Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/05/2024, 15:05
General
-
Target
cb8c414e33aab10a55b7a6bb6f4d4980_NeikiAnalytics.exe
-
Size
536KB
-
MD5
cb8c414e33aab10a55b7a6bb6f4d4980
-
SHA1
0d10bbe3335268e229625bbe153be1d0c29e4092
-
SHA256
8892a70ec2340662c23f4070c0f65079319a6dc8569991e601edf5f096ba8d4e
-
SHA512
0c73548d40177ee74ff35727df93470be184a930358cc046f5c3b3b48a8607bee1f2240b64496d094884944654acd8ad7a6fc961c016fb8825af7e4a58bfbc5b
-
SSDEEP
12288:y4wFHoS3eFp3IDvSbh5nP+UbGTHoSouKs8N0u/D6vIZt:HFp3lzZbGa5sot
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb8c414e33aab10a55b7a6bb6f4d4980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cb8c414e33aab10a55b7a6bb6f4d4980_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdj.exec:\pvjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxl.exec:\lxxrfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhnn.exec:\hbnhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdd.exec:\djjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnht.exec:\tbbnht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnb.exec:\bnhtnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxrlx.exec:\lflxrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthtn.exec:\ntthtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfrxrx.exec:\lxfrxrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnnh.exec:\btbnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrlll.exec:\lfxrlll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntttn.exec:\hntttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnh.exec:\hbbtnh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhh.exec:\htnhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdv.exec:\ppvdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfrlf.exec:\xflfrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe24⤵
- Executes dropped EXE
-
\??\c:\hthtnt.exec:\hthtnt.exe25⤵
- Executes dropped EXE
-
\??\c:\lxrlxrl.exec:\lxrlxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe27⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe28⤵
- Executes dropped EXE
-
\??\c:\lffxrll.exec:\lffxrll.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnnhh.exec:\ntnnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\nhbtnh.exec:\nhbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrlxxl.exec:\lxrlxxl.exe32⤵
- Executes dropped EXE
-
\??\c:\bnnnbt.exec:\bnnnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe35⤵
- Executes dropped EXE
-
\??\c:\rllffxl.exec:\rllffxl.exe36⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe37⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe39⤵
- Executes dropped EXE
-
\??\c:\1hhbnh.exec:\1hhbnh.exe40⤵
- Executes dropped EXE
-
\??\c:\tbhthb.exec:\tbhthb.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe42⤵
- Executes dropped EXE
-
\??\c:\lfffxxr.exec:\lfffxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\7nthtb.exec:\7nthtb.exe44⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe45⤵
- Executes dropped EXE
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\bntthb.exec:\bntthb.exe47⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rxlfxll.exec:\rxlfxll.exe49⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe50⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe52⤵
- Executes dropped EXE
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\3bbtnt.exec:\3bbtnt.exe54⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\5fffxrf.exec:\5fffxrf.exe57⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjvj.exec:\jdjvj.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe60⤵
- Executes dropped EXE
-
\??\c:\tntnhb.exec:\tntnhb.exe61⤵
- Executes dropped EXE
-
\??\c:\3nnhtb.exec:\3nnhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\jvjdp.exec:\jvjdp.exe63⤵
- Executes dropped EXE
-
\??\c:\rlfrfxl.exec:\rlfrfxl.exe64⤵
- Executes dropped EXE
-
\??\c:\xrrlxrx.exec:\xrrlxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\ththtn.exec:\ththtn.exe66⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe67⤵
-
\??\c:\xffrfxr.exec:\xffrfxr.exe68⤵
-
\??\c:\ttthbb.exec:\ttthbb.exe69⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe70⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe71⤵
-
\??\c:\fxfxflf.exec:\fxfxflf.exe72⤵
-
\??\c:\httnbt.exec:\httnbt.exe73⤵
-
\??\c:\ththnh.exec:\ththnh.exe74⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe75⤵
-
\??\c:\lxffrlr.exec:\lxffrlr.exe76⤵
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe77⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe78⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe79⤵
-
\??\c:\ppddd.exec:\ppddd.exe80⤵
-
\??\c:\3lfrlll.exec:\3lfrlll.exe81⤵
-
\??\c:\hnbbbh.exec:\hnbbbh.exe82⤵
-
\??\c:\jdddv.exec:\jdddv.exe83⤵
-
\??\c:\1rxxrlf.exec:\1rxxrlf.exe84⤵
-
\??\c:\rfffxfx.exec:\rfffxfx.exe85⤵
-
\??\c:\9tnhbb.exec:\9tnhbb.exe86⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe87⤵
-
\??\c:\9pdjd.exec:\9pdjd.exe88⤵
-
\??\c:\fflrrrr.exec:\fflrrrr.exe89⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe90⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe91⤵
-
\??\c:\jddvd.exec:\jddvd.exe92⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe93⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe94⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe95⤵
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe96⤵
-
\??\c:\xrrxrfx.exec:\xrrxrfx.exe97⤵
-
\??\c:\nthbbh.exec:\nthbbh.exe98⤵
-
\??\c:\vdjvp.exec:\vdjvp.exe99⤵
-
\??\c:\pvppj.exec:\pvppj.exe100⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe101⤵
-
\??\c:\tnbnhn.exec:\tnbnhn.exe102⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe103⤵
-
\??\c:\fxrfrlx.exec:\fxrfrlx.exe104⤵
-
\??\c:\rrlfffx.exec:\rrlfffx.exe105⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe106⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe107⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe108⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe109⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe110⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe111⤵
-
\??\c:\5xxrfff.exec:\5xxrfff.exe112⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe113⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe114⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe115⤵
-
\??\c:\rllfrrr.exec:\rllfrrr.exe116⤵
-
\??\c:\7thhbb.exec:\7thhbb.exe117⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe118⤵
-
\??\c:\pvppp.exec:\pvppp.exe119⤵
-
\??\c:\xllffxr.exec:\xllffxr.exe120⤵
-
\??\c:\thnnhb.exec:\thnnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-