Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 22:28
General
-
Target
10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe
-
Size
78KB
-
MD5
10688ca3eca8c69a70f27dbf75425750
-
SHA1
bfdf3b795f59c8c2105e657c10bcd5ea5b9eea9b
-
SHA256
96a69dd1a69c654d09dd1e0874b550e693af07ec367854e95fb5953141fd5642
-
SHA512
bdc0b120acd83f543857be6e90339115453596d2340af714e956e7264d4dd4c6550d065efbabbb7172b21ae2ec5dd3262caaa40274977a9aa3b283cd12160e26
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHWkuhU:ymb3NkkiQ3mdBjFIpkPcy8qsHjn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntbbh.exec:\7ntbbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvv.exec:\5jvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xffxxx.exec:\3xffxxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnt.exec:\nhbtnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfff.exec:\fxrlfff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhhn.exec:\bnhhhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdj.exec:\djvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnh.exec:\htbtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbbtt.exec:\1bbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvp.exec:\jjdvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllxxxx.exec:\fllxxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnbtb.exec:\3bnbtb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttt.exec:\tbbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpd.exec:\pvvpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrrr.exec:\lffxrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjj.exec:\3dpjj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxfxxx.exec:\9lxfxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe23⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe24⤵
- Executes dropped EXE
-
\??\c:\fxfxxfl.exec:\fxfxxfl.exe25⤵
- Executes dropped EXE
-
\??\c:\llfxrrr.exec:\llfxrrr.exe26⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\xlfflfr.exec:\xlfflfr.exe28⤵
- Executes dropped EXE
-
\??\c:\9rrlllf.exec:\9rrlllf.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhttt.exec:\nhhttt.exe30⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe31⤵
- Executes dropped EXE
-
\??\c:\5vjdd.exec:\5vjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxfrfl.exec:\lrxfrfl.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbnhb.exec:\nbbnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\bhnhbh.exec:\bhnhbh.exe35⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\frrlllx.exec:\frrlllx.exe37⤵
- Executes dropped EXE
-
\??\c:\tthtnn.exec:\tthtnn.exe38⤵
- Executes dropped EXE
-
\??\c:\nnbhtn.exec:\nnbhtn.exe39⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\5djpj.exec:\5djpj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfxlff.exec:\xrfxlff.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnbbb.exec:\nhnbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\9jddv.exec:\9jddv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlllrx.exec:\fxlllrx.exe45⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\3nntth.exec:\3nntth.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbtnt.exec:\nnbtnt.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrlfff.exec:\lfrlfff.exe51⤵
- Executes dropped EXE
-
\??\c:\thbtnh.exec:\thbtnh.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnbnb.exec:\bnnbnb.exe53⤵
- Executes dropped EXE
-
\??\c:\5ppdj.exec:\5ppdj.exe54⤵
- Executes dropped EXE
-
\??\c:\5dpjv.exec:\5dpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\rxxfxlf.exec:\rxxfxlf.exe56⤵
- Executes dropped EXE
-
\??\c:\nhnbtt.exec:\nhnbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\5bbbnh.exec:\5bbbnh.exe58⤵
- Executes dropped EXE
-
\??\c:\thtnbt.exec:\thtnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\3ddpv.exec:\3ddpv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxxlrl.exec:\rlxxlrl.exe61⤵
- Executes dropped EXE
-
\??\c:\fxrxrrr.exec:\fxrxrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnbnb.exec:\nbnbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe65⤵
- Executes dropped EXE
-
\??\c:\frrlrlx.exec:\frrlrlx.exe66⤵
-
\??\c:\htbbhb.exec:\htbbhb.exe67⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe68⤵
-
\??\c:\7ffrllf.exec:\7ffrllf.exe69⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe70⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe71⤵
-
\??\c:\vdppj.exec:\vdppj.exe72⤵
-
\??\c:\lrfxlfl.exec:\lrfxlfl.exe73⤵
-
\??\c:\rfflflf.exec:\rfflflf.exe74⤵
-
\??\c:\thbhtt.exec:\thbhtt.exe75⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe76⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe77⤵
-
\??\c:\rxrlxxr.exec:\rxrlxxr.exe78⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe79⤵
-
\??\c:\9vvpp.exec:\9vvpp.exe80⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe81⤵
-
\??\c:\rxlfrff.exec:\rxlfrff.exe82⤵
-
\??\c:\hbnhbn.exec:\hbnhbn.exe83⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe84⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe85⤵
-
\??\c:\3lllxrf.exec:\3lllxrf.exe86⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe87⤵
-
\??\c:\9nbtbt.exec:\9nbtbt.exe88⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe89⤵
-
\??\c:\jddvp.exec:\jddvp.exe90⤵
-
\??\c:\lxxfrrl.exec:\lxxfrrl.exe91⤵
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe92⤵
-
\??\c:\hhhtbt.exec:\hhhtbt.exe93⤵
-
\??\c:\btbntn.exec:\btbntn.exe94⤵
-
\??\c:\djdvp.exec:\djdvp.exe95⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe96⤵
-
\??\c:\fllxllx.exec:\fllxllx.exe97⤵
-
\??\c:\llrfxrr.exec:\llrfxrr.exe98⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe99⤵
-
\??\c:\jdddd.exec:\jdddd.exe100⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe101⤵
-
\??\c:\5rfrffx.exec:\5rfrffx.exe102⤵
-
\??\c:\9rlfxrl.exec:\9rlfxrl.exe103⤵
-
\??\c:\3nnhbt.exec:\3nnhbt.exe104⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe105⤵
-
\??\c:\dvppd.exec:\dvppd.exe106⤵
-
\??\c:\lrllrrr.exec:\lrllrrr.exe107⤵
-
\??\c:\xlrlxlf.exec:\xlrlxlf.exe108⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe109⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe110⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe111⤵
-
\??\c:\7fffrrf.exec:\7fffrrf.exe112⤵
-
\??\c:\5xlfrrf.exec:\5xlfrrf.exe113⤵
-
\??\c:\httnht.exec:\httnht.exe114⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe115⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe116⤵
-
\??\c:\fllrxlf.exec:\fllrxlf.exe117⤵
-
\??\c:\xxrlxrf.exec:\xxrlxrf.exe118⤵
-
\??\c:\xrrlrlf.exec:\xrrlrlf.exe119⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe120⤵
-
\??\c:\7ttnhb.exec:\7ttnhb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-