Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11-05-2024 02:37
General
-
Target
5d8b9f4e41f1eefbdf74ef83370355b0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
5d8b9f4e41f1eefbdf74ef83370355b0
-
SHA1
635c45918590920d3b177dd7d2c3b565d3acd0c1
-
SHA256
095f88ef96f2cbf101a30fb3cdd48975ef0828377e9e9d719d85858a4de46049
-
SHA512
ec2da0116c1e1a55f9a90aa2ab3af780c774f9786d1f654ef101c65a96c34374f3c7867f0c4c7df45e3d65d033d24afb187ea7f78143d7ed06934341f797f0d6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtZ:ymb3NkkiQ3mdBjFIWeFGyAsJAg2Z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d8b9f4e41f1eefbdf74ef83370355b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5d8b9f4e41f1eefbdf74ef83370355b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrll.exec:\rlxxrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbbtt.exec:\1tbbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdvp.exec:\7vdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhh.exec:\bhtnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddp.exec:\vdddp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxf.exec:\fflfxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhh.exec:\btbbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvd.exec:\jpvvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrffr.exec:\1lxrffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnn.exec:\htbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrfff.exec:\xlrrfff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrrf.exec:\xxxrrrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlffx.exec:\xrrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnnn.exec:\tbhnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpvp.exec:\1vpvp.exe23⤵
- Executes dropped EXE
-
\??\c:\5jddp.exec:\5jddp.exe24⤵
- Executes dropped EXE
-
\??\c:\rxlfffl.exec:\rxlfffl.exe25⤵
- Executes dropped EXE
-
\??\c:\btnhbn.exec:\btnhbn.exe26⤵
- Executes dropped EXE
-
\??\c:\3ddpj.exec:\3ddpj.exe27⤵
- Executes dropped EXE
-
\??\c:\1rffrff.exec:\1rffrff.exe28⤵
- Executes dropped EXE
-
\??\c:\ttttbb.exec:\ttttbb.exe29⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe31⤵
- Executes dropped EXE
-
\??\c:\hnthbt.exec:\hnthbt.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\3nbtnn.exec:\3nbtnn.exe34⤵
- Executes dropped EXE
-
\??\c:\3tbttt.exec:\3tbttt.exe35⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxxffl.exec:\xrxxffl.exe37⤵
- Executes dropped EXE
-
\??\c:\rxxrllf.exec:\rxxrllf.exe38⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\nbtthb.exec:\nbtthb.exe40⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe41⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbtnn.exec:\nhbtnn.exe45⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe46⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\lllxrrx.exec:\lllxrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\llrrrrl.exec:\llrrrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbbth.exec:\nnbbth.exe50⤵
- Executes dropped EXE
-
\??\c:\ntnhhh.exec:\ntnhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\3bbbnn.exec:\3bbbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe53⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe54⤵
- Executes dropped EXE
-
\??\c:\7xlfrrl.exec:\7xlfrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\xxrrllf.exec:\xxrrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\thhhtn.exec:\thhhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\xffffff.exec:\xffffff.exe59⤵
- Executes dropped EXE
-
\??\c:\frfxrxr.exec:\frfxrxr.exe60⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\7ttnnn.exec:\7ttnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\vvdvd.exec:\vvdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\llxrrrl.exec:\llxrrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe66⤵
-
\??\c:\5jpjp.exec:\5jpjp.exe67⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe68⤵
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe69⤵
-
\??\c:\xrffxrx.exec:\xrffxrx.exe70⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe71⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe72⤵
-
\??\c:\nbhnhh.exec:\nbhnhh.exe73⤵
-
\??\c:\vpddd.exec:\vpddd.exe74⤵
-
\??\c:\fxlflrl.exec:\fxlflrl.exe75⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe76⤵
-
\??\c:\nhhnhh.exec:\nhhnhh.exe77⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe78⤵
-
\??\c:\9lxxffr.exec:\9lxxffr.exe79⤵
-
\??\c:\7lfxxfx.exec:\7lfxxfx.exe80⤵
-
\??\c:\nhbbtn.exec:\nhbbtn.exe81⤵
-
\??\c:\vddvp.exec:\vddvp.exe82⤵
-
\??\c:\vpddd.exec:\vpddd.exe83⤵
-
\??\c:\lffxrxx.exec:\lffxrxx.exe84⤵
-
\??\c:\rrllffx.exec:\rrllffx.exe85⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe86⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe87⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe88⤵
-
\??\c:\rllffxx.exec:\rllffxx.exe89⤵
-
\??\c:\7xllffl.exec:\7xllffl.exe90⤵
-
\??\c:\btbthh.exec:\btbthh.exe91⤵
-
\??\c:\7tbttn.exec:\7tbttn.exe92⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe93⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe94⤵
-
\??\c:\xxrrfff.exec:\xxrrfff.exe95⤵
-
\??\c:\3llllrr.exec:\3llllrr.exe96⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe97⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe98⤵
-
\??\c:\1vjjv.exec:\1vjjv.exe99⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe100⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe101⤵
-
\??\c:\xxrllff.exec:\xxrllff.exe102⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe103⤵
-
\??\c:\thbttt.exec:\thbttt.exe104⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe105⤵
-
\??\c:\dppjd.exec:\dppjd.exe106⤵
-
\??\c:\lflfrrl.exec:\lflfrrl.exe107⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe108⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe109⤵
-
\??\c:\hhnnhn.exec:\hhnnhn.exe110⤵
-
\??\c:\dvppj.exec:\dvppj.exe111⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe112⤵
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe113⤵
-
\??\c:\rfrlffl.exec:\rfrlffl.exe114⤵
-
\??\c:\tbhhbn.exec:\tbhhbn.exe115⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe116⤵
-
\??\c:\thnttn.exec:\thnttn.exe117⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe118⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe119⤵
-
\??\c:\xlrfxlf.exec:\xlrfxlf.exe120⤵
-
\??\c:\9lfxrrl.exec:\9lfxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-