Analysis
-
max time kernel
150s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16/05/2024, 15:51
General
-
Target
ae1da806b8f305301ca8269b48e871b0_NeikiAnalytics.exe
-
Size
226KB
-
MD5
ae1da806b8f305301ca8269b48e871b0
-
SHA1
18a7a11e3f5d27467c8d72cbc6f32702dcfedbd9
-
SHA256
6fd840bb332e17bd0495ebb58ffe85af5399464dde2707cc1e72c1315addb85b
-
SHA512
10d7d13da509335fe1e7a651ddc17ed659b592477dd25a9c277efb7b5ff3d3d3a7407d5e154ff1e4cbb4b338a584bdbab38ab690dfea5d1aa2cc883ec10b95a0
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x47WBQ:n3C9BRo7MlrWKo+lxQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae1da806b8f305301ca8269b48e871b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ae1da806b8f305301ca8269b48e871b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnn.exec:\bnttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxrxx.exec:\1rxxrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnn.exec:\tttnnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hnnhh.exec:\1hnnhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxrxr.exec:\1rxxrxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffffr.exec:\xfffffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhh.exec:\bnhhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlllll.exec:\rrlllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbhh.exec:\thhbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdp.exec:\5pjdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxrllf.exec:\3xxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnhh.exec:\nhtnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppp.exec:\pjppp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhttn.exec:\hhhttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjp.exec:\pdvjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxxxr.exec:\7rfxxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthnb.exec:\hhthnb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlfx.exec:\xrrrlfx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnnnhb.exec:\nnnnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe25⤵
- Executes dropped EXE
-
\??\c:\llxrrxr.exec:\llxrrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\9bhhbb.exec:\9bhhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrxfxl.exec:\ffrxfxl.exe29⤵
- Executes dropped EXE
-
\??\c:\5tthbb.exec:\5tthbb.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrllff.exec:\rrrllff.exe31⤵
- Executes dropped EXE
-
\??\c:\frlfxfx.exec:\frlfxfx.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe33⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe34⤵
- Executes dropped EXE
-
\??\c:\1nbtbt.exec:\1nbtbt.exe35⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe36⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe38⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe39⤵
- Executes dropped EXE
-
\??\c:\thttnt.exec:\thttnt.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\3llffll.exec:\3llffll.exe42⤵
- Executes dropped EXE
-
\??\c:\bhnhtt.exec:\bhnhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrfxfx.exec:\rrrfxfx.exe45⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe47⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe48⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\lflxrfr.exec:\lflxrfr.exe50⤵
- Executes dropped EXE
-
\??\c:\ppdvj.exec:\ppdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\lrfxxfx.exec:\lrfxxfx.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxffrx.exec:\rfxffrx.exe53⤵
- Executes dropped EXE
-
\??\c:\hhhbhb.exec:\hhhbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe56⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe57⤵
- Executes dropped EXE
-
\??\c:\lrffrrr.exec:\lrffrrr.exe58⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe59⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe60⤵
- Executes dropped EXE
-
\??\c:\xlrrllf.exec:\xlrrllf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\lfxfrfx.exec:\lfxfrfx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbttbb.exec:\tbttbb.exe64⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe65⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe66⤵
-
\??\c:\lfllffl.exec:\lfllffl.exe67⤵
-
\??\c:\hbbbtn.exec:\hbbbtn.exe68⤵
-
\??\c:\nhhbnn.exec:\nhhbnn.exe69⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe70⤵
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe71⤵
-
\??\c:\hbnhbn.exec:\hbnhbn.exe72⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe73⤵
-
\??\c:\5pjdd.exec:\5pjdd.exe74⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe75⤵
-
\??\c:\ffrlrrl.exec:\ffrlrrl.exe76⤵
-
\??\c:\thnhhh.exec:\thnhhh.exe77⤵
-
\??\c:\vdjvj.exec:\vdjvj.exe78⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe79⤵
-
\??\c:\xxlffxf.exec:\xxlffxf.exe80⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe81⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe82⤵
-
\??\c:\xfxrlff.exec:\xfxrlff.exe83⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe84⤵
-
\??\c:\3tttnt.exec:\3tttnt.exe85⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe86⤵
-
\??\c:\pppdv.exec:\pppdv.exe87⤵
-
\??\c:\ffrlfff.exec:\ffrlfff.exe88⤵
-
\??\c:\hbbttb.exec:\hbbttb.exe89⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe90⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe91⤵
-
\??\c:\vjppp.exec:\vjppp.exe92⤵
-
\??\c:\lxfxrxl.exec:\lxfxrxl.exe93⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe94⤵
-
\??\c:\3bnhhh.exec:\3bnhhh.exe95⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe96⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe97⤵
-
\??\c:\lrlxrrl.exec:\lrlxrrl.exe98⤵
-
\??\c:\7lfxrrr.exec:\7lfxrrr.exe99⤵
-
\??\c:\hhtnhh.exec:\hhtnhh.exe100⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe101⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe102⤵
-
\??\c:\tnbbth.exec:\tnbbth.exe103⤵
-
\??\c:\llrlrrl.exec:\llrlrrl.exe104⤵
-
\??\c:\1btnhn.exec:\1btnhn.exe105⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe106⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe107⤵
-
\??\c:\xrrfflf.exec:\xrrfflf.exe108⤵
-
\??\c:\htbnhh.exec:\htbnhh.exe109⤵
-
\??\c:\djvjp.exec:\djvjp.exe110⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe111⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe112⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe113⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe114⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe115⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe116⤵
-
\??\c:\7nbbtn.exec:\7nbbtn.exe117⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe118⤵
-
\??\c:\9pddj.exec:\9pddj.exe119⤵
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe120⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-