Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
15/05/2024, 18:19
General
-
Target
10b800cbd7b8cb09affa58f0ade91690_NeikiAnalytics.exe
-
Size
127KB
-
MD5
10b800cbd7b8cb09affa58f0ade91690
-
SHA1
6459a72f0444a03609fd49f2a1876c21fec3e40d
-
SHA256
30081e98507e008e31f7495a070d102f00e0543bd0b937a67be5924bca9492d6
-
SHA512
ddc9d86a39dbe3540fe16babad0d158d6a88f0bb8d84b635bf9469faf5908b2fb0e73245ecf7894cc1e1238883568f0194087a17c30eea9bd74b3893b99322fb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afodnmm9Ao98h3dktX4/JY:n3C9BRW0j/tmm9nwytIi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10b800cbd7b8cb09affa58f0ade91690_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\10b800cbd7b8cb09affa58f0ade91690_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjp.exec:\vjvjp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxflrl.exec:\xlxflrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthtt.exec:\nnthtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbh.exec:\htbbbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrff.exec:\lflfrff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvjd.exec:\djvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxfr.exec:\fxlrxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtt.exec:\hbhhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btttb.exec:\3btttb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxll.exec:\rxffxll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbbt.exec:\hhhbbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rlxrfr.exec:\1rlxrfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbnhb.exec:\bnbnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrlfl.exec:\1rrrlfl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttnn.exec:\htttnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvvv.exec:\1dvvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxxr.exec:\fllfxxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpj.exec:\vjjpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttbnt.exec:\nttbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe24⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe25⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe26⤵
- Executes dropped EXE
-
\??\c:\frxrflf.exec:\frxrflf.exe27⤵
- Executes dropped EXE
-
\??\c:\rlrrlff.exec:\rlrrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe30⤵
- Executes dropped EXE
-
\??\c:\hntnnb.exec:\hntnnb.exe31⤵
- Executes dropped EXE
-
\??\c:\tbtbtt.exec:\tbtbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vjdpv.exec:\vjdpv.exe33⤵
- Executes dropped EXE
-
\??\c:\nntnbt.exec:\nntnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe35⤵
- Executes dropped EXE
-
\??\c:\1jdpp.exec:\1jdpp.exe36⤵
- Executes dropped EXE
-
\??\c:\lrrxrrr.exec:\lrrxrrr.exe37⤵
- Executes dropped EXE
-
\??\c:\htnbnb.exec:\htnbnb.exe38⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe39⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe40⤵
- Executes dropped EXE
-
\??\c:\hbbttn.exec:\hbbttn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe43⤵
- Executes dropped EXE
-
\??\c:\rllflrl.exec:\rllflrl.exe44⤵
- Executes dropped EXE
-
\??\c:\xlxrrlf.exec:\xlxrrlf.exe45⤵
- Executes dropped EXE
-
\??\c:\5bbtnt.exec:\5bbtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrllxr.exec:\fxrllxr.exe48⤵
- Executes dropped EXE
-
\??\c:\lxfllrr.exec:\lxfllrr.exe49⤵
- Executes dropped EXE
-
\??\c:\ttbthn.exec:\ttbthn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe51⤵
- Executes dropped EXE
-
\??\c:\rxxxflx.exec:\rxxxflx.exe52⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe53⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\3vpjp.exec:\3vpjp.exe55⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe56⤵
- Executes dropped EXE
-
\??\c:\htbbth.exec:\htbbth.exe57⤵
- Executes dropped EXE
-
\??\c:\7bhbbb.exec:\7bhbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfxlfl.exec:\rlfxlfl.exe60⤵
- Executes dropped EXE
-
\??\c:\xfllfff.exec:\xfllfff.exe61⤵
- Executes dropped EXE
-
\??\c:\tnnnbn.exec:\tnnnbn.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\3rfrlff.exec:\3rfrlff.exe64⤵
- Executes dropped EXE
-
\??\c:\5rxxxfx.exec:\5rxxxfx.exe65⤵
-
\??\c:\bthtbt.exec:\bthtbt.exe66⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe67⤵
-
\??\c:\vdvpp.exec:\vdvpp.exe68⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe69⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe70⤵
-
\??\c:\ddddd.exec:\ddddd.exe71⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe72⤵
-
\??\c:\flffrll.exec:\flffrll.exe73⤵
-
\??\c:\tnthhb.exec:\tnthhb.exe74⤵
-
\??\c:\rxrlxlr.exec:\rxrlxlr.exe75⤵
-
\??\c:\rrrrfrr.exec:\rrrrfrr.exe76⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe77⤵
-
\??\c:\djjjp.exec:\djjjp.exe78⤵
-
\??\c:\rllffll.exec:\rllffll.exe79⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe80⤵
-
\??\c:\tbhtbb.exec:\tbhtbb.exe81⤵
-
\??\c:\vpppj.exec:\vpppj.exe82⤵
-
\??\c:\3fffxfx.exec:\3fffxfx.exe83⤵
-
\??\c:\3fllfff.exec:\3fllfff.exe84⤵
-
\??\c:\ppddd.exec:\ppddd.exe85⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe86⤵
-
\??\c:\9dddv.exec:\9dddv.exe87⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe88⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe89⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe90⤵
-
\??\c:\9vpjj.exec:\9vpjj.exe91⤵
-
\??\c:\1lrlfff.exec:\1lrlfff.exe92⤵
-
\??\c:\tnhhnb.exec:\tnhhnb.exe93⤵
-
\??\c:\pppjj.exec:\pppjj.exe94⤵
-
\??\c:\htbtbt.exec:\htbtbt.exe95⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe96⤵
-
\??\c:\bntttn.exec:\bntttn.exe97⤵
-
\??\c:\9vppp.exec:\9vppp.exe98⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe99⤵
-
\??\c:\1xxfxxx.exec:\1xxfxxx.exe100⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe101⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe102⤵
-
\??\c:\vdddd.exec:\vdddd.exe103⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe104⤵
-
\??\c:\ffrflfx.exec:\ffrflfx.exe105⤵
-
\??\c:\ntbnhh.exec:\ntbnhh.exe106⤵
-
\??\c:\vdppj.exec:\vdppj.exe107⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe108⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe109⤵
-
\??\c:\nhnnnh.exec:\nhnnnh.exe110⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe111⤵
-
\??\c:\7xfxrll.exec:\7xfxrll.exe112⤵
-
\??\c:\9rflffx.exec:\9rflffx.exe113⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe114⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe115⤵
-
\??\c:\xxlflll.exec:\xxlflll.exe116⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe117⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe118⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe119⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe120⤵
-
\??\c:\rrlfrrx.exec:\rrlfrrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-