Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/05/2024, 18:50
General
-
Target
0f7eab935f18a0db237788fd9fe280f0_NeikiAnalytics.exe
-
Size
233KB
-
MD5
0f7eab935f18a0db237788fd9fe280f0
-
SHA1
167f6d1170fb75ed7b94c4a9fd3b48f05f415f75
-
SHA256
428e6019ffefa82cbe8fbadb38e930c6d1a70241091d159dab625f10a7669b06
-
SHA512
37c576756bce5c05f981ae4c299115c6a95e084e000b69d626000de237d170c73f7c2c53626cde924a3a49b6c1caba8be5f5e114df6a6a86abe69e83fb658e91
-
SSDEEP
6144:kcm4FmowdHoSSGpJw4PqhraHcpOmFTHDGYhEf5X2a9R:y4wFHoSSGpJwGeeFmFTNAp2AR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f7eab935f18a0db237788fd9fe280f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f7eab935f18a0db237788fd9fe280f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrffx.exec:\rfxrffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtb.exec:\bnnhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpd.exec:\3jvpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlff.exec:\lrxrlff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnn.exec:\ttnnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlll.exec:\ffxrlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhbb.exec:\7nnhbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpp.exec:\vjdpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhb.exec:\bbhbhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbhn.exec:\7nbbhn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxrrr.exec:\xlrxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrllf.exec:\7rxrllf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxxllfx.exec:\fxxllfx.exe24⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe25⤵
- Executes dropped EXE
-
\??\c:\1flxxrl.exec:\1flxxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\tbtbtt.exec:\tbtbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\7rfxrrl.exec:\7rfxrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbbtb.exec:\hhbbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\nnttnt.exec:\nnttnt.exe33⤵
- Executes dropped EXE
-
\??\c:\7rrllrl.exec:\7rrllrl.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe35⤵
- Executes dropped EXE
-
\??\c:\7jdvv.exec:\7jdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\hnbntt.exec:\hnbntt.exe39⤵
- Executes dropped EXE
-
\??\c:\lrxxxfl.exec:\lrxxxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbttn.exec:\hhbttn.exe41⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe42⤵
- Executes dropped EXE
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\7hhntb.exec:\7hhntb.exe44⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe47⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe48⤵
- Executes dropped EXE
-
\??\c:\lxlffff.exec:\lxlffff.exe49⤵
- Executes dropped EXE
-
\??\c:\bbtttt.exec:\bbtttt.exe50⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe51⤵
- Executes dropped EXE
-
\??\c:\frrrfrl.exec:\frrrfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\7pdvj.exec:\7pdvj.exe53⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrffffl.exec:\xrffffl.exe56⤵
- Executes dropped EXE
-
\??\c:\lxllllr.exec:\lxllllr.exe57⤵
- Executes dropped EXE
-
\??\c:\7bnnnn.exec:\7bnnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\3rrxxfl.exec:\3rrxxfl.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnnnt.exec:\hbnnnt.exe62⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe63⤵
- Executes dropped EXE
-
\??\c:\1xxllff.exec:\1xxllff.exe64⤵
- Executes dropped EXE
-
\??\c:\fflllrr.exec:\fflllrr.exe65⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe66⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe67⤵
-
\??\c:\1vvdd.exec:\1vvdd.exe68⤵
-
\??\c:\ffxxxxl.exec:\ffxxxxl.exe69⤵
-
\??\c:\nhbhhh.exec:\nhbhhh.exe70⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe71⤵
-
\??\c:\9jddd.exec:\9jddd.exe72⤵
-
\??\c:\fflrrrf.exec:\fflrrrf.exe73⤵
-
\??\c:\nnbtnt.exec:\nnbtnt.exe74⤵
-
\??\c:\btbttb.exec:\btbttb.exe75⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe76⤵
-
\??\c:\lllllll.exec:\lllllll.exe77⤵
-
\??\c:\xlllllr.exec:\xlllllr.exe78⤵
-
\??\c:\btnttb.exec:\btnttb.exe79⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe80⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe81⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe82⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe83⤵
-
\??\c:\ddppv.exec:\ddppv.exe84⤵
-
\??\c:\llxrrff.exec:\llxrrff.exe85⤵
-
\??\c:\xrrxxfl.exec:\xrrxxfl.exe86⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe87⤵
-
\??\c:\3rfffxf.exec:\3rfffxf.exe88⤵
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe89⤵
-
\??\c:\dvddd.exec:\dvddd.exe90⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe91⤵
-
\??\c:\rrxxxrr.exec:\rrxxxrr.exe92⤵
-
\??\c:\hhthbt.exec:\hhthbt.exe93⤵
-
\??\c:\djvjj.exec:\djvjj.exe94⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe95⤵
-
\??\c:\5bbnhh.exec:\5bbnhh.exe96⤵
-
\??\c:\btbttt.exec:\btbttt.exe97⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe98⤵
-
\??\c:\rllllrl.exec:\rllllrl.exe99⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe100⤵
-
\??\c:\5btnnh.exec:\5btnnh.exe101⤵
-
\??\c:\1vvdd.exec:\1vvdd.exe102⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe103⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe104⤵
-
\??\c:\3ntttb.exec:\3ntttb.exe105⤵
-
\??\c:\9vjjv.exec:\9vjjv.exe106⤵
-
\??\c:\vvpdv.exec:\vvpdv.exe107⤵
-
\??\c:\llxxffr.exec:\llxxffr.exe108⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe109⤵
-
\??\c:\bhhttn.exec:\bhhttn.exe110⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe111⤵
-
\??\c:\xfflfll.exec:\xfflfll.exe112⤵
-
\??\c:\rrrrxff.exec:\rrrrxff.exe113⤵
-
\??\c:\hnnhbh.exec:\hnnhbh.exe114⤵
-
\??\c:\3ntttb.exec:\3ntttb.exe115⤵
-
\??\c:\3pddj.exec:\3pddj.exe116⤵
-
\??\c:\vdddd.exec:\vdddd.exe117⤵
-
\??\c:\xxrxxll.exec:\xxrxxll.exe118⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe119⤵
-
\??\c:\vppjp.exec:\vppjp.exe120⤵
-
\??\c:\1vddj.exec:\1vddj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-