Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
13-05-2024 10:10
General
-
Target
b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
b168380e33e36cda7361e54740876ce0
-
SHA1
f0912a4c554ca25f6b26195e2647f0795d2a218d
-
SHA256
c8474e22b4805c873f3eefb3ba8665c668bf76920e04448c6f4ccccd6931a3db
-
SHA512
5e4d6d76abe558b12be4101d1e990008aa87fa2081b727c4b57e14a32ff3466edd5765d09c0f1739c2538db91becbb793c00c9944f36b74750aa5b49afd981f8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVnY:ymb3NkkiQ3mdBjF0crY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhhb.exec:\nnhhhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhh.exec:\hbbbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djjj.exec:\3djjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfffx.exec:\fflfffx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdpd.exec:\9jdpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdd.exec:\jppdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrfff.exec:\rlrrfff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfff.exec:\flllfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlff.exec:\ffrrlff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnn.exec:\thnnnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjp.exec:\pdvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffxxr.exec:\lfffxxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnhh.exec:\bbhnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvv.exec:\5jdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlfl.exec:\rllxlfl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnht.exec:\nhtnht.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbbh.exec:\1bhbbh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\7flfxff.exec:\7flfxff.exe24⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe25⤵
- Executes dropped EXE
-
\??\c:\5xrfrxr.exec:\5xrfrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\nbnntn.exec:\nbnntn.exe27⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe29⤵
- Executes dropped EXE
-
\??\c:\xxlflfx.exec:\xxlflfx.exe30⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe31⤵
- Executes dropped EXE
-
\??\c:\3bbhbb.exec:\3bbhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\9jjdd.exec:\9jjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\1flfxff.exec:\1flfxff.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\ttbnhh.exec:\ttbnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe39⤵
- Executes dropped EXE
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe40⤵
- Executes dropped EXE
-
\??\c:\frxlfxr.exec:\frxlfxr.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\3nbbbn.exec:\3nbbbn.exe43⤵
- Executes dropped EXE
-
\??\c:\jjddj.exec:\jjddj.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\fxfrxxl.exec:\fxfrxxl.exe46⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe47⤵
- Executes dropped EXE
-
\??\c:\1nhhbb.exec:\1nhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\3vddd.exec:\3vddd.exe50⤵
- Executes dropped EXE
-
\??\c:\fxxrllf.exec:\fxxrllf.exe51⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe54⤵
- Executes dropped EXE
-
\??\c:\djdjd.exec:\djdjd.exe55⤵
- Executes dropped EXE
-
\??\c:\flrrxfr.exec:\flrrxfr.exe56⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\3bnhbn.exec:\3bnhbn.exe58⤵
- Executes dropped EXE
-
\??\c:\thhhtt.exec:\thhhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\7dddv.exec:\7dddv.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxllfll.exec:\fxllfll.exe62⤵
- Executes dropped EXE
-
\??\c:\9hhnnt.exec:\9hhnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9bhhhn.exec:\9bhhhn.exe64⤵
- Executes dropped EXE
-
\??\c:\3dppj.exec:\3dppj.exe65⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe66⤵
-
\??\c:\frlfllr.exec:\frlfllr.exe67⤵
-
\??\c:\xxllrxx.exec:\xxllrxx.exe68⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe69⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe70⤵
-
\??\c:\jpppj.exec:\jpppj.exe71⤵
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe72⤵
-
\??\c:\1fflllf.exec:\1fflllf.exe73⤵
-
\??\c:\ntbhnn.exec:\ntbhnn.exe74⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe75⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe76⤵
-
\??\c:\pjppp.exec:\pjppp.exe77⤵
-
\??\c:\llllfll.exec:\llllfll.exe78⤵
-
\??\c:\nnnbbh.exec:\nnnbbh.exe79⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe80⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe81⤵
-
\??\c:\lflffff.exec:\lflffff.exe82⤵
-
\??\c:\bbntbn.exec:\bbntbn.exe83⤵
-
\??\c:\3dddv.exec:\3dddv.exe84⤵
-
\??\c:\lfrllll.exec:\lfrllll.exe85⤵
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe86⤵
-
\??\c:\tthhth.exec:\tthhth.exe87⤵
-
\??\c:\hnbhth.exec:\hnbhth.exe88⤵
-
\??\c:\jvddv.exec:\jvddv.exe89⤵
-
\??\c:\rrxlffl.exec:\rrxlffl.exe90⤵
-
\??\c:\hnhbtb.exec:\hnhbtb.exe91⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe92⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe93⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe94⤵
-
\??\c:\vpppj.exec:\vpppj.exe95⤵
-
\??\c:\9rfxrrf.exec:\9rfxrrf.exe96⤵
-
\??\c:\hhbnnn.exec:\hhbnnn.exe97⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe98⤵
-
\??\c:\rlfxrlf.exec:\rlfxrlf.exe99⤵
-
\??\c:\hbbhth.exec:\hbbhth.exe100⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe101⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe102⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe103⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe104⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe105⤵
-
\??\c:\rrxrxll.exec:\rrxrxll.exe106⤵
-
\??\c:\bnhbtb.exec:\bnhbtb.exe107⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe108⤵
-
\??\c:\jppjd.exec:\jppjd.exe109⤵
-
\??\c:\7rlfxfx.exec:\7rlfxfx.exe110⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe111⤵
-
\??\c:\bbhbnn.exec:\bbhbnn.exe112⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe113⤵
-
\??\c:\lfllffx.exec:\lfllffx.exe114⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe115⤵
-
\??\c:\xlfffff.exec:\xlfffff.exe116⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe117⤵
-
\??\c:\rrffflf.exec:\rrffflf.exe118⤵
-
\??\c:\5ttttt.exec:\5ttttt.exe119⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe120⤵
-
\??\c:\ppvdj.exec:\ppvdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-