Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-05-2024 01:00
General
-
Target
6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe
-
Size
54KB
-
MD5
6b0285e52aed5874b68f0e3f1b6385d0
-
SHA1
3f146da5132d476f644518ca0a45380e712e4608
-
SHA256
2fbdf44a3ee3ff8d9c2367e2e09fe797283bc7f5531b40c15467b45615bb9b28
-
SHA512
a219e3d1c7aa81692170556ea5b1f15e61571b6124b1bb29c67a2d03a27d7d64c72ce21f27253df620e21eab7e1847467c76ecd551824157623c1f5592037a41
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI57Bd:ymb3NkkiQ3mdBjFIVBd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6b0285e52aed5874b68f0e3f1b6385d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrffxx.exec:\rrrffxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffflf.exec:\fxffflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnntt.exec:\hhnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjjp.exec:\7jjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djjd.exec:\5djjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrlx.exec:\lffxrlx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtn.exec:\thbbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhtt.exec:\nhhhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrxrrf.exec:\1rrxrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbh.exec:\bnttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhhh.exec:\btbhhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjj.exec:\jvdjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrll.exec:\lrrrrll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhnn.exec:\htnhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdv.exec:\vpjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjd.exec:\jjdjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrrl.exec:\lflfrrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtb.exec:\nbhbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnhtb.exec:\3nnhtb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjj.exec:\ddpjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvd.exec:\djdvd.exe23⤵
- Executes dropped EXE
-
\??\c:\lfffrll.exec:\lfffrll.exe24⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe25⤵
- Executes dropped EXE
-
\??\c:\3hnnhh.exec:\3hnnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe27⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe29⤵
- Executes dropped EXE
-
\??\c:\3rfxrrl.exec:\3rfxrrl.exe30⤵
- Executes dropped EXE
-
\??\c:\9bbtnh.exec:\9bbtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\5jpdd.exec:\5jpdd.exe32⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe33⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe36⤵
- Executes dropped EXE
-
\??\c:\flfflll.exec:\flfflll.exe37⤵
- Executes dropped EXE
-
\??\c:\httnnb.exec:\httnnb.exe38⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe39⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvvv.exec:\pvvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\rxlrxff.exec:\rxlrxff.exe42⤵
- Executes dropped EXE
-
\??\c:\1hnnhh.exec:\1hnnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\3jjdp.exec:\3jjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\frflrfx.exec:\frflrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\lxxrlxr.exec:\lxxrlxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe49⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe50⤵
- Executes dropped EXE
-
\??\c:\fxffxfl.exec:\fxffxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe54⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe55⤵
- Executes dropped EXE
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe56⤵
- Executes dropped EXE
-
\??\c:\5rfllrx.exec:\5rfllrx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\tnthht.exec:\tnthht.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjjj.exec:\jjjjj.exe61⤵
- Executes dropped EXE
-
\??\c:\3lffllx.exec:\3lffllx.exe62⤵
- Executes dropped EXE
-
\??\c:\7hnnhh.exec:\7hnnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\lrlxlxl.exec:\lrlxlxl.exe64⤵
- Executes dropped EXE
-
\??\c:\fxfxfrx.exec:\fxfxfrx.exe65⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe66⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe67⤵
-
\??\c:\3vjjp.exec:\3vjjp.exe68⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe69⤵
-
\??\c:\lrfrffr.exec:\lrfrffr.exe70⤵
-
\??\c:\7ntnbt.exec:\7ntnbt.exe71⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe72⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe73⤵
-
\??\c:\flrrrlf.exec:\flrrrlf.exe74⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe75⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe76⤵
-
\??\c:\pvddd.exec:\pvddd.exe77⤵
-
\??\c:\7xrlffl.exec:\7xrlffl.exe78⤵
-
\??\c:\5hbbtt.exec:\5hbbtt.exe79⤵
-
\??\c:\hnthbb.exec:\hnthbb.exe80⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe81⤵
-
\??\c:\ffllfxx.exec:\ffllfxx.exe82⤵
-
\??\c:\rlfllrr.exec:\rlfllrr.exe83⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe84⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe85⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe86⤵
-
\??\c:\rlffxrl.exec:\rlffxrl.exe87⤵
-
\??\c:\xrxrlrl.exec:\xrxrlrl.exe88⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe89⤵
-
\??\c:\9bhhtt.exec:\9bhhtt.exe90⤵
-
\??\c:\vpppj.exec:\vpppj.exe91⤵
-
\??\c:\jvppp.exec:\jvppp.exe92⤵
-
\??\c:\frrlllf.exec:\frrlllf.exe93⤵
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe94⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe95⤵
-
\??\c:\hbhtbb.exec:\hbhtbb.exe96⤵
-
\??\c:\jppjd.exec:\jppjd.exe97⤵
-
\??\c:\jpddv.exec:\jpddv.exe98⤵
-
\??\c:\rrxxllx.exec:\rrxxllx.exe99⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe100⤵
-
\??\c:\nhnbhh.exec:\nhnbhh.exe101⤵
-
\??\c:\pvddd.exec:\pvddd.exe102⤵
-
\??\c:\1rxrfff.exec:\1rxrfff.exe103⤵
-
\??\c:\5rrxrrl.exec:\5rrxrrl.exe104⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe105⤵
-
\??\c:\lfxrflr.exec:\lfxrflr.exe106⤵
-
\??\c:\3xffxrr.exec:\3xffxrr.exe107⤵
-
\??\c:\htbntt.exec:\htbntt.exe108⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe109⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe110⤵
-
\??\c:\dddpd.exec:\dddpd.exe111⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe112⤵
-
\??\c:\nnhhbt.exec:\nnhhbt.exe113⤵
-
\??\c:\7nbbnn.exec:\7nbbnn.exe114⤵
-
\??\c:\tnhbth.exec:\tnhbth.exe115⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe116⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe117⤵
-
\??\c:\fxrfxxx.exec:\fxrfxxx.exe118⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe119⤵
-
\??\c:\pppdv.exec:\pppdv.exe120⤵
-
\??\c:\xlllllr.exec:\xlllllr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-