Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21-05-2024 06:49
General
-
Target
13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe
-
Size
480KB
-
MD5
bdf8e9336f08d504a96e6a17fe3ceef0
-
SHA1
9e52db39105ce762b2a60f24939763274f547846
-
SHA256
13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7
-
SHA512
b947047a686ec0cbb4f84c85e27e84c9f6aff46cd0572162bed82eb26ca3dfb783326bc9b790f5a875f6140fb41eb3a3361b97966517460906fe8de4a59e171d
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezt:Su326p0aroZt0st
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvd.exec:\jjvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrrrx.exec:\lllrrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnnt.exec:\ttnnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvv.exec:\dvvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffxx.exec:\rlfffxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntb.exec:\hthntb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlllllf.exec:\xlllllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttnt.exec:\tbttnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxxrxr.exec:\9fxxrxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnnb.exec:\nttnnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxff.exec:\rrfxxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhtb.exec:\hthhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhh.exec:\htnhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllllll.exec:\xllllll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhb.exec:\nthbhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffflr.exec:\xxffflr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbn.exec:\hbthbn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffxrl.exec:\xxffxrl.exe23⤵
- Executes dropped EXE
-
\??\c:\pjpdp.exec:\pjpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe26⤵
- Executes dropped EXE
-
\??\c:\bbnnbb.exec:\bbnnbb.exe27⤵
- Executes dropped EXE
-
\??\c:\nbhhhn.exec:\nbhhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\bbtnnh.exec:\bbtnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\9lllflf.exec:\9lllflf.exe31⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrllfx.exec:\rlrllfx.exe34⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe35⤵
- Executes dropped EXE
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe40⤵
- Executes dropped EXE
-
\??\c:\fxrlxrf.exec:\fxrlxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\7bhbbb.exec:\7bhbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\lfflfxr.exec:\lfflfxr.exe43⤵
- Executes dropped EXE
-
\??\c:\tthhbt.exec:\tthhbt.exe44⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe45⤵
- Executes dropped EXE
-
\??\c:\flrllll.exec:\flrllll.exe46⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe48⤵
- Executes dropped EXE
-
\??\c:\rfrllxr.exec:\rfrllxr.exe49⤵
- Executes dropped EXE
-
\??\c:\lllfxxr.exec:\lllfxxr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\vpjpp.exec:\vpjpp.exe52⤵
- Executes dropped EXE
-
\??\c:\7pdpj.exec:\7pdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\9xfxllf.exec:\9xfxllf.exe54⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe55⤵
- Executes dropped EXE
-
\??\c:\jpvdp.exec:\jpvdp.exe56⤵
- Executes dropped EXE
-
\??\c:\fxxllfr.exec:\fxxllfr.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhtnb.exec:\nhhtnb.exe58⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrllfl.exec:\rlrllfl.exe60⤵
- Executes dropped EXE
-
\??\c:\ntnnnt.exec:\ntnnnt.exe61⤵
- Executes dropped EXE
-
\??\c:\hhtnhn.exec:\hhtnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\1llxrrx.exec:\1llxrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\5nhhhn.exec:\5nhhhn.exe66⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe67⤵
-
\??\c:\thhttt.exec:\thhttt.exe68⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe69⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe70⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe71⤵
-
\??\c:\tbnbnb.exec:\tbnbnb.exe72⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe73⤵
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe74⤵
-
\??\c:\ffxxllx.exec:\ffxxllx.exe75⤵
-
\??\c:\1btnnt.exec:\1btnnt.exe76⤵
-
\??\c:\lfxlxfx.exec:\lfxlxfx.exe77⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe78⤵
-
\??\c:\lfrxxlf.exec:\lfrxxlf.exe79⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe80⤵
-
\??\c:\jdddj.exec:\jdddj.exe81⤵
-
\??\c:\xrrfffr.exec:\xrrfffr.exe82⤵
-
\??\c:\bbbhbt.exec:\bbbhbt.exe83⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe84⤵
-
\??\c:\fxrrrll.exec:\fxrrrll.exe85⤵
-
\??\c:\thhhtt.exec:\thhhtt.exe86⤵
-
\??\c:\djvdj.exec:\djvdj.exe87⤵
-
\??\c:\rrlrrlr.exec:\rrlrrlr.exe88⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe89⤵
-
\??\c:\pvjjd.exec:\pvjjd.exe90⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe91⤵
-
\??\c:\tttttb.exec:\tttttb.exe92⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe93⤵
-
\??\c:\lrlfrff.exec:\lrlfrff.exe94⤵
-
\??\c:\lxlllrr.exec:\lxlllrr.exe95⤵
-
\??\c:\7ntttb.exec:\7ntttb.exe96⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe97⤵
-
\??\c:\7xrlfff.exec:\7xrlfff.exe98⤵
-
\??\c:\frlfrrf.exec:\frlfrrf.exe99⤵
-
\??\c:\hbhbtb.exec:\hbhbtb.exe100⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe101⤵
-
\??\c:\lxrrlff.exec:\lxrrlff.exe102⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe103⤵
-
\??\c:\jppvj.exec:\jppvj.exe104⤵
-
\??\c:\xxrxlfx.exec:\xxrxlfx.exe105⤵
-
\??\c:\rlflfff.exec:\rlflfff.exe106⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe107⤵
-
\??\c:\dddvp.exec:\dddvp.exe108⤵
-
\??\c:\fxfxxff.exec:\fxfxxff.exe109⤵
-
\??\c:\9ppjj.exec:\9ppjj.exe110⤵
-
\??\c:\lrlxlxl.exec:\lrlxlxl.exe111⤵
-
\??\c:\3nnttn.exec:\3nnttn.exe112⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe113⤵
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe114⤵
-
\??\c:\nbbtnh.exec:\nbbtnh.exe115⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe116⤵
-
\??\c:\xrfxrfx.exec:\xrfxrfx.exe117⤵
-
\??\c:\ffxfffx.exec:\ffxfffx.exe118⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe119⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe120⤵
-
\??\c:\hhtbbh.exec:\hhtbbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-