Analysis
-
max time kernel
143s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
14-05-2024 21:15
General
-
Target
29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
29557fc4e2a787e47b1b273b6c1e6cd0
-
SHA1
a31348ffac3f127ad62bb8e3727a974c208297d8
-
SHA256
9019160c4635e3bfa014dc6c28d633ad02bd60db21ffa275e5c17a5123a2b625
-
SHA512
1a5fcc8219745646e264e038fc9280767da40d7195dbce988542479d3afa46f152423ff6043fe05b20d5baa76693b9133e12cf1bb0588c4d6a494b269082bc8c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINQ:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCuS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlfrf.exec:\lfrlfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrlxx.exec:\rxfrlxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvjd.exec:\jpvjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfrr.exec:\rrrlfrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxrfx.exec:\9ffxrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhbt.exec:\hhhhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnn.exec:\nbbnnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpj.exec:\1vvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrllr.exec:\lflrllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntntn.exec:\nntntn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhthb.exec:\bbhthb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvp.exec:\jpvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxrrr.exec:\rlrxrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnhn.exec:\thbnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvv.exec:\jdvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvpv.exec:\9vvpv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrffr.exec:\1frrffr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbtn.exec:\5bhbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe23⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\fxrflxr.exec:\fxrflxr.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbnhn.exec:\tnbnhn.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnhtt.exec:\bnnhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\rrlxflf.exec:\rrlxflf.exe30⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\9htnhb.exec:\9htnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe33⤵
- Executes dropped EXE
-
\??\c:\5vpvj.exec:\5vpvj.exe34⤵
- Executes dropped EXE
-
\??\c:\xflrfxx.exec:\xflrfxx.exe35⤵
- Executes dropped EXE
-
\??\c:\1tbtbb.exec:\1tbtbb.exe36⤵
-
\??\c:\5bhbth.exec:\5bhbth.exe37⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe39⤵
- Executes dropped EXE
-
\??\c:\xflxrlf.exec:\xflxrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbnbbb.exec:\nbnbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe44⤵
- Executes dropped EXE
-
\??\c:\lxlxrlf.exec:\lxlxrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrfffr.exec:\rfrfffr.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbtnb.exec:\hbbtnb.exe47⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\3rxlrrl.exec:\3rxlrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\ntnbbb.exec:\ntnbbb.exe50⤵
- Executes dropped EXE
-
\??\c:\bnnhnh.exec:\bnnhnh.exe51⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe52⤵
- Executes dropped EXE
-
\??\c:\1pddv.exec:\1pddv.exe53⤵
- Executes dropped EXE
-
\??\c:\xrlxlll.exec:\xrlxlll.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbtbb.exec:\tnbtbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tbhbbn.exec:\tbhbbn.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe57⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe58⤵
- Executes dropped EXE
-
\??\c:\lxllffx.exec:\lxllffx.exe59⤵
- Executes dropped EXE
-
\??\c:\rffrlfx.exec:\rffrlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\nbnbtt.exec:\nbnbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe63⤵
- Executes dropped EXE
-
\??\c:\9frlfxf.exec:\9frlfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\rlrlllf.exec:\rlrlllf.exe65⤵
- Executes dropped EXE
-
\??\c:\lrffxxr.exec:\lrffxxr.exe66⤵
- Executes dropped EXE
-
\??\c:\nhhnth.exec:\nhhnth.exe67⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe68⤵
-
\??\c:\dvppv.exec:\dvppv.exe69⤵
-
\??\c:\lrlrfxl.exec:\lrlrfxl.exe70⤵
-
\??\c:\xfffxfl.exec:\xfffxfl.exe71⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe72⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe73⤵
-
\??\c:\5jpjv.exec:\5jpjv.exe74⤵
-
\??\c:\xrfxfff.exec:\xrfxfff.exe75⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe76⤵
-
\??\c:\bhntht.exec:\bhntht.exe77⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe78⤵
-
\??\c:\llrllrr.exec:\llrllrr.exe79⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe80⤵
-
\??\c:\3tbbtt.exec:\3tbbtt.exe81⤵
-
\??\c:\9ttbbh.exec:\9ttbbh.exe82⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe83⤵
-
\??\c:\vvddv.exec:\vvddv.exe84⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe85⤵
-
\??\c:\xllrfxx.exec:\xllrfxx.exe86⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe87⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe88⤵
-
\??\c:\rfffflf.exec:\rfffflf.exe89⤵
-
\??\c:\1rxxrll.exec:\1rxxrll.exe90⤵
-
\??\c:\1bbntn.exec:\1bbntn.exe91⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe92⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe93⤵
-
\??\c:\frrlflx.exec:\frrlflx.exe94⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe95⤵
-
\??\c:\bbbbbt.exec:\bbbbbt.exe96⤵
-
\??\c:\htnnht.exec:\htnnht.exe97⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe98⤵
-
\??\c:\rrrrfff.exec:\rrrrfff.exe99⤵
-
\??\c:\9llxxll.exec:\9llxxll.exe100⤵
-
\??\c:\hhbbbb.exec:\hhbbbb.exe101⤵
-
\??\c:\bbbtnn.exec:\bbbtnn.exe102⤵
-
\??\c:\pdddd.exec:\pdddd.exe103⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe104⤵
-
\??\c:\lrffrfx.exec:\lrffrfx.exe105⤵
-
\??\c:\nbthtn.exec:\nbthtn.exe106⤵
-
\??\c:\tnbtnn.exec:\tnbtnn.exe107⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe108⤵
-
\??\c:\9frrfll.exec:\9frrfll.exe109⤵
-
\??\c:\nhnhnt.exec:\nhnhnt.exe110⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe111⤵
-
\??\c:\5jvvp.exec:\5jvvp.exe112⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe113⤵
-
\??\c:\xxxfxfx.exec:\xxxfxfx.exe114⤵
-
\??\c:\nnnhbt.exec:\nnnhbt.exe115⤵
-
\??\c:\bbhhbb.exec:\bbhhbb.exe116⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe117⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe118⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe119⤵
-
\??\c:\3llllff.exec:\3llllff.exe120⤵
-
\??\c:\3llrxxf.exec:\3llrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-