Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 00:50
General
-
Target
7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe
-
Size
77KB
-
MD5
7491c602491565c79401d5069cd1cc70
-
SHA1
59a4d7edb20fa7151d15bae83182b0fe6018fc40
-
SHA256
42661d71b8c18c6a0ff7816cd7b3debcee0bf04e01447149f7e4cf52a6e1a0c0
-
SHA512
8859ba0cca188eeb30010ed7f9a903b8bfb7d71025d5c685440a7ff2a60da0fe99e527f9e9bef7c2bb9c0ba0966ea5aa52cdf1e548947d818880760ea248b171
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcE:ymb3NkkiQ3mdBjFo68YBVIJc9JtxE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjv.exec:\ddjjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnbn.exec:\bnnnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdd.exec:\pdvdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlfl.exec:\rllrlfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhntt.exec:\nhhntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthnh.exec:\ntthnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffll.exec:\rflffll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbtn.exec:\5hhbtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvj.exec:\jjdvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lllxff.exec:\9lllxff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllll.exec:\frxllll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrflr.exec:\xflrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbhh.exec:\tttbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthht.exec:\ntthht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxxxxx.exec:\7rxxxxx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxlll.exec:\rrfxlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfffll.exec:\lxfffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxlfr.exec:\lrrxlfr.exe23⤵
- Executes dropped EXE
-
\??\c:\bttthb.exec:\bttthb.exe24⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrllfff.exec:\lrllfff.exe26⤵
- Executes dropped EXE
-
\??\c:\hhtnnn.exec:\hhtnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe28⤵
- Executes dropped EXE
-
\??\c:\xfrlrxf.exec:\xfrlrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrffll.exec:\ffrffll.exe31⤵
- Executes dropped EXE
-
\??\c:\fffllll.exec:\fffllll.exe32⤵
- Executes dropped EXE
-
\??\c:\httntn.exec:\httntn.exe33⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\fxllllf.exec:\fxllllf.exe35⤵
- Executes dropped EXE
-
\??\c:\bntttb.exec:\bntttb.exe36⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\nbnhhn.exec:\nbnhhn.exe38⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\flllffr.exec:\flllffr.exe41⤵
- Executes dropped EXE
-
\??\c:\hhhtnn.exec:\hhhtnn.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe43⤵
- Executes dropped EXE
-
\??\c:\jpvdv.exec:\jpvdv.exe44⤵
- Executes dropped EXE
-
\??\c:\xxfffll.exec:\xxfffll.exe45⤵
- Executes dropped EXE
-
\??\c:\nnttnt.exec:\nnttnt.exe46⤵
- Executes dropped EXE
-
\??\c:\1vvvv.exec:\1vvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\xxfxxfx.exec:\xxfxxfx.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbhtn.exec:\hhbhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe52⤵
- Executes dropped EXE
-
\??\c:\xfffflf.exec:\xfffflf.exe53⤵
- Executes dropped EXE
-
\??\c:\nhbnnt.exec:\nhbnnt.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe55⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrxxxr.exec:\rfrxxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbtnbb.exec:\nbtnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\bbhnhh.exec:\bbhnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrfll.exec:\rlrrfll.exe61⤵
- Executes dropped EXE
-
\??\c:\xllllrl.exec:\xllllrl.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\5pppj.exec:\5pppj.exe64⤵
- Executes dropped EXE
-
\??\c:\jjvvj.exec:\jjvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe66⤵
-
\??\c:\1httbh.exec:\1httbh.exe67⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe68⤵
-
\??\c:\xfrlrlr.exec:\xfrlrlr.exe69⤵
-
\??\c:\3nnnnb.exec:\3nnnnb.exe70⤵
-
\??\c:\jpvvd.exec:\jpvvd.exe71⤵
-
\??\c:\7ffxrrl.exec:\7ffxrrl.exe72⤵
-
\??\c:\rxfxxxx.exec:\rxfxxxx.exe73⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe74⤵
-
\??\c:\7pvpp.exec:\7pvpp.exe75⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe76⤵
-
\??\c:\frflxlr.exec:\frflxlr.exe77⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe78⤵
-
\??\c:\9tbnnh.exec:\9tbnnh.exe79⤵
-
\??\c:\rrfxlrl.exec:\rrfxlrl.exe80⤵
-
\??\c:\nhntnb.exec:\nhntnb.exe81⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe82⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe83⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe84⤵
-
\??\c:\1rrlflr.exec:\1rrlflr.exe85⤵
-
\??\c:\5ntttb.exec:\5ntttb.exe86⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe87⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe88⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe89⤵
-
\??\c:\lxlxxxl.exec:\lxlxxxl.exe90⤵
-
\??\c:\frxlrxr.exec:\frxlrxr.exe91⤵
-
\??\c:\nthhhn.exec:\nthhhn.exe92⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe93⤵
-
\??\c:\jjppj.exec:\jjppj.exe94⤵
-
\??\c:\7ddvj.exec:\7ddvj.exe95⤵
-
\??\c:\lfllflr.exec:\lfllflr.exe96⤵
-
\??\c:\llllfff.exec:\llllfff.exe97⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe98⤵
-
\??\c:\hhtnnt.exec:\hhtnnt.exe99⤵
-
\??\c:\dddjj.exec:\dddjj.exe100⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe101⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe102⤵
-
\??\c:\fxflflf.exec:\fxflflf.exe103⤵
-
\??\c:\nnbtnn.exec:\nnbtnn.exe104⤵
-
\??\c:\9hhtnh.exec:\9hhtnh.exe105⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe106⤵
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe107⤵
-
\??\c:\xxrrfxx.exec:\xxrrfxx.exe108⤵
-
\??\c:\ttnhbb.exec:\ttnhbb.exe109⤵
-
\??\c:\hnhnnt.exec:\hnhnnt.exe110⤵
-
\??\c:\djjjp.exec:\djjjp.exe111⤵
-
\??\c:\3jvdv.exec:\3jvdv.exe112⤵
-
\??\c:\xxxrlll.exec:\xxxrlll.exe113⤵
-
\??\c:\xrxrxll.exec:\xrxrxll.exe114⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe115⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe116⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe117⤵
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe118⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe119⤵
-
\??\c:\nhnnth.exec:\nhnnth.exe120⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-