵
- Executes dropped EXE
-
\??\c:\8264264.exec:\8264264.exe63⤵
- Executes dropped EXE
-
\??\c:\w24848.exec:\w24848.exe64⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\882404.exec:\882404.exe66⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe67⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe68⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe69⤵
-
\??\c:\24666.exec:\24666.exe70⤵
-
\??\c:\826282.exec:\826282.exe71⤵
-
\??\c:\7rfxlll.exec:\7rfxlll.exe72⤵
-
\??\c:\04262.exec:\04262.exe73⤵
-
\??\c:\6426284.exec:\6426284.exe74⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe75⤵
-
\??\c:\2460482.exec:\2460482.exe76⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe77⤵
-
\??\c:\vvddv.exec:\vvddv.exe78⤵
-
\??\c:\0404882.exec:\0404882.exe79⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe80⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe81⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe82⤵
-
\??\c:\42628.exec:\42628.exe83⤵
-
\??\c:\02400.exec:\02400.exe84⤵
-
\??\c:\7dpjd.exec:\7dpjd.exe85⤵
-
\??\c:\8400000.exec:\8400000.exe86⤵
-
\??\c:\806066.exec:\806066.exe87⤵
-
\??\c:\a4088.exec:\a4088.exe88⤵
-
\??\c:\84044.exec:\84044.exe89⤵
-
\??\c:\04862.exec:\04862.exe90⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe91⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe92⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe93⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe94⤵
-
\??\c:\7fffxrf.exec:\7fffxrf.exe95⤵
-
\??\c:\2042462.exec:\2042462.exe96⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe97⤵
-
\??\c:\42660.exec:\42660.exe98⤵
-
\??\c:\604484.exec:\604484.exe99⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe100⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe101⤵
-
\??\c:\406606.exec:\406606.exe102⤵
-
\??\c:\nttttt.exec:\nttttt.exe103⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe104⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe105⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe106⤵
-
\??\c:\pdvdp.exec:\pdvdp.exe107⤵
-
\??\c:\60046.exec:\60046.exe108⤵
-
\??\c:\c686666.exec:\c686666.exe109⤵
-
\??\c:\2000448.exec:\2000448.exe110⤵
-
\??\c:\280666.exec:\280666.exe111⤵
-
\??\c:\264400.exec:\264400.exe112⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe113⤵
-
\??\c:\40288.exec:\40288.exe114⤵
-
\??\c:\8022688.exec:\8022688.exe115⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe116⤵
-
\??\c:\dvddv.exec:\dvddv.exe117⤵
-
\??\c:\0802646.exec:\0802646.exe118⤵
-
\??\c:\02826.exec:\02826.exe119⤵
-
\??\c:\0424444.exec:\0424444.exe120⤵
-
\??\c:\0804668.exec:\0804668.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-