Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 08:54
General
-
Target
e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe
-
Size
55KB
-
MD5
e3000c3bc8bbfcfb55805798941c7740
-
SHA1
f940b211506f5544ff4596b4d26bc072514a5d2c
-
SHA256
4376142565c00224235cd3b0bb957096e6bd87c393a106f0056d187678f22ced
-
SHA512
23e9f11a69a456f26be6a4831ccf79168558f3e2e45cf8455ae1553f56450ee407baf5b48efb35be27b96f2d1420ac22d5f6da3e1f1a1f31570c1730ed21694c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFt:ymb3NkkiQ3mdBjFIFt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e3000c3bc8bbfcfb55805798941c7740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrxxfx.exec:\7lrxxfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtt.exec:\bhhbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpv.exec:\pvdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjdj.exec:\1jjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrlxrr.exec:\5rrlxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbt.exec:\tthhbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhtt.exec:\thnhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpjp.exec:\pvpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlxrl.exec:\7xrlxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbnhn.exec:\bbbnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbtt.exec:\tttbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdj.exec:\5djdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflllr.exec:\fxflllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbt.exec:\bbhbbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtht.exec:\htbtht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlfxx.exec:\flxlfxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrffx.exec:\rxxrffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfxllf.exec:\lrfxllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtt.exec:\hbbbtt.exe23⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe25⤵
- Executes dropped EXE
-
\??\c:\7lrlxrl.exec:\7lrlxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\frlfxxr.exec:\frlfxxr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe28⤵
- Executes dropped EXE
-
\??\c:\3vdvj.exec:\3vdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\rfxrfff.exec:\rfxrfff.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnbnn.exec:\ttnbnn.exe32⤵
- Executes dropped EXE
-
\??\c:\3tnhbt.exec:\3tnhbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe35⤵
- Executes dropped EXE
-
\??\c:\1xrlfxx.exec:\1xrlfxx.exe36⤵
- Executes dropped EXE
-
\??\c:\btbbtn.exec:\btbbtn.exe37⤵
- Executes dropped EXE
-
\??\c:\5jpdj.exec:\5jpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\ppdvp.exec:\ppdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\xflfrlx.exec:\xflfrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\1rllffx.exec:\1rllffx.exe41⤵
- Executes dropped EXE
-
\??\c:\1tttnh.exec:\1tttnh.exe42⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\5ddvd.exec:\5ddvd.exe44⤵
- Executes dropped EXE
-
\??\c:\9jvpv.exec:\9jvpv.exe45⤵
- Executes dropped EXE
-
\??\c:\9ffxrll.exec:\9ffxrll.exe46⤵
- Executes dropped EXE
-
\??\c:\frrflfl.exec:\frrflfl.exe47⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnhtn.exec:\tnnhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe51⤵
- Executes dropped EXE
-
\??\c:\rffxllf.exec:\rffxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\nhbbtt.exec:\nhbbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\9bbttn.exec:\9bbttn.exe54⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe55⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe56⤵
- Executes dropped EXE
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\7hbhbn.exec:\7hbhbn.exe59⤵
- Executes dropped EXE
-
\??\c:\7djdp.exec:\7djdp.exe60⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe61⤵
- Executes dropped EXE
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\3tttnh.exec:\3tttnh.exe63⤵
- Executes dropped EXE
-
\??\c:\3tbttt.exec:\3tbttt.exe64⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe65⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe66⤵
-
\??\c:\7xfxrrf.exec:\7xfxrrf.exe67⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe68⤵
-
\??\c:\9bhhbt.exec:\9bhhbt.exe69⤵
-
\??\c:\tttttt.exec:\tttttt.exe70⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe71⤵
-
\??\c:\pdddp.exec:\pdddp.exe72⤵
-
\??\c:\3rrlxxx.exec:\3rrlxxx.exe73⤵
-
\??\c:\5rxxrrr.exec:\5rxxrrr.exe74⤵
-
\??\c:\3ttbtb.exec:\3ttbtb.exe75⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe76⤵
-
\??\c:\5dvpd.exec:\5dvpd.exe77⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe78⤵
-
\??\c:\lxfxllf.exec:\lxfxllf.exe79⤵
-
\??\c:\lffxffx.exec:\lffxffx.exe80⤵
-
\??\c:\9ntnhb.exec:\9ntnhb.exe81⤵
-
\??\c:\nhbtht.exec:\nhbtht.exe82⤵
-
\??\c:\bhnhbt.exec:\bhnhbt.exe83⤵
-
\??\c:\ppppj.exec:\ppppj.exe84⤵
-
\??\c:\lxxrlxr.exec:\lxxrlxr.exe85⤵
-
\??\c:\xrrrffr.exec:\xrrrffr.exe86⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe87⤵
-
\??\c:\5nnnhh.exec:\5nnnhh.exe88⤵
-
\??\c:\bttnbb.exec:\bttnbb.exe89⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe90⤵
-
\??\c:\1fxxllf.exec:\1fxxllf.exe91⤵
-
\??\c:\lllfxxf.exec:\lllfxxf.exe92⤵
-
\??\c:\fflxlfl.exec:\fflxlfl.exe93⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe94⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe95⤵
-
\??\c:\rrrrlfr.exec:\rrrrlfr.exe96⤵
-
\??\c:\3rfxrrx.exec:\3rfxrrx.exe97⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe98⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe99⤵
-
\??\c:\1vvjd.exec:\1vvjd.exe100⤵
-
\??\c:\jvppd.exec:\jvppd.exe101⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe102⤵
-
\??\c:\xrxxlfx.exec:\xrxxlfx.exe103⤵
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe104⤵
-
\??\c:\httnhb.exec:\httnhb.exe105⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe106⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe107⤵
-
\??\c:\5lrfxfx.exec:\5lrfxfx.exe108⤵
-
\??\c:\xrrlfff.exec:\xrrlfff.exe109⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe110⤵
-
\??\c:\htbttt.exec:\htbttt.exe111⤵
-
\??\c:\dvppd.exec:\dvppd.exe112⤵
-
\??\c:\jvppp.exec:\jvppp.exe113⤵
-
\??\c:\rxfrrrl.exec:\rxfrrrl.exe114⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe115⤵
-
\??\c:\httnhb.exec:\httnhb.exe116⤵
-
\??\c:\btntbb.exec:\btntbb.exe117⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe118⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe119⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe120⤵
-
\??\c:\9llrlxr.exec:\9llrlxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-