Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
16/05/2024, 16:00
General
-
Target
e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe
-
Size
471KB
-
MD5
e418f0c6d353387a4f9f5ecbf2b57aa0
-
SHA1
3f902786b3441fe0a49290e53b34fae2b089e371
-
SHA256
0b1baf6b62193648cbfd5345181179bbb7aa5b1715bfef29fd0c820ee0cc7a9d
-
SHA512
d9f720e3fbe008735953c1b62a773c14b12d134ef9e2b1497fa62b9fdf4d7dd059d18b6519d34aa8742fd7a28edccf58254c23e0f5455ead18df3c47402b1cdd
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sY0AJq4mZAx5O:n3C9yMo+S0L9xRnoq7H9pmom
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtt.exec:\nnhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrfxr.exec:\xrxrfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrrfx.exec:\5rrrrfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnht.exec:\bhtnht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddjd.exec:\pddjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrffx.exec:\7rxrffx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxrlx.exec:\rxlxrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnnt.exec:\btbnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lrlllf.exec:\3lrlllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnhh.exec:\tntnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvp.exec:\jvvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtn.exec:\bhhbtn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnhn.exec:\tbnnhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxfff.exec:\lflxfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthnh.exec:\nnthnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddj.exec:\5pddj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvp.exec:\5dvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxxr.exec:\rflfxxr.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhbtn.exec:\hbhbtn.exe24⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe25⤵
- Executes dropped EXE
-
\??\c:\llllrrx.exec:\llllrrx.exe26⤵
- Executes dropped EXE
-
\??\c:\1xxrrff.exec:\1xxrrff.exe27⤵
- Executes dropped EXE
-
\??\c:\bbnntt.exec:\bbnntt.exe28⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe29⤵
- Executes dropped EXE
-
\??\c:\xfllfff.exec:\xfllfff.exe30⤵
- Executes dropped EXE
-
\??\c:\3hnhnt.exec:\3hnhnt.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\5hhthb.exec:\5hhthb.exe34⤵
- Executes dropped EXE
-
\??\c:\3djjv.exec:\3djjv.exe35⤵
- Executes dropped EXE
-
\??\c:\thbtbt.exec:\thbtbt.exe36⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\1nhbtn.exec:\1nhbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\3nnhbb.exec:\3nnhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\7llfxxr.exec:\7llfxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\3nttbb.exec:\3nttbb.exe43⤵
- Executes dropped EXE
-
\??\c:\5nbntn.exec:\5nbntn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe45⤵
- Executes dropped EXE
-
\??\c:\rrfrllf.exec:\rrfrllf.exe46⤵
- Executes dropped EXE
-
\??\c:\7btnhh.exec:\7btnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\7nhbtt.exec:\7nhbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\jppdd.exec:\jppdd.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrrfxr.exec:\xrrrfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\fxlxlfr.exec:\fxlxlfr.exe51⤵
- Executes dropped EXE
-
\??\c:\7hbnhb.exec:\7hbnhb.exe52⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe53⤵
- Executes dropped EXE
-
\??\c:\xlrllff.exec:\xlrllff.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\3bbtnn.exec:\3bbtnn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe57⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\xrflfxr.exec:\xrflfxr.exe60⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe61⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe62⤵
- Executes dropped EXE
-
\??\c:\fxlxrrl.exec:\fxlxrrl.exe63⤵
- Executes dropped EXE
-
\??\c:\rlxlflr.exec:\rlxlflr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnbtn.exec:\nhnbtn.exe65⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe66⤵
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe67⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe68⤵
-
\??\c:\5ppjv.exec:\5ppjv.exe69⤵
-
\??\c:\9fxrffx.exec:\9fxrffx.exe70⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe71⤵
-
\??\c:\dppjd.exec:\dppjd.exe72⤵
-
\??\c:\xllfxxf.exec:\xllfxxf.exe73⤵
-
\??\c:\bhtbnb.exec:\bhtbnb.exe74⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe75⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe76⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe77⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe78⤵
-
\??\c:\5rfxrlf.exec:\5rfxrlf.exe79⤵
-
\??\c:\httnbb.exec:\httnbb.exe80⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe81⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe82⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe83⤵
-
\??\c:\1fllfxx.exec:\1fllfxx.exe84⤵
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe85⤵
-
\??\c:\5bbtnh.exec:\5bbtnh.exe86⤵
-
\??\c:\lllfxrl.exec:\lllfxrl.exe87⤵
-
\??\c:\nbbbnt.exec:\nbbbnt.exe88⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe89⤵
-
\??\c:\xflfxxx.exec:\xflfxxx.exe90⤵
-
\??\c:\ttnbtn.exec:\ttnbtn.exe91⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe92⤵
-
\??\c:\fflfxll.exec:\fflfxll.exe93⤵
-
\??\c:\httnhh.exec:\httnhh.exe94⤵
-
\??\c:\lxrlfxf.exec:\lxrlfxf.exe95⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe96⤵
-
\??\c:\hbhbtt.exec:\hbhbtt.exe97⤵
-
\??\c:\pddjj.exec:\pddjj.exe98⤵
-
\??\c:\xflfxxl.exec:\xflfxxl.exe99⤵
-
\??\c:\5bhbbb.exec:\5bhbbb.exe100⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe101⤵
-
\??\c:\dvddd.exec:\dvddd.exe102⤵
-
\??\c:\frxrrfl.exec:\frxrrfl.exe103⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe104⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe105⤵
-
\??\c:\lflfllr.exec:\lflfllr.exe106⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe107⤵
-
\??\c:\pjdpj.exec:\pjdpj.exe108⤵
-
\??\c:\frfxrxr.exec:\frfxrxr.exe109⤵
-
\??\c:\nhnhbn.exec:\nhnhbn.exe110⤵
-
\??\c:\tthbtn.exec:\tthbtn.exe111⤵
-
\??\c:\pppjj.exec:\pppjj.exe112⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe113⤵
-
\??\c:\hnnnhn.exec:\hnnnhn.exe114⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe115⤵
-
\??\c:\xxxrffx.exec:\xxxrffx.exe116⤵
-
\??\c:\3bbttb.exec:\3bbttb.exe117⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe118⤵
-
\??\c:\7pjpj.exec:\7pjpj.exe119⤵
-
\??\c:\xlxrllx.exec:\xlxrllx.exe120⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-