Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 01:29
General
-
Target
80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe
-
Size
335KB
-
MD5
80257122a6603984ef181ced2c319de0
-
SHA1
4af3abb2282bf969fcb828fef1a7f53bf2e81607
-
SHA256
74e36c3d155db76f3e7c112c6d99f4dd8b5f9e96b7bd13f1853468178fb352a7
-
SHA512
39af7195744fe0aae40e64d84a5f671299e029724a29d531ec6dffc5d013566ac8becada59cf07c318ab83ee3ad1a1a9787d488ca605099cc7b828fe62ac481a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHqnuOeHzmB600TUA6Z7zupc+BE:n3C9BRo7tvnJ99T/KZEuOod00TG+BE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtn.exec:\hhbbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvd.exec:\jvvvd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlfff.exec:\llrlfff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tbttt.exec:\5tbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdv.exec:\djvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrlf.exec:\rrlfrlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxllr.exec:\rrxxllr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrrf.exec:\xffxrrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbbt.exec:\nhnbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrxfr.exec:\lrfrxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnb.exec:\btbhnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdj.exec:\ppjdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrxrx.exec:\xrrrxrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnn.exec:\hhnnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dddj.exec:\9dddj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfff.exec:\fxrlfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnt.exec:\tthnnt.exe23⤵
- Executes dropped EXE
-
\??\c:\xfxxllx.exec:\xfxxllx.exe24⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe25⤵
- Executes dropped EXE
-
\??\c:\fffllrl.exec:\fffllrl.exe26⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrllrr.exec:\lfrllrr.exe28⤵
- Executes dropped EXE
-
\??\c:\tntnhn.exec:\tntnhn.exe29⤵
- Executes dropped EXE
-
\??\c:\ntnntn.exec:\ntnntn.exe30⤵
- Executes dropped EXE
-
\??\c:\ntnhhb.exec:\ntnhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe32⤵
- Executes dropped EXE
-
\??\c:\htbhbn.exec:\htbhbn.exe33⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe34⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhhnb.exec:\hhhhnb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrrflf.exec:\xrrrflf.exe39⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfflll.exec:\rlfflll.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnhbb.exec:\hbnhbb.exe42⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbhnn.exec:\ntbhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe45⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe46⤵
- Executes dropped EXE
-
\??\c:\flxfxrf.exec:\flxfxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\bhnbbb.exec:\bhnbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\3frrrxf.exec:\3frrrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\5rxrrrx.exec:\5rxrrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\htttbt.exec:\htttbt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe52⤵
- Executes dropped EXE
-
\??\c:\3xrllfx.exec:\3xrllfx.exe53⤵
- Executes dropped EXE
-
\??\c:\nttbhh.exec:\nttbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe55⤵
- Executes dropped EXE
-
\??\c:\xflrrxx.exec:\xflrrxx.exe56⤵
- Executes dropped EXE
-
\??\c:\bhbtbb.exec:\bhbtbb.exe57⤵
- Executes dropped EXE
-
\??\c:\9xlrlxl.exec:\9xlrlxl.exe58⤵
- Executes dropped EXE
-
\??\c:\htnnbn.exec:\htnnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe60⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pvvdv.exec:\pvvdv.exe62⤵
- Executes dropped EXE
-
\??\c:\rfxffxr.exec:\rfxffxr.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbhth.exec:\nbbhth.exe64⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe65⤵
- Executes dropped EXE
-
\??\c:\1vjvd.exec:\1vjvd.exe66⤵
-
\??\c:\xfrxflr.exec:\xfrxflr.exe67⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe68⤵
-
\??\c:\lflrrfx.exec:\lflrrfx.exe69⤵
-
\??\c:\tnbttn.exec:\tnbttn.exe70⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe71⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe72⤵
-
\??\c:\fffrlxl.exec:\fffrlxl.exe73⤵
-
\??\c:\hththt.exec:\hththt.exe74⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe75⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe76⤵
-
\??\c:\lxffrxx.exec:\lxffrxx.exe77⤵
-
\??\c:\btnnth.exec:\btnnth.exe78⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe79⤵
-
\??\c:\fflllxx.exec:\fflllxx.exe80⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe81⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe82⤵
-
\??\c:\xlrlfxr.exec:\xlrlfxr.exe83⤵
-
\??\c:\tntntt.exec:\tntntt.exe84⤵
-
\??\c:\hthbtb.exec:\hthbtb.exe85⤵
-
\??\c:\pvvdv.exec:\pvvdv.exe86⤵
-
\??\c:\flxfffx.exec:\flxfffx.exe87⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe88⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe89⤵
-
\??\c:\ffllxxf.exec:\ffllxxf.exe90⤵
-
\??\c:\hhbtnt.exec:\hhbtnt.exe91⤵
-
\??\c:\7dddd.exec:\7dddd.exe92⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe93⤵
-
\??\c:\rrrrrrf.exec:\rrrrrrf.exe94⤵
-
\??\c:\tnhbnh.exec:\tnhbnh.exe95⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe96⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe97⤵
-
\??\c:\nntttt.exec:\nntttt.exe98⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe99⤵
-
\??\c:\rxxlrfx.exec:\rxxlrfx.exe100⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe101⤵
-
\??\c:\fflrxfl.exec:\fflrxfl.exe102⤵
-
\??\c:\hbhhth.exec:\hbhhth.exe103⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe104⤵
-
\??\c:\djvjj.exec:\djvjj.exe105⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe106⤵
-
\??\c:\vpppj.exec:\vpppj.exe107⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe108⤵
-
\??\c:\xlfrlfr.exec:\xlfrlfr.exe109⤵
-
\??\c:\hnbhhb.exec:\hnbhhb.exe110⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe111⤵
-
\??\c:\lrlllrx.exec:\lrlllrx.exe112⤵
-
\??\c:\9ntttb.exec:\9ntttb.exe113⤵
-
\??\c:\pvppp.exec:\pvppp.exe114⤵
-
\??\c:\llrxfrf.exec:\llrxfrf.exe115⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe116⤵
-
\??\c:\djvjj.exec:\djvjj.exe117⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe118⤵
-
\??\c:\flrfxll.exec:\flrfxll.exe119⤵
-
\??\c:\ttbthh.exec:\ttbthh.exe120⤵
-
\??\c:\djvvv.exec:\djvvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-