Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
12/05/2024, 16:52
General
-
Target
30e170dbcab94661908a177cc47072e0_NeikiAnalytics.exe
-
Size
126KB
-
MD5
30e170dbcab94661908a177cc47072e0
-
SHA1
b9041004d9db6a212b10984db050adce1cdd1645
-
SHA256
254d069624b2341c8d8dd8554ddc0cdd60c3a7a412b4455b217a0349ecbcf01a
-
SHA512
27e4128120c9b63d9e69daa6ea7d8eafcaba82ce11370d7f5aaa3ed2b367871391f83f2e2745119f824aae9503008ee7c6439c729b8acd028cd232b333340ac6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgVyFsZW:ymb3NkkiQ3mdBjFo73HUoMsAbrxVBo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\30e170dbcab94661908a177cc47072e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\30e170dbcab94661908a177cc47072e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrllf.exec:\rxxrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllffx.exec:\1fllffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnntn.exec:\nnnntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbtb.exec:\bntbtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhttt.exec:\1bhttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxxll.exec:\lrxxxll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdj.exec:\vjjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjj.exec:\9jpjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxrx.exec:\xxrfxrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttt.exec:\nhnttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvp.exec:\5vdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlffff.exec:\xxlffff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhh.exec:\bbhbhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjvp.exec:\7vjvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlxxx.exec:\frrlxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxrxr.exec:\rfrxrxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbb.exec:\hbnbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe25⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe26⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe27⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfxrrx.exec:\rlfxrrx.exe29⤵
- Executes dropped EXE
-
\??\c:\bbnnnt.exec:\bbnnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlflfl.exec:\xrlflfl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe35⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\bbtnhb.exec:\bbtnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\nbhhhb.exec:\nbhhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfxllf.exec:\xrfxllf.exe41⤵
- Executes dropped EXE
-
\??\c:\xlffffr.exec:\xlffffr.exe42⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe44⤵
- Executes dropped EXE
-
\??\c:\xfrlrrx.exec:\xfrlrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\hthhhn.exec:\hthhhn.exe46⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe47⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxrffx.exec:\ffxrffx.exe49⤵
- Executes dropped EXE
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnhhb.exec:\nbnhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\rllfrxr.exec:\rllfrxr.exe54⤵
- Executes dropped EXE
-
\??\c:\lxllflr.exec:\lxllflr.exe55⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrlfx.exec:\fxxrlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\fllffff.exec:\fllffff.exe59⤵
- Executes dropped EXE
-
\??\c:\3hhbbb.exec:\3hhbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe62⤵
- Executes dropped EXE
-
\??\c:\lrlrxxr.exec:\lrlrxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xflfxxx.exec:\xflfxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe65⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe66⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe67⤵
-
\??\c:\xllfxrr.exec:\xllfxrr.exe68⤵
-
\??\c:\llxxffl.exec:\llxxffl.exe69⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe70⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe71⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe72⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe73⤵
-
\??\c:\xflflfr.exec:\xflflfr.exe74⤵
-
\??\c:\tthbth.exec:\tthbth.exe75⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe76⤵
-
\??\c:\1vvpd.exec:\1vvpd.exe77⤵
-
\??\c:\1rxffff.exec:\1rxffff.exe78⤵
-
\??\c:\ffxlfrr.exec:\ffxlfrr.exe79⤵
-
\??\c:\thtbth.exec:\thtbth.exe80⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe81⤵
-
\??\c:\rrlllxx.exec:\rrlllxx.exe82⤵
-
\??\c:\tthhth.exec:\tthhth.exe83⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe84⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe85⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe86⤵
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe87⤵
-
\??\c:\hhthbn.exec:\hhthbn.exe88⤵
-
\??\c:\btbthn.exec:\btbthn.exe89⤵
-
\??\c:\vppjd.exec:\vppjd.exe90⤵
-
\??\c:\jdddd.exec:\jdddd.exe91⤵
-
\??\c:\1xxfxrr.exec:\1xxfxrr.exe92⤵
-
\??\c:\lrfrxrx.exec:\lrfrxrx.exe93⤵
-
\??\c:\ntttnt.exec:\ntttnt.exe94⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe95⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe96⤵
-
\??\c:\xxrrrrr.exec:\xxrrrrr.exe97⤵
-
\??\c:\frrrlll.exec:\frrrlll.exe98⤵
-
\??\c:\nhbtth.exec:\nhbtth.exe99⤵
-
\??\c:\nhhnbb.exec:\nhhnbb.exe100⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe101⤵
-
\??\c:\dvddd.exec:\dvddd.exe102⤵
-
\??\c:\flrrflf.exec:\flrrflf.exe103⤵
-
\??\c:\nbnbbt.exec:\nbnbbt.exe104⤵
-
\??\c:\9hnhhh.exec:\9hnhhh.exe105⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe106⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe107⤵
-
\??\c:\lxffffx.exec:\lxffffx.exe108⤵
-
\??\c:\xxfrllr.exec:\xxfrllr.exe109⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe110⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe111⤵
-
\??\c:\jppvp.exec:\jppvp.exe112⤵
-
\??\c:\ddppp.exec:\ddppp.exe113⤵
-
\??\c:\flxrxll.exec:\flxrxll.exe114⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe115⤵
-
\??\c:\btnntt.exec:\btnntt.exe116⤵
-
\??\c:\djjjv.exec:\djjjv.exe117⤵
-
\??\c:\lrxfflf.exec:\lrxfflf.exe118⤵
-
\??\c:\bhhntn.exec:\bhhntn.exe119⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe120⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-