Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 10:07
General
-
Target
d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe
-
Size
93KB
-
MD5
d9ecfe6c5330d772e5b5ddb790eb6830
-
SHA1
a46b6d954c69697faa3c962d56f4561e0396e716
-
SHA256
2b67942fe655460dd0779bcac6129e9d8b03e81bdba023eb3f9bad6a67c6e3a4
-
SHA512
29daa5b25b330b08b5ae1a04fa25034e922d6b54d80c1a68689f45c50f8995ffd1e4e88669894a1fb31b2303edaa7d1f718a96ee13ba22a11ecb4f0c71ed845a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtW:ymb3NkkiQ3mdBjFIWeFGyAsJAg2W
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxrfr.exec:\xllxrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnhbh.exec:\7tnhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbnn.exec:\thtbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhb.exec:\bhnnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjj.exec:\9vpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxxxf.exec:\frfxxxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdj.exec:\5dpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frrxff.exec:\7frrxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhbb.exec:\bhnhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrllf.exec:\lrxrllf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbtb.exec:\hthbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdd.exec:\djvdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnhh.exec:\bbbnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxl.exec:\xrflxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtbb.exec:\nnhtbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrlxxf.exec:\1lrlxxf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhhh.exec:\nthhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrxfr.exec:\flrrxfr.exe23⤵
- Executes dropped EXE
-
\??\c:\1hbtnn.exec:\1hbtnn.exe24⤵
- Executes dropped EXE
-
\??\c:\1jdvp.exec:\1jdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrrrxx.exec:\ffrrrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbttnh.exec:\hbttnh.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\llrrrxx.exec:\llrrrxx.exe29⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\xxfllrr.exec:\xxfllrr.exe33⤵
- Executes dropped EXE
-
\??\c:\thtbhb.exec:\thtbhb.exe34⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrffl.exec:\fxrrffl.exe36⤵
- Executes dropped EXE
-
\??\c:\9llfxxr.exec:\9llfxxr.exe37⤵
- Executes dropped EXE
-
\??\c:\ttbhnn.exec:\ttbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxrrfr.exec:\fxxrrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\xrfrlff.exec:\xrfrlff.exe41⤵
- Executes dropped EXE
-
\??\c:\btttnt.exec:\btttnt.exe42⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\ffllxlx.exec:\ffllxlx.exe45⤵
- Executes dropped EXE
-
\??\c:\btbnbt.exec:\btbnbt.exe46⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\xxrlffx.exec:\xxrlffx.exe48⤵
- Executes dropped EXE
-
\??\c:\1hnnth.exec:\1hnnth.exe49⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe50⤵
- Executes dropped EXE
-
\??\c:\ddvvv.exec:\ddvvv.exe51⤵
- Executes dropped EXE
-
\??\c:\xllfffx.exec:\xllfffx.exe52⤵
- Executes dropped EXE
-
\??\c:\llxfxfx.exec:\llxfxfx.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnthb.exec:\ttnthb.exe54⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\flrfxxr.exec:\flrfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\xfllllr.exec:\xfllllr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\rffxffx.exec:\rffxffx.exe60⤵
- Executes dropped EXE
-
\??\c:\nbnbtn.exec:\nbnbtn.exe61⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\flflflf.exec:\flflflf.exe64⤵
- Executes dropped EXE
-
\??\c:\lffxxxr.exec:\lffxxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbtbh.exec:\tnbtbh.exe66⤵
-
\??\c:\dppjj.exec:\dppjj.exe67⤵
-
\??\c:\1dddp.exec:\1dddp.exe68⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe69⤵
-
\??\c:\3rrlllf.exec:\3rrlllf.exe70⤵
-
\??\c:\bhtthh.exec:\bhtthh.exe71⤵
-
\??\c:\7jpjv.exec:\7jpjv.exe72⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe73⤵
-
\??\c:\xrxrrxl.exec:\xrxrrxl.exe74⤵
-
\??\c:\rxxxrrr.exec:\rxxxrrr.exe75⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe76⤵
-
\??\c:\nhnbbn.exec:\nhnbbn.exe77⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe78⤵
-
\??\c:\lxlxrrl.exec:\lxlxrrl.exe79⤵
-
\??\c:\xfrrlrl.exec:\xfrrlrl.exe80⤵
-
\??\c:\ttnnht.exec:\ttnnht.exe81⤵
-
\??\c:\5hnnhn.exec:\5hnnhn.exe82⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe83⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe84⤵
-
\??\c:\7flfxrx.exec:\7flfxrx.exe85⤵
-
\??\c:\xllfxlf.exec:\xllfxlf.exe86⤵
-
\??\c:\1bhbtb.exec:\1bhbtb.exe87⤵
-
\??\c:\djjvp.exec:\djjvp.exe88⤵
-
\??\c:\pddvv.exec:\pddvv.exe89⤵
-
\??\c:\5flxrrl.exec:\5flxrrl.exe90⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe91⤵
-
\??\c:\bnhbtt.exec:\bnhbtt.exe92⤵
-
\??\c:\7nhtnt.exec:\7nhtnt.exe93⤵
-
\??\c:\5ppdv.exec:\5ppdv.exe94⤵
-
\??\c:\xffxlxl.exec:\xffxlxl.exe95⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe96⤵
-
\??\c:\lfxrlxx.exec:\lfxrlxx.exe97⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe98⤵
-
\??\c:\pdjpp.exec:\pdjpp.exe99⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe100⤵
-
\??\c:\fxxrxxr.exec:\fxxrxxr.exe101⤵
-
\??\c:\rfrrrfx.exec:\rfrrrfx.exe102⤵
-
\??\c:\nbbbtn.exec:\nbbbtn.exe103⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe104⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe105⤵
-
\??\c:\xllffff.exec:\xllffff.exe106⤵
-
\??\c:\3rrrrrl.exec:\3rrrrrl.exe107⤵
-
\??\c:\9hbhhh.exec:\9hbhhh.exe108⤵
-
\??\c:\bhbbnn.exec:\bhbbnn.exe109⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe110⤵
-
\??\c:\vddpj.exec:\vddpj.exe111⤵
-
\??\c:\7rrlfxx.exec:\7rrlfxx.exe112⤵
-
\??\c:\5nhbhh.exec:\5nhbhh.exe113⤵
-
\??\c:\7hhbtb.exec:\7hhbtb.exe114⤵
-
\??\c:\pppjp.exec:\pppjp.exe115⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe116⤵
-
\??\c:\xrrrfxl.exec:\xrrrfxl.exe117⤵
-
\??\c:\ttbnnh.exec:\ttbnnh.exe118⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe119⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe120⤵
-
\??\c:\5vpjv.exec:\5vpjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-