Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17-05-2024 01:15
General
-
Target
7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe
-
Size
460KB
-
MD5
7559552f1f2536e6f8bbf7acedbcdfe0
-
SHA1
2bb40a79f2ed2139b3ec539b1519a76f6c11a914
-
SHA256
92102c167e79ba491b34894303a0668f3088c38cbeb307559e5a4d2cdfc4b79a
-
SHA512
23568b74319e6874a5f8b86fa3a9aa7ca645ebb52f2b1712f1380f7046fbe773598bf839ec41e9a26fb45defee7eefa435925ac3734564bf776a6b0950890d55
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/TkuX:n3C9ytvn8whkbJTaFmr3C9ytvn8whkb3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrlfr.exec:\lffrlfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjp.exec:\jvvjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxrrl.exec:\3lfxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnhb.exec:\nbbnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpd.exec:\djjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfxr.exec:\fxrlfxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnbnh.exec:\7tnbnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbnh.exec:\htnbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdp.exec:\jvpdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrfxr.exec:\rflrfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvpd.exec:\5vvpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfxlx.exec:\rxrfxlx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llfrrf.exec:\3llfrrf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttntn.exec:\bttntn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djdd.exec:\3djdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpv.exec:\vpvpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxlx.exec:\xxxlxlx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntnb.exec:\hnntnb.exe23⤵
- Executes dropped EXE
-
\??\c:\rllxlfx.exec:\rllxlfx.exe24⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\5rlfrrl.exec:\5rlfrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhbnh.exec:\tbhbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\ffxrlfr.exec:\ffxrlfr.exe28⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe29⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe31⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe32⤵
- Executes dropped EXE
-
\??\c:\xllfxrl.exec:\xllfxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\hbbthh.exec:\hbbthh.exe35⤵
- Executes dropped EXE
-
\??\c:\dpdvv.exec:\dpdvv.exe36⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe39⤵
- Executes dropped EXE
-
\??\c:\ffffffx.exec:\ffffffx.exe40⤵
- Executes dropped EXE
-
\??\c:\bnhbtt.exec:\bnhbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\llfxrlf.exec:\llfxrlf.exe43⤵
- Executes dropped EXE
-
\??\c:\tttntt.exec:\tttntt.exe44⤵
- Executes dropped EXE
-
\??\c:\ttnnbt.exec:\ttnnbt.exe45⤵
- Executes dropped EXE
-
\??\c:\fxffxxx.exec:\fxffxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\bhtnhh.exec:\bhtnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\htbbtb.exec:\htbbtb.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe49⤵
- Executes dropped EXE
-
\??\c:\7llxlfr.exec:\7llxlfr.exe50⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\9rxxrrf.exec:\9rxxrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe56⤵
- Executes dropped EXE
-
\??\c:\rffrrll.exec:\rffrrll.exe57⤵
- Executes dropped EXE
-
\??\c:\bttnbt.exec:\bttnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\5vdvj.exec:\5vdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\1jvpj.exec:\1jvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\frlrfrx.exec:\frlrfrx.exe64⤵
- Executes dropped EXE
-
\??\c:\1hhhbb.exec:\1hhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\3tbttt.exec:\3tbttt.exe66⤵
-
\??\c:\rlrfxlf.exec:\rlrfxlf.exe67⤵
-
\??\c:\rrxxllf.exec:\rrxxllf.exe68⤵
-
\??\c:\nhhbtn.exec:\nhhbtn.exe69⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe70⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe71⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe72⤵
-
\??\c:\1nnnhh.exec:\1nnnhh.exe73⤵
-
\??\c:\9rrlxxl.exec:\9rrlxxl.exe74⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe75⤵
-
\??\c:\7vvpj.exec:\7vvpj.exe76⤵
-
\??\c:\fxxxrlf.exec:\fxxxrlf.exe77⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe78⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe79⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe80⤵
-
\??\c:\9lfrfrr.exec:\9lfrfrr.exe81⤵
-
\??\c:\httnhb.exec:\httnhb.exe82⤵
-
\??\c:\nhhhht.exec:\nhhhht.exe83⤵
-
\??\c:\3jjdd.exec:\3jjdd.exe84⤵
-
\??\c:\xfllxxr.exec:\xfllxxr.exe85⤵
-
\??\c:\nthbtn.exec:\nthbtn.exe86⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe87⤵
-
\??\c:\vjpdv.exec:\vjpdv.exe88⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe89⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe90⤵
-
\??\c:\bnhbbb.exec:\bnhbbb.exe91⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe92⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe93⤵
-
\??\c:\lrfxllf.exec:\lrfxllf.exe94⤵
-
\??\c:\7tnnnh.exec:\7tnnnh.exe95⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe96⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe97⤵
-
\??\c:\nbtbnh.exec:\nbtbnh.exe98⤵
-
\??\c:\pppjd.exec:\pppjd.exe99⤵
-
\??\c:\xffxlxr.exec:\xffxlxr.exe100⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe101⤵
-
\??\c:\bbbntn.exec:\bbbntn.exe102⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe103⤵
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe104⤵
-
\??\c:\frrxrrl.exec:\frrxrrl.exe105⤵
-
\??\c:\3tntnb.exec:\3tntnb.exe106⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe107⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe108⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe109⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe110⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe111⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe112⤵
-
\??\c:\llxrxrx.exec:\llxrxrx.exe113⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe114⤵
-
\??\c:\5tttnn.exec:\5tttnn.exe115⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe116⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe117⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe118⤵
-
\??\c:\bnbbnt.exec:\bnbbnt.exe119⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe120⤵
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-