Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
13-05-2024 17:27
General
-
Target
bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe
-
Size
94KB
-
MD5
bfcc09368ed99958968933ed3065fa40
-
SHA1
c3ea9a6c8ba17149e1ee83e4f6fdae6c46ef03b1
-
SHA256
79c73d8395a231a586d5e6b8c144a021443d4ef1a4e8335a1eceb1d1dc982021
-
SHA512
691ebdda08f6d48bbe0dcc77f260bd7864690f98c33dfff251e487cf15566094e93bca8c5c12d7f0ad1607ef3878336fc880267014c4cad38b6ec1bce310f152
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxEPOfPrA2:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bfcc09368ed99958968933ed3065fa40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllxlf.exec:\rxllxlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nthbt.exec:\1nthbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrffr.exec:\rffrffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbnn.exec:\tthbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhnn.exec:\9tnhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjd.exec:\1dvjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrfxxl.exec:\1lrfxxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbn.exec:\tnbhbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvj.exec:\vpjvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlxfl.exec:\rfrlxfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhh.exec:\httnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpj.exec:\jpdpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrxfr.exec:\frxrxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thhhh.exec:\5thhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbthh.exec:\5tbthh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxlll.exec:\lxfxlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhh.exec:\btnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfflxl.exec:\fxfflxl.exe24⤵
- Executes dropped EXE
-
\??\c:\tttnht.exec:\tttnht.exe25⤵
- Executes dropped EXE
-
\??\c:\lxllxxx.exec:\lxllxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\nhbnhh.exec:\nhbnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe28⤵
- Executes dropped EXE
-
\??\c:\rrxxxrx.exec:\rrxxxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\frxfxlf.exec:\frxfxlf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe31⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe33⤵
- Executes dropped EXE
-
\??\c:\rrxllxx.exec:\rrxllxx.exe34⤵
- Executes dropped EXE
-
\??\c:\rxlrrfl.exec:\rxlrrfl.exe35⤵
- Executes dropped EXE
-
\??\c:\btnnnn.exec:\btnnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\7ddjd.exec:\7ddjd.exe37⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe38⤵
- Executes dropped EXE
-
\??\c:\5lxrxfl.exec:\5lxrxfl.exe39⤵
-
\??\c:\xrlfxxx.exec:\xrlfxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nbnbtn.exec:\nbnbtn.exe41⤵
- Executes dropped EXE
-
\??\c:\ttnnnb.exec:\ttnnnb.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe43⤵
- Executes dropped EXE
-
\??\c:\3xfxllf.exec:\3xfxllf.exe44⤵
- Executes dropped EXE
-
\??\c:\llxrxxr.exec:\llxrxxr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnhtnh.exec:\tnhtnh.exe46⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe48⤵
- Executes dropped EXE
-
\??\c:\7xfrxxr.exec:\7xfrxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\5lrllfx.exec:\5lrllfx.exe50⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe51⤵
- Executes dropped EXE
-
\??\c:\1fxlrfx.exec:\1fxlrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\lffxlfr.exec:\lffxlfr.exe53⤵
- Executes dropped EXE
-
\??\c:\nbtthh.exec:\nbtthh.exe54⤵
- Executes dropped EXE
-
\??\c:\nbtnbt.exec:\nbtnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxflfxr.exec:\lxflfxr.exe57⤵
- Executes dropped EXE
-
\??\c:\llrxrrl.exec:\llrxrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe60⤵
- Executes dropped EXE
-
\??\c:\fflllxf.exec:\fflllxf.exe61⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe62⤵
- Executes dropped EXE
-
\??\c:\9vdpv.exec:\9vdpv.exe63⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\ffxrfxl.exec:\ffxrfxl.exe65⤵
- Executes dropped EXE
-
\??\c:\7rxrlfx.exec:\7rxrlfx.exe66⤵
- Executes dropped EXE
-
\??\c:\nbthbt.exec:\nbthbt.exe67⤵
-
\??\c:\bhbthb.exec:\bhbthb.exe68⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe69⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe70⤵
-
\??\c:\ffxxrrf.exec:\ffxxrrf.exe71⤵
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe72⤵
-
\??\c:\5ntnhb.exec:\5ntnhb.exe73⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe74⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe75⤵
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe76⤵
-
\??\c:\5rlrfll.exec:\5rlrfll.exe77⤵
-
\??\c:\9bhtnh.exec:\9bhtnh.exe78⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe79⤵
-
\??\c:\rxflfxl.exec:\rxflfxl.exe80⤵
-
\??\c:\lfrlffx.exec:\lfrlffx.exe81⤵
-
\??\c:\3btnhb.exec:\3btnhb.exe82⤵
-
\??\c:\bhhbnn.exec:\bhhbnn.exe83⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe84⤵
-
\??\c:\frflrlx.exec:\frflrlx.exe85⤵
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe86⤵
-
\??\c:\1bnhbt.exec:\1bnhbt.exe87⤵
-
\??\c:\pdddv.exec:\pdddv.exe88⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe89⤵
-
\??\c:\xrlxrfx.exec:\xrlxrfx.exe90⤵
-
\??\c:\1ffxlfl.exec:\1ffxlfl.exe91⤵
-
\??\c:\9bbtnh.exec:\9bbtnh.exe92⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe93⤵
-
\??\c:\vjppp.exec:\vjppp.exe94⤵
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe95⤵
-
\??\c:\9rrfxrl.exec:\9rrfxrl.exe96⤵
-
\??\c:\7bbtnn.exec:\7bbtnn.exe97⤵
-
\??\c:\hnnbth.exec:\hnnbth.exe98⤵
-
\??\c:\9ppdp.exec:\9ppdp.exe99⤵
-
\??\c:\fxxlxxr.exec:\fxxlxxr.exe100⤵
-
\??\c:\frrxxrr.exec:\frrxxrr.exe101⤵
-
\??\c:\nhnnbb.exec:\nhnnbb.exe102⤵
-
\??\c:\ntnhnn.exec:\ntnhnn.exe103⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe104⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe105⤵
-
\??\c:\7lrlfff.exec:\7lrlfff.exe106⤵
-
\??\c:\hbtnbt.exec:\hbtnbt.exe107⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe108⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe109⤵
-
\??\c:\djjvj.exec:\djjvj.exe110⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe111⤵
-
\??\c:\rrxlxrl.exec:\rrxlxrl.exe112⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe113⤵
-
\??\c:\bbhnhn.exec:\bbhnhn.exe114⤵
-
\??\c:\9btnnh.exec:\9btnnh.exe115⤵
-
\??\c:\jddpj.exec:\jddpj.exe116⤵
-
\??\c:\7vjdp.exec:\7vjdp.exe117⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe118⤵
-
\??\c:\1xxfxxr.exec:\1xxfxxr.exe119⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe120⤵
-
\??\c:\bbnnbt.exec:\bbnnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-