Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
19/05/2024, 21:57
General
-
Target
44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
44dd4a993028693f9c236f5fa473b3e0
-
SHA1
c005759f054200c21cc8347c5ea81bf0a0bad2ef
-
SHA256
fe8e9c1f002320cfdd77d161f1623a8198d88611d869e3b1f557a376a21e8580
-
SHA512
bdcd83153cdc34d20162686b1f5bc6086c3e0e3f023dc8e273181c82048b9961e28e0a3e6f1e91261a60ad80ba3fc547f78b5a7cb4eb5c79414a543c32dbb3e4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQY:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjj.exec:\5jjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjdd.exec:\5vjdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffflf.exec:\ffffflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnb.exec:\nnbbnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfxxr.exec:\1xlfxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbbb.exec:\bnbbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjv.exec:\pvdjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxx.exec:\lffxfxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnnh.exec:\hthnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxxx.exec:\rxxrxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntb.exec:\bnhntb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvj.exec:\pvjvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrxr.exec:\xrrrrxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnt.exec:\bbntnt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvvv.exec:\1pvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjd.exec:\7vjjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\nthbbt.exec:\nthbbt.exe24⤵
- Executes dropped EXE
-
\??\c:\tbbtnt.exec:\tbbtnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe26⤵
- Executes dropped EXE
-
\??\c:\5lllxxx.exec:\5lllxxx.exe27⤵
- Executes dropped EXE
-
\??\c:\1thbhh.exec:\1thbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\htbbtt.exec:\htbbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\5xxfxrx.exec:\5xxfxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\lflllll.exec:\lflllll.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhntt.exec:\tbhntt.exe33⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe34⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe35⤵
- Executes dropped EXE
-
\??\c:\llffxxx.exec:\llffxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\5bbbbh.exec:\5bbbbh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddpjp.exec:\ddpjp.exe39⤵
- Executes dropped EXE
-
\??\c:\rxxrlll.exec:\rxxrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\xrxxlll.exec:\xrxxlll.exe41⤵
- Executes dropped EXE
-
\??\c:\7hbbbb.exec:\7hbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nthhhn.exec:\nthhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe45⤵
- Executes dropped EXE
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\5rxxxxf.exec:\5rxxxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\nnnbnh.exec:\nnnbnh.exe48⤵
- Executes dropped EXE
-
\??\c:\btbttn.exec:\btbttn.exe49⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\xlxxxlf.exec:\xlxxxlf.exe52⤵
- Executes dropped EXE
-
\??\c:\tttttt.exec:\tttttt.exe53⤵
- Executes dropped EXE
-
\??\c:\5vjdd.exec:\5vjdd.exe54⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxxllr.exec:\fxxxllr.exe56⤵
- Executes dropped EXE
-
\??\c:\1xlffxx.exec:\1xlffxx.exe57⤵
- Executes dropped EXE
-
\??\c:\3tbbtb.exec:\3tbbtb.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbttn.exec:\tnbttn.exe59⤵
- Executes dropped EXE
-
\??\c:\3vvjd.exec:\3vvjd.exe60⤵
- Executes dropped EXE
-
\??\c:\jpdvj.exec:\jpdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\3djdp.exec:\3djdp.exe62⤵
- Executes dropped EXE
-
\??\c:\frrrllf.exec:\frrrllf.exe63⤵
- Executes dropped EXE
-
\??\c:\1rxfxxx.exec:\1rxfxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\thnhhb.exec:\thnhhb.exe65⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe66⤵
-
\??\c:\7frllrx.exec:\7frllrx.exe67⤵
-
\??\c:\xrllllf.exec:\xrllllf.exe68⤵
-
\??\c:\hnbttt.exec:\hnbttt.exe69⤵
-
\??\c:\nntnnt.exec:\nntnnt.exe70⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe71⤵
-
\??\c:\xxfllfx.exec:\xxfllfx.exe72⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe73⤵
-
\??\c:\tbbbbb.exec:\tbbbbb.exe74⤵
-
\??\c:\5htnnt.exec:\5htnnt.exe75⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe76⤵
-
\??\c:\fflfxxx.exec:\fflfxxx.exe77⤵
-
\??\c:\xrfrffr.exec:\xrfrffr.exe78⤵
-
\??\c:\ttbhhh.exec:\ttbhhh.exe79⤵
-
\??\c:\5dppj.exec:\5dppj.exe80⤵
-
\??\c:\lllrlff.exec:\lllrlff.exe81⤵
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe82⤵
-
\??\c:\nntttt.exec:\nntttt.exe83⤵
-
\??\c:\vvjdp.exec:\vvjdp.exe84⤵
-
\??\c:\llxxllx.exec:\llxxllx.exe85⤵
-
\??\c:\3fxrxrx.exec:\3fxrxrx.exe86⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe87⤵
-
\??\c:\jjppj.exec:\jjppj.exe88⤵
-
\??\c:\xxllfll.exec:\xxllfll.exe89⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe90⤵
-
\??\c:\hnbtnh.exec:\hnbtnh.exe91⤵
-
\??\c:\5djdv.exec:\5djdv.exe92⤵
-
\??\c:\5rllfrf.exec:\5rllfrf.exe93⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe94⤵
-
\??\c:\7bhhnn.exec:\7bhhnn.exe95⤵
-
\??\c:\vppjj.exec:\vppjj.exe96⤵
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe97⤵
-
\??\c:\djvpj.exec:\djvpj.exe98⤵
-
\??\c:\7rrrllf.exec:\7rrrllf.exe99⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe100⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe101⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe102⤵
-
\??\c:\xllllll.exec:\xllllll.exe103⤵
-
\??\c:\bbnnhh.exec:\bbnnhh.exe104⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe105⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe106⤵
-
\??\c:\rxlxxlf.exec:\rxlxxlf.exe107⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe108⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe109⤵
-
\??\c:\jjppp.exec:\jjppp.exe110⤵
-
\??\c:\xffllrl.exec:\xffllrl.exe111⤵
-
\??\c:\lffffrr.exec:\lffffrr.exe112⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe113⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe114⤵
-
\??\c:\pvjjv.exec:\pvjjv.exe115⤵
-
\??\c:\xxlxrlf.exec:\xxlxrlf.exe116⤵
-
\??\c:\llxlrxx.exec:\llxlrxx.exe117⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe118⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe119⤵
-
\??\c:\vpppj.exec:\vpppj.exe120⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-