Analysis
-
max time kernel
150s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14-05-2024 19:53
General
-
Target
1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe
-
Size
55KB
-
MD5
1962c2d255ddda41f20c413cdcbe4110
-
SHA1
b23ff4331c1051ce6405cac6df102bf41b5f80e3
-
SHA256
ef9db928876eb3d34dd614934c87cebb26b0302bcf332ed21c34fe6a68be0764
-
SHA512
45c1477e07f8bf56f0c72ae38bb590d125e435e660e1dc6d15c485e124309cbbb4a14bfbfd3e8ac26cfddc1492a326e12634277ad1005ff0016c2d1d697398d1
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFes:ymb3NkkiQ3mdBjFIFes
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1962c2d255ddda41f20c413cdcbe4110_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlffx.exec:\xxxlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhh.exec:\bbnhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvv.exec:\vdvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfrr.exec:\rlflfrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhntb.exec:\bhhntb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlfll.exec:\xrrlfll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrxx.exec:\xrxrrxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhhh.exec:\1nhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffxfx.exec:\flffxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhhh.exec:\bbhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvv.exec:\pjjvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllllr.exec:\flllllr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbht.exec:\ttbbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrrl.exec:\fxllrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnhh.exec:\htbnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\xllllrr.exec:\xllllrr.exe24⤵
- Executes dropped EXE
-
\??\c:\htbttn.exec:\htbttn.exe25⤵
- Executes dropped EXE
-
\??\c:\htbbbb.exec:\htbbbb.exe26⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfxllll.exec:\lfxllll.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbbbh.exec:\hhbbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\nthbtb.exec:\nthbtb.exe30⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe31⤵
- Executes dropped EXE
-
\??\c:\7xxlrrl.exec:\7xxlrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\tbhbtb.exec:\tbhbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\ffffffl.exec:\ffffffl.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxxxx.exec:\lffxxxx.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbhhh.exec:\ttbhhh.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\frxrrrr.exec:\frxrrrr.exe44⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\7bbhhb.exec:\7bbhhb.exe46⤵
- Executes dropped EXE
-
\??\c:\btnnhh.exec:\btnnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vdvvp.exec:\vdvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe50⤵
- Executes dropped EXE
-
\??\c:\rfxxfrr.exec:\rfxxfrr.exe51⤵
- Executes dropped EXE
-
\??\c:\hbbhhn.exec:\hbbhhn.exe52⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\rrxfffl.exec:\rrxfffl.exe56⤵
- Executes dropped EXE
-
\??\c:\flxxxfx.exec:\flxxxfx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxllfff.exec:\lxllfff.exe61⤵
- Executes dropped EXE
-
\??\c:\bnbhtb.exec:\bnbhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe63⤵
- Executes dropped EXE
-
\??\c:\frxxrxr.exec:\frxxrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\rfrlrxl.exec:\rfrlrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbhhth.exec:\hbhhth.exe66⤵
-
\??\c:\vvddj.exec:\vvddj.exe67⤵
-
\??\c:\9xffrxx.exec:\9xffrxx.exe68⤵
-
\??\c:\bntbhn.exec:\bntbhn.exe69⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe70⤵
-
\??\c:\lrrfffx.exec:\lrrfffx.exe71⤵
-
\??\c:\thnttb.exec:\thnttb.exe72⤵
-
\??\c:\1nhhth.exec:\1nhhth.exe73⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe74⤵
-
\??\c:\5xllfrr.exec:\5xllfrr.exe75⤵
-
\??\c:\9xlrfrl.exec:\9xlrfrl.exe76⤵
-
\??\c:\3nbbtb.exec:\3nbbtb.exe77⤵
-
\??\c:\ddddd.exec:\ddddd.exe78⤵
-
\??\c:\fxxfxff.exec:\fxxfxff.exe79⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe80⤵
-
\??\c:\xlrxrff.exec:\xlrxrff.exe81⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe82⤵
-
\??\c:\ppddj.exec:\ppddj.exe83⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe84⤵
-
\??\c:\pjppv.exec:\pjppv.exe85⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe86⤵
-
\??\c:\frxxxfx.exec:\frxxxfx.exe87⤵
-
\??\c:\ttthhn.exec:\ttthhn.exe88⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe89⤵
-
\??\c:\1lrxrff.exec:\1lrxrff.exe90⤵
-
\??\c:\tntttb.exec:\tntttb.exe91⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe92⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe93⤵
-
\??\c:\rflfxfx.exec:\rflfxfx.exe94⤵
-
\??\c:\bbhnhn.exec:\bbhnhn.exe95⤵
-
\??\c:\tthttb.exec:\tthttb.exe96⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe97⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe98⤵
-
\??\c:\9nbtnt.exec:\9nbtnt.exe99⤵
-
\??\c:\9pvvv.exec:\9pvvv.exe100⤵
-
\??\c:\xfrlfll.exec:\xfrlfll.exe101⤵
-
\??\c:\3bbhht.exec:\3bbhht.exe102⤵
-
\??\c:\thtttb.exec:\thtttb.exe103⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe104⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe105⤵
-
\??\c:\xllllll.exec:\xllllll.exe106⤵
-
\??\c:\9thhhh.exec:\9thhhh.exe107⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe108⤵
-
\??\c:\hhnhhn.exec:\hhnhhn.exe109⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe110⤵
-
\??\c:\xflffrl.exec:\xflffrl.exe111⤵
-
\??\c:\flflxfl.exec:\flflxfl.exe112⤵
-
\??\c:\nthtnn.exec:\nthtnn.exe113⤵
-
\??\c:\tnbtbh.exec:\tnbtbh.exe114⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe115⤵
-
\??\c:\ddjjd.exec:\ddjjd.exe116⤵
-
\??\c:\bbnnhn.exec:\bbnnhn.exe117⤵
-
\??\c:\bhthhh.exec:\bhthhh.exe118⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe119⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe120⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-