Analysis
-
max time kernel
150s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 02:45
General
-
Target
83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe
-
Size
386KB
-
MD5
83e840db3223e5aa7b0089816fc74480
-
SHA1
edfcb069026a516204028bdc19a914d136ea890c
-
SHA256
9d8e91850acc745386ad1e33f9c341930df95a8102dff1bb93526fc59414c17a
-
SHA512
76e7f44e6b3e7599fb853caca9e2ec129ce94a5184714ff142f0fdfea7a21ad799ca9a06f9e1b5af9b12ce54e8680b5edb55015a8db7fe47a23b9e843b80f76e
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthmx:n3C9uYA7okVqdKwaO5CVMhmx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhhbb.exec:\1nhhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlffr.exec:\frxlffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxl.exec:\fxlfxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfffx.exec:\lllfffx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtbb.exec:\hhbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdv.exec:\5jjdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrlrxr.exec:\5rrlrxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttbbb.exec:\9ttbbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnt.exec:\tnbbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttt.exec:\tnbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnn.exec:\hbbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnhh.exec:\7ntnhh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjj.exec:\3vjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnhh.exec:\thnnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpj.exec:\jvdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\thbthb.exec:\thbthb.exe24⤵
- Executes dropped EXE
-
\??\c:\djppp.exec:\djppp.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe26⤵
- Executes dropped EXE
-
\??\c:\jppjp.exec:\jppjp.exe27⤵
- Executes dropped EXE
-
\??\c:\5xfxxxr.exec:\5xfxxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\lxlfxrl.exec:\lxlfxrl.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbtbb.exec:\hbbtbb.exe31⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe34⤵
- Executes dropped EXE
-
\??\c:\7flxrlf.exec:\7flxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\btbtbn.exec:\btbtbn.exe36⤵
- Executes dropped EXE
-
\??\c:\vjpvp.exec:\vjpvp.exe37⤵
- Executes dropped EXE
-
\??\c:\frrlffr.exec:\frrlffr.exe38⤵
- Executes dropped EXE
-
\??\c:\ffllffx.exec:\ffllffx.exe39⤵
- Executes dropped EXE
-
\??\c:\hntttb.exec:\hntttb.exe40⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe41⤵
- Executes dropped EXE
-
\??\c:\3jjjv.exec:\3jjjv.exe42⤵
- Executes dropped EXE
-
\??\c:\ffxrrll.exec:\ffxrrll.exe43⤵
- Executes dropped EXE
-
\??\c:\tbhbtt.exec:\tbhbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe45⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe46⤵
- Executes dropped EXE
-
\??\c:\ffrlffl.exec:\ffrlffl.exe47⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\ntnbnh.exec:\ntnbnh.exe49⤵
- Executes dropped EXE
-
\??\c:\jpvjd.exec:\jpvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe52⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rrfxllx.exec:\rrfxllx.exe57⤵
- Executes dropped EXE
-
\??\c:\nbhbnn.exec:\nbhbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vdjpj.exec:\vdjpj.exe59⤵
- Executes dropped EXE
-
\??\c:\frfxllf.exec:\frfxllf.exe60⤵
- Executes dropped EXE
-
\??\c:\rxllxxx.exec:\rxllxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhtntn.exec:\nhtntn.exe62⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe63⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe65⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe66⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe67⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe68⤵
-
\??\c:\rlrfxfl.exec:\rlrfxfl.exe69⤵
-
\??\c:\htttbb.exec:\htttbb.exe70⤵
-
\??\c:\nhbttn.exec:\nhbttn.exe71⤵
-
\??\c:\vppjv.exec:\vppjv.exe72⤵
-
\??\c:\lxfxlrl.exec:\lxfxlrl.exe73⤵
-
\??\c:\lrxrrrl.exec:\lrxrrrl.exe74⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe75⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe76⤵
-
\??\c:\jddpj.exec:\jddpj.exe77⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe78⤵
-
\??\c:\bnttnn.exec:\bnttnn.exe79⤵
-
\??\c:\hhhtnh.exec:\hhhtnh.exe80⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe81⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe82⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe83⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe84⤵
-
\??\c:\lrxrllx.exec:\lrxrllx.exe85⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe86⤵
-
\??\c:\5hhbtn.exec:\5hhbtn.exe87⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe88⤵
-
\??\c:\xxrrrlf.exec:\xxrrrlf.exe89⤵
-
\??\c:\3rxrfxf.exec:\3rxrfxf.exe90⤵
-
\??\c:\hhhbtn.exec:\hhhbtn.exe91⤵
-
\??\c:\ddppv.exec:\ddppv.exe92⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe93⤵
-
\??\c:\1rfrfxf.exec:\1rfrfxf.exe94⤵
-
\??\c:\nhttbt.exec:\nhttbt.exe95⤵
-
\??\c:\1nntbn.exec:\1nntbn.exe96⤵
-
\??\c:\vppjj.exec:\vppjj.exe97⤵
-
\??\c:\1xxrllf.exec:\1xxrllf.exe98⤵
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe99⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe100⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe101⤵
-
\??\c:\rllfrll.exec:\rllfrll.exe102⤵
-
\??\c:\1nhbtt.exec:\1nhbtt.exe103⤵
-
\??\c:\djjdp.exec:\djjdp.exe104⤵
-
\??\c:\9xxrrrr.exec:\9xxrrrr.exe105⤵
-
\??\c:\lffrllf.exec:\lffrllf.exe106⤵
-
\??\c:\djjdv.exec:\djjdv.exe107⤵
-
\??\c:\djvjd.exec:\djvjd.exe108⤵
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe109⤵
-
\??\c:\5nhhbb.exec:\5nhhbb.exe110⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe111⤵
-
\??\c:\rfrxrrl.exec:\rfrxrrl.exe112⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe113⤵
-
\??\c:\tbhbht.exec:\tbhbht.exe114⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe115⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe116⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe117⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe118⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe119⤵
-
\??\c:\1hbthb.exec:\1hbthb.exe120⤵
-
\??\c:\httntn.exec:\httntn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-