Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
12/05/2024, 09:58
General
-
Target
82a1d57941989bbedc6fa19893efbdd0_NeikiAnalytics.exe
-
Size
371KB
-
MD5
82a1d57941989bbedc6fa19893efbdd0
-
SHA1
46cae7b2e437de12c706d6b35dc8b54aed92ed60
-
SHA256
193e9fef40e8a1b82c7e5ff63202e6b1d2048d6dacb3dbaedc838850796c7c42
-
SHA512
004e3e2587e473318888f1c90195489f3ea705203b67ae4e5b8b3cba966e666ca85a5f79a0df4861eca9abebd03bcbdf49f12fd61d4b6f3790118c6467337204
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq7mjKPC+gy:n3C9yMo+S0L9xRnoq7mePPT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82a1d57941989bbedc6fa19893efbdd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\82a1d57941989bbedc6fa19893efbdd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrfrrx.exec:\lxrfrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdvj.exec:\9pdvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffxxl.exec:\lxffxxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrflfl.exec:\3lrflfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbh.exec:\nbbhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjd.exec:\pdvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfrlf.exec:\lrrfrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrrf.exec:\lxlfrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hthnh.exec:\7hthnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntn.exec:\nhtntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxllf.exec:\lxfxllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnn.exec:\nhbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpd.exec:\vvvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrfrrf.exec:\frrfrrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlxfr.exec:\frrlxfr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nthbt.exec:\9nthbt.exe23⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe25⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe26⤵
- Executes dropped EXE
-
\??\c:\5ppdd.exec:\5ppdd.exe27⤵
- Executes dropped EXE
-
\??\c:\lxxlxrl.exec:\lxxlxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\7lrfxxr.exec:\7lrfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe31⤵
- Executes dropped EXE
-
\??\c:\7nbhth.exec:\7nbhth.exe32⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\1lrfrlf.exec:\1lrfrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\htnhbt.exec:\htnhbt.exe35⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\lffrffx.exec:\lffrffx.exe38⤵
- Executes dropped EXE
-
\??\c:\rxrfxxl.exec:\rxrfxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\5pjdv.exec:\5pjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\1rlxrlx.exec:\1rlxrlx.exe43⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe44⤵
- Executes dropped EXE
-
\??\c:\pppjp.exec:\pppjp.exe45⤵
- Executes dropped EXE
-
\??\c:\rllfllx.exec:\rllfllx.exe46⤵
- Executes dropped EXE
-
\??\c:\3xxxrlf.exec:\3xxxrlf.exe47⤵
- Executes dropped EXE
-
\??\c:\nntbtt.exec:\nntbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\9llfrlx.exec:\9llfrlx.exe49⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\xxrflfx.exec:\xxrflfx.exe52⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe53⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrfxrl.exec:\xrrfxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrlffr.exec:\rfrlffr.exe57⤵
- Executes dropped EXE
-
\??\c:\bbtbnh.exec:\bbtbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe59⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe60⤵
- Executes dropped EXE
-
\??\c:\5rrfrlf.exec:\5rrfrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe62⤵
- Executes dropped EXE
-
\??\c:\bbtnbt.exec:\bbtnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe64⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe65⤵
- Executes dropped EXE
-
\??\c:\9frlffr.exec:\9frlffr.exe66⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe67⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe68⤵
-
\??\c:\djdvp.exec:\djdvp.exe69⤵
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe70⤵
-
\??\c:\llxfxlf.exec:\llxfxlf.exe71⤵
-
\??\c:\3bbnbt.exec:\3bbnbt.exe72⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe73⤵
-
\??\c:\xlfxrll.exec:\xlfxrll.exe74⤵
-
\??\c:\5lrllrr.exec:\5lrllrr.exe75⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe76⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe77⤵
-
\??\c:\xrlxxxf.exec:\xrlxxxf.exe78⤵
-
\??\c:\hnbthb.exec:\hnbthb.exe79⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe80⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe81⤵
-
\??\c:\fflfrrl.exec:\fflfrrl.exe82⤵
-
\??\c:\1xllxrl.exec:\1xllxrl.exe83⤵
-
\??\c:\bbnntn.exec:\bbnntn.exe84⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe85⤵
-
\??\c:\xxlfffl.exec:\xxlfffl.exe86⤵
-
\??\c:\9nnntb.exec:\9nnntb.exe87⤵
-
\??\c:\nnbhhh.exec:\nnbhhh.exe88⤵
-
\??\c:\vpdpj.exec:\vpdpj.exe89⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe90⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe91⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe92⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe93⤵
-
\??\c:\xrxrfrl.exec:\xrxrfrl.exe94⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe95⤵
-
\??\c:\htbttt.exec:\htbttt.exe96⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe97⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe98⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe99⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe100⤵
-
\??\c:\9jdpj.exec:\9jdpj.exe101⤵
-
\??\c:\xxlfrrl.exec:\xxlfrrl.exe102⤵
-
\??\c:\9nthhb.exec:\9nthhb.exe103⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe104⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe105⤵
-
\??\c:\7ffxllf.exec:\7ffxllf.exe106⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe107⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe108⤵
-
\??\c:\djpjv.exec:\djpjv.exe109⤵
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe110⤵
-
\??\c:\9bhhnt.exec:\9bhhnt.exe111⤵
-
\??\c:\hbnhht.exec:\hbnhht.exe112⤵
-
\??\c:\djpjv.exec:\djpjv.exe113⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe114⤵
-
\??\c:\7ffxllf.exec:\7ffxllf.exe115⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe116⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe117⤵
-
\??\c:\7xfxlfx.exec:\7xfxlfx.exe118⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe119⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe120⤵
-
\??\c:\jddvp.exec:\jddvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-