Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-05-2024 11:41
General
-
Target
dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe
-
Size
80KB
-
MD5
dd15ef43c26b6c0e658631e4be968ab0
-
SHA1
41fcd6bb63dccca9bb394f4abb56f73f00c60911
-
SHA256
4b689434af9e52fd367b995d8866290e413b9c5efb1f3ce911a01d8237393ec4
-
SHA512
fe5b0122220bb85860232fc4ed878e5c72d2bf77fe2cc54a181d1f8aa2469971f1c8f565935916c53857bc5ac2e28d997c51206b2108fe9b63f2ad3ad4c0a932
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLU1gxm1S3PQ7CnPRKiir5Qw:ymb3NkkiQ3mdBjFoLkmx/g8ZKzQw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dd15ef43c26b6c0e658631e4be968ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpd.exec:\dvvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttnn.exec:\9nttnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvp.exec:\7jdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlllf.exec:\rlrlllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnn.exec:\tnttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjd.exec:\1jpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxrl.exec:\xllfxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhnn.exec:\htnhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffrx.exec:\rrfffrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnthh.exec:\7bnthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfxf.exec:\flllfxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbntb.exec:\bbbntb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxllf.exec:\lrxxllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbnnb.exec:\htbnnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llfxrr.exec:\1llfxrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llrrlr.exec:\9llrrlr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbhn.exec:\bntbhn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbthn.exec:\tnbthn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllfff.exec:\rlllfff.exe23⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrrfffl.exec:\xrrfffl.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrrrrx.exec:\rrrrrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrxxlr.exec:\ffrxxlr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe30⤵
- Executes dropped EXE
-
\??\c:\1rxrlxf.exec:\1rxrlxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe32⤵
- Executes dropped EXE
-
\??\c:\3thbtt.exec:\3thbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\frxrrrl.exec:\frxrrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\fflfxxx.exec:\fflfxxx.exe35⤵
- Executes dropped EXE
-
\??\c:\nttttt.exec:\nttttt.exe36⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe38⤵
- Executes dropped EXE
-
\??\c:\xrlxxrx.exec:\xrlxxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe41⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\5nnhhh.exec:\5nnhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\3lfxrrl.exec:\3lfxrrl.exe45⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe46⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\lrfxxrl.exec:\lrfxxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe52⤵
- Executes dropped EXE
-
\??\c:\lllfxxf.exec:\lllfxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\bnnnnh.exec:\bnnnnh.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\fffxrrl.exec:\fffxrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxrrrl.exec:\rxxrrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\htnhbh.exec:\htnhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe59⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrlxxf.exec:\rrrlxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\llxxxxr.exec:\llxxxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\5hbtnt.exec:\5hbtnt.exe63⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe65⤵
- Executes dropped EXE
-
\??\c:\rlffrxf.exec:\rlffrxf.exe66⤵
-
\??\c:\hhbhhn.exec:\hhbhhn.exe67⤵
-
\??\c:\5dddv.exec:\5dddv.exe68⤵
-
\??\c:\5dddv.exec:\5dddv.exe69⤵
-
\??\c:\rrffxxl.exec:\rrffxxl.exe70⤵
-
\??\c:\5fllrxf.exec:\5fllrxf.exe71⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe72⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe73⤵
-
\??\c:\llrrlll.exec:\llrrlll.exe74⤵
-
\??\c:\bnnttb.exec:\bnnttb.exe75⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe76⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe77⤵
-
\??\c:\9rxfxll.exec:\9rxfxll.exe78⤵
-
\??\c:\ffrrlll.exec:\ffrrlll.exe79⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe80⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe81⤵
-
\??\c:\jdjvp.exec:\jdjvp.exe82⤵
-
\??\c:\xxffxrl.exec:\xxffxrl.exe83⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe84⤵
-
\??\c:\ntbnnt.exec:\ntbnnt.exe85⤵
-
\??\c:\jjppv.exec:\jjppv.exe86⤵
-
\??\c:\rrxfxxl.exec:\rrxfxxl.exe87⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe88⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe89⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe90⤵
-
\??\c:\lxxxrxr.exec:\lxxxrxr.exe91⤵
-
\??\c:\5xlllrr.exec:\5xlllrr.exe92⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe93⤵
-
\??\c:\vjppj.exec:\vjppj.exe94⤵
-
\??\c:\lflfxll.exec:\lflfxll.exe95⤵
-
\??\c:\bnbnnn.exec:\bnbnnn.exe96⤵
-
\??\c:\nbnbtt.exec:\nbnbtt.exe97⤵
-
\??\c:\jdppd.exec:\jdppd.exe98⤵
-
\??\c:\9ntnhh.exec:\9ntnhh.exe99⤵
-
\??\c:\pdjvv.exec:\pdjvv.exe100⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe101⤵
-
\??\c:\fflfxxr.exec:\fflfxxr.exe102⤵
-
\??\c:\bbhhtb.exec:\bbhhtb.exe103⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe104⤵
-
\??\c:\ppppp.exec:\ppppp.exe105⤵
-
\??\c:\lllfxfx.exec:\lllfxfx.exe106⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe107⤵
-
\??\c:\3thbtb.exec:\3thbtb.exe108⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe109⤵
-
\??\c:\3llrrxx.exec:\3llrrxx.exe110⤵
-
\??\c:\rxfrfff.exec:\rxfrfff.exe111⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe112⤵
-
\??\c:\btbttt.exec:\btbttt.exe113⤵
-
\??\c:\5pdvp.exec:\5pdvp.exe114⤵
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe115⤵
-
\??\c:\xxrrfrl.exec:\xxrrfrl.exe116⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe117⤵
-
\??\c:\djjjp.exec:\djjjp.exe118⤵
-
\??\c:\flrfllr.exec:\flrfllr.exe119⤵
-
\??\c:\htthhh.exec:\htthhh.exe120⤵
-
\??\c:\djppd.exec:\djppd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-