Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
12-05-2024 02:23
General
-
Target
5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe
-
Size
81KB
-
MD5
5cb0d450d7fd92027c25253ab302a620
-
SHA1
4ad4fb3741a00afd67f522bf7b52843c068ba3e9
-
SHA256
06435a78e67131cb48c0ed5383459395b4ac498d49b45995edebe32b6c2eeb15
-
SHA512
47d9a8352453c467bebf78d28e7fa74f26c22f49e89e3c12413250f39bb8366291bba406da1837e55bffd72faa35d54394b5eaf07972300fc8e70c3a76118533
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JkZPsvX:ymb3NkkiQ3mdBjFIWeFGyA9Pc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5cb0d450d7fd92027c25253ab302a620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lfrfxr.exec:\7lfrfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllxr.exec:\lfxllxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdv.exec:\pdpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnb.exec:\hbtnnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjvj.exec:\7pjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrfrlx.exec:\1xrfrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbttt.exec:\hbbttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpdp.exec:\1jpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flfxrl.exec:\3flfxrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnh.exec:\httnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjvp.exec:\djjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrllf.exec:\xflrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbhb.exec:\nbbbhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtnn.exec:\nbhtnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrlf.exec:\xxrxrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhtnt.exec:\7bhtnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrrrr.exec:\llxrrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnh.exec:\bnhtnh.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe24⤵
- Executes dropped EXE
-
\??\c:\xlrlflx.exec:\xlrlflx.exe25⤵
- Executes dropped EXE
-
\??\c:\rflrfrf.exec:\rflrfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ntttth.exec:\ntttth.exe27⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\xffrlxr.exec:\xffrlxr.exe29⤵
- Executes dropped EXE
-
\??\c:\rffrrrr.exec:\rffrrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\ttbtnh.exec:\ttbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe32⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\5xxrxxl.exec:\5xxrxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxxrlf.exec:\lfxxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\nntnhn.exec:\nntnhn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnthhh.exec:\tnthhh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\xllxrrl.exec:\xllxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\frrfxrl.exec:\frrfxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\3tthnb.exec:\3tthnb.exe41⤵
- Executes dropped EXE
-
\??\c:\btbnhh.exec:\btbnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\5vpjv.exec:\5vpjv.exe44⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\rllffxx.exec:\rllffxx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnnh.exec:\bttnnh.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe50⤵
- Executes dropped EXE
-
\??\c:\5llxlfx.exec:\5llxlfx.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlrflf.exec:\xrlrflf.exe52⤵
- Executes dropped EXE
-
\??\c:\bbnhnn.exec:\bbnhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\9ffffxr.exec:\9ffffxr.exe56⤵
- Executes dropped EXE
-
\??\c:\flrlfrl.exec:\flrlfrl.exe57⤵
- Executes dropped EXE
-
\??\c:\bnnhnh.exec:\bnnhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\tnnbnh.exec:\tnnbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe61⤵
- Executes dropped EXE
-
\??\c:\9fxlrrr.exec:\9fxlrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\thhhtb.exec:\thhhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe64⤵
- Executes dropped EXE
-
\??\c:\9xffllr.exec:\9xffllr.exe65⤵
- Executes dropped EXE
-
\??\c:\7lrlfff.exec:\7lrlfff.exe66⤵
-
\??\c:\btnnhh.exec:\btnnhh.exe67⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe68⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe69⤵
-
\??\c:\vddvj.exec:\vddvj.exe70⤵
-
\??\c:\lfxrxrf.exec:\lfxrxrf.exe71⤵
-
\??\c:\frlfxlr.exec:\frlfxlr.exe72⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe73⤵
-
\??\c:\thnhtn.exec:\thnhtn.exe74⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe75⤵
-
\??\c:\7jjdd.exec:\7jjdd.exe76⤵
-
\??\c:\xrxxlfx.exec:\xrxxlfx.exe77⤵
-
\??\c:\5xxrllx.exec:\5xxrllx.exe78⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe79⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe80⤵
-
\??\c:\pddvj.exec:\pddvj.exe81⤵
-
\??\c:\frxxlfx.exec:\frxxlfx.exe82⤵
-
\??\c:\xflfxrr.exec:\xflfxrr.exe83⤵
-
\??\c:\5bhbtt.exec:\5bhbtt.exe84⤵
-
\??\c:\7ntnnt.exec:\7ntnnt.exe85⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe86⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe87⤵
-
\??\c:\1ppdv.exec:\1ppdv.exe88⤵
-
\??\c:\rlxrffx.exec:\rlxrffx.exe89⤵
-
\??\c:\fxrllff.exec:\fxrllff.exe90⤵
-
\??\c:\1nhbtn.exec:\1nhbtn.exe91⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe92⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe93⤵
-
\??\c:\pddvp.exec:\pddvp.exe94⤵
-
\??\c:\pddpj.exec:\pddpj.exe95⤵
-
\??\c:\fxlffxr.exec:\fxlffxr.exe96⤵
-
\??\c:\1llxrrl.exec:\1llxrrl.exe97⤵
-
\??\c:\httnhh.exec:\httnhh.exe98⤵
-
\??\c:\9rlrflx.exec:\9rlrflx.exe99⤵
-
\??\c:\lflflfx.exec:\lflflfx.exe100⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe101⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe102⤵
-
\??\c:\vpppj.exec:\vpppj.exe103⤵
-
\??\c:\7rxrllf.exec:\7rxrllf.exe104⤵
-
\??\c:\frrfxlf.exec:\frrfxlf.exe105⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe106⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe107⤵
-
\??\c:\ddvjj.exec:\ddvjj.exe108⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe109⤵
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe110⤵
-
\??\c:\lfxrlff.exec:\lfxrlff.exe111⤵
-
\??\c:\httnhh.exec:\httnhh.exe112⤵
-
\??\c:\jddvp.exec:\jddvp.exe113⤵
-
\??\c:\7rxlllr.exec:\7rxlllr.exe114⤵
-
\??\c:\7lllxxl.exec:\7lllxxl.exe115⤵
-
\??\c:\3ttnnh.exec:\3ttnnh.exe116⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe117⤵
-
\??\c:\7vpjp.exec:\7vpjp.exe118⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe119⤵
-
\??\c:\9lfrfxr.exec:\9lfrfxr.exe120⤵
-
\??\c:\xrrfxrf.exec:\xrrfxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-