Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/05/2024, 19:49
General
-
Target
24b5c657b97f67bd2657b967d264f250_NeikiAnalytics.exe
-
Size
134KB
-
MD5
24b5c657b97f67bd2657b967d264f250
-
SHA1
172f695c776441a5ae6cf1326ac6937e11706967
-
SHA256
87fd77d1a2fb4577628de9ef510edcdc0cb4ad61aad3ef13c6b68947688cfa0c
-
SHA512
e6abc7ec2992106e895835584e192cac7978a5ba4ed4804d9e1faea6481b56bb31d0ee8268d2b324d663b7f58f728b263c7e167ba1b28a6f77cdcf5ab24e8bfb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorp:n3C9BRW0j/1px+dGK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24b5c657b97f67bd2657b967d264f250_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24b5c657b97f67bd2657b967d264f250_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvp.exec:\djdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllxxr.exec:\llllxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djdd.exec:\9djdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrxr.exec:\lflfrxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrrlrl.exec:\1lrrlrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfffx.exec:\lllfffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbb.exec:\ttbbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhbtb.exec:\3bhbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfffff.exec:\9xfffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhnn.exec:\htbhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrxxff.exec:\flrxxff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxrrr.exec:\rxfxrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnn.exec:\bthtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9flrfrf.exec:\9flrfrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\rfffffl.exec:\rfffffl.exe24⤵
- Executes dropped EXE
-
\??\c:\frfxrrl.exec:\frfxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtnnh.exec:\hbtnnh.exe26⤵
- Executes dropped EXE
-
\??\c:\7fxxrxr.exec:\7fxxrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\rfxfxrf.exec:\rfxfxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbbtt.exec:\hbbbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe30⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe33⤵
- Executes dropped EXE
-
\??\c:\vvdvv.exec:\vvdvv.exe34⤵
- Executes dropped EXE
-
\??\c:\3fllrrx.exec:\3fllrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\3rxlxfx.exec:\3rxlxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\tttthh.exec:\tttthh.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe39⤵
- Executes dropped EXE
-
\??\c:\xrxlfff.exec:\xrxlfff.exe40⤵
- Executes dropped EXE
-
\??\c:\lfllffx.exec:\lfllffx.exe41⤵
- Executes dropped EXE
-
\??\c:\hhnbht.exec:\hhnbht.exe42⤵
- Executes dropped EXE
-
\??\c:\vdvjd.exec:\vdvjd.exe43⤵
- Executes dropped EXE
-
\??\c:\3pjdv.exec:\3pjdv.exe44⤵
- Executes dropped EXE
-
\??\c:\lrfxrfx.exec:\lrfxrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\btttbh.exec:\btttbh.exe46⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\xllxrrl.exec:\xllxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnhhh.exec:\nnnhhh.exe51⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe52⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe53⤵
- Executes dropped EXE
-
\??\c:\lrxrlrl.exec:\lrxrlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrrlll.exec:\rlrrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\bhtntb.exec:\bhtntb.exe56⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\frrlxxr.exec:\frrlxxr.exe59⤵
- Executes dropped EXE
-
\??\c:\flrlrrl.exec:\flrlrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\bhtnnh.exec:\bhtnnh.exe61⤵
- Executes dropped EXE
-
\??\c:\1bbhbn.exec:\1bbhbn.exe62⤵
- Executes dropped EXE
-
\??\c:\7pdvp.exec:\7pdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\rlllffl.exec:\rlllffl.exe64⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe66⤵
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe67⤵
-
\??\c:\xrfxllx.exec:\xrfxllx.exe68⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe69⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe70⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe71⤵
-
\??\c:\hhhbbh.exec:\hhhbbh.exe72⤵
-
\??\c:\thbhhb.exec:\thbhhb.exe73⤵
-
\??\c:\xfffxxx.exec:\xfffxxx.exe74⤵
-
\??\c:\5rllffl.exec:\5rllffl.exe75⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe76⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe77⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe78⤵
-
\??\c:\flrlfrl.exec:\flrlfrl.exe79⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe80⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe81⤵
-
\??\c:\pppjd.exec:\pppjd.exe82⤵
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe83⤵
-
\??\c:\nbnhbh.exec:\nbnhbh.exe84⤵
-
\??\c:\jvjdp.exec:\jvjdp.exe85⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe86⤵
-
\??\c:\frxrfll.exec:\frxrfll.exe87⤵
-
\??\c:\rlfxfxf.exec:\rlfxfxf.exe88⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe89⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe90⤵
-
\??\c:\1djvv.exec:\1djvv.exe91⤵
-
\??\c:\1xfxllx.exec:\1xfxllx.exe92⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe93⤵
-
\??\c:\9thttt.exec:\9thttt.exe94⤵
-
\??\c:\thtnnb.exec:\thtnnb.exe95⤵
-
\??\c:\vpppv.exec:\vpppv.exe96⤵
-
\??\c:\fflxrlx.exec:\fflxrlx.exe97⤵
-
\??\c:\fxrrfrr.exec:\fxrrfrr.exe98⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe99⤵
-
\??\c:\nhbthb.exec:\nhbthb.exe100⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe101⤵
-
\??\c:\vdddv.exec:\vdddv.exe102⤵
-
\??\c:\lrlfffl.exec:\lrlfffl.exe103⤵
-
\??\c:\llrxffl.exec:\llrxffl.exe104⤵
-
\??\c:\bhhbtt.exec:\bhhbtt.exe105⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe106⤵
-
\??\c:\5pvdv.exec:\5pvdv.exe107⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe108⤵
-
\??\c:\5rxrffx.exec:\5rxrffx.exe109⤵
-
\??\c:\fxllfxr.exec:\fxllfxr.exe110⤵
-
\??\c:\thnthh.exec:\thnthh.exe111⤵
-
\??\c:\bhnhtt.exec:\bhnhtt.exe112⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe113⤵
-
\??\c:\pdpdd.exec:\pdpdd.exe114⤵
-
\??\c:\fxflxfx.exec:\fxflxfx.exe115⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe116⤵
-
\??\c:\xffrrrl.exec:\xffrrrl.exe117⤵
-
\??\c:\xrrffrx.exec:\xrrffrx.exe118⤵
-
\??\c:\thnhtn.exec:\thnhtn.exe119⤵
-
\??\c:\thbthh.exec:\thbthh.exe120⤵
-
\??\c:\9pdpd.exec:\9pdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-