Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/05/2024, 14:00
General
-
Target
0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe
-
Size
83KB
-
MD5
0b71e2a0a6110584b9c634ea86e5b9d0
-
SHA1
2d7efa1693c016d3799de886f6b6a6a2d56af258
-
SHA256
a3359f519c180bb0023c79db5a1543990ba80d5759b45ce70d40fec85351d0a9
-
SHA512
851968e66dc2c3fc524e562ecb6e3ac17c5b1bfa99df81ad98a51f634ba5b408c9be9367e1b1d6f21bc55f4715a545c23815c305c85b8aa8956f586daba2cb9b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSLCBCO+HlMO7s0yOy:ymb3NkkiQ3mdBjFIwLMoHW8y7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0b71e2a0a6110584b9c634ea86e5b9d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddjd.exec:\3ddjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxlfx.exec:\lffxlfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfll.exec:\ffllfll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrlll.exec:\lrlrlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbhb.exec:\nbbbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvv.exec:\pjdvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrrxx.exec:\fflrrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlff.exec:\xrxrlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdp.exec:\jjpdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllrll.exec:\ffllrll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhhh.exec:\1bhhhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntbt.exec:\thntbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllll.exec:\xrfllll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxxrr.exec:\5xxxxrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntt.exec:\nnnntt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbtt.exec:\3hhbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrlffx.exec:\rlrlffx.exe25⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe28⤵
- Executes dropped EXE
-
\??\c:\lflfxxx.exec:\lflfxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\rlllflf.exec:\rlllflf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbhhh.exec:\nhbhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe33⤵
- Executes dropped EXE
-
\??\c:\fxfrlrl.exec:\fxfrlrl.exe34⤵
- Executes dropped EXE
-
\??\c:\rlfflrr.exec:\rlfflrr.exe35⤵
- Executes dropped EXE
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1vvvv.exec:\1vvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\5hhtnn.exec:\5hhtnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe43⤵
- Executes dropped EXE
-
\??\c:\xfxxxfx.exec:\xfxxxfx.exe44⤵
- Executes dropped EXE
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\5bnhnt.exec:\5bnhnt.exe46⤵
- Executes dropped EXE
-
\??\c:\1hbbbb.exec:\1hbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\djddd.exec:\djddd.exe48⤵
- Executes dropped EXE
-
\??\c:\rlrrlxx.exec:\rlrrlxx.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe51⤵
- Executes dropped EXE
-
\??\c:\3rfxfff.exec:\3rfxfff.exe52⤵
- Executes dropped EXE
-
\??\c:\rllrlll.exec:\rllrlll.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbbbn.exec:\hbbbbn.exe54⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\rxfxlrl.exec:\rxfxlrl.exe56⤵
- Executes dropped EXE
-
\??\c:\xfllffl.exec:\xfllffl.exe57⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe59⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxllxxf.exec:\fxllxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe63⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\rffxrrr.exec:\rffxrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\lrllfll.exec:\lrllfll.exe66⤵
-
\??\c:\djpjj.exec:\djpjj.exe67⤵
-
\??\c:\vppjv.exec:\vppjv.exe68⤵
-
\??\c:\lfffxrf.exec:\lfffxrf.exe69⤵
-
\??\c:\rflffff.exec:\rflffff.exe70⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe71⤵
-
\??\c:\thttbt.exec:\thttbt.exe72⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe73⤵
-
\??\c:\xfllffx.exec:\xfllffx.exe74⤵
-
\??\c:\9xrllfx.exec:\9xrllfx.exe75⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe76⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe77⤵
-
\??\c:\3jjvp.exec:\3jjvp.exe78⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe79⤵
-
\??\c:\1ffxrrx.exec:\1ffxrrx.exe80⤵
-
\??\c:\rfxrlrl.exec:\rfxrlrl.exe81⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe82⤵
-
\??\c:\hbbbnn.exec:\hbbbnn.exe83⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe84⤵
-
\??\c:\7pvvj.exec:\7pvvj.exe85⤵
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe86⤵
-
\??\c:\9xffxlr.exec:\9xffxlr.exe87⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe88⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe89⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe90⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe91⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe92⤵
-
\??\c:\lrfxxxf.exec:\lrfxxxf.exe93⤵
-
\??\c:\lllrllf.exec:\lllrllf.exe94⤵
-
\??\c:\1htntt.exec:\1htntt.exe95⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe96⤵
-
\??\c:\hhttnn.exec:\hhttnn.exe97⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe98⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe99⤵
-
\??\c:\llllxff.exec:\llllxff.exe100⤵
-
\??\c:\lflrrxr.exec:\lflrrxr.exe101⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe102⤵
-
\??\c:\7bhhtb.exec:\7bhhtb.exe103⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe104⤵
-
\??\c:\jddvd.exec:\jddvd.exe105⤵
-
\??\c:\9rxrlrl.exec:\9rxrlrl.exe106⤵
-
\??\c:\rfffffx.exec:\rfffffx.exe107⤵
-
\??\c:\thbbtn.exec:\thbbtn.exe108⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe109⤵
-
\??\c:\fxrllfx.exec:\fxrllfx.exe110⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe111⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe112⤵
-
\??\c:\jpppj.exec:\jpppj.exe113⤵
-
\??\c:\jjppp.exec:\jjppp.exe114⤵
-
\??\c:\1xlxlfx.exec:\1xlxlfx.exe115⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe116⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe117⤵
-
\??\c:\5vddd.exec:\5vddd.exe118⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe119⤵
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe120⤵
-
\??\c:\xxfffll.exec:\xxfffll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-