Analysis
-
max time kernel
150s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
11/05/2024, 19:31
General
-
Target
2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe
-
Size
90KB
-
MD5
2f52f1e2b796c2bae7dfe34789d23aa0
-
SHA1
653bd51311812ba17c1033facc02e97c121e35fd
-
SHA256
f3692658f708f809fc12f0b79a0ed23b69a254417f3dbfc70e273966848567d4
-
SHA512
61a4a75edb257bb8d7739173584d5b9b9baae1d04222431beb62bd43088689931520dab361620d891bae4938a61d6e192496a246cbd6d2e038eef58204fa7b5d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJVM:ymb3NkkiQ3mdBjFodt27HobvcyLufNfo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbh.exec:\nhnhbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddp.exec:\djddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvv.exec:\5vvvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbh.exec:\btbbbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbb.exec:\hthbbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllllf.exec:\frllllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhhh.exec:\nbnhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvv.exec:\9ddvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjd.exec:\pvpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllllf.exec:\rlllllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxxf.exec:\xrxrxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbtn.exec:\3btbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppv.exec:\1dppv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffffrf.exec:\rffffrf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlflfr.exec:\xrlflfr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnnnn.exec:\5hnnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrrxx.exec:\xxlrrxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhb.exec:\tntnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrrlxlr.exec:\lrrlxlr.exe26⤵
- Executes dropped EXE
-
\??\c:\9bhbbt.exec:\9bhbbt.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnhbh.exec:\tnnhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\ppvdp.exec:\ppvdp.exe29⤵
- Executes dropped EXE
-
\??\c:\5xlfxrl.exec:\5xlfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\llrxfrr.exec:\llrxfrr.exe31⤵
- Executes dropped EXE
-
\??\c:\nnbbtn.exec:\nnbbtn.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe33⤵
- Executes dropped EXE
-
\??\c:\5fxrlxx.exec:\5fxrlxx.exe34⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\nbtbtt.exec:\nbtbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\hhthnn.exec:\hhthnn.exe37⤵
- Executes dropped EXE
-
\??\c:\rlflfff.exec:\rlflfff.exe38⤵
- Executes dropped EXE
-
\??\c:\xxrrlll.exec:\xxrrlll.exe39⤵
- Executes dropped EXE
-
\??\c:\ntttnn.exec:\ntttnn.exe40⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe41⤵
- Executes dropped EXE
-
\??\c:\9dpjj.exec:\9dpjj.exe42⤵
- Executes dropped EXE
-
\??\c:\vdddp.exec:\vdddp.exe43⤵
- Executes dropped EXE
-
\??\c:\xlflllr.exec:\xlflllr.exe44⤵
- Executes dropped EXE
-
\??\c:\bthtnt.exec:\bthtnt.exe45⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lrrrrrf.exec:\lrrrrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\fxrllff.exec:\fxrllff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhthb.exec:\nbhthb.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe52⤵
- Executes dropped EXE
-
\??\c:\9vpdd.exec:\9vpdd.exe53⤵
- Executes dropped EXE
-
\??\c:\7lrlrrx.exec:\7lrlrrx.exe54⤵
- Executes dropped EXE
-
\??\c:\xllfllr.exec:\xllfllr.exe55⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe56⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe58⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxrllf.exec:\ffxrllf.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnbhn.exec:\bbnbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\nnnbtn.exec:\nnnbtn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxxlxf.exec:\xrxxlxf.exe65⤵
- Executes dropped EXE
-
\??\c:\hnttnn.exec:\hnttnn.exe66⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe67⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe68⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe69⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe70⤵
-
\??\c:\fllflrx.exec:\fllflrx.exe71⤵
-
\??\c:\xfrrrll.exec:\xfrrrll.exe72⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe73⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe74⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe75⤵
-
\??\c:\3ddvj.exec:\3ddvj.exe76⤵
-
\??\c:\rlllfll.exec:\rlllfll.exe77⤵
-
\??\c:\7llfxxr.exec:\7llfxxr.exe78⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe79⤵
-
\??\c:\tbnbbt.exec:\tbnbbt.exe80⤵
-
\??\c:\bnhbht.exec:\bnhbht.exe81⤵
-
\??\c:\dppdv.exec:\dppdv.exe82⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe83⤵
-
\??\c:\xfflxlf.exec:\xfflxlf.exe84⤵
-
\??\c:\3xxxrxr.exec:\3xxxrxr.exe85⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe86⤵
-
\??\c:\1htttt.exec:\1htttt.exe87⤵
-
\??\c:\5htnhh.exec:\5htnhh.exe88⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe89⤵
-
\??\c:\pppjv.exec:\pppjv.exe90⤵
-
\??\c:\rffxllf.exec:\rffxllf.exe91⤵
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe92⤵
-
\??\c:\nhhbnh.exec:\nhhbnh.exe93⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe94⤵
-
\??\c:\vppjd.exec:\vppjd.exe95⤵
-
\??\c:\jdddj.exec:\jdddj.exe96⤵
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe97⤵
-
\??\c:\fxxxfxx.exec:\fxxxfxx.exe98⤵
-
\??\c:\5frllll.exec:\5frllll.exe99⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe100⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe101⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe102⤵
-
\??\c:\3dpdv.exec:\3dpdv.exe103⤵
-
\??\c:\frrrxrr.exec:\frrrxrr.exe104⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe105⤵
-
\??\c:\3rxrrlf.exec:\3rxrrlf.exe106⤵
-
\??\c:\3thhbb.exec:\3thhbb.exe107⤵
-
\??\c:\bbnhtn.exec:\bbnhtn.exe108⤵
-
\??\c:\vppdp.exec:\vppdp.exe109⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe110⤵
-
\??\c:\3lrlrlf.exec:\3lrlrlf.exe111⤵
-
\??\c:\fllfxxr.exec:\fllfxxr.exe112⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe113⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe114⤵
-
\??\c:\7pvvd.exec:\7pvvd.exe115⤵
-
\??\c:\dddjv.exec:\dddjv.exe116⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe117⤵
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe118⤵
-
\??\c:\nbtnnh.exec:\nbtnnh.exe119⤵
-
\??\c:\httnnh.exec:\httnnh.exe120⤵
-
\??\c:\7btthh.exec:\7btthh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-