Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
13/05/2024, 10:41
General
-
Target
b325abdfa1e117164080f8e655da08f0_NeikiAnalytics.exe
-
Size
433KB
-
MD5
b325abdfa1e117164080f8e655da08f0
-
SHA1
1e820c00ca5fe0bce64943064e6c586f975ea42d
-
SHA256
ed75dc04567b7ff9ffcdff130a1b244ffd01efd4f34869503f09a41a6c466517
-
SHA512
6701c82024a82b7e7c437fd304c35bdc8a6dfd02d6a8d9d9b776769204400f38d746395a4bf3775ca0e6a95c10ebe91aba5c8b4dd5c20106f9229446d311a6e9
-
SSDEEP
12288:n3C9uMPh2kkkkK4kXkkkkkkkkl888888888888888888nn:ShPh2kkkkK4kXkkkkkkkkJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b325abdfa1e117164080f8e655da08f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b325abdfa1e117164080f8e655da08f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdvd.exec:\7pdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhnbb.exec:\hnhnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrlxxf.exec:\rxrlxxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjd.exec:\vvpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fffxxr.exec:\3fffxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppp.exec:\djppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbth.exec:\hbtbth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpj.exec:\jvjpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lfxrrl.exec:\5lfxrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llfffx.exec:\1llfffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnt.exec:\ttbtnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjp.exec:\7vpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdv.exec:\vpvdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxff.exec:\xrfxxff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbbb.exec:\nnnbbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddv.exec:\5jddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhn.exec:\hthbhn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjv.exec:\3pdjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnnt.exec:\3ntnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\tbtnnn.exec:\tbtnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\xxllrxl.exec:\xxllrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\hhnttn.exec:\hhnttn.exe27⤵
- Executes dropped EXE
-
\??\c:\5rxxffx.exec:\5rxxffx.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxrxrx.exec:\lrxrxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\vdddd.exec:\vdddd.exe31⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe34⤵
- Executes dropped EXE
-
\??\c:\9xrlffr.exec:\9xrlffr.exe35⤵
- Executes dropped EXE
-
\??\c:\5bbtnn.exec:\5bbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\nhnhht.exec:\nhnhht.exe37⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe38⤵
- Executes dropped EXE
-
\??\c:\5flfxfx.exec:\5flfxfx.exe39⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe40⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrlfrrl.exec:\rrlfrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\rllfxlx.exec:\rllfxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbthnb.exec:\hbthnb.exe45⤵
- Executes dropped EXE
-
\??\c:\7vvpd.exec:\7vvpd.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxrffx.exec:\xxxrffx.exe47⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe48⤵
- Executes dropped EXE
-
\??\c:\3ttnhb.exec:\3ttnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\3jpjj.exec:\3jpjj.exe51⤵
- Executes dropped EXE
-
\??\c:\flfrlxr.exec:\flfrlxr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe54⤵
- Executes dropped EXE
-
\??\c:\7rrlxrx.exec:\7rrlxrx.exe55⤵
- Executes dropped EXE
-
\??\c:\rlfxlff.exec:\rlfxlff.exe56⤵
- Executes dropped EXE
-
\??\c:\nntntt.exec:\nntntt.exe57⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\lxrlllf.exec:\lxrlllf.exe60⤵
- Executes dropped EXE
-
\??\c:\nbbhbh.exec:\nbbhbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\rflflxx.exec:\rflflxx.exe63⤵
- Executes dropped EXE
-
\??\c:\9ttnnn.exec:\9ttnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe65⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe66⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe67⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe68⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe69⤵
-
\??\c:\flffxxr.exec:\flffxxr.exe70⤵
-
\??\c:\httbhb.exec:\httbhb.exe71⤵
-
\??\c:\djvjd.exec:\djvjd.exe72⤵
-
\??\c:\lrfxrfx.exec:\lrfxrfx.exe73⤵
-
\??\c:\5nbbtb.exec:\5nbbtb.exe74⤵
-
\??\c:\vpppj.exec:\vpppj.exe75⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe76⤵
-
\??\c:\bhbtbh.exec:\bhbtbh.exe77⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe78⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe79⤵
-
\??\c:\7frfxfx.exec:\7frfxfx.exe80⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe81⤵
-
\??\c:\5dddd.exec:\5dddd.exe82⤵
-
\??\c:\xxllffl.exec:\xxllffl.exe83⤵
-
\??\c:\9bbthh.exec:\9bbthh.exe84⤵
-
\??\c:\9tbthh.exec:\9tbthh.exe85⤵
-
\??\c:\vppjd.exec:\vppjd.exe86⤵
-
\??\c:\xxrlfrf.exec:\xxrlfrf.exe87⤵
-
\??\c:\bhhtbt.exec:\bhhtbt.exe88⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe89⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe90⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe91⤵
-
\??\c:\frrrlrr.exec:\frrrlrr.exe92⤵
-
\??\c:\nbhthn.exec:\nbhthn.exe93⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe94⤵
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe95⤵
-
\??\c:\rllxfxl.exec:\rllxfxl.exe96⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe97⤵
-
\??\c:\tbhbtb.exec:\tbhbtb.exe98⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe99⤵
-
\??\c:\frxxrrx.exec:\frxxrrx.exe100⤵
-
\??\c:\tthbtb.exec:\tthbtb.exe101⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe102⤵
-
\??\c:\3dpjd.exec:\3dpjd.exe103⤵
-
\??\c:\llrxxxx.exec:\llrxxxx.exe104⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe105⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe106⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe107⤵
-
\??\c:\lfflxfx.exec:\lfflxfx.exe108⤵
-
\??\c:\9tnbtt.exec:\9tnbtt.exe109⤵
-
\??\c:\bbhnbb.exec:\bbhnbb.exe110⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe111⤵
-
\??\c:\rfrfffx.exec:\rfrfffx.exe112⤵
-
\??\c:\1rfxffl.exec:\1rfxffl.exe113⤵
-
\??\c:\9tnnhn.exec:\9tnnhn.exe114⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe115⤵
-
\??\c:\frfrrlf.exec:\frfrrlf.exe116⤵
-
\??\c:\nnhnhh.exec:\nnhnhh.exe117⤵
-
\??\c:\vppjd.exec:\vppjd.exe118⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe119⤵
-
\??\c:\rxllrrx.exec:\rxllrrx.exe120⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-