Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 10:02
General
-
Target
d9ba29adbd0f818ddbffc7affdecd5f0_NeikiAnalytics.exe
-
Size
89KB
-
MD5
d9ba29adbd0f818ddbffc7affdecd5f0
-
SHA1
cd14ad209807b07b1deba93229741ddd5ac31050
-
SHA256
5b07661597e85e52374fc5790450b6faef0a003b38305511694fc86b3ab23084
-
SHA512
dd3a606a9b62099a39b50f5b0b68f1c6218ad45e34fede393cea9ff64e7fe08fb039ce4c41b618d0e31c3c94502798f54be9372c54d29a016fdedf2c0417387a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73t6MlYqn+jMp9jb+5C/i+:ymb3NkkiQ3mdBjFo73tvn+Yp9jb+5C/5
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9ba29adbd0f818ddbffc7affdecd5f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d9ba29adbd0f818ddbffc7affdecd5f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjj.exec:\vppjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxllfx.exec:\xlxllfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbb.exec:\hbtnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbbb.exec:\tbhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxxr.exec:\rlllxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbt.exec:\hbtnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nttnn.exec:\1nttnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrlrf.exec:\7fxrlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnt.exec:\btttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffrllf.exec:\9ffrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttnhb.exec:\3ttnhb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbt.exec:\nbnhbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlffx.exec:\lxrlffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnt.exec:\thhtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe25⤵
- Executes dropped EXE
-
\??\c:\lfxlxxx.exec:\lfxlxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\1bnhnn.exec:\1bnhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\3ntntt.exec:\3ntntt.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xlrrrrx.exec:\xlrrrrx.exe30⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe31⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe32⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe33⤵
- Executes dropped EXE
-
\??\c:\rrrrllr.exec:\rrrrllr.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe37⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe38⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe39⤵
- Executes dropped EXE
-
\??\c:\rxxxrlf.exec:\rxxxrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\rrlrfxf.exec:\rrlrfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbtbt.exec:\hbbtbt.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\fflxrrx.exec:\fflxrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe47⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\5hhthn.exec:\5hhthn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe51⤵
- Executes dropped EXE
-
\??\c:\flffxxr.exec:\flffxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\5xxrlrf.exec:\5xxrlrf.exe53⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe58⤵
- Executes dropped EXE
-
\??\c:\9hnhtt.exec:\9hnhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnhtt.exec:\ttnhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\fxrffff.exec:\fxrffff.exe62⤵
- Executes dropped EXE
-
\??\c:\3frxxxx.exec:\3frxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\1hhnbb.exec:\1hhnbb.exe65⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe66⤵
-
\??\c:\dpdjd.exec:\dpdjd.exe67⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe68⤵
-
\??\c:\xxxfxrr.exec:\xxxfxrr.exe69⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe70⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe71⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe72⤵
-
\??\c:\dvddv.exec:\dvddv.exe73⤵
-
\??\c:\lfxfxrr.exec:\lfxfxrr.exe74⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe75⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe76⤵
-
\??\c:\bbtttb.exec:\bbtttb.exe77⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe78⤵
-
\??\c:\jvvjv.exec:\jvvjv.exe79⤵
-
\??\c:\rlllxrl.exec:\rlllxrl.exe80⤵
-
\??\c:\5lffxxl.exec:\5lffxxl.exe81⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe82⤵
-
\??\c:\djppj.exec:\djppj.exe83⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe84⤵
-
\??\c:\9lrxrrr.exec:\9lrxrrr.exe85⤵
-
\??\c:\ttbttt.exec:\ttbttt.exe86⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe87⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe88⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe89⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe90⤵
-
\??\c:\rrfrxfx.exec:\rrfrxfx.exe91⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe92⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe93⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe94⤵
-
\??\c:\jpppj.exec:\jpppj.exe95⤵
-
\??\c:\3frfrlf.exec:\3frfrlf.exe96⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe97⤵
-
\??\c:\5ntnhh.exec:\5ntnhh.exe98⤵
-
\??\c:\tnnthb.exec:\tnnthb.exe99⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe100⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe101⤵
-
\??\c:\frlxrxr.exec:\frlxrxr.exe102⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe103⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe104⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe105⤵
-
\??\c:\ddppj.exec:\ddppj.exe106⤵
-
\??\c:\frlfffx.exec:\frlfffx.exe107⤵
-
\??\c:\xfxrfxr.exec:\xfxrfxr.exe108⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe109⤵
-
\??\c:\thnnnh.exec:\thnnnh.exe110⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe111⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe112⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe113⤵
-
\??\c:\lflrxxx.exec:\lflrxxx.exe114⤵
-
\??\c:\tthtnh.exec:\tthtnh.exe115⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe116⤵
-
\??\c:\dppjd.exec:\dppjd.exe117⤵
-
\??\c:\rrffxxx.exec:\rrffxxx.exe118⤵
-
\??\c:\fxrrllx.exec:\fxrrllx.exe119⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe120⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-