Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 02:16
General
-
Target
49dd126b95b6c3c8cc62af024581c790_NeikiAnalytics.exe
-
Size
81KB
-
MD5
49dd126b95b6c3c8cc62af024581c790
-
SHA1
6aa6320eadd7ea0493ebfbc28c451281d56c2944
-
SHA256
f6718eefeb9881ba5b76a42fe7b5aea1b4b69c7b83f8642903c4ceade420f08d
-
SHA512
0020a1155618b15690d017eb0735d4f2f51c935a049255568e44d8f1b9f940f87a93626280f009af3e93c4a52b5b6e1d70ca1cd60fd6d933acaa7efd6d46f959
-
SSDEEP
1536:CvQBeOGtrYS3srx93UBWfwC6Ggnouy8AelS7/7VIQH8:ChOmTsF93UYfwC6GIoutAe07zVIq8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49dd126b95b6c3c8cc62af024581c790_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\49dd126b95b6c3c8cc62af024581c790_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllff.exec:\xlrllff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvd.exec:\5vdvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrffl.exec:\rffrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i688222.exec:\i688222.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdjd.exec:\5vdjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02482.exec:\02482.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\440088.exec:\440088.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88826.exec:\88826.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60262.exec:\60262.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48666.exec:\48666.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2240084.exec:\2240084.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpv.exec:\pdvpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvj.exec:\jpdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i400488.exec:\i400488.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20604.exec:\20604.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60048.exec:\60048.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbhh.exec:\bthbhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\088406.exec:\088406.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbb.exec:\hntnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\26022.exec:\26022.exe24⤵
- Executes dropped EXE
-
\??\c:\0666044.exec:\0666044.exe25⤵
- Executes dropped EXE
-
\??\c:\424444.exec:\424444.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrlfff.exec:\lfrlfff.exe27⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe28⤵
- Executes dropped EXE
-
\??\c:\hnnhtt.exec:\hnnhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxrlff.exec:\fxxrlff.exe30⤵
- Executes dropped EXE
-
\??\c:\lxxlffx.exec:\lxxlffx.exe31⤵
- Executes dropped EXE
-
\??\c:\62888.exec:\62888.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrlfff.exec:\fxrlfff.exe33⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbttt.exec:\tbbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe36⤵
- Executes dropped EXE
-
\??\c:\lrfxrrl.exec:\lrfxrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\frxrllx.exec:\frxrllx.exe38⤵
- Executes dropped EXE
-
\??\c:\480062.exec:\480062.exe39⤵
- Executes dropped EXE
-
\??\c:\hnntnn.exec:\hnntnn.exe40⤵
- Executes dropped EXE
-
\??\c:\60602.exec:\60602.exe41⤵
- Executes dropped EXE
-
\??\c:\2888260.exec:\2888260.exe42⤵
- Executes dropped EXE
-
\??\c:\06804.exec:\06804.exe43⤵
- Executes dropped EXE
-
\??\c:\44260.exec:\44260.exe44⤵
- Executes dropped EXE
-
\??\c:\2066448.exec:\2066448.exe45⤵
- Executes dropped EXE
-
\??\c:\4248822.exec:\4248822.exe46⤵
- Executes dropped EXE
-
\??\c:\lxrrrxr.exec:\lxrrrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\422682.exec:\422682.exe48⤵
- Executes dropped EXE
-
\??\c:\i686666.exec:\i686666.exe49⤵
- Executes dropped EXE
-
\??\c:\2882600.exec:\2882600.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnttt.exec:\ttnttt.exe51⤵
- Executes dropped EXE
-
\??\c:\24660.exec:\24660.exe52⤵
- Executes dropped EXE
-
\??\c:\022022.exec:\022022.exe53⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\86402.exec:\86402.exe56⤵
- Executes dropped EXE
-
\??\c:\60880.exec:\60880.exe57⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe58⤵
- Executes dropped EXE
-
\??\c:\e64444.exec:\e64444.exe59⤵
- Executes dropped EXE
-
\??\c:\fflfxrf.exec:\fflfxrf.exe60⤵
- Executes dropped EXE
-
\??\c:\88444.exec:\88444.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbhbb.exec:\nbbhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\pvvjd.exec:\pvvjd.exe63⤵
- Executes dropped EXE
-
\??\c:\vjjdv.exec:\vjjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe65⤵
- Executes dropped EXE
-
\??\c:\860820.exec:\860820.exe66⤵
-
\??\c:\406644.exec:\406644.exe67⤵
-
\??\c:\68802.exec:\68802.exe68⤵
-
\??\c:\ffxllrr.exec:\ffxllrr.exe69⤵
-
\??\c:\666046.exec:\666046.exe70⤵
-
\??\c:\9bnnhb.exec:\9bnnhb.exe71⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe72⤵
-
\??\c:\86286.exec:\86286.exe73⤵
-
\??\c:\26448.exec:\26448.exe74⤵
-
\??\c:\q06060.exec:\q06060.exe75⤵
-
\??\c:\k00044.exec:\k00044.exe76⤵
-
\??\c:\4286820.exec:\4286820.exe77⤵
-
\??\c:\q20280.exec:\q20280.exe78⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe79⤵
-
\??\c:\44600.exec:\44600.exe80⤵
-
\??\c:\frfxflf.exec:\frfxflf.exe81⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe82⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe83⤵
-
\??\c:\i060488.exec:\i060488.exe84⤵
-
\??\c:\4222664.exec:\4222664.exe85⤵
-
\??\c:\g0882.exec:\g0882.exe86⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe87⤵
-
\??\c:\lxfffxx.exec:\lxfffxx.exe88⤵
-
\??\c:\xxrlrxr.exec:\xxrlrxr.exe89⤵
-
\??\c:\04606.exec:\04606.exe90⤵
-
\??\c:\86226.exec:\86226.exe91⤵
-
\??\c:\68004.exec:\68004.exe92⤵
-
\??\c:\60822.exec:\60822.exe93⤵
-
\??\c:\9rrlxxr.exec:\9rrlxxr.exe94⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe95⤵
-
\??\c:\7hnnnh.exec:\7hnnnh.exe96⤵
-
\??\c:\28282.exec:\28282.exe97⤵
-
\??\c:\httbtt.exec:\httbtt.exe98⤵
-
\??\c:\1xfflrl.exec:\1xfflrl.exe99⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe100⤵
-
\??\c:\22822.exec:\22822.exe101⤵
-
\??\c:\4204484.exec:\4204484.exe102⤵
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe103⤵
-
\??\c:\xlffrrl.exec:\xlffrrl.exe104⤵
-
\??\c:\8240628.exec:\8240628.exe105⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe106⤵
-
\??\c:\httbbb.exec:\httbbb.exe107⤵
-
\??\c:\xlllxlf.exec:\xlllxlf.exe108⤵
-
\??\c:\ffxlfrr.exec:\ffxlfrr.exe109⤵
-
\??\c:\4400444.exec:\4400444.exe110⤵
-
\??\c:\228884.exec:\228884.exe111⤵
-
\??\c:\c400404.exec:\c400404.exe112⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe113⤵
-
\??\c:\djppj.exec:\djppj.exe114⤵
-
\??\c:\xrxrrxr.exec:\xrxrrxr.exe115⤵
-
\??\c:\42288.exec:\42288.exe116⤵
-
\??\c:\4226000.exec:\4226000.exe117⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe118⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe119⤵
-
\??\c:\rrfxrff.exec:\rrfxrff.exe120⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-