Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11-05-2024 01:41
General
-
Target
4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe
-
Size
211KB
-
MD5
4f1b579425b09dd37ba4e79ff5a72200
-
SHA1
d1c513b2a3f0809e1ccea95e6a11ccdf22e1483c
-
SHA256
cfbcf45797965effe65361b7fb54c5be3745750cbd5d06c09317b0c14a4cf003
-
SHA512
b4eeb6346b6ab7dce15cbdfb04d66e8dabe62809bf74322ea3f8c0cc9f43cb8f128e0839623a9425008b3f3dd3ee99beabd91b39302e1cb7196b81682e68312d
-
SSDEEP
1536:wvQBeOGtrYSSsrc93UBIfdC67m6AJiqQfg3Cip8iXAsG5M0nj:whOm2sI93UufdC67cizfmCiiiXA/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxlr.exec:\ffrrxlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhh.exec:\tnhbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxrrl.exec:\1xxxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnntt.exec:\5hnntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthttt.exec:\tthttt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflffl.exec:\xlflffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvv.exec:\jjdvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbttt.exec:\nbbttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvvp.exec:\3dvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlffx.exec:\rfrlffx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvv.exec:\jvpvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnb.exec:\nttnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllrr.exec:\fxfllrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdv.exec:\jppdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfxxxr.exec:\3rfxxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbbh.exec:\3hhbbh.exe23⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe24⤵
- Executes dropped EXE
-
\??\c:\xfxfxfx.exec:\xfxfxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\hnhhnn.exec:\hnhhnn.exe26⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe27⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe28⤵
- Executes dropped EXE
-
\??\c:\frrlflf.exec:\frrlflf.exe29⤵
- Executes dropped EXE
-
\??\c:\nntntn.exec:\nntntn.exe30⤵
- Executes dropped EXE
-
\??\c:\9pddv.exec:\9pddv.exe31⤵
- Executes dropped EXE
-
\??\c:\lfxrlff.exec:\lfxrlff.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnhhn.exec:\nhnhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlxrxr.exec:\xrlxrxr.exe35⤵
- Executes dropped EXE
-
\??\c:\7thhhh.exec:\7thhhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\llrlrrx.exec:\llrlrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\httbtb.exec:\httbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxrrxx.exec:\lfxrrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\flxllrx.exec:\flxllrx.exe43⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxrlxl.exec:\lfxrlxl.exe46⤵
- Executes dropped EXE
-
\??\c:\5xxrlll.exec:\5xxrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\btthbn.exec:\btthbn.exe48⤵
- Executes dropped EXE
-
\??\c:\1pjjp.exec:\1pjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\1lrlfll.exec:\1lrlfll.exe51⤵
- Executes dropped EXE
-
\??\c:\5hhbnn.exec:\5hhbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\lfllffr.exec:\lfllffr.exe53⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnhnt.exec:\bhnhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrrrfx.exec:\rxrrrfx.exe57⤵
- Executes dropped EXE
-
\??\c:\xfxffxf.exec:\xfxffxf.exe58⤵
- Executes dropped EXE
-
\??\c:\7hnnhh.exec:\7hnnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpdd.exec:\jdpdd.exe60⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe61⤵
- Executes dropped EXE
-
\??\c:\xfffxxr.exec:\xfffxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\nnnbbh.exec:\nnnbbh.exe63⤵
- Executes dropped EXE
-
\??\c:\hnbhtn.exec:\hnbhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe65⤵
- Executes dropped EXE
-
\??\c:\xlfrxfx.exec:\xlfrxfx.exe66⤵
-
\??\c:\lxxflfl.exec:\lxxflfl.exe67⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe68⤵
-
\??\c:\3djdp.exec:\3djdp.exe69⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe70⤵
-
\??\c:\xflrrrr.exec:\xflrrrr.exe71⤵
-
\??\c:\1nhnhn.exec:\1nhnhn.exe72⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe73⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe74⤵
-
\??\c:\fxrllxr.exec:\fxrllxr.exe75⤵
-
\??\c:\1xrrrrr.exec:\1xrrrrr.exe76⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe77⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe78⤵
-
\??\c:\5frrrxx.exec:\5frrrxx.exe79⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe80⤵
-
\??\c:\tntbth.exec:\tntbth.exe81⤵
-
\??\c:\vdppd.exec:\vdppd.exe82⤵
-
\??\c:\fffxxxl.exec:\fffxxxl.exe83⤵
-
\??\c:\7xfxfll.exec:\7xfxfll.exe84⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe85⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe86⤵
-
\??\c:\rfffffl.exec:\rfffffl.exe87⤵
-
\??\c:\htbhbn.exec:\htbhbn.exe88⤵
-
\??\c:\9bhhbb.exec:\9bhhbb.exe89⤵
-
\??\c:\jddvv.exec:\jddvv.exe90⤵
-
\??\c:\7jvjd.exec:\7jvjd.exe91⤵
-
\??\c:\frxfflr.exec:\frxfflr.exe92⤵
-
\??\c:\hhnhbh.exec:\hhnhbh.exe93⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe94⤵
-
\??\c:\1vvdp.exec:\1vvdp.exe95⤵
-
\??\c:\1tthnb.exec:\1tthnb.exe96⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe97⤵
-
\??\c:\xlxrlfr.exec:\xlxrlfr.exe98⤵
-
\??\c:\nhnhtt.exec:\nhnhtt.exe99⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe100⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe101⤵
-
\??\c:\xrrllfr.exec:\xrrllfr.exe102⤵
-
\??\c:\rrxrxfl.exec:\rrxrxfl.exe103⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe104⤵
-
\??\c:\9bhhhn.exec:\9bhhhn.exe105⤵
-
\??\c:\dpddd.exec:\dpddd.exe106⤵
-
\??\c:\frlxrll.exec:\frlxrll.exe107⤵
-
\??\c:\xlxxffx.exec:\xlxxffx.exe108⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe109⤵
-
\??\c:\1nbtnn.exec:\1nbtnn.exe110⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe111⤵
-
\??\c:\rrflxxf.exec:\rrflxxf.exe112⤵
-
\??\c:\hnbnbt.exec:\hnbnbt.exe113⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe114⤵
-
\??\c:\7dvvd.exec:\7dvvd.exe115⤵
-
\??\c:\flrxrlf.exec:\flrxrlf.exe116⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe117⤵
-
\??\c:\7tnhhh.exec:\7tnhhh.exe118⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe119⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe120⤵
-
\??\c:\7xxxrrx.exec:\7xxxrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-