Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 18:36
General
-
Target
43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe
-
Size
970KB
-
MD5
43f516efa3adfe881d783fd76c0db8c0
-
SHA1
d809ed5ef09b00e4c8ce0bee501a3019cc5576e3
-
SHA256
215bb0a1c292ae3d85a2fbbc6910f231d8ed15b8af74585d3680a0fa78f2ffb2
-
SHA512
0af90f7ab3c8dbacd85db32fff7c889149428e852b60677427040057dc203d38d768a634bf659b6c2e9598f14a1236023a2edbccde2519c854ff49009eaac1d3
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL04iVypNKvzcMwdBS3b3aoqYveXVadBlHD+CURPO5:SgD4bhoqLDqYLagB6Wj1+Cyv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpj.exec:\jjvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrlf.exec:\rfrfrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntnn.exec:\ntntnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfrlx.exec:\lllfrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxflxx.exec:\lrxflxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllrlr.exec:\5rllrlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfrf.exec:\fffrfrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrlrl.exec:\llrrlrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbb.exec:\hthhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtnb.exec:\hhbtnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnn.exec:\nhtnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfff.exec:\fxrlfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpj.exec:\vjvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxxr.exec:\lrxrxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrfxlx.exec:\flrfxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\7bthnh.exec:\7bthnh.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhbnh.exec:\tnhbnh.exe25⤵
- Executes dropped EXE
-
\??\c:\rfffrrx.exec:\rfffrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnhtt.exec:\tnnhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe32⤵
- Executes dropped EXE
-
\??\c:\rxllffx.exec:\rxllffx.exe33⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\vdpjj.exec:\vdpjj.exe35⤵
- Executes dropped EXE
-
\??\c:\rxrfxxr.exec:\rxrfxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe37⤵
- Executes dropped EXE
-
\??\c:\rllxlfl.exec:\rllxlfl.exe38⤵
- Executes dropped EXE
-
\??\c:\hnnbbb.exec:\hnnbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe41⤵
- Executes dropped EXE
-
\??\c:\3tbtnn.exec:\3tbtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\1pdvd.exec:\1pdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\lxlfxxr.exec:\lxlfxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnbbtt.exec:\hnbbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe46⤵
- Executes dropped EXE
-
\??\c:\7xxxxxr.exec:\7xxxxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbtnt.exec:\nnbtnt.exe48⤵
- Executes dropped EXE
-
\??\c:\9jdvv.exec:\9jdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxxrrr.exec:\lxxxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtnhh.exec:\hhtnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxrflx.exec:\lrxrflx.exe53⤵
- Executes dropped EXE
-
\??\c:\1nnnhb.exec:\1nnnhb.exe54⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxrllx.exec:\fxxrllx.exe56⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe57⤵
- Executes dropped EXE
-
\??\c:\rxfrlxr.exec:\rxfrlxr.exe58⤵
- Executes dropped EXE
-
\??\c:\1hnhbb.exec:\1hnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\xlrlfxl.exec:\xlrlfxl.exe61⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pvjdp.exec:\pvjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxllxf.exec:\rlxllxf.exe64⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe65⤵
- Executes dropped EXE
-
\??\c:\rffxlfx.exec:\rffxlfx.exe66⤵
-
\??\c:\hbbntn.exec:\hbbntn.exe67⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe68⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe69⤵
-
\??\c:\9jdpd.exec:\9jdpd.exe70⤵
-
\??\c:\rlxlrll.exec:\rlxlrll.exe71⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe72⤵
-
\??\c:\djjjv.exec:\djjjv.exe73⤵
-
\??\c:\lxxfffx.exec:\lxxfffx.exe74⤵
-
\??\c:\hnttnb.exec:\hnttnb.exe75⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe76⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe77⤵
-
\??\c:\dppdv.exec:\dppdv.exe78⤵
-
\??\c:\7lrlffx.exec:\7lrlffx.exe79⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe80⤵
-
\??\c:\flfxffr.exec:\flfxffr.exe81⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe82⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe83⤵
-
\??\c:\fxrlffl.exec:\fxrlffl.exe84⤵
-
\??\c:\pddvj.exec:\pddvj.exe85⤵
-
\??\c:\xffxlfx.exec:\xffxlfx.exe86⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe87⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe88⤵
-
\??\c:\1xfxxxx.exec:\1xfxxxx.exe89⤵
-
\??\c:\5hnbbb.exec:\5hnbbb.exe90⤵
-
\??\c:\dddvv.exec:\dddvv.exe91⤵
-
\??\c:\1lffxxr.exec:\1lffxxr.exe92⤵
-
\??\c:\3vpdv.exec:\3vpdv.exe93⤵
-
\??\c:\xrfxrrl.exec:\xrfxrrl.exe94⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe95⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe96⤵
-
\??\c:\fllxrfl.exec:\fllxrfl.exe97⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe98⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe99⤵
-
\??\c:\xllffxr.exec:\xllffxr.exe100⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe101⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe102⤵
-
\??\c:\rrlfxrf.exec:\rrlfxrf.exe103⤵
-
\??\c:\ntthtn.exec:\ntthtn.exe104⤵
-
\??\c:\rxxfxxr.exec:\rxxfxxr.exe105⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe106⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe107⤵
-
\??\c:\ffrlrrx.exec:\ffrlrrx.exe108⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe109⤵
-
\??\c:\ppddv.exec:\ppddv.exe110⤵
-
\??\c:\frrlfxr.exec:\frrlfxr.exe111⤵
-
\??\c:\bbnhht.exec:\bbnhht.exe112⤵
-
\??\c:\xxxrlxr.exec:\xxxrlxr.exe113⤵
-
\??\c:\7fxrffr.exec:\7fxrffr.exe114⤵
-
\??\c:\7bbnbt.exec:\7bbnbt.exe115⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe116⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe117⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe118⤵
-
\??\c:\7djdv.exec:\7djdv.exe119⤵
-
\??\c:\xflfrrf.exec:\xflfrrf.exe120⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-