Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 06:46
General
-
Target
c8ad59c323405febd7f80d00e706e4c0_NeikiAnalytics.exe
-
Size
483KB
-
MD5
c8ad59c323405febd7f80d00e706e4c0
-
SHA1
3c7e9809aed2d60f31dcd81a2ff203b2ddc7476e
-
SHA256
eefd90544a2b83cdc2102b2bcdc52fd7db351b8ce40518d23ecfcacd94f995dd
-
SHA512
ab0313ceb46185927b50a7f1997ab532401ead24a5fc7a532e92c86558e032864a0aae5d810700eff5f9150fb48487bbd9f54772d6974abe4d3798decafeb0e6
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizjQ:q7Tc2NYHUrAwqzcO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8ad59c323405febd7f80d00e706e4c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8ad59c323405febd7f80d00e706e4c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbb.exec:\hhttbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrlf.exec:\rffxrlf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrlll.exec:\xfrrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ttnnn.exec:\1ttnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhthb.exec:\tnhthb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxrfr.exec:\rrrxrfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttbb.exec:\hnttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtht.exec:\hnhtht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdv.exec:\9pjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrllff.exec:\rxrllff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdv.exec:\pjpdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllxf.exec:\lfrllxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpd.exec:\dpvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffxx.exec:\fflffxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbtn.exec:\hbtbtn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnbb.exec:\httnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjv.exec:\jdvjv.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe25⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\nhnttn.exec:\nhnttn.exe27⤵
- Executes dropped EXE
-
\??\c:\flrxrxl.exec:\flrxrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\5thbbb.exec:\5thbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\djvvd.exec:\djvvd.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvdd.exec:\ppvdd.exe31⤵
- Executes dropped EXE
-
\??\c:\xrllxxr.exec:\xrllxxr.exe32⤵
- Executes dropped EXE
-
\??\c:\9httth.exec:\9httth.exe33⤵
- Executes dropped EXE
-
\??\c:\bhhhbh.exec:\bhhhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vvjpj.exec:\vvjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\5rfffrr.exec:\5rfffrr.exe36⤵
- Executes dropped EXE
-
\??\c:\htbnnn.exec:\htbnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\1rlrfrl.exec:\1rlrfrl.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnnnn.exec:\nhnnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe41⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\xffxrxf.exec:\xffxrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe44⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe45⤵
- Executes dropped EXE
-
\??\c:\rxllfff.exec:\rxllfff.exe46⤵
- Executes dropped EXE
-
\??\c:\bhntbb.exec:\bhntbb.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\1vddd.exec:\1vddd.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxffff.exec:\rlxffff.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnhnn.exec:\hhnhnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe52⤵
- Executes dropped EXE
-
\??\c:\1jjjj.exec:\1jjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxxxff.exec:\xlxxxff.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbbhn.exec:\hbbbhn.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe57⤵
- Executes dropped EXE
-
\??\c:\frffxfx.exec:\frffxfx.exe58⤵
- Executes dropped EXE
-
\??\c:\bnbbtt.exec:\bnbbtt.exe59⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe60⤵
- Executes dropped EXE
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\tnnnnt.exec:\tnnnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe64⤵
- Executes dropped EXE
-
\??\c:\3llrrrr.exec:\3llrrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\7tnnbh.exec:\7tnnbh.exe66⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe67⤵
-
\??\c:\5fffxfx.exec:\5fffxfx.exe68⤵
-
\??\c:\ffrllll.exec:\ffrllll.exe69⤵
-
\??\c:\tthttb.exec:\tthttb.exe70⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe71⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe72⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe73⤵
-
\??\c:\3ppjd.exec:\3ppjd.exe74⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe75⤵
-
\??\c:\xxfllxx.exec:\xxfllxx.exe76⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe77⤵
-
\??\c:\djjjj.exec:\djjjj.exe78⤵
-
\??\c:\rrlllff.exec:\rrlllff.exe79⤵
-
\??\c:\9ttbhn.exec:\9ttbhn.exe80⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe81⤵
-
\??\c:\9jjjv.exec:\9jjjv.exe82⤵
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe83⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe84⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe85⤵
-
\??\c:\9fffflr.exec:\9fffflr.exe86⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe87⤵
-
\??\c:\1bbbtn.exec:\1bbbtn.exe88⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe89⤵
-
\??\c:\rxxxfff.exec:\rxxxfff.exe90⤵
-
\??\c:\hbbbtb.exec:\hbbbtb.exe91⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe92⤵
-
\??\c:\rrxlfrf.exec:\rrxlfrf.exe93⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe94⤵
-
\??\c:\htnhbt.exec:\htnhbt.exe95⤵
-
\??\c:\pppdv.exec:\pppdv.exe96⤵
-
\??\c:\xrxlfll.exec:\xrxlfll.exe97⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe98⤵
-
\??\c:\1dvvp.exec:\1dvvp.exe99⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe100⤵
-
\??\c:\fflxllx.exec:\fflxllx.exe101⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe102⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe103⤵
-
\??\c:\rxrfxrf.exec:\rxrfxrf.exe104⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe105⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe106⤵
-
\??\c:\lllfllr.exec:\lllfllr.exe107⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe108⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe109⤵
-
\??\c:\xllxrrr.exec:\xllxrrr.exe110⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe111⤵
-
\??\c:\xfxlfff.exec:\xfxlfff.exe112⤵
-
\??\c:\tttnnh.exec:\tttnnh.exe113⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe114⤵
-
\??\c:\vdvvv.exec:\vdvvv.exe115⤵
-
\??\c:\rlrffrx.exec:\rlrffrx.exe116⤵
-
\??\c:\hbntth.exec:\hbntth.exe117⤵
-
\??\c:\frrrrff.exec:\frrrrff.exe118⤵
-
\??\c:\5ffffll.exec:\5ffffll.exe119⤵
-
\??\c:\ttbttb.exec:\ttbttb.exe120⤵
-
\??\c:\vpppp.exec:\vpppp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-