Analysis
-
max time kernel
150s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
10/05/2024, 14:56
General
-
Target
074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe
-
Size
471KB
-
MD5
074de6b01aefbaa8d83a92f615f44b40
-
SHA1
e6afd542b2a935c418be0c88085cf0e8147280ef
-
SHA256
4425403f4353542e1596e3726eae7eb68475cb9a2ca4089ca7067ac98a0762c3
-
SHA512
e823aeb8a2c33a725b3d8ec557415df080962546de1aeef88337494b11d8fbae1a7ac53ce43fdf3dd9bef91308faa680de951cc357a35acb60ebb8aaf9ee43d5
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sY0AJq4mZAx5y:n3C9yMo+S0L9xRnoq7H9pmoq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\074de6b01aefbaa8d83a92f615f44b40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxrr.exec:\llrlxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdvp.exec:\9jdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrlf.exec:\fffxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtn.exec:\bnhbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdd.exec:\1jjdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxxxr.exec:\9ffxxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bthbh.exec:\3bthbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvp.exec:\vvjvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbnn.exec:\nnhbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllrr.exec:\xlrllrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvpj.exec:\3dvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlff.exec:\xrlrlff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhh.exec:\htbnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pppd.exec:\9pppd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdj.exec:\ddpdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxrlf.exec:\frrxrlf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppdv.exec:\3ppdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhh.exec:\tbhhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\3djvp.exec:\3djvp.exe24⤵
- Executes dropped EXE
-
\??\c:\flllllf.exec:\flllllf.exe25⤵
- Executes dropped EXE
-
\??\c:\3tnbth.exec:\3tnbth.exe26⤵
- Executes dropped EXE
-
\??\c:\frffrlx.exec:\frffrlx.exe27⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\rflfflr.exec:\rflfflr.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe30⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\xlfrlrr.exec:\xlfrlrr.exe32⤵
- Executes dropped EXE
-
\??\c:\nttbbt.exec:\nttbbt.exe33⤵
- Executes dropped EXE
-
\??\c:\xfxfrrl.exec:\xfxfrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe35⤵
- Executes dropped EXE
-
\??\c:\rrrfxxl.exec:\rrrfxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\5hnhbh.exec:\5hnhbh.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe38⤵
- Executes dropped EXE
-
\??\c:\frlrrff.exec:\frlrrff.exe39⤵
- Executes dropped EXE
-
\??\c:\1tbnhb.exec:\1tbnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe41⤵
- Executes dropped EXE
-
\??\c:\7fxxffl.exec:\7fxxffl.exe42⤵
- Executes dropped EXE
-
\??\c:\3nhbnn.exec:\3nhbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrxxfl.exec:\rfrxxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\flrlffx.exec:\flrlffx.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtnhb.exec:\bbtnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\flxlxfl.exec:\flxlxfl.exe53⤵
- Executes dropped EXE
-
\??\c:\tbhhth.exec:\tbhhth.exe54⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrxlxl.exec:\xrrxlxl.exe56⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe57⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\fffrlxr.exec:\fffrlxr.exe60⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe62⤵
- Executes dropped EXE
-
\??\c:\ffrrllf.exec:\ffrrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\7lrfrll.exec:\7lrfrll.exe64⤵
- Executes dropped EXE
-
\??\c:\1hbnhb.exec:\1hbnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe66⤵
-
\??\c:\jddvd.exec:\jddvd.exe67⤵
-
\??\c:\5hbnhn.exec:\5hbnhn.exe68⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe69⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe70⤵
-
\??\c:\3flxrrr.exec:\3flxrrr.exe71⤵
-
\??\c:\7btnbb.exec:\7btnbb.exe72⤵
-
\??\c:\1nbttn.exec:\1nbttn.exe73⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe74⤵
-
\??\c:\lflfxrl.exec:\lflfxrl.exe75⤵
-
\??\c:\hthtnn.exec:\hthtnn.exe76⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe77⤵
-
\??\c:\vvdpj.exec:\vvdpj.exe78⤵
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe79⤵
-
\??\c:\tbtnnh.exec:\tbtnnh.exe80⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe81⤵
-
\??\c:\3dpdd.exec:\3dpdd.exe82⤵
-
\??\c:\rfxrlfr.exec:\rfxrlfr.exe83⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe84⤵
-
\??\c:\1vppj.exec:\1vppj.exe85⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe86⤵
-
\??\c:\lrrrlll.exec:\lrrrlll.exe87⤵
-
\??\c:\bhbtnh.exec:\bhbtnh.exe88⤵
-
\??\c:\1ntntb.exec:\1ntntb.exe89⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe90⤵
-
\??\c:\fxffxrr.exec:\fxffxrr.exe91⤵
-
\??\c:\xrffxll.exec:\xrffxll.exe92⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe93⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe94⤵
-
\??\c:\3ffxxxx.exec:\3ffxxxx.exe95⤵
-
\??\c:\3xrlfxr.exec:\3xrlfxr.exe96⤵
-
\??\c:\7ttnbb.exec:\7ttnbb.exe97⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe98⤵
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe99⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe100⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe101⤵
-
\??\c:\3vjdv.exec:\3vjdv.exe102⤵
-
\??\c:\xxrlfxx.exec:\xxrlfxx.exe103⤵
-
\??\c:\htbtnt.exec:\htbtnt.exe104⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe105⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe106⤵
-
\??\c:\3lllffx.exec:\3lllffx.exe107⤵
-
\??\c:\httnbb.exec:\httnbb.exe108⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe109⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe110⤵
-
\??\c:\htbbnh.exec:\htbbnh.exe111⤵
-
\??\c:\5ppjd.exec:\5ppjd.exe112⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe113⤵
-
\??\c:\lfflfll.exec:\lfflfll.exe114⤵
-
\??\c:\1tnhhn.exec:\1tnhhn.exe115⤵
-
\??\c:\jddjj.exec:\jddjj.exe116⤵
-
\??\c:\7xffxll.exec:\7xffxll.exe117⤵
-
\??\c:\3lxxffl.exec:\3lxxffl.exe118⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe119⤵
-
\??\c:\djvvp.exec:\djvvp.exe120⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-