Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/05/2024, 02:12
General
-
Target
56b16c3b219c45bc8083d4e4904d6440_NeikiAnalytics.exe
-
Size
182KB
-
MD5
56b16c3b219c45bc8083d4e4904d6440
-
SHA1
97b452375ba28f4d2e486ecf8b984283da74f56b
-
SHA256
bc1cb1cb60312ae86d0d418783751fb5163221477f2717bc69c8af0e3ffc158c
-
SHA512
6c8d0d99b1c070a6c7b242e38bd6802f73b88a6c4d277108f307991def8e6cd1b22b120be67b202c36f8ce0ef6311a82d9acb193fc73d8a6144196746bd70cf7
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+IJPhbMqr:PhOm2sI93UufdC67ciJTm5hIU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56b16c3b219c45bc8083d4e4904d6440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\56b16c3b219c45bc8083d4e4904d6440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllffx.exec:\lxllffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjd.exec:\djjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxr.exec:\rrxxxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbb.exec:\hhhhbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbtb.exec:\1bhbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjd.exec:\3pdjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrlff.exec:\xfxrlff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtttn.exec:\bhtttn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvdv.exec:\5jvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnh.exec:\nttnnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhbb.exec:\7nnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxxl.exec:\rxfxxxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllff.exec:\rrrllff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllflf.exec:\flllflf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnttn.exec:\bbnttn.exe23⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe24⤵
- Executes dropped EXE
-
\??\c:\ttbbbb.exec:\ttbbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhnhh.exec:\hbhnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe29⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe31⤵
- Executes dropped EXE
-
\??\c:\7frlrrl.exec:\7frlrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\thnhbh.exec:\thnhbh.exe33⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe34⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\9pddv.exec:\9pddv.exe37⤵
- Executes dropped EXE
-
\??\c:\9rllffl.exec:\9rllffl.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe40⤵
- Executes dropped EXE
-
\??\c:\jjvvp.exec:\jjvvp.exe41⤵
- Executes dropped EXE
-
\??\c:\thhtht.exec:\thhtht.exe42⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe44⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\ntbbnt.exec:\ntbbnt.exe46⤵
- Executes dropped EXE
-
\??\c:\djppv.exec:\djppv.exe47⤵
- Executes dropped EXE
-
\??\c:\thnhtn.exec:\thnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe50⤵
- Executes dropped EXE
-
\??\c:\xrrxrfx.exec:\xrrxrfx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbttbh.exec:\nbttbh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe53⤵
- Executes dropped EXE
-
\??\c:\lxrlfff.exec:\lxrlfff.exe54⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\ntbnnn.exec:\ntbnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\9jppp.exec:\9jppp.exe57⤵
-
\??\c:\lllxlxl.exec:\lllxlxl.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe59⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\rlffxxr.exec:\rlffxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\btbtth.exec:\btbtth.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rflflxr.exec:\rflflxr.exe64⤵
- Executes dropped EXE
-
\??\c:\nbhhbn.exec:\nbhhbn.exe65⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe66⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe67⤵
-
\??\c:\rfrlxrf.exec:\rfrlxrf.exe68⤵
-
\??\c:\1tnnnn.exec:\1tnnnn.exe69⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe70⤵
-
\??\c:\rrlfxrl.exec:\rrlfxrl.exe71⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe72⤵
-
\??\c:\5rxflxr.exec:\5rxflxr.exe73⤵
-
\??\c:\hbhbhh.exec:\hbhbhh.exe74⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe75⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe76⤵
-
\??\c:\flllllr.exec:\flllllr.exe77⤵
-
\??\c:\3tnhbb.exec:\3tnhbb.exe78⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe79⤵
-
\??\c:\rrrrrrx.exec:\rrrrrrx.exe80⤵
-
\??\c:\lrrlflx.exec:\lrrlflx.exe81⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe82⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe83⤵
-
\??\c:\lfrxfll.exec:\lfrxfll.exe84⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe85⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe86⤵
-
\??\c:\fxflflf.exec:\fxflflf.exe87⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe88⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe89⤵
-
\??\c:\xlrrrxr.exec:\xlrrrxr.exe90⤵
-
\??\c:\nbhhbt.exec:\nbhhbt.exe91⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe92⤵
-
\??\c:\ddddj.exec:\ddddj.exe93⤵
-
\??\c:\lfxrxxr.exec:\lfxrxxr.exe94⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe95⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe96⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe97⤵
-
\??\c:\1rfxflx.exec:\1rfxflx.exe98⤵
-
\??\c:\hhbnbt.exec:\hhbnbt.exe99⤵
-
\??\c:\vpppp.exec:\vpppp.exe100⤵
-
\??\c:\fxrlllf.exec:\fxrlllf.exe101⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe102⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe103⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe104⤵
-
\??\c:\lxlxrlf.exec:\lxlxrlf.exe105⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe106⤵
-
\??\c:\pdddd.exec:\pdddd.exe107⤵
-
\??\c:\9dddv.exec:\9dddv.exe108⤵
-
\??\c:\fffxllf.exec:\fffxllf.exe109⤵
-
\??\c:\thtnhh.exec:\thtnhh.exe110⤵
-
\??\c:\dddjd.exec:\dddjd.exe111⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe112⤵
-
\??\c:\5hnnnn.exec:\5hnnnn.exe113⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe114⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe115⤵
-
\??\c:\ffllllf.exec:\ffllllf.exe116⤵
-
\??\c:\1tbtbb.exec:\1tbtbb.exe117⤵
-
\??\c:\1pppj.exec:\1pppj.exe118⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe119⤵
-
\??\c:\xffrlll.exec:\xffrlll.exe120⤵
-
\??\c:\nhhbhb.exec:\nhhbhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-