Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10/05/2024, 20:57
General
-
Target
01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe
-
Size
392KB
-
MD5
01fc11a317e4ff7f6c1bb9522739d310
-
SHA1
2fa3a3b38f0448850425f6bdeac401d7150c4a1a
-
SHA256
27cec1de18331ab45a1176542d437d9fe9ea60412e3bc57c4c6ef1997d733acb
-
SHA512
3f2710e9e5e04623c9889b037c4dd9d7f505e6b723440721c2de489ab363305dfde405c45b4ac05ac864b6b8ee689cc995d8eff6ddfffa25e83875c1ba4e751e
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkIfzBgZJmAhc:n3C9ytvngQj1fz6ZJmAW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrxff.exec:\xxxrxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnh.exec:\nbbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvj.exec:\vjdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlxrf.exec:\xfrlxrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbhb.exec:\tbhbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvd.exec:\pvvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflrlr.exec:\frflrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdv.exec:\vjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nthbt.exec:\1nthbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrlfx.exec:\flfrlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrflxl.exec:\xfrflxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthtnn.exec:\hthtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxlfxr.exec:\9rxlfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\5ntbht.exec:\5ntbht.exe24⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\1pdpv.exec:\1pdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\fxfrfff.exec:\fxfrfff.exe27⤵
- Executes dropped EXE
-
\??\c:\nnthbt.exec:\nnthbt.exe28⤵
- Executes dropped EXE
-
\??\c:\lxfxlfx.exec:\lxfxlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\ffxrffl.exec:\ffxrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\thnhnn.exec:\thnhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9xxxrlf.exec:\9xxxrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\rlffxfx.exec:\rlffxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe35⤵
- Executes dropped EXE
-
\??\c:\9xrrffx.exec:\9xrrffx.exe36⤵
- Executes dropped EXE
-
\??\c:\3hbthh.exec:\3hbthh.exe37⤵
- Executes dropped EXE
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrfffx.exec:\rrrfffx.exe41⤵
- Executes dropped EXE
-
\??\c:\tbhhbb.exec:\tbhhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\9bnnnn.exec:\9bnnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\7vjdp.exec:\7vjdp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrxrllr.exec:\xrxrllr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnnht.exec:\tnnnht.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe48⤵
- Executes dropped EXE
-
\??\c:\fffxrrr.exec:\fffxrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\htbtnn.exec:\htbtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe51⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\nttnbt.exec:\nttnbt.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhtt.exec:\hbnhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\xxfffll.exec:\xxfffll.exe56⤵
- Executes dropped EXE
-
\??\c:\flffllx.exec:\flffllx.exe57⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\frfxfff.exec:\frfxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\bbhbtb.exec:\bbhbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\5hhtnt.exec:\5hhtnt.exe64⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe66⤵
-
\??\c:\bbbntn.exec:\bbbntn.exe67⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe68⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe69⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe70⤵
-
\??\c:\ntntth.exec:\ntntth.exe71⤵
-
\??\c:\djvpp.exec:\djvpp.exe72⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe73⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe74⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe75⤵
-
\??\c:\rrllrxl.exec:\rrllrxl.exe76⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe77⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe78⤵
-
\??\c:\lxxrllr.exec:\lxxrllr.exe79⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe80⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe81⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe82⤵
-
\??\c:\rlrrflf.exec:\rlrrflf.exe83⤵
-
\??\c:\tttbbb.exec:\tttbbb.exe84⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe85⤵
-
\??\c:\jjddp.exec:\jjddp.exe86⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe87⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe88⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe89⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe90⤵
-
\??\c:\lfrflrr.exec:\lfrflrr.exe91⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe92⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe93⤵
-
\??\c:\llxlrll.exec:\llxlrll.exe94⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe95⤵
-
\??\c:\5hnnhn.exec:\5hnnhn.exe96⤵
-
\??\c:\djvpj.exec:\djvpj.exe97⤵
-
\??\c:\rrffxrr.exec:\rrffxrr.exe98⤵
-
\??\c:\rxrrrlf.exec:\rxrrrlf.exe99⤵
-
\??\c:\bnthnb.exec:\bnthnb.exe100⤵
-
\??\c:\pjppv.exec:\pjppv.exe101⤵
-
\??\c:\3xxxrxr.exec:\3xxxrxr.exe102⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe103⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe104⤵
-
\??\c:\5tbtnn.exec:\5tbtnn.exe105⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe106⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe107⤵
-
\??\c:\rlxlrrx.exec:\rlxlrrx.exe108⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe109⤵
-
\??\c:\dvddp.exec:\dvddp.exe110⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe111⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe112⤵
-
\??\c:\1nttbb.exec:\1nttbb.exe113⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe114⤵
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe115⤵
-
\??\c:\flxrflf.exec:\flxrflf.exe116⤵
-
\??\c:\9hbttn.exec:\9hbttn.exe117⤵
-
\??\c:\pddvd.exec:\pddvd.exe118⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe119⤵
-
\??\c:\xrxrxxl.exec:\xrxrxxl.exe120⤵
-
\??\c:\1ntnhb.exec:\1ntnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-