Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
15/05/2024, 11:12
General
-
Target
ceddedc615c44774f8352391828864f0_NeikiAnalytics.exe
-
Size
198KB
-
MD5
ceddedc615c44774f8352391828864f0
-
SHA1
6863c50dcf3eedbf729c4777a31aa0eb1037f67a
-
SHA256
74ee16d57f9e0ebc1167b8fff0b4072097d867eee6f6a07e3753b199ababb32c
-
SHA512
4ee6676561d95793f1e267a6dba0728af014862cbe096461ce140b18d29c5c0e77534c36cd72d92c0001821e78768711626621d8e04d242455998132ca17f17b
-
SSDEEP
1536:1vQBeOGtrYSSsrc93UBIfdC67m6AJiqpfg3Cn/uiYs6Rp:1hOm2sI93UufdC67ciifmCnmiYJD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ceddedc615c44774f8352391828864f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ceddedc615c44774f8352391828864f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlflxr.exec:\3rlflxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthbt.exec:\5bthbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnhnn.exec:\1nnhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlfxxx.exec:\9rlfxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnh.exec:\hhhbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrffr.exec:\llxrffr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtt.exec:\hthbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfxrr.exec:\xrxfxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbtn.exec:\bnhbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjv.exec:\3vpjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvp.exec:\3pjvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxxr.exec:\lffxxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\jvdvv.exec:\jvdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\3rxrfll.exec:\3rxrfll.exe26⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxxxll.exec:\lfxxxll.exe29⤵
- Executes dropped EXE
-
\??\c:\3flxfff.exec:\3flxfff.exe30⤵
- Executes dropped EXE
-
\??\c:\bbhbnn.exec:\bbhbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\bttbtt.exec:\bttbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxrlll.exec:\lfxrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\5nnhhb.exec:\5nnhhb.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxlffx.exec:\ffxlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe36⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe37⤵
- Executes dropped EXE
-
\??\c:\llxrfxl.exec:\llxrfxl.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe39⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\rrlxxxr.exec:\rrlxxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\nnthnt.exec:\nnthnt.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnbhb.exec:\hbnbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjvj.exec:\vjjvj.exe46⤵
- Executes dropped EXE
-
\??\c:\fllxllf.exec:\fllxllf.exe47⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\1llxrlx.exec:\1llxrlx.exe49⤵
- Executes dropped EXE
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\bttnbb.exec:\bttnbb.exe52⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe53⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe54⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe56⤵
- Executes dropped EXE
-
\??\c:\fllxffx.exec:\fllxffx.exe57⤵
- Executes dropped EXE
-
\??\c:\rlllxxf.exec:\rlllxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe60⤵
- Executes dropped EXE
-
\??\c:\9lrlxfx.exec:\9lrlxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhnht.exec:\nhhnht.exe62⤵
- Executes dropped EXE
-
\??\c:\vdvpp.exec:\vdvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe65⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe66⤵
-
\??\c:\rrrlfll.exec:\rrrlfll.exe67⤵
-
\??\c:\7ttttt.exec:\7ttttt.exe68⤵
-
\??\c:\tbntbh.exec:\tbntbh.exe69⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe70⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe71⤵
-
\??\c:\llxrxxr.exec:\llxrxxr.exe72⤵
-
\??\c:\hthbnn.exec:\hthbnn.exe73⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe74⤵
-
\??\c:\jvddd.exec:\jvddd.exe75⤵
-
\??\c:\rllllll.exec:\rllllll.exe76⤵
-
\??\c:\xxxxrxr.exec:\xxxxrxr.exe77⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe78⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe79⤵
-
\??\c:\jjppj.exec:\jjppj.exe80⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe81⤵
-
\??\c:\3hnhnn.exec:\3hnhnn.exe82⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe83⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe84⤵
-
\??\c:\3fxxrff.exec:\3fxxrff.exe85⤵
-
\??\c:\3lrlllr.exec:\3lrlllr.exe86⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe87⤵
-
\??\c:\ntbhbt.exec:\ntbhbt.exe88⤵
-
\??\c:\ddddd.exec:\ddddd.exe89⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe90⤵
-
\??\c:\xxrrxxl.exec:\xxrrxxl.exe91⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe92⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe93⤵
-
\??\c:\pvppj.exec:\pvppj.exe94⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe95⤵
-
\??\c:\fflxxxx.exec:\fflxxxx.exe96⤵
-
\??\c:\hhnbtn.exec:\hhnbtn.exe97⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe98⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe99⤵
-
\??\c:\rrrrlxl.exec:\rrrrlxl.exe100⤵
-
\??\c:\nhbtnh.exec:\nhbtnh.exe101⤵
-
\??\c:\7jvpj.exec:\7jvpj.exe102⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe103⤵
-
\??\c:\5llllrr.exec:\5llllrr.exe104⤵
-
\??\c:\3dvpj.exec:\3dvpj.exe105⤵
-
\??\c:\jpjvp.exec:\jpjvp.exe106⤵
-
\??\c:\3xxlffx.exec:\3xxlffx.exe107⤵
-
\??\c:\rxxllff.exec:\rxxllff.exe108⤵
-
\??\c:\hthbtt.exec:\hthbtt.exe109⤵
-
\??\c:\jddpp.exec:\jddpp.exe110⤵
-
\??\c:\9pvjj.exec:\9pvjj.exe111⤵
-
\??\c:\9lrrxrl.exec:\9lrrxrl.exe112⤵
-
\??\c:\nnhhhb.exec:\nnhhhb.exe113⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe114⤵
-
\??\c:\djjdd.exec:\djjdd.exe115⤵
-
\??\c:\lrllllf.exec:\lrllllf.exe116⤵
-
\??\c:\lflrflf.exec:\lflrflf.exe117⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe118⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe119⤵
-
\??\c:\3pvpj.exec:\3pvpj.exe120⤵
-
\??\c:\flxrlrl.exec:\flxrlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-