Analysis
-
max time kernel
97s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17-05-2024 20:05
General
-
Target
27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe
-
Size
72KB
-
MD5
27b5c4b6a4437f865ee4a03f89142350
-
SHA1
4ca74651d0f15ee7223c6038afc64486cd5c9cb8
-
SHA256
080981783f42abbd3ff4f90bdd429fc2563b6d257807b6ad3a2a64d6ce19260a
-
SHA512
52c7983dc7e22207a3d1609e0a4145a76700b73299c4ac43682458f517fc47d7c100c9afc46a6acd268bdeedb1447e6b5c6bcc3901f26c1ca7061b91a9557a14
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKwo:ymb3NkkiQ3mdBjFIjeKo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhtn.exec:\nbhhtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvv.exec:\dpvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrffx.exec:\rrxrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbt.exec:\tthbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlfxf.exec:\xlxlfxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrlr.exec:\lflfrlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlrxx.exec:\ffrlrxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrxr.exec:\xlrlrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbh.exec:\bnhhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllllrx.exec:\xllllrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dpjp.exec:\9dpjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbn.exec:\nhhbbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxflxr.exec:\ffxflxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhbb.exec:\tthhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxrl.exec:\llxxxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppj.exec:\ppppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnnn.exec:\hhtnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhnn.exec:\bnnhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe24⤵
- Executes dropped EXE
-
\??\c:\lfflxfl.exec:\lfflxfl.exe25⤵
- Executes dropped EXE
-
\??\c:\fxxxxff.exec:\fxxxxff.exe26⤵
- Executes dropped EXE
-
\??\c:\3pjjp.exec:\3pjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\lrflrll.exec:\lrflrll.exe28⤵
- Executes dropped EXE
-
\??\c:\nbhtbn.exec:\nbhtbn.exe29⤵
- Executes dropped EXE
-
\??\c:\1pdpv.exec:\1pdpv.exe30⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe31⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe32⤵
- Executes dropped EXE
-
\??\c:\nhbbbb.exec:\nhbbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\3vpdj.exec:\3vpdj.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxxxxf.exec:\ffxxxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\1tbbtt.exec:\1tbbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\vddpp.exec:\vddpp.exe37⤵
- Executes dropped EXE
-
\??\c:\5rffxlx.exec:\5rffxlx.exe38⤵
- Executes dropped EXE
-
\??\c:\lxrllll.exec:\lxrllll.exe39⤵
- Executes dropped EXE
-
\??\c:\nttttt.exec:\nttttt.exe40⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\xfrlxrr.exec:\xfrlxrr.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe43⤵
- Executes dropped EXE
-
\??\c:\rxxrrfx.exec:\rxxrrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\frrlfff.exec:\frrlfff.exe45⤵
- Executes dropped EXE
-
\??\c:\1bhnhb.exec:\1bhnhb.exe46⤵
- Executes dropped EXE
-
\??\c:\frrlfrl.exec:\frrlfrl.exe47⤵
- Executes dropped EXE
-
\??\c:\tbbbth.exec:\tbbbth.exe48⤵
- Executes dropped EXE
-
\??\c:\nbbhnh.exec:\nbbhnh.exe49⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lllfxxx.exec:\lllfxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\xxfffxx.exec:\xxfffxx.exe52⤵
- Executes dropped EXE
-
\??\c:\bntbnh.exec:\bntbnh.exe53⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxfxfl.exec:\xrxfxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\hnhhht.exec:\hnhhht.exe57⤵
- Executes dropped EXE
-
\??\c:\djvvp.exec:\djvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxllflf.exec:\fxllflf.exe59⤵
- Executes dropped EXE
-
\??\c:\5tbbbn.exec:\5tbbbn.exe60⤵
- Executes dropped EXE
-
\??\c:\7vjpp.exec:\7vjpp.exe61⤵
- Executes dropped EXE
-
\??\c:\xfrxflx.exec:\xfrxflx.exe62⤵
- Executes dropped EXE
-
\??\c:\thhbnn.exec:\thhbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\hbtnht.exec:\hbtnht.exe64⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxxxll.exec:\xrxxxll.exe66⤵
-
\??\c:\rrrlrlx.exec:\rrrlrlx.exe67⤵
-
\??\c:\tbnbth.exec:\tbnbth.exe68⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe69⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe70⤵
-
\??\c:\fxlllrx.exec:\fxlllrx.exe71⤵
-
\??\c:\bntttb.exec:\bntttb.exe72⤵
-
\??\c:\vjddv.exec:\vjddv.exe73⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe74⤵
-
\??\c:\fllfxxf.exec:\fllfxxf.exe75⤵
-
\??\c:\1tttnn.exec:\1tttnn.exe76⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe77⤵
-
\??\c:\flrffff.exec:\flrffff.exe78⤵
-
\??\c:\hhnnnb.exec:\hhnnnb.exe79⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe80⤵
-
\??\c:\rxrrrxx.exec:\rxrrrxx.exe81⤵
-
\??\c:\llfrrfr.exec:\llfrrfr.exe82⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe83⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe84⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe85⤵
-
\??\c:\7lflfrf.exec:\7lflfrf.exe86⤵
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe87⤵
-
\??\c:\tbnbnh.exec:\tbnbnh.exe88⤵
-
\??\c:\frfllxl.exec:\frfllxl.exe89⤵
-
\??\c:\7hnhhn.exec:\7hnhhn.exe90⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe91⤵
-
\??\c:\jjppj.exec:\jjppj.exe92⤵
-
\??\c:\fxxxxxx.exec:\fxxxxxx.exe93⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe94⤵
-
\??\c:\vdppv.exec:\vdppv.exe95⤵
-
\??\c:\xxrlfll.exec:\xxrlfll.exe96⤵
-
\??\c:\ntnhtb.exec:\ntnhtb.exe97⤵
-
\??\c:\vjjpp.exec:\vjjpp.exe98⤵
-
\??\c:\frllxlr.exec:\frllxlr.exe99⤵
-
\??\c:\ffrrrfl.exec:\ffrrrfl.exe100⤵
-
\??\c:\bhbbnh.exec:\bhbbnh.exe101⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe102⤵
-
\??\c:\fflrrrf.exec:\fflrrrf.exe103⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe104⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe105⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe106⤵
-
\??\c:\rflllll.exec:\rflllll.exe107⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe108⤵
-
\??\c:\bbnhhb.exec:\bbnhhb.exe109⤵
-
\??\c:\ppddj.exec:\ppddj.exe110⤵
-
\??\c:\3frlffr.exec:\3frlffr.exe111⤵
-
\??\c:\nbnhnh.exec:\nbnhnh.exe112⤵
-
\??\c:\ntbhht.exec:\ntbhht.exe113⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe114⤵
-
\??\c:\3jddp.exec:\3jddp.exe115⤵
-
\??\c:\5fxrlrl.exec:\5fxrlrl.exe116⤵
-
\??\c:\hntthn.exec:\hntthn.exe117⤵
-
\??\c:\hhnhht.exec:\hhnhht.exe118⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe119⤵
-
\??\c:\lxrxrff.exec:\lxrxrff.exe120⤵
-
\??\c:\ffrllrr.exec:\ffrllrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-