Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14-05-2024 17:03
General
-
Target
ce88f39dfba8740aaea79de93efef8a0_NeikiAnalytics.exe
-
Size
91KB
-
MD5
ce88f39dfba8740aaea79de93efef8a0
-
SHA1
71952686c1bafdae42e77a468d642268bcc0ddec
-
SHA256
b0af3f1c6e24242afcd80bc6fb6cd1f669473ce2ee6a444973a0d94d1267ccd1
-
SHA512
57475d6d8ffaab5dc7e75380e8b5ac3b172c4c084558801b844a462777790e365a244fd1d87ba486ffeb9308d5134eb0c7a97ae6039525ddb6542944e0f53cfc
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWp/:8hOmTsF93UYfwC6GIout0fmCiiiXA6mt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ce88f39dfba8740aaea79de93efef8a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ce88f39dfba8740aaea79de93efef8a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflrll.exec:\lrflrll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnhh.exec:\nbnnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pjdv.exec:\1pjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbt.exec:\bhntbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrlffx.exec:\9rrlffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrllr.exec:\3lxrllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhh.exec:\tnhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvj.exec:\djvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxxl.exec:\rrllxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppp.exec:\vvppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnhnn.exec:\5bnhnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdv.exec:\3vjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffx.exec:\lrrlffx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7httnn.exec:\7httnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbb.exec:\nnbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe24⤵
- Executes dropped EXE
-
\??\c:\fxflrll.exec:\fxflrll.exe25⤵
- Executes dropped EXE
-
\??\c:\thtnht.exec:\thtnht.exe26⤵
- Executes dropped EXE
-
\??\c:\lxlrrrr.exec:\lxlrrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\fffrxfl.exec:\fffrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe29⤵
- Executes dropped EXE
-
\??\c:\fffrlfr.exec:\fffrlfr.exe30⤵
- Executes dropped EXE
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe33⤵
- Executes dropped EXE
-
\??\c:\1fllxfx.exec:\1fllxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\xrffxfr.exec:\xrffxfr.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhhth.exec:\bbhhth.exe36⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe38⤵
- Executes dropped EXE
-
\??\c:\fllrlxf.exec:\fllrlxf.exe39⤵
- Executes dropped EXE
-
\??\c:\3htbbb.exec:\3htbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\tbthhh.exec:\tbthhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lxxxrfl.exec:\lxxxrfl.exe43⤵
- Executes dropped EXE
-
\??\c:\nthnbn.exec:\nthnbn.exe44⤵
- Executes dropped EXE
-
\??\c:\bntbbn.exec:\bntbbn.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdv.exec:\pvjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\5xxrlll.exec:\5xxrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\9btnht.exec:\9btnht.exe49⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\3pdvp.exec:\3pdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\1lxxrxx.exec:\1lxxrxx.exe55⤵
- Executes dropped EXE
-
\??\c:\9ffxrrr.exec:\9ffxrrr.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe58⤵
- Executes dropped EXE
-
\??\c:\llrflrx.exec:\llrflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxxrrf.exec:\rrxxrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\tttntn.exec:\tttntn.exe64⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe65⤵
- Executes dropped EXE
-
\??\c:\9llxxrr.exec:\9llxxrr.exe66⤵
-
\??\c:\xfxfxxx.exec:\xfxfxxx.exe67⤵
-
\??\c:\hbnhbt.exec:\hbnhbt.exe68⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe69⤵
-
\??\c:\7rllxlr.exec:\7rllxlr.exe70⤵
-
\??\c:\tthnhb.exec:\tthnhb.exe71⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe72⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe73⤵
-
\??\c:\frrfflr.exec:\frrfflr.exe74⤵
-
\??\c:\lrlrrll.exec:\lrlrrll.exe75⤵
-
\??\c:\5nnhtn.exec:\5nnhtn.exe76⤵
-
\??\c:\nhthth.exec:\nhthth.exe77⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe78⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe79⤵
-
\??\c:\thbnbb.exec:\thbnbb.exe80⤵
-
\??\c:\3nbhtt.exec:\3nbhtt.exe81⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe82⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe83⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe84⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe85⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe86⤵
-
\??\c:\htbnth.exec:\htbnth.exe87⤵
-
\??\c:\flfxxxr.exec:\flfxxxr.exe88⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe89⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe90⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe91⤵
-
\??\c:\pjddd.exec:\pjddd.exe92⤵
-
\??\c:\rrxrfrx.exec:\rrxrfrx.exe93⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe94⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe95⤵
-
\??\c:\flrlrrl.exec:\flrlrrl.exe96⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe97⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe98⤵
-
\??\c:\vddvp.exec:\vddvp.exe99⤵
-
\??\c:\rrxflll.exec:\rrxflll.exe100⤵
-
\??\c:\xflrxff.exec:\xflrxff.exe101⤵
-
\??\c:\tbntnt.exec:\tbntnt.exe102⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe103⤵
-
\??\c:\jddjv.exec:\jddjv.exe104⤵
-
\??\c:\xrlfrrr.exec:\xrlfrrr.exe105⤵
-
\??\c:\1fllfll.exec:\1fllfll.exe106⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe107⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe108⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe109⤵
-
\??\c:\jdppj.exec:\jdppj.exe110⤵
-
\??\c:\xrfflrx.exec:\xrfflrx.exe111⤵
-
\??\c:\lxxxrxl.exec:\lxxxrxl.exe112⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe113⤵
-
\??\c:\bttbbh.exec:\bttbbh.exe114⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe115⤵
-
\??\c:\djpvp.exec:\djpvp.exe116⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe117⤵
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe118⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe119⤵
-
\??\c:\9ttttt.exec:\9ttttt.exe120⤵
-
\??\c:\bhnnht.exec:\bhnnht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-