Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20-05-2024 00:05
General
-
Target
671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe
-
Size
393KB
-
MD5
671d108f79163b0bd9ae03da5e9239e0
-
SHA1
7b334ea6a8274899bfed7833f84d4903515289fe
-
SHA256
80e7a0cfbece452df0f557fde6101df26f6be93f8a761f2e4099036e5139ddf1
-
SHA512
436e8e1cc8f2854f0ce5c5e6cd143596454a63b45a255c12e6c4de85ddc34a916641bc92133c344e120d36e7075e5455be8e2bd688f4bf382879103f209297a9
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRt:m7TcJWjdpKGATTk/jYIOWN/KnnPe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdd.exec:\vdvdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntbh.exec:\tnntbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnhh.exec:\3ntnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxr.exec:\lrxlfxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbt.exec:\tnhhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrflll.exec:\fxrflll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppd.exec:\jdppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntht.exec:\btntht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjj.exec:\pvjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnht.exec:\thtnht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnt.exec:\ttbtnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrlllf.exec:\7lrlllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrlxf.exec:\xxfrlxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpj.exec:\vpdpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnnt.exec:\bttnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbnhh.exec:\bnbnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\xlfffxl.exec:\xlfffxl.exe26⤵
- Executes dropped EXE
-
\??\c:\hhhhnn.exec:\hhhhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\5dppd.exec:\5dppd.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe29⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\htbbbt.exec:\htbbbt.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrlxrl.exec:\xxrlxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\rxflrrl.exec:\rxflrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\7pddv.exec:\7pddv.exe36⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe38⤵
- Executes dropped EXE
-
\??\c:\xrfrfxf.exec:\xrfrfxf.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\fllfxlx.exec:\fllfxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\nbbnhh.exec:\nbbnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrlfff.exec:\rfrlfff.exe43⤵
- Executes dropped EXE
-
\??\c:\nhbbbn.exec:\nhbbbn.exe44⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe45⤵
- Executes dropped EXE
-
\??\c:\tbnhnb.exec:\tbnhnb.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe47⤵
- Executes dropped EXE
-
\??\c:\fffffff.exec:\fffffff.exe48⤵
- Executes dropped EXE
-
\??\c:\nhbhtn.exec:\nhbhtn.exe49⤵
- Executes dropped EXE
-
\??\c:\7ppjd.exec:\7ppjd.exe50⤵
- Executes dropped EXE
-
\??\c:\rxrfrfl.exec:\rxrfrfl.exe51⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbnn.exec:\hhhbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\3lflfxr.exec:\3lflfxr.exe55⤵
- Executes dropped EXE
-
\??\c:\htnhbb.exec:\htnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe57⤵
- Executes dropped EXE
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe58⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3jjdj.exec:\3jjdj.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxlxll.exec:\rxxlxll.exe61⤵
- Executes dropped EXE
-
\??\c:\1bttnn.exec:\1bttnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe63⤵
- Executes dropped EXE
-
\??\c:\xxffxff.exec:\xxffxff.exe64⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe65⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe66⤵
-
\??\c:\hbnbtn.exec:\hbnbtn.exe67⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe68⤵
-
\??\c:\jdppv.exec:\jdppv.exe69⤵
-
\??\c:\lxfflll.exec:\lxfflll.exe70⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe71⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe72⤵
-
\??\c:\htnhht.exec:\htnhht.exe73⤵
-
\??\c:\dpppp.exec:\dpppp.exe74⤵
-
\??\c:\xlllrxf.exec:\xlllrxf.exe75⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe76⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe77⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe78⤵
-
\??\c:\xffxffl.exec:\xffxffl.exe79⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe80⤵
-
\??\c:\vjppv.exec:\vjppv.exe81⤵
-
\??\c:\5ddvp.exec:\5ddvp.exe82⤵
-
\??\c:\ntnhtb.exec:\ntnhtb.exe83⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe84⤵
-
\??\c:\3lfxlrf.exec:\3lfxlrf.exe85⤵
-
\??\c:\btttnn.exec:\btttnn.exe86⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe87⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe88⤵
-
\??\c:\lffflrl.exec:\lffflrl.exe89⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe90⤵
-
\??\c:\frlrllr.exec:\frlrllr.exe91⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe92⤵
-
\??\c:\rlxrlfx.exec:\rlxrlfx.exe93⤵
-
\??\c:\nbnnhn.exec:\nbnnhn.exe94⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe95⤵
-
\??\c:\xrrlrxl.exec:\xrrlrxl.exe96⤵
-
\??\c:\ntttnn.exec:\ntttnn.exe97⤵
-
\??\c:\3hnnht.exec:\3hnnht.exe98⤵
-
\??\c:\lrlfrxr.exec:\lrlfrxr.exe99⤵
-
\??\c:\bhbbtn.exec:\bhbbtn.exe100⤵
-
\??\c:\7jpjd.exec:\7jpjd.exe101⤵
-
\??\c:\5lrrxlx.exec:\5lrrxlx.exe102⤵
-
\??\c:\tthbbb.exec:\tthbbb.exe103⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe104⤵
-
\??\c:\lrlffrr.exec:\lrlffrr.exe105⤵
-
\??\c:\rxxrlll.exec:\rxxrlll.exe106⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe107⤵
-
\??\c:\5dppv.exec:\5dppv.exe108⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe109⤵
-
\??\c:\1xllrxl.exec:\1xllrxl.exe110⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe111⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe112⤵
-
\??\c:\rllrxrr.exec:\rllrxrr.exe113⤵
-
\??\c:\nbbbbb.exec:\nbbbbb.exe114⤵
-
\??\c:\ddddv.exec:\ddddv.exe115⤵
-
\??\c:\ffxxflx.exec:\ffxxflx.exe116⤵
-
\??\c:\lxlffxx.exec:\lxlffxx.exe117⤵
-
\??\c:\thttbh.exec:\thttbh.exe118⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe119⤵
-
\??\c:\1rffllf.exec:\1rffllf.exe120⤵
-
\??\c:\xrrfffx.exec:\xrrfffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-