Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 06:10
General
-
Target
8a1a02fa3e5f25bffb9793edeca68590_NeikiAnalytics.exe
-
Size
63KB
-
MD5
8a1a02fa3e5f25bffb9793edeca68590
-
SHA1
9fe5629489b9f57289dfd6e513b30ea5c91d9156
-
SHA256
22e8f2c6a3d9de38665978da91e22490edbd9e4d6caef1e869e0d61a43bdf45d
-
SHA512
0b5a8647eec9a77d271fd784352e7ee12695ec7af8fb617fc9c3b395eae65ad8fcaf9a0f1078debe00b5b6738c06a765c5260ed842eed9222e876bf9669a12a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvz:ymb3NkkiQ3mdBjF0yMlE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a1a02fa3e5f25bffb9793edeca68590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8a1a02fa3e5f25bffb9793edeca68590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntbh.exec:\ntntbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhh.exec:\nhhbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvvp.exec:\3dvvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllffr.exec:\frllffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnbt.exec:\tthnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtbb.exec:\bbbtbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdvj.exec:\7vdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrxr.exec:\fxffrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjd.exec:\pvjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrfff.exec:\rxxrfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrlrr.exec:\frrrlrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttt.exec:\ttbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllffxx.exec:\rllffxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnnb.exec:\9hnnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnht.exec:\bnnnht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rllfff.exec:\3rllfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnh.exec:\httnnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe24⤵
- Executes dropped EXE
-
\??\c:\1pvpj.exec:\1pvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxrxxx.exec:\lxxrxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbbtn.exec:\bnbbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\bhhhtt.exec:\bhhhtt.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjpv.exec:\vdjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\fxlfrrr.exec:\fxlfrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\9nntnn.exec:\9nntnn.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\rrllfxx.exec:\rrllfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\3nhnnh.exec:\3nhnnh.exe37⤵
- Executes dropped EXE
-
\??\c:\1jjdv.exec:\1jjdv.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\xfxxxrr.exec:\xfxxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\9hhtnt.exec:\9hhtnt.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe43⤵
- Executes dropped EXE
-
\??\c:\5fffxff.exec:\5fffxff.exe44⤵
- Executes dropped EXE
-
\??\c:\xflrrxf.exec:\xflrrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe46⤵
- Executes dropped EXE
-
\??\c:\3ttnnn.exec:\3ttnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\9xlrrff.exec:\9xlrrff.exe50⤵
- Executes dropped EXE
-
\??\c:\9htttt.exec:\9htttt.exe51⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe52⤵
- Executes dropped EXE
-
\??\c:\ddvdd.exec:\ddvdd.exe53⤵
- Executes dropped EXE
-
\??\c:\lfffxff.exec:\lfffxff.exe54⤵
- Executes dropped EXE
-
\??\c:\lfxlfff.exec:\lfxlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\tbbhhb.exec:\tbbhhb.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe57⤵
- Executes dropped EXE
-
\??\c:\7ddvd.exec:\7ddvd.exe58⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe59⤵
- Executes dropped EXE
-
\??\c:\xlfxlxl.exec:\xlfxlxl.exe60⤵
- Executes dropped EXE
-
\??\c:\btnhtn.exec:\btnhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe63⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrllxx.exec:\rlrllxx.exe65⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe66⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe67⤵
-
\??\c:\3jvpd.exec:\3jvpd.exe68⤵
-
\??\c:\3lfrfxr.exec:\3lfrfxr.exe69⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe70⤵
-
\??\c:\htntnt.exec:\htntnt.exe71⤵
-
\??\c:\1pppd.exec:\1pppd.exe72⤵
-
\??\c:\djjpd.exec:\djjpd.exe73⤵
-
\??\c:\rfrlxfx.exec:\rfrlxfx.exe74⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe75⤵
-
\??\c:\tbtnbn.exec:\tbtnbn.exe76⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe77⤵
-
\??\c:\djjvj.exec:\djjvj.exe78⤵
-
\??\c:\rrxlxrf.exec:\rrxlxrf.exe79⤵
-
\??\c:\xfrrlfx.exec:\xfrrlfx.exe80⤵
-
\??\c:\7tnthb.exec:\7tnthb.exe81⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe82⤵
-
\??\c:\dddjp.exec:\dddjp.exe83⤵
-
\??\c:\rfrfrfx.exec:\rfrfrfx.exe84⤵
-
\??\c:\fffxrxr.exec:\fffxrxr.exe85⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe86⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe87⤵
-
\??\c:\lxrlxlf.exec:\lxrlxlf.exe88⤵
-
\??\c:\bhbtnb.exec:\bhbtnb.exe89⤵
-
\??\c:\9nhbnh.exec:\9nhbnh.exe90⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe91⤵
-
\??\c:\7ffrllf.exec:\7ffrllf.exe92⤵
-
\??\c:\rfflfxx.exec:\rfflfxx.exe93⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe94⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe95⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe96⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe97⤵
-
\??\c:\lxffxff.exec:\lxffxff.exe98⤵
-
\??\c:\btttnn.exec:\btttnn.exe99⤵
-
\??\c:\nnbbnb.exec:\nnbbnb.exe100⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe101⤵
-
\??\c:\frlxlxl.exec:\frlxlxl.exe102⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe103⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe104⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe105⤵
-
\??\c:\jddpj.exec:\jddpj.exe106⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe107⤵
-
\??\c:\xxrlrrx.exec:\xxrlrrx.exe108⤵
-
\??\c:\3thhtt.exec:\3thhtt.exe109⤵
-
\??\c:\bhthtn.exec:\bhthtn.exe110⤵
-
\??\c:\7ppdd.exec:\7ppdd.exe111⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe112⤵
-
\??\c:\lffrfff.exec:\lffrfff.exe113⤵
-
\??\c:\xxfrrlf.exec:\xxfrrlf.exe114⤵
-
\??\c:\hnhbnb.exec:\hnhbnb.exe115⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe116⤵
-
\??\c:\5vvpj.exec:\5vvpj.exe117⤵
-
\??\c:\9rxrrlf.exec:\9rxrrlf.exe118⤵
-
\??\c:\7bhhnh.exec:\7bhhnh.exe119⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe120⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-