Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21/05/2024, 10:02
General
-
Target
321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc_NeikiAnalytics.exe
-
Size
68KB
-
MD5
0d9ca127eb6fe79f5223884a92fc9590
-
SHA1
49d96a768fea752f3bfa0368ea7e464b05875aa0
-
SHA256
321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc
-
SHA512
c142970881f38b646c5d8161d2658d0e1a1342432b5aea4d26dbb4373f42ccb45592d0fe168625a8996402bcc35606138ba91ee9a0efab91e81547d9e61e329e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/O:ymb3NkkiQ3mdBjF0yjcsMW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\321172a1fddcffaf2c8d4c2783567333ace6af0fbae84bb53a6e64eec033d3cc_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvvj.exec:\5dvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxllx.exec:\5ffxllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfxxr.exec:\lflfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntn.exec:\tntntn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtn.exec:\btthtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrlff.exec:\1fxrlff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxllf.exec:\frlxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhtn.exec:\nnhhtn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdv.exec:\vppdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlllf.exec:\rlxlllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbn.exec:\tnhnbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjv.exec:\5jpjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrrlff.exec:\llrrlff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxlffr.exec:\9rxlffr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hthbb.exec:\5hthbb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppj.exec:\pdppj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllfrl.exec:\flllfrl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrfrrf.exec:\1xrfrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\btbtbt.exec:\btbtbt.exe24⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe25⤵
- Executes dropped EXE
-
\??\c:\dvdpj.exec:\dvdpj.exe26⤵
- Executes dropped EXE
-
\??\c:\1fflfxx.exec:\1fflfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\ffffxxr.exec:\ffffxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\hhbnhb.exec:\hhbnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlxxrl.exec:\rxlxxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhbtt.exec:\nbhbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\3lrlfxr.exec:\3lrlfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\llfffll.exec:\llfffll.exe35⤵
- Executes dropped EXE
-
\??\c:\thhhhn.exec:\thhhhn.exe36⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe37⤵
- Executes dropped EXE
-
\??\c:\3pjpp.exec:\3pjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\xrxfrrx.exec:\xrxfrrx.exe39⤵
- Executes dropped EXE
-
\??\c:\rxlfrlf.exec:\rxlfrlf.exe40⤵
- Executes dropped EXE
-
\??\c:\1ttbtt.exec:\1ttbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\btbthh.exec:\btbthh.exe42⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxxrll.exec:\xrxxrll.exe44⤵
- Executes dropped EXE
-
\??\c:\9xlffll.exec:\9xlffll.exe45⤵
- Executes dropped EXE
-
\??\c:\nbnnht.exec:\nbnnht.exe46⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe47⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rlffrrl.exec:\rlffrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\lfllrrx.exec:\lfllrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\3ttbbb.exec:\3ttbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe52⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe53⤵
- Executes dropped EXE
-
\??\c:\fflrxxf.exec:\fflrxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\1ttttt.exec:\1ttttt.exe56⤵
- Executes dropped EXE
-
\??\c:\9jvpj.exec:\9jvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe58⤵
- Executes dropped EXE
-
\??\c:\flxrffx.exec:\flxrffx.exe59⤵
- Executes dropped EXE
-
\??\c:\xxffffx.exec:\xxffffx.exe60⤵
- Executes dropped EXE
-
\??\c:\9bhnnn.exec:\9bhnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxxrlf.exec:\rfxxrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\nntnnt.exec:\nntnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\hnbttt.exec:\hnbttt.exe66⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe67⤵
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe68⤵
-
\??\c:\1bhnnt.exec:\1bhnnt.exe69⤵
-
\??\c:\htbthh.exec:\htbthh.exe70⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe71⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe72⤵
-
\??\c:\tnbnht.exec:\tnbnht.exe73⤵
-
\??\c:\jdddd.exec:\jdddd.exe74⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe75⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe76⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe77⤵
-
\??\c:\btttnt.exec:\btttnt.exe78⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe79⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe80⤵
-
\??\c:\rffxlll.exec:\rffxlll.exe81⤵
-
\??\c:\bbnhhh.exec:\bbnhhh.exe82⤵
-
\??\c:\9ntnhh.exec:\9ntnhh.exe83⤵
-
\??\c:\7dvpj.exec:\7dvpj.exe84⤵
-
\??\c:\vppjv.exec:\vppjv.exe85⤵
-
\??\c:\rxrfrlx.exec:\rxrfrlx.exe86⤵
-
\??\c:\9xrrffr.exec:\9xrrffr.exe87⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe88⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe89⤵
-
\??\c:\djppp.exec:\djppp.exe90⤵
-
\??\c:\djppp.exec:\djppp.exe91⤵
-
\??\c:\fffrlfx.exec:\fffrlfx.exe92⤵
-
\??\c:\bnnbtb.exec:\bnnbtb.exe93⤵
-
\??\c:\1ddvj.exec:\1ddvj.exe94⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe95⤵
-
\??\c:\fxfxlll.exec:\fxfxlll.exe96⤵
-
\??\c:\rlffrrr.exec:\rlffrrr.exe97⤵
-
\??\c:\bhbbtb.exec:\bhbbtb.exe98⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe99⤵
-
\??\c:\bnhhtb.exec:\bnhhtb.exe100⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe101⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe102⤵
-
\??\c:\frxxxfx.exec:\frxxxfx.exe103⤵
-
\??\c:\llffxff.exec:\llffxff.exe104⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe105⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe106⤵
-
\??\c:\xlffxxr.exec:\xlffxxr.exe107⤵
-
\??\c:\fffxrrr.exec:\fffxrrr.exe108⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe109⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe110⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe111⤵
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe112⤵
-
\??\c:\5xrrllf.exec:\5xrrllf.exe113⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe114⤵
-
\??\c:\jddvp.exec:\jddvp.exe115⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe116⤵
-
\??\c:\7flflrr.exec:\7flflrr.exe117⤵
-
\??\c:\rrrxxxx.exec:\rrrxxxx.exe118⤵
-
\??\c:\tnnttt.exec:\tnnttt.exe119⤵
-
\??\c:\7djpj.exec:\7djpj.exe120⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-