Analysis
-
max time kernel
150s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 17:30
General
-
Target
31cb67ff493312e2f8a6a53a6d1a0870_NeikiAnalytics.exe
-
Size
59KB
-
MD5
31cb67ff493312e2f8a6a53a6d1a0870
-
SHA1
96fe81496af66214cdc8379a697ed55ac400556d
-
SHA256
022d39c59bf27f0b71ba6cc7ffb0b472c4a6306a8c5d8cdde42fb7b02a71d113
-
SHA512
b54f65a08be03c63a8830efa4843a818836f4e6f2f62f4eab6b697a92ba2651d67fdb88693f0f5763d8b52df9c71805ba764e41ea3c9fbfe7563498642656353
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzkzg:ymb3NkkiQ3mdBjFIvl0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31cb67ff493312e2f8a6a53a6d1a0870_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\31cb67ff493312e2f8a6a53a6d1a0870_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllrxl.exec:\xxllrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxff.exec:\xrllxff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbb.exec:\bbbbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrrfl.exec:\5rrrrfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbntn.exec:\nnbntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrllf.exec:\lrfrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfxx.exec:\lfllfxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttn.exec:\btbttn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppj.exec:\ddppj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfffx.exec:\lxlfffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbb.exec:\hhbhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhnhh.exec:\5bhnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrx.exec:\fxllrrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnnn.exec:\nntnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\7dpjj.exec:\7dpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\lfrrllf.exec:\lfrrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhhbh.exec:\hhhhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe30⤵
- Executes dropped EXE
-
\??\c:\llfrflr.exec:\llfrflr.exe31⤵
- Executes dropped EXE
-
\??\c:\hnthbt.exec:\hnthbt.exe32⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\3fllrll.exec:\3fllrll.exe34⤵
- Executes dropped EXE
-
\??\c:\xrrrrrl.exec:\xrrrrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\nnbttb.exec:\nnbttb.exe36⤵
- Executes dropped EXE
-
\??\c:\9bhbtt.exec:\9bhbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxxxxx.exec:\lfxxxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfflrl.exec:\xrfflrl.exe41⤵
- Executes dropped EXE
-
\??\c:\tbhhnn.exec:\tbhhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\jdvjd.exec:\jdvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\flllfff.exec:\flllfff.exe45⤵
- Executes dropped EXE
-
\??\c:\ffrrllr.exec:\ffrrllr.exe46⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\frfrfrr.exec:\frfrfrr.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbttt.exec:\tnbttt.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\rrllfll.exec:\rrllfll.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrfxfl.exec:\xrrfxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\nnnhbb.exec:\nnnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\vvppp.exec:\vvppp.exe54⤵
- Executes dropped EXE
-
\??\c:\lrfllxx.exec:\lrfllxx.exe55⤵
- Executes dropped EXE
-
\??\c:\lflffxx.exec:\lflffxx.exe56⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe57⤵
- Executes dropped EXE
-
\??\c:\fllfxxx.exec:\fllfxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe62⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe63⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\lfxrrxf.exec:\lfxrrxf.exe65⤵
- Executes dropped EXE
-
\??\c:\lffllll.exec:\lffllll.exe66⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe67⤵
-
\??\c:\tbbbbh.exec:\tbbbbh.exe68⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe69⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe70⤵
-
\??\c:\ffxxlll.exec:\ffxxlll.exe71⤵
-
\??\c:\llllflf.exec:\llllflf.exe72⤵
-
\??\c:\lxxrrrl.exec:\lxxrrrl.exe73⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe74⤵
-
\??\c:\bhthhb.exec:\bhthhb.exe75⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe76⤵
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe77⤵
-
\??\c:\httttb.exec:\httttb.exe78⤵
-
\??\c:\tbbhht.exec:\tbbhht.exe79⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe80⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe81⤵
-
\??\c:\rllxrfr.exec:\rllxrfr.exe82⤵
-
\??\c:\3xffflr.exec:\3xffflr.exe83⤵
-
\??\c:\tbtnnt.exec:\tbtnnt.exe84⤵
-
\??\c:\vpppp.exec:\vpppp.exe85⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe86⤵
-
\??\c:\xxllxxl.exec:\xxllxxl.exe87⤵
-
\??\c:\7bnntt.exec:\7bnntt.exe88⤵
-
\??\c:\nhnbbt.exec:\nhnbbt.exe89⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe90⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe91⤵
-
\??\c:\rxrxrrr.exec:\rxrxrrr.exe92⤵
-
\??\c:\lflfxlf.exec:\lflfxlf.exe93⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe94⤵
-
\??\c:\bhbbhn.exec:\bhbbhn.exe95⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe96⤵
-
\??\c:\jdddv.exec:\jdddv.exe97⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe98⤵
-
\??\c:\frffrrr.exec:\frffrrr.exe99⤵
-
\??\c:\xlxrlfl.exec:\xlxrlfl.exe100⤵
-
\??\c:\1thhhh.exec:\1thhhh.exe101⤵
-
\??\c:\thbbbb.exec:\thbbbb.exe102⤵
-
\??\c:\hnbbhh.exec:\hnbbhh.exe103⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe104⤵
-
\??\c:\jddvp.exec:\jddvp.exe105⤵
-
\??\c:\fxrrfff.exec:\fxrrfff.exe106⤵
-
\??\c:\frxfflf.exec:\frxfflf.exe107⤵
-
\??\c:\tttntt.exec:\tttntt.exe108⤵
-
\??\c:\tthbnh.exec:\tthbnh.exe109⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe110⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe111⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe112⤵
-
\??\c:\xrrrffx.exec:\xrrrffx.exe113⤵
-
\??\c:\thtttt.exec:\thtttt.exe114⤵
-
\??\c:\djppj.exec:\djppj.exe115⤵
-
\??\c:\jvddj.exec:\jvddj.exe116⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe117⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe118⤵
-
\??\c:\frxxrxr.exec:\frxxrxr.exe119⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe120⤵
-
\??\c:\tntntt.exec:\tntntt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-