Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21/05/2024, 08:19
General
-
Target
208d3b658c5f1cb0c50a72414b6d072e835cfbd9124e504baf1afdda06143ce8_NeikiAnalytics.exe
-
Size
116KB
-
MD5
76667956752aa3effc37228498e89f20
-
SHA1
76efc7297dee85ab0c7b5bf790854b18e81c9f87
-
SHA256
208d3b658c5f1cb0c50a72414b6d072e835cfbd9124e504baf1afdda06143ce8
-
SHA512
7da973e1d2cb352e9157206bdfa622e307f2d6de963f08b44313840c3df5f95de49c43c65e1b5e480de64a3cd3afac177dfdc52c56ba8b429447bd07e75f72f1
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFw:n3C9BRosxW8MFHLMWvlZ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\208d3b658c5f1cb0c50a72414b6d072e835cfbd9124e504baf1afdda06143ce8_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\208d3b658c5f1cb0c50a72414b6d072e835cfbd9124e504baf1afdda06143ce8_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpp.exec:\djvpp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffxfx.exec:\flffxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbnt.exec:\5thbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjd.exec:\9jjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffffx.exec:\xrffffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llflll.exec:\3llflll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttthh.exec:\nttthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjj.exec:\vvdjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbtnn.exec:\3bbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppv.exec:\pjppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxrrll.exec:\9xxrrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxllf.exec:\fffxllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbb.exec:\nnhbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxfrr.exec:\llxxfrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtn.exec:\tnnbtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrllll.exec:\fxrllll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbt.exec:\hnthbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhhh.exec:\ntnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrrfx.exec:\lfrrrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\thnbtt.exec:\thnbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlrrrl.exec:\xrlrrrl.exe26⤵
- Executes dropped EXE
-
\??\c:\5nhbtb.exec:\5nhbtb.exe27⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe28⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe29⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe30⤵
- Executes dropped EXE
-
\??\c:\hhnttt.exec:\hhnttt.exe31⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\nbtbtb.exec:\nbtbtb.exe33⤵
- Executes dropped EXE
-
\??\c:\9bbttt.exec:\9bbttt.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\1hnhtt.exec:\1hnhtt.exe37⤵
- Executes dropped EXE
-
\??\c:\tthhhh.exec:\tthhhh.exe38⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe39⤵
- Executes dropped EXE
-
\??\c:\flrxxll.exec:\flrxxll.exe40⤵
- Executes dropped EXE
-
\??\c:\tnntnt.exec:\tnntnt.exe41⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lxllxxr.exec:\lxllxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\rfrrxlr.exec:\rfrrxlr.exe44⤵
- Executes dropped EXE
-
\??\c:\bhnnnt.exec:\bhnnnt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvdjv.exec:\pvdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe47⤵
- Executes dropped EXE
-
\??\c:\llrllrr.exec:\llrllrr.exe48⤵
- Executes dropped EXE
-
\??\c:\5hhhhh.exec:\5hhhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\ffxrxxr.exec:\ffxrxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe53⤵
- Executes dropped EXE
-
\??\c:\tthhtn.exec:\tthhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\5jjjd.exec:\5jjjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrlllll.exec:\xrlllll.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nnntbh.exec:\nnntbh.exe58⤵
- Executes dropped EXE
-
\??\c:\dvvpv.exec:\dvvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe60⤵
- Executes dropped EXE
-
\??\c:\lxfrrlf.exec:\lxfrrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\bthnnt.exec:\bthnnt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnbtt.exec:\nbnbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe64⤵
- Executes dropped EXE
-
\??\c:\flrlxxr.exec:\flrlxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\9fxrllf.exec:\9fxrllf.exe66⤵
-
\??\c:\hhhbtt.exec:\hhhbtt.exe67⤵
-
\??\c:\djddv.exec:\djddv.exe68⤵
-
\??\c:\1llfxxr.exec:\1llfxxr.exe69⤵
-
\??\c:\xlfxrrf.exec:\xlfxrrf.exe70⤵
-
\??\c:\bnnnhb.exec:\bnnnhb.exe71⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe72⤵
-
\??\c:\rxffxff.exec:\rxffxff.exe73⤵
-
\??\c:\xlllfrr.exec:\xlllfrr.exe74⤵
-
\??\c:\lflrlxx.exec:\lflrlxx.exe75⤵
-
\??\c:\7bhbtt.exec:\7bhbtt.exe76⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe77⤵
-
\??\c:\3djjj.exec:\3djjj.exe78⤵
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe79⤵
-
\??\c:\7lrrlrr.exec:\7lrrlrr.exe80⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe81⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe82⤵
-
\??\c:\xrfrxrf.exec:\xrfrxrf.exe83⤵
-
\??\c:\7rrlxxr.exec:\7rrlxxr.exe84⤵
-
\??\c:\1nhbtn.exec:\1nhbtn.exe85⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe86⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe87⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe88⤵
-
\??\c:\1xflrrx.exec:\1xflrrx.exe89⤵
-
\??\c:\btbhhh.exec:\btbhhh.exe90⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe91⤵
-
\??\c:\ffrrrrr.exec:\ffrrrrr.exe92⤵
-
\??\c:\xxxrrrl.exec:\xxxrrrl.exe93⤵
-
\??\c:\bhbhhn.exec:\bhbhhn.exe94⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe95⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe96⤵
-
\??\c:\vddvj.exec:\vddvj.exe97⤵
-
\??\c:\flrllrl.exec:\flrllrl.exe98⤵
-
\??\c:\tbbtnn.exec:\tbbtnn.exe99⤵
-
\??\c:\1btbnb.exec:\1btbnb.exe100⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe101⤵
-
\??\c:\xxlffff.exec:\xxlffff.exe102⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe103⤵
-
\??\c:\djddp.exec:\djddp.exe104⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe105⤵
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe106⤵
-
\??\c:\frrllfx.exec:\frrllfx.exe107⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe108⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe109⤵
-
\??\c:\9vpjv.exec:\9vpjv.exe110⤵
-
\??\c:\rlffxxx.exec:\rlffxxx.exe111⤵
-
\??\c:\fxffxrr.exec:\fxffxrr.exe112⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe113⤵
-
\??\c:\xrrrfrx.exec:\xrrrfrx.exe114⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe115⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe116⤵
-
\??\c:\lffxrlf.exec:\lffxrlf.exe117⤵
-
\??\c:\5lxxrrx.exec:\5lxxrrx.exe118⤵
-
\??\c:\tnnnhn.exec:\tnnnhn.exe119⤵
-
\??\c:\ddvdp.exec:\ddvdp.exe120⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-