Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16/05/2024, 05:52
General
-
Target
a96dd4eb94155e73dcec598f545eb130_NeikiAnalytics.exe
-
Size
94KB
-
MD5
a96dd4eb94155e73dcec598f545eb130
-
SHA1
363e70c93e627a87a9a87bb64280eef10dad4b18
-
SHA256
6cb8fb268273d6db25f2d569f9e414860ffb16f36cb58dafa638404f1b8ee1a7
-
SHA512
861976f34b1aa141097dcdc028eb8e1eb3ec453fa625142a64cfe2f4b183d2daaf47e6428067c29019b8002e0e13254fc80f96e95869c2cc0b134eb16002dcbf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtr:ymb3NkkiQ3mdBjFIWeFGyAsJAg2r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a96dd4eb94155e73dcec598f545eb130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a96dd4eb94155e73dcec598f545eb130_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdpp.exec:\1pdpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvj.exec:\jjjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtbt.exec:\nbbtbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxffr.exec:\xllxffr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxlxf.exec:\xxfxlxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htnbt.exec:\1htnbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddv.exec:\1dddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlxx.exec:\frlxlxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppd.exec:\jvppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxlxxr.exec:\5rxlxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvd.exec:\vvjvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxlffr.exec:\9rxlffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrl.exec:\xllfxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntntnb.exec:\ntntnb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddv.exec:\pdddv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe23⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe24⤵
- Executes dropped EXE
-
\??\c:\tnthht.exec:\tnthht.exe25⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe26⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe27⤵
- Executes dropped EXE
-
\??\c:\llrlfxr.exec:\llrlfxr.exe28⤵
- Executes dropped EXE
-
\??\c:\bnnbnt.exec:\bnnbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe30⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfrrff.exec:\xrfrrff.exe32⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe34⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\3vvjv.exec:\3vvjv.exe38⤵
- Executes dropped EXE
-
\??\c:\fllffrx.exec:\fllffrx.exe39⤵
- Executes dropped EXE
-
\??\c:\bhtnht.exec:\bhtnht.exe40⤵
- Executes dropped EXE
-
\??\c:\9bhttn.exec:\9bhttn.exe41⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe42⤵
- Executes dropped EXE
-
\??\c:\frxlfxx.exec:\frxlfxx.exe43⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe44⤵
- Executes dropped EXE
-
\??\c:\bnnbtn.exec:\bnnbtn.exe45⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\ttbnht.exec:\ttbnht.exe47⤵
- Executes dropped EXE
-
\??\c:\bhhtht.exec:\bhhtht.exe48⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe49⤵
- Executes dropped EXE
-
\??\c:\xlfxffx.exec:\xlfxffx.exe50⤵
- Executes dropped EXE
-
\??\c:\flffxrf.exec:\flffxrf.exe51⤵
- Executes dropped EXE
-
\??\c:\tnnhhh.exec:\tnnhhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe53⤵
- Executes dropped EXE
-
\??\c:\frrxflf.exec:\frrxflf.exe54⤵
- Executes dropped EXE
-
\??\c:\rflxrrl.exec:\rflxrrl.exe55⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe56⤵
- Executes dropped EXE
-
\??\c:\9nhbtn.exec:\9nhbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe58⤵
- Executes dropped EXE
-
\??\c:\9ddvp.exec:\9ddvp.exe59⤵
- Executes dropped EXE
-
\??\c:\frfrxrl.exec:\frfrxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\1hhbnh.exec:\1hhbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe63⤵
- Executes dropped EXE
-
\??\c:\1vvjv.exec:\1vvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxllfxr.exec:\xxllfxr.exe65⤵
- Executes dropped EXE
-
\??\c:\ntnhbn.exec:\ntnhbn.exe66⤵
-
\??\c:\thhtbh.exec:\thhtbh.exe67⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe68⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe69⤵
-
\??\c:\ffrlfrx.exec:\ffrlfrx.exe70⤵
-
\??\c:\5lfrflf.exec:\5lfrflf.exe71⤵
-
\??\c:\nnnhth.exec:\nnnhth.exe72⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe73⤵
-
\??\c:\rrrlxlf.exec:\rrrlxlf.exe74⤵
-
\??\c:\lfxxrll.exec:\lfxxrll.exe75⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe76⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe77⤵
-
\??\c:\rlxrxxr.exec:\rlxrxxr.exe78⤵
-
\??\c:\5fxlxrl.exec:\5fxlxrl.exe79⤵
-
\??\c:\tbhbtn.exec:\tbhbtn.exe80⤵
-
\??\c:\hnntnn.exec:\hnntnn.exe81⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe82⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe83⤵
-
\??\c:\lfxxrxf.exec:\lfxxrxf.exe84⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe85⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe86⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe87⤵
-
\??\c:\pvvpv.exec:\pvvpv.exe88⤵
-
\??\c:\9ffrfxx.exec:\9ffrfxx.exe89⤵
-
\??\c:\1rlfrfr.exec:\1rlfrfr.exe90⤵
-
\??\c:\rffrfxl.exec:\rffrfxl.exe91⤵
-
\??\c:\btbntn.exec:\btbntn.exe92⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe93⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe94⤵
-
\??\c:\lflxlff.exec:\lflxlff.exe95⤵
-
\??\c:\rxxffxx.exec:\rxxffxx.exe96⤵
-
\??\c:\3bbbbt.exec:\3bbbbt.exe97⤵
-
\??\c:\btttbb.exec:\btttbb.exe98⤵
-
\??\c:\pvpdj.exec:\pvpdj.exe99⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe100⤵
-
\??\c:\rrrflfx.exec:\rrrflfx.exe101⤵
-
\??\c:\lrfxlfr.exec:\lrfxlfr.exe102⤵
-
\??\c:\thnbbt.exec:\thnbbt.exe103⤵
-
\??\c:\3tnhnh.exec:\3tnhnh.exe104⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe105⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe106⤵
-
\??\c:\lxrflfx.exec:\lxrflfx.exe107⤵
-
\??\c:\9xlxllx.exec:\9xlxllx.exe108⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe109⤵
-
\??\c:\hnhtnh.exec:\hnhtnh.exe110⤵
-
\??\c:\dppjj.exec:\dppjj.exe111⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe112⤵
-
\??\c:\1llxlfx.exec:\1llxlfx.exe113⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe114⤵
-
\??\c:\tnnhtt.exec:\tnnhtt.exe115⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe116⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe117⤵
-
\??\c:\vddpd.exec:\vddpd.exe118⤵
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe119⤵
-
\??\c:\7ttntn.exec:\7ttntn.exe120⤵
-
\??\c:\nbnhtn.exec:\nbnhtn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-