Analysis
-
max time kernel
150s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 00:04
General
-
Target
668c716ee0b7aacde10c15a87e28a830_NeikiAnalytics.exe
-
Size
67KB
-
MD5
668c716ee0b7aacde10c15a87e28a830
-
SHA1
d896a2eae9ff4bfc8de86bf87bbd4c4c1fb481ac
-
SHA256
04076b629cf599646aa48c9f4ec2af403369e66e902891a9e0b2dc3960dae3b9
-
SHA512
70b60dde2518372baa4c54add73342f1a4b52af3a14645facdb02253678d52c6af4fa928284341ae1852fd82d5dd2c1af340f9ed6725f3fd6c5a6f87f66df6d0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAIVZ:ymb3NkkiQ3mdBjFIFdJ8bf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\668c716ee0b7aacde10c15a87e28a830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\668c716ee0b7aacde10c15a87e28a830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntbh.exec:\tbntbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrrf.exec:\ffrrrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxxll.exec:\ffxxxll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpp.exec:\dpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbb.exec:\nbtnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxrx.exec:\xrfrxrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbb.exec:\bbhbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpjp.exec:\5dpjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxffx.exec:\rrfxffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjpp.exec:\jvjpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllxlf.exec:\frllxlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxrfx.exec:\5rxxrfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpp.exec:\vvjpp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrllf.exec:\flrrllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfrfr.exec:\lfrfrfr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnn.exec:\btbhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe25⤵
- Executes dropped EXE
-
\??\c:\llrxxxf.exec:\llrxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\nbbhhb.exec:\nbbhhb.exe27⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe28⤵
- Executes dropped EXE
-
\??\c:\rffxllf.exec:\rffxllf.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllxrf.exec:\xrllxrf.exe30⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe31⤵
- Executes dropped EXE
-
\??\c:\7httnn.exec:\7httnn.exe32⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe33⤵
- Executes dropped EXE
-
\??\c:\9frxrrl.exec:\9frxrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\1tbhhn.exec:\1tbhhn.exe35⤵
- Executes dropped EXE
-
\??\c:\bttnnh.exec:\bttnnh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe37⤵
- Executes dropped EXE
-
\??\c:\fllrlll.exec:\fllrlll.exe38⤵
- Executes dropped EXE
-
\??\c:\1fllfll.exec:\1fllfll.exe39⤵
- Executes dropped EXE
-
\??\c:\7nbbtt.exec:\7nbbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\flfflrr.exec:\flfflrr.exe43⤵
- Executes dropped EXE
-
\??\c:\3tttnn.exec:\3tttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\flrrlll.exec:\flrrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\rllrrfx.exec:\rllrrfx.exe48⤵
- Executes dropped EXE
-
\??\c:\7nthnn.exec:\7nthnn.exe49⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe50⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe51⤵
- Executes dropped EXE
-
\??\c:\5fffxrl.exec:\5fffxrl.exe52⤵
- Executes dropped EXE
-
\??\c:\lfllrlf.exec:\lfllrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\tbhhtt.exec:\tbhhtt.exe54⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe56⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe57⤵
- Executes dropped EXE
-
\??\c:\xllxxrr.exec:\xllxxrr.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbtnh.exec:\nhbtnh.exe59⤵
- Executes dropped EXE
-
\??\c:\ntbbtb.exec:\ntbbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\httnbb.exec:\httnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe62⤵
- Executes dropped EXE
-
\??\c:\9jvpd.exec:\9jvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\lffxflx.exec:\lffxflx.exe65⤵
- Executes dropped EXE
-
\??\c:\7nhhtt.exec:\7nhhtt.exe66⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe67⤵
-
\??\c:\pvddd.exec:\pvddd.exe68⤵
-
\??\c:\xfrlllf.exec:\xfrlllf.exe69⤵
-
\??\c:\nnbttn.exec:\nnbttn.exe70⤵
-
\??\c:\bthbtt.exec:\bthbtt.exe71⤵
-
\??\c:\3jpjd.exec:\3jpjd.exe72⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe73⤵
-
\??\c:\3bhhnn.exec:\3bhhnn.exe74⤵
-
\??\c:\7ttnhh.exec:\7ttnhh.exe75⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe76⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe77⤵
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe78⤵
-
\??\c:\htttnh.exec:\htttnh.exe79⤵
-
\??\c:\btbttn.exec:\btbttn.exe80⤵
-
\??\c:\dvddj.exec:\dvddj.exe81⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe82⤵
-
\??\c:\fflxfxx.exec:\fflxfxx.exe83⤵
-
\??\c:\fxxxlfl.exec:\fxxxlfl.exe84⤵
-
\??\c:\bhnbht.exec:\bhnbht.exe85⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe86⤵
-
\??\c:\djjjj.exec:\djjjj.exe87⤵
-
\??\c:\xrxlxxx.exec:\xrxlxxx.exe88⤵
-
\??\c:\rxfffll.exec:\rxfffll.exe89⤵
-
\??\c:\thhbbt.exec:\thhbbt.exe90⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe91⤵
-
\??\c:\dppjd.exec:\dppjd.exe92⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe93⤵
-
\??\c:\lfrrrll.exec:\lfrrrll.exe94⤵
-
\??\c:\7ttthb.exec:\7ttthb.exe95⤵
-
\??\c:\5hbtnn.exec:\5hbtnn.exe96⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe97⤵
-
\??\c:\rllllrx.exec:\rllllrx.exe98⤵
-
\??\c:\fxffffr.exec:\fxffffr.exe99⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe100⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe101⤵
-
\??\c:\7vppj.exec:\7vppj.exe102⤵
-
\??\c:\xrfflfx.exec:\xrfflfx.exe103⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe104⤵
-
\??\c:\pdddv.exec:\pdddv.exe105⤵
-
\??\c:\5dvpj.exec:\5dvpj.exe106⤵
-
\??\c:\7llfrrl.exec:\7llfrrl.exe107⤵
-
\??\c:\1rllxxl.exec:\1rllxxl.exe108⤵
-
\??\c:\tbtnnt.exec:\tbtnnt.exe109⤵
-
\??\c:\jdddv.exec:\jdddv.exe110⤵
-
\??\c:\pppjd.exec:\pppjd.exe111⤵
-
\??\c:\lxlfxrr.exec:\lxlfxrr.exe112⤵
-
\??\c:\xlxlxrl.exec:\xlxlxrl.exe113⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe114⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe115⤵
-
\??\c:\fxlffll.exec:\fxlffll.exe116⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe117⤵
-
\??\c:\ntnhbb.exec:\ntnhbb.exe118⤵
-
\??\c:\frfxfrl.exec:\frfxfrl.exe119⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe120⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-