Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
15/05/2024, 14:09
General
-
Target
d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe
-
Size
56KB
-
MD5
d5afc026b48989055c3f50b560cfd590
-
SHA1
5b2001b50e115b9041029c0af803c0473ceb608c
-
SHA256
ac7caee2cc7011864bcdda6102cbe3a8274eb671788e0de5c1a70542ddbe8673
-
SHA512
9bdef22fbad5cbd8a80a5cdb4c67790c6bcc564126f22d3f1b8862f087ae94ef14ca886622874f6f213094eb72722d485720bf725d8507a5f53f4b9fb7911740
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bO:ymb3NkkiQ3mdBjFIb6tZNO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdj.exec:\dvjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frlfxl.exec:\7frlfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbhtn.exec:\3hbhtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbtn.exec:\hnhbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxfrrl.exec:\7xxfrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflxrl.exec:\xlflxrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhtt.exec:\1nhhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlfr.exec:\rflxlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtthh.exec:\tbtthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhbn.exec:\3hhhbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppv.exec:\jpppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxlxrx.exec:\5xxlxrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbthb.exec:\5hbthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhb.exec:\hbnbhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jdpd.exec:\9jdpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxxlf.exec:\lllxxlf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhtt.exec:\tbnhtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthnh.exec:\nbthnh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrflfx.exec:\lrrflfx.exe23⤵
- Executes dropped EXE
-
\??\c:\fllxrrf.exec:\fllxrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbttn.exec:\bnbttn.exe25⤵
- Executes dropped EXE
-
\??\c:\1dvpv.exec:\1dvpv.exe26⤵
- Executes dropped EXE
-
\??\c:\3lfxfxf.exec:\3lfxfxf.exe27⤵
- Executes dropped EXE
-
\??\c:\rffxxrf.exec:\rffxxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe29⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe31⤵
- Executes dropped EXE
-
\??\c:\rfxlxrf.exec:\rfxlxrf.exe32⤵
- Executes dropped EXE
-
\??\c:\9lfxlfx.exec:\9lfxlfx.exe33⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe34⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\rllxxxx.exec:\rllxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\xlfrllf.exec:\xlfrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe38⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\3jpdv.exec:\3jpdv.exe40⤵
- Executes dropped EXE
-
\??\c:\7frrfxf.exec:\7frrfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\frfxrfx.exec:\frfxrfx.exe42⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\5tnbnh.exec:\5tnbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhtnb.exec:\tnhtnb.exe45⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe47⤵
- Executes dropped EXE
-
\??\c:\1lfrfxl.exec:\1lfrfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe49⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\3jjdv.exec:\3jjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe52⤵
- Executes dropped EXE
-
\??\c:\1xxxrrl.exec:\1xxxrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\xxrrllf.exec:\xxrrllf.exe54⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe55⤵
- Executes dropped EXE
-
\??\c:\9jpdp.exec:\9jpdp.exe56⤵
- Executes dropped EXE
-
\??\c:\rxfxlll.exec:\rxfxlll.exe57⤵
- Executes dropped EXE
-
\??\c:\rrllfff.exec:\rrllfff.exe58⤵
- Executes dropped EXE
-
\??\c:\3bnhhb.exec:\3bnhhb.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhnbh.exec:\nhhnbh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\lxrfffl.exec:\lxrfffl.exe63⤵
- Executes dropped EXE
-
\??\c:\lxflxfl.exec:\lxflxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\1tnhhh.exec:\1tnhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe66⤵
-
\??\c:\djppp.exec:\djppp.exe67⤵
-
\??\c:\9xfxrrr.exec:\9xfxrrr.exe68⤵
-
\??\c:\rfffxff.exec:\rfffxff.exe69⤵
-
\??\c:\5hnnhh.exec:\5hnnhh.exe70⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe71⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe72⤵
-
\??\c:\pdddv.exec:\pdddv.exe73⤵
-
\??\c:\fxffffx.exec:\fxffffx.exe74⤵
-
\??\c:\lfffxll.exec:\lfffxll.exe75⤵
-
\??\c:\1nnnhh.exec:\1nnnhh.exe76⤵
-
\??\c:\bbnnnb.exec:\bbnnnb.exe77⤵
-
\??\c:\jjppd.exec:\jjppd.exe78⤵
-
\??\c:\pddjp.exec:\pddjp.exe79⤵
-
\??\c:\5xxlllf.exec:\5xxlllf.exe80⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe81⤵
-
\??\c:\5bbtnn.exec:\5bbtnn.exe82⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe83⤵
-
\??\c:\7ddvv.exec:\7ddvv.exe84⤵
-
\??\c:\ffrxrxx.exec:\ffrxrxx.exe85⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe86⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe87⤵
-
\??\c:\1bhbbn.exec:\1bhbbn.exe88⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe89⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe90⤵
-
\??\c:\vdppv.exec:\vdppv.exe91⤵
-
\??\c:\lxrrllf.exec:\lxrrllf.exe92⤵
-
\??\c:\hhhnbt.exec:\hhhnbt.exe93⤵
-
\??\c:\1xfxxfl.exec:\1xfxxfl.exe94⤵
-
\??\c:\llllfff.exec:\llllfff.exe95⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe96⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe97⤵
-
\??\c:\3pppd.exec:\3pppd.exe98⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe99⤵
-
\??\c:\rllfrrl.exec:\rllfrrl.exe100⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe101⤵
-
\??\c:\1bbbtb.exec:\1bbbtb.exe102⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe103⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe104⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe105⤵
-
\??\c:\xrfrrll.exec:\xrfrrll.exe106⤵
-
\??\c:\nntbtt.exec:\nntbtt.exe107⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe108⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe109⤵
-
\??\c:\3jppd.exec:\3jppd.exe110⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe111⤵
-
\??\c:\fllllrl.exec:\fllllrl.exe112⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe113⤵
-
\??\c:\bnnhbn.exec:\bnnhbn.exe114⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe115⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe116⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe117⤵
-
\??\c:\frxxrrl.exec:\frxxrrl.exe118⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe119⤵
-
\??\c:\7btnbb.exec:\7btnbb.exe120⤵
-
\??\c:\1xfrlfx.exec:\1xfrlfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-