Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/05/2024, 10:21
General
-
Target
acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe
-
Size
55KB
-
MD5
acc861445e790fc70af211a6a4667690
-
SHA1
4fdab77dc296262dc6a5b3e1a5dc2017a10a0532
-
SHA256
d43ee8db0c00cf4f6fd95be4090150de1ef4aeb6a29ed36e8aa5e590962e6719
-
SHA512
d869597dabd334ef95ed1a1204cec3b13b08f78b681954510e20ec25ad00524a70efc3cc51903d9383a40a70f8e90ef7e6e2d247b3da2ff56982e557093d511d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bm:ymb3NkkiQ3mdBjFIb6tZNm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\acc861445e790fc70af211a6a4667690_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrrlf.exec:\lrlrrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxxffl.exec:\5lxxffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbth.exec:\ttbbth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxfx.exec:\rxlfxfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnhbb.exec:\5hnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvd.exec:\dppvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhb.exec:\nbhhhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffl.exec:\lflfffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvj.exec:\jpvvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3htbbn.exec:\3htbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxx.exec:\lflfxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnb.exec:\hhtnnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjp.exec:\vvpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxffr.exec:\xfrxffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtb.exec:\tnhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjv.exec:\pdjjv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxfx.exec:\lflfxfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttnn.exec:\nhttnn.exe23⤵
- Executes dropped EXE
-
\??\c:\3jdjd.exec:\3jdjd.exe24⤵
- Executes dropped EXE
-
\??\c:\rrrxlrl.exec:\rrrxlrl.exe25⤵
- Executes dropped EXE
-
\??\c:\fffffff.exec:\fffffff.exe26⤵
- Executes dropped EXE
-
\??\c:\nnttbb.exec:\nnttbb.exe27⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe28⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\bbthht.exec:\bbthht.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxrfrf.exec:\lxxrfrf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\1vdpv.exec:\1vdpv.exe35⤵
- Executes dropped EXE
-
\??\c:\5jpvv.exec:\5jpvv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxxllrx.exec:\lxxllrx.exe37⤵
- Executes dropped EXE
-
\??\c:\ttbbbn.exec:\ttbbbn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbbbnt.exec:\bbbbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe40⤵
- Executes dropped EXE
-
\??\c:\rxflfrx.exec:\rxflfrx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe43⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe44⤵
- Executes dropped EXE
-
\??\c:\xlfxfrr.exec:\xlfxfrr.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbtnt.exec:\bnbtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\rrxlfxx.exec:\rrxlfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\nnbbbh.exec:\nnbbbh.exe49⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe50⤵
- Executes dropped EXE
-
\??\c:\xlxflfr.exec:\xlxflfr.exe51⤵
- Executes dropped EXE
-
\??\c:\xxlrxlr.exec:\xxlrxlr.exe52⤵
- Executes dropped EXE
-
\??\c:\1nttbh.exec:\1nttbh.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\xflfxxx.exec:\xflfxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\rfllrlx.exec:\rfllrlx.exe56⤵
- Executes dropped EXE
-
\??\c:\5nnnhh.exec:\5nnnhh.exe57⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrlllf.exec:\xrrlllf.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrllfx.exec:\rrrllfx.exe61⤵
- Executes dropped EXE
-
\??\c:\tnhttb.exec:\tnhttb.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe64⤵
- Executes dropped EXE
-
\??\c:\flrxrrr.exec:\flrxrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\3bnnhn.exec:\3bnnhn.exe66⤵
-
\??\c:\bnnhnt.exec:\bnnhnt.exe67⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe68⤵
-
\??\c:\rlxffrr.exec:\rlxffrr.exe69⤵
-
\??\c:\frxrxfr.exec:\frxrxfr.exe70⤵
-
\??\c:\9bnthh.exec:\9bnthh.exe71⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe72⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe73⤵
-
\??\c:\flxfffx.exec:\flxfffx.exe74⤵
-
\??\c:\frlfrfl.exec:\frlfrfl.exe75⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe76⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe77⤵
-
\??\c:\pdppp.exec:\pdppp.exe78⤵
-
\??\c:\frfrrrr.exec:\frfrrrr.exe79⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe80⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe81⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe82⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe83⤵
-
\??\c:\3frxfxx.exec:\3frxfxx.exe84⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe85⤵
-
\??\c:\hnthnh.exec:\hnthnh.exe86⤵
-
\??\c:\dpppp.exec:\dpppp.exe87⤵
-
\??\c:\frfxxxx.exec:\frfxxxx.exe88⤵
-
\??\c:\lrxrrfl.exec:\lrxrrfl.exe89⤵
-
\??\c:\bhhhnt.exec:\bhhhnt.exe90⤵
-
\??\c:\jpddj.exec:\jpddj.exe91⤵
-
\??\c:\rrllffl.exec:\rrllffl.exe92⤵
-
\??\c:\btnbth.exec:\btnbth.exe93⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe94⤵
-
\??\c:\rrlrfrx.exec:\rrlrfrx.exe95⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe96⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe97⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe98⤵
-
\??\c:\rxxxrll.exec:\rxxxrll.exe99⤵
-
\??\c:\bnthtn.exec:\bnthtn.exe100⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe101⤵
-
\??\c:\djdpd.exec:\djdpd.exe102⤵
-
\??\c:\7xrrrrr.exec:\7xrrrrr.exe103⤵
-
\??\c:\lllllrf.exec:\lllllrf.exe104⤵
-
\??\c:\hhntbh.exec:\hhntbh.exe105⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe106⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe107⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe108⤵
-
\??\c:\nbnbnh.exec:\nbnbnh.exe109⤵
-
\??\c:\1jjpj.exec:\1jjpj.exe110⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe111⤵
-
\??\c:\xxfrrlx.exec:\xxfrrlx.exe112⤵
-
\??\c:\xrxfffx.exec:\xrxfffx.exe113⤵
-
\??\c:\hhhhhh.exec:\hhhhhh.exe114⤵
-
\??\c:\djdvp.exec:\djdvp.exe115⤵
-
\??\c:\jjppj.exec:\jjppj.exe116⤵
-
\??\c:\xrlfflr.exec:\xrlfflr.exe117⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe118⤵
-
\??\c:\nhhhbn.exec:\nhhhbn.exe119⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe120⤵
-
\??\c:\9lxffxr.exec:\9lxffxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-