Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16-05-2024 14:10
General
-
Target
e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe
-
Size
498KB
-
MD5
e177a4a09161a9fae3b6f5179c564990
-
SHA1
faa3d2a710c6cc66d55ae9e356ea820c6ac9f0b0
-
SHA256
aaa7f20634fa7025e7a418049d989d53475e1b20ff83c4da3dcd4a30e331ef00
-
SHA512
e7ac6ec6e657f75be5b910add5c029dcd335c541fc3297b5e5f9f5542e109bbf7b32a2ff10877f7df170b2cf7e22b6f8e45744fa08a9b7de10801428bccd3b35
-
SSDEEP
12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxS:0KFmFVtrRcFEFmFs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\62220.exec:\62220.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w40820.exec:\w40820.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8626228.exec:\8626228.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e06604.exec:\e06604.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i200660.exec:\i200660.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\88848.exec:\88848.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\624888.exec:\624888.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04848.exec:\04848.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86844.exec:\86844.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhtnh.exec:\nbhtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbtnn.exec:\1tbtnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnnn.exec:\7ttnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k24822.exec:\k24822.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnn.exec:\ttbtnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpd.exec:\ddvpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\24204.exec:\24204.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\668682.exec:\668682.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20862.exec:\20862.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdj.exec:\pvpdj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjd.exec:\pppjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllrrx.exec:\9fllrrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48040.exec:\48040.exe23⤵
- Executes dropped EXE
-
\??\c:\84660.exec:\84660.exe24⤵
- Executes dropped EXE
-
\??\c:\06822.exec:\06822.exe25⤵
- Executes dropped EXE
-
\??\c:\rflfllr.exec:\rflfllr.exe26⤵
- Executes dropped EXE
-
\??\c:\286488.exec:\286488.exe27⤵
- Executes dropped EXE
-
\??\c:\80604.exec:\80604.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrrxxr.exec:\ffrrxxr.exe29⤵
- Executes dropped EXE
-
\??\c:\9jjdv.exec:\9jjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe32⤵
- Executes dropped EXE
-
\??\c:\402266.exec:\402266.exe33⤵
- Executes dropped EXE
-
\??\c:\9hnhbb.exec:\9hnhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\2848266.exec:\2848266.exe35⤵
- Executes dropped EXE
-
\??\c:\08482.exec:\08482.exe36⤵
- Executes dropped EXE
-
\??\c:\84004.exec:\84004.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\tttbtt.exec:\tttbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\64004.exec:\64004.exe40⤵
- Executes dropped EXE
-
\??\c:\4022660.exec:\4022660.exe41⤵
- Executes dropped EXE
-
\??\c:\g4884.exec:\g4884.exe42⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe44⤵
- Executes dropped EXE
-
\??\c:\tbbbtt.exec:\tbbbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\9tnnhh.exec:\9tnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\3xfffff.exec:\3xfffff.exe47⤵
- Executes dropped EXE
-
\??\c:\08448.exec:\08448.exe48⤵
- Executes dropped EXE
-
\??\c:\3bnbtt.exec:\3bnbtt.exe49⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\206824.exec:\206824.exe51⤵
- Executes dropped EXE
-
\??\c:\1xxxxxf.exec:\1xxxxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\9vpjd.exec:\9vpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\60882.exec:\60882.exe54⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\606084.exec:\606084.exe56⤵
- Executes dropped EXE
-
\??\c:\60268.exec:\60268.exe57⤵
- Executes dropped EXE
-
\??\c:\2202600.exec:\2202600.exe58⤵
- Executes dropped EXE
-
\??\c:\6000488.exec:\6000488.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\w24882.exec:\w24882.exe61⤵
- Executes dropped EXE
-
\??\c:\xxlrxrx.exec:\xxlrxrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrlffx.exec:\rfrlffx.exe63⤵
- Executes dropped EXE
-
\??\c:\nnnnth.exec:\nnnnth.exe64⤵
- Executes dropped EXE
-
\??\c:\frrlxrl.exec:\frrlxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\frlfxrl.exec:\frlfxrl.exe66⤵
- Executes dropped EXE
-
\??\c:\xfxrllf.exec:\xfxrllf.exe67⤵
-
\??\c:\882486.exec:\882486.exe68⤵
-
\??\c:\680268.exec:\680268.exe69⤵
-
\??\c:\22822.exec:\22822.exe70⤵
-
\??\c:\0288262.exec:\0288262.exe71⤵
-
\??\c:\6082882.exec:\6082882.exe72⤵
-
\??\c:\a0228.exec:\a0228.exe73⤵
-
\??\c:\vdppj.exec:\vdppj.exe74⤵
-
\??\c:\04882.exec:\04882.exe75⤵
-
\??\c:\ntnnnh.exec:\ntnnnh.exe76⤵
-
\??\c:\hbhbbn.exec:\hbhbbn.exe77⤵
-
\??\c:\800002.exec:\800002.exe78⤵
-
\??\c:\0684226.exec:\0684226.exe79⤵
-
\??\c:\86622.exec:\86622.exe80⤵
-
\??\c:\824888.exec:\824888.exe81⤵
-
\??\c:\8244666.exec:\8244666.exe82⤵
-
\??\c:\088262.exec:\088262.exe83⤵
-
\??\c:\s2488.exec:\s2488.exe84⤵
-
\??\c:\s2600.exec:\s2600.exe85⤵
-
\??\c:\2400804.exec:\2400804.exe86⤵
-
\??\c:\00042.exec:\00042.exe87⤵
-
\??\c:\0684084.exec:\0684084.exe88⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe89⤵
-
\??\c:\5rxrfll.exec:\5rxrfll.exe90⤵
-
\??\c:\0466826.exec:\0466826.exe91⤵
-
\??\c:\086880.exec:\086880.exe92⤵
-
\??\c:\c800040.exec:\c800040.exe93⤵
-
\??\c:\nnhnth.exec:\nnhnth.exe94⤵
-
\??\c:\g2006.exec:\g2006.exe95⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe96⤵
-
\??\c:\e68044.exec:\e68044.exe97⤵
-
\??\c:\684822.exec:\684822.exe98⤵
-
\??\c:\8680822.exec:\8680822.exe99⤵
-
\??\c:\08482.exec:\08482.exe100⤵
-
\??\c:\bthhbn.exec:\bthhbn.exe101⤵
-
\??\c:\fllfrrx.exec:\fllfrrx.exe102⤵
-
\??\c:\6200666.exec:\6200666.exe103⤵
-
\??\c:\26668.exec:\26668.exe104⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe105⤵
-
\??\c:\4226482.exec:\4226482.exe106⤵
-
\??\c:\240200.exec:\240200.exe107⤵
-
\??\c:\thhbbn.exec:\thhbbn.exe108⤵
-
\??\c:\4260268.exec:\4260268.exe109⤵
-
\??\c:\8066666.exec:\8066666.exe110⤵
-
\??\c:\26660.exec:\26660.exe111⤵
-
\??\c:\7nnbtt.exec:\7nnbtt.exe112⤵
-
\??\c:\lxllffx.exec:\lxllffx.exe113⤵
-
\??\c:\7ntnhh.exec:\7ntnhh.exe114⤵
-
\??\c:\840448.exec:\840448.exe115⤵
-
\??\c:\48026.exec:\48026.exe116⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe117⤵
-
\??\c:\lrrxlxl.exec:\lrrxlxl.exe118⤵
-
\??\c:\9btntt.exec:\9btntt.exe119⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe120⤵
-
\??\c:\06884.exec:\06884.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-