Analysis
-
max time kernel
27s -
max time network
27s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
11/05/2024, 16:17
General
-
Target
18a96df610f6d9feb0acb5fa4170fd20_NeikiAnalytics.exe
-
Size
63KB
-
MD5
18a96df610f6d9feb0acb5fa4170fd20
-
SHA1
d3c3b224676c01e47dd869c4346dc05d073a5de3
-
SHA256
eafbc909e383a3f00522e880e0e7b49c5c84b31d64381c096fc30c22b10ef2cd
-
SHA512
36cb28f09eaac89aff637b848f2e22b3e164cfe388261bcad71eace963bc35f5ff4a771d8ab1f2397b59194cd3703f06c6b060f8cedae050693aa3af0b4044f4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wY:ymb3NkkiQ3mdBjFILm/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\18a96df610f6d9feb0acb5fa4170fd20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\18a96df610f6d9feb0acb5fa4170fd20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxxxrr.exec:\5fxxxrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttb.exec:\ntbttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddj.exec:\3vddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flffrr.exec:\5flffrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhb.exec:\hbbbhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxfx.exec:\llfxxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjj.exec:\pddjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxff.exec:\lfffxff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrrxx.exec:\xflrrxx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhnt.exec:\thhhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhbtt.exec:\9bhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxllf.exec:\rxxxllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhhn.exec:\tbhhhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdd.exec:\vdvdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvvv.exec:\9pvvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxllf.exec:\lffxllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttttt.exec:\5ttttt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddd.exec:\pvddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfrfff.exec:\9xfrfff.exe23⤵
- Executes dropped EXE
-
\??\c:\9nthnb.exec:\9nthnb.exe24⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpvd.exec:\vdpvd.exe26⤵
- Executes dropped EXE
-
\??\c:\rfffflf.exec:\rfffflf.exe27⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\lxfrrff.exec:\lxfrrff.exe30⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe32⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe33⤵
- Executes dropped EXE
-
\??\c:\llllxfx.exec:\llllxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\tbbhnn.exec:\tbbhnn.exe35⤵
- Executes dropped EXE
-
\??\c:\bhttnt.exec:\bhttnt.exe36⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe37⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe38⤵
- Executes dropped EXE
-
\??\c:\rxfxffx.exec:\rxfxffx.exe39⤵
- Executes dropped EXE
-
\??\c:\thtbbb.exec:\thtbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\nnhbnt.exec:\nnhbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\9pjvj.exec:\9pjvj.exe42⤵
- Executes dropped EXE
-
\??\c:\5llfllf.exec:\5llfllf.exe43⤵
- Executes dropped EXE
-
\??\c:\5rrrlrl.exec:\5rrrlrl.exe44⤵
- Executes dropped EXE
-
\??\c:\nhttth.exec:\nhttth.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\3jppj.exec:\3jppj.exe47⤵
- Executes dropped EXE
-
\??\c:\xllfxxr.exec:\xllfxxr.exe48⤵
- Executes dropped EXE
-
\??\c:\xfrrrfx.exec:\xfrrrfx.exe49⤵
- Executes dropped EXE
-
\??\c:\hnhnhh.exec:\hnhnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlflrx.exec:\fxlflrx.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\hnnbbh.exec:\hnnbbh.exe54⤵
- Executes dropped EXE
-
\??\c:\jpvjp.exec:\jpvjp.exe55⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnnbh.exec:\bnnnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\1tbbhn.exec:\1tbbhn.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\llfxxxx.exec:\llfxxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\lffffxx.exec:\lffffxx.exe62⤵
- Executes dropped EXE
-
\??\c:\9bbnhh.exec:\9bbnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbttt.exec:\ttbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\dppvv.exec:\dppvv.exe65⤵
- Executes dropped EXE
-
\??\c:\9frxrfl.exec:\9frxrfl.exe66⤵
-
\??\c:\3lffffx.exec:\3lffffx.exe67⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe68⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe69⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe70⤵
-
\??\c:\1xlfxxx.exec:\1xlfxxx.exe71⤵
-
\??\c:\xflllll.exec:\xflllll.exe72⤵
-
\??\c:\hnbntn.exec:\hnbntn.exe73⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe74⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe75⤵
-
\??\c:\pjddd.exec:\pjddd.exe76⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe77⤵
-
\??\c:\xffffff.exec:\xffffff.exe78⤵
-
\??\c:\fxfxfff.exec:\fxfxfff.exe79⤵
-
\??\c:\3hnttt.exec:\3hnttt.exe80⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe81⤵
-
\??\c:\vdjpj.exec:\vdjpj.exe82⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe83⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe84⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe85⤵
-
\??\c:\3nnhbb.exec:\3nnhbb.exe86⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe87⤵
-
\??\c:\fxlrfxl.exec:\fxlrfxl.exe88⤵
-
\??\c:\lxxxlfx.exec:\lxxxlfx.exe89⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe90⤵
-
\??\c:\5hnhbh.exec:\5hnhbh.exe91⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe92⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe93⤵
-
\??\c:\3xxxxfx.exec:\3xxxxfx.exe94⤵
-
\??\c:\9xfxrfl.exec:\9xfxrfl.exe95⤵
-
\??\c:\ttbhhn.exec:\ttbhhn.exe96⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe97⤵
-
\??\c:\3dddv.exec:\3dddv.exe98⤵
-
\??\c:\3lfxllf.exec:\3lfxllf.exe99⤵
-
\??\c:\7rfffrl.exec:\7rfffrl.exe100⤵
-
\??\c:\3hbbnh.exec:\3hbbnh.exe101⤵
-
\??\c:\bbbtbb.exec:\bbbtbb.exe102⤵
-
\??\c:\7bhnbh.exec:\7bhnbh.exe103⤵
-
\??\c:\9jppp.exec:\9jppp.exe104⤵
-
\??\c:\djddp.exec:\djddp.exe105⤵
-
\??\c:\xxffrxx.exec:\xxffrxx.exe106⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe107⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe108⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe109⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe110⤵
-
\??\c:\9llxrlx.exec:\9llxrlx.exe111⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe112⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe113⤵
-
\??\c:\5jjjp.exec:\5jjjp.exe114⤵
-
\??\c:\rrffrlf.exec:\rrffrlf.exe115⤵
-
\??\c:\ffxrfff.exec:\ffxrfff.exe116⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe117⤵
-
\??\c:\hbhhnb.exec:\hbhhnb.exe118⤵
-
\??\c:\vddpj.exec:\vddpj.exe119⤵
-
\??\c:\flfxrll.exec:\flfxrll.exe120⤵
-
\??\c:\frxxxxf.exec:\frxxxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-