Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
17/05/2024, 07:04
General
-
Target
c9786c4701f8a3512f7107b3952922e0_NeikiAnalytics.exe
-
Size
306KB
-
MD5
c9786c4701f8a3512f7107b3952922e0
-
SHA1
ebff2a7d9aed8fb5bba342ac2faa9af22ec773ec
-
SHA256
f66e549edadd6f2f66f2cbf23e6b6c1e198940f1460bde0721e3981de4ac3e71
-
SHA512
fe40e5745f39c20f808ff6eef674a93491d6851b183c8cefb42fc509d1c3755caa16ee6c8afb61531cb7d0d22d08d73c99378068c130146751360b0c219c0917
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vr:n3C9uUnAvtd3Ogld2vr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9786c4701f8a3512f7107b3952922e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c9786c4701f8a3512f7107b3952922e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlxxf.exec:\xfrlxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnthh.exec:\nbnthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdd.exec:\jjjdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbbb.exec:\tnhbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxrrl.exec:\llfxrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhnbb.exec:\3nhnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthbt.exec:\bhthbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppp.exec:\ppppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffrrr.exec:\lxffrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffflr.exec:\lfffflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbtn.exec:\5bhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvpp.exec:\5jvpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxrrrl.exec:\3rxrrrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntn.exec:\nhtntn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxlxx.exec:\lxfxlxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbttb.exec:\7bbttb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjdv.exec:\5pjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflrxr.exec:\frflrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tbhbnh.exec:\tbhbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\lrlllll.exec:\lrlllll.exe26⤵
- Executes dropped EXE
-
\??\c:\hnbbtb.exec:\hnbbtb.exe27⤵
- Executes dropped EXE
-
\??\c:\9tttnn.exec:\9tttnn.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrllll.exec:\xrrllll.exe30⤵
- Executes dropped EXE
-
\??\c:\1htbbh.exec:\1htbbh.exe31⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlfxxr.exec:\rxlfxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe34⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe35⤵
- Executes dropped EXE
-
\??\c:\llfxxxx.exec:\llfxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\1hhbtn.exec:\1hhbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\7vvjd.exec:\7vvjd.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe39⤵
- Executes dropped EXE
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe40⤵
- Executes dropped EXE
-
\??\c:\hnbnhb.exec:\hnbnhb.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbbtn.exec:\hbbbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\7xxrffr.exec:\7xxrffr.exe44⤵
- Executes dropped EXE
-
\??\c:\3hnhhb.exec:\3hnhhb.exe45⤵
- Executes dropped EXE
-
\??\c:\1hnbbt.exec:\1hnbbt.exe46⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\lrlxxxf.exec:\lrlxxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe51⤵
- Executes dropped EXE
-
\??\c:\3xrlxrl.exec:\3xrlxrl.exe52⤵
- Executes dropped EXE
-
\??\c:\thhnhb.exec:\thhnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe54⤵
- Executes dropped EXE
-
\??\c:\rrfrlxr.exec:\rrfrlxr.exe55⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe57⤵
- Executes dropped EXE
-
\??\c:\dpvpv.exec:\dpvpv.exe58⤵
- Executes dropped EXE
-
\??\c:\3lrfrlf.exec:\3lrfrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\lxlffff.exec:\lxlffff.exe60⤵
- Executes dropped EXE
-
\??\c:\7hhbbb.exec:\7hhbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe62⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe63⤵
- Executes dropped EXE
-
\??\c:\nhbntn.exec:\nhbntn.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrfxrx.exec:\ffrfxrx.exe66⤵
-
\??\c:\1nhthb.exec:\1nhthb.exe67⤵
-
\??\c:\3nnhtt.exec:\3nnhtt.exe68⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe69⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe70⤵
-
\??\c:\1tbbbb.exec:\1tbbbb.exe71⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe72⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe73⤵
-
\??\c:\rlxrffx.exec:\rlxrffx.exe74⤵
-
\??\c:\xrrlllf.exec:\xrrlllf.exe75⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe76⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe77⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe78⤵
-
\??\c:\rrxrfxl.exec:\rrxrfxl.exe79⤵
-
\??\c:\btbttt.exec:\btbttt.exe80⤵
-
\??\c:\nhnhht.exec:\nhnhht.exe81⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe82⤵
-
\??\c:\rrfxflf.exec:\rrfxflf.exe83⤵
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe84⤵
-
\??\c:\ntthbb.exec:\ntthbb.exe85⤵
-
\??\c:\ddddp.exec:\ddddp.exe86⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe87⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe88⤵
-
\??\c:\btbttt.exec:\btbttt.exe89⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe90⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe91⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe92⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe93⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe94⤵
-
\??\c:\hbttnt.exec:\hbttnt.exe95⤵
-
\??\c:\dpjjd.exec:\dpjjd.exe96⤵
-
\??\c:\jpvvv.exec:\jpvvv.exe97⤵
-
\??\c:\rllfxxx.exec:\rllfxxx.exe98⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe99⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe100⤵
-
\??\c:\djddv.exec:\djddv.exe101⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe102⤵
-
\??\c:\frxxllr.exec:\frxxllr.exe103⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe104⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe105⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe106⤵
-
\??\c:\3hhhtt.exec:\3hhhtt.exe107⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe108⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe109⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe110⤵
-
\??\c:\htbttt.exec:\htbttt.exe111⤵
-
\??\c:\htnhbh.exec:\htnhbh.exe112⤵
-
\??\c:\pddvp.exec:\pddvp.exe113⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe114⤵
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe115⤵
-
\??\c:\rxlrxxl.exec:\rxlrxxl.exe116⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe117⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe118⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe119⤵
-
\??\c:\3flrfrr.exec:\3flrfrr.exe120⤵
-
\??\c:\lfxlfrl.exec:\lfxlfrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-