Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
12-05-2024 12:30
General
-
Target
0ccda6b0f06754e12cccd2311052aa70_NeikiAnalytics.exe
-
Size
83KB
-
MD5
0ccda6b0f06754e12cccd2311052aa70
-
SHA1
d0d835365043ab277b3c339bb8d94f1ca645fac6
-
SHA256
515dcec1aaf26887d18c3bf34d050b897b0c0c4c2869cf7fb4617c998f9ee753
-
SHA512
fc5018b916f8f7ab6d9cd8f0de7b3fb37725deab60648f05e1e2d3a4b75547975a739b208670acb617d5a1ebd9d4e2f9b084759f554c35ae147a805a73551962
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vL:ymb3NkkiQ3mdBjFo6Pfgy3dbc/L
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 34 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ccda6b0f06754e12cccd2311052aa70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0ccda6b0f06754e12cccd2311052aa70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvd.exec:\jvvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbtnh.exec:\9bbtnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxxrr.exec:\rrrxxrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlxrl.exec:\xfrlxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhbb.exec:\9tnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpv.exec:\vvvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrfr.exec:\xrflrfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhtn.exec:\tbbhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflllxl.exec:\fflllxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhn.exec:\hbbnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbb.exec:\bthbbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttn.exec:\tntttn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbb.exec:\hthnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\nntbtb.exec:\nntbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\vdvvj.exec:\vdvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhhtt.exec:\hhhhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrfxrf.exec:\fxrfxrf.exe29⤵
- Executes dropped EXE
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbtbn.exec:\nbbtbn.exe31⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe32⤵
- Executes dropped EXE
-
\??\c:\7ffrlxr.exec:\7ffrlxr.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe34⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\flxxxll.exec:\flxxxll.exe36⤵
- Executes dropped EXE
-
\??\c:\fffllrr.exec:\fffllrr.exe37⤵
- Executes dropped EXE
-
\??\c:\nnnnnn.exec:\nnnnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnnth.exec:\tnnnth.exe39⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrffllx.exec:\rrffllx.exe41⤵
- Executes dropped EXE
-
\??\c:\xllffxf.exec:\xllffxf.exe42⤵
- Executes dropped EXE
-
\??\c:\3bnnnn.exec:\3bnnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\nhtbbh.exec:\nhtbbh.exe44⤵
- Executes dropped EXE
-
\??\c:\1jvvj.exec:\1jvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\pjvdv.exec:\pjvdv.exe46⤵
- Executes dropped EXE
-
\??\c:\3rrlfxl.exec:\3rrlfxl.exe47⤵
- Executes dropped EXE
-
\??\c:\1fxrfxr.exec:\1fxrfxr.exe48⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe49⤵
- Executes dropped EXE
-
\??\c:\9jjjj.exec:\9jjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe51⤵
- Executes dropped EXE
-
\??\c:\7lrllll.exec:\7lrllll.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnnnt.exec:\nbnnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\1vppp.exec:\1vppp.exe56⤵
- Executes dropped EXE
-
\??\c:\xxllxxx.exec:\xxllxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\lrxrrlx.exec:\lrxrrlx.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\bthnbn.exec:\bthnbn.exe60⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rlfrrxr.exec:\rlfrrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\7thhnt.exec:\7thhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe66⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe67⤵
-
\??\c:\lffxrlr.exec:\lffxrlr.exe68⤵
-
\??\c:\rfllfxx.exec:\rfllfxx.exe69⤵
-
\??\c:\hhhhbh.exec:\hhhhbh.exe70⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe71⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe72⤵
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe73⤵
-
\??\c:\ffxxflx.exec:\ffxxflx.exe74⤵
-
\??\c:\5ttbbn.exec:\5ttbbn.exe75⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe76⤵
-
\??\c:\ddppj.exec:\ddppj.exe77⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe78⤵
-
\??\c:\3ttbtt.exec:\3ttbtt.exe79⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe80⤵
-
\??\c:\rfxrlxr.exec:\rfxrlxr.exe81⤵
-
\??\c:\3xxxrxr.exec:\3xxxrxr.exe82⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe83⤵
-
\??\c:\vjppj.exec:\vjppj.exe84⤵
-
\??\c:\pppjj.exec:\pppjj.exe85⤵
-
\??\c:\flrlrlf.exec:\flrlrlf.exe86⤵
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe87⤵
-
\??\c:\1ntnnn.exec:\1ntnnn.exe88⤵
-
\??\c:\9vjdj.exec:\9vjdj.exe89⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe90⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe91⤵
-
\??\c:\jpdvj.exec:\jpdvj.exe92⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe93⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe94⤵
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe95⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe96⤵
-
\??\c:\9tnbtn.exec:\9tnbtn.exe97⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe98⤵
-
\??\c:\9jvpv.exec:\9jvpv.exe99⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe100⤵
-
\??\c:\lxfxxlx.exec:\lxfxxlx.exe101⤵
-
\??\c:\ttnhnn.exec:\ttnhnn.exe102⤵
-
\??\c:\dppjj.exec:\dppjj.exe103⤵
-
\??\c:\djjjp.exec:\djjjp.exe104⤵
-
\??\c:\fffffff.exec:\fffffff.exe105⤵
-
\??\c:\rfffxrr.exec:\rfffxrr.exe106⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe107⤵
-
\??\c:\bhtbbb.exec:\bhtbbb.exe108⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe109⤵
-
\??\c:\5rxxxxx.exec:\5rxxxxx.exe110⤵
-
\??\c:\fxxfffr.exec:\fxxfffr.exe111⤵
-
\??\c:\hhnbnh.exec:\hhnbnh.exe112⤵
-
\??\c:\pppvv.exec:\pppvv.exe113⤵
-
\??\c:\vppjd.exec:\vppjd.exe114⤵
-
\??\c:\fxxrlll.exec:\fxxrlll.exe115⤵
-
\??\c:\ffrrffr.exec:\ffrrffr.exe116⤵
-
\??\c:\tttttt.exec:\tttttt.exe117⤵
-
\??\c:\thttnn.exec:\thttnn.exe118⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe119⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe120⤵
-
\??\c:\xxxfflx.exec:\xxxfflx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-