Analysis
-
max time kernel
149s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21/05/2024, 09:23
General
-
Target
2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe
-
Size
134KB
-
MD5
662b3a7ef89fe4673b736e2f459e68b0
-
SHA1
0ee957c9ee4ba64d80a86eba91639876f1d867a0
-
SHA256
2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211
-
SHA512
93dfabd58466b96148b11ce000068f34f74330998499d067d1d5843b1673acb19712685ba2aad87163aeb69722c16b5ba6a14b49cae3d66c983dfe03c6e0f789
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorn:n3C9BRW0j/1px+dGC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdj.exec:\5djdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjj.exec:\1jjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlff.exec:\lxxrlff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlfxl.exec:\rxxlfxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtn.exec:\hbbbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vdvd.exec:\5vdvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxrl.exec:\llrlxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbh.exec:\nnbnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvj.exec:\jpvvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfrlx.exec:\llrfrlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntth.exec:\bnntth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dppv.exec:\3dppv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxlxr.exec:\frfxlxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtnt.exec:\nhbtnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpv.exec:\pdvpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjp.exec:\jjjjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxrrl.exec:\7llxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbb.exec:\nbhbbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvp.exec:\jpdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\hnnnhh.exec:\hnnnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe26⤵
- Executes dropped EXE
-
\??\c:\rxflfxr.exec:\rxflfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnbnhh.exec:\hnbnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe30⤵
- Executes dropped EXE
-
\??\c:\5llfxxr.exec:\5llfxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\rfllfff.exec:\rfllfff.exe32⤵
- Executes dropped EXE
-
\??\c:\btnhbn.exec:\btnhbn.exe33⤵
- Executes dropped EXE
-
\??\c:\3pjjd.exec:\3pjjd.exe34⤵
- Executes dropped EXE
-
\??\c:\rrfxrlf.exec:\rrfxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\thbtnn.exec:\thbtnn.exe37⤵
- Executes dropped EXE
-
\??\c:\bhbbtt.exec:\bhbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe39⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlfflf.exec:\xxlfflf.exe41⤵
- Executes dropped EXE
-
\??\c:\7btnbb.exec:\7btnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe44⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe45⤵
- Executes dropped EXE
-
\??\c:\7fffxxx.exec:\7fffxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrllf.exec:\xrrrllf.exe47⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe48⤵
- Executes dropped EXE
-
\??\c:\5vvpd.exec:\5vvpd.exe49⤵
- Executes dropped EXE
-
\??\c:\llfxxrr.exec:\llfxxrr.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrlrrl.exec:\fxrlrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe53⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe54⤵
- Executes dropped EXE
-
\??\c:\xxlfrlf.exec:\xxlfrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\fxllrlr.exec:\fxllrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe58⤵
- Executes dropped EXE
-
\??\c:\5pjdp.exec:\5pjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\xxfxlfx.exec:\xxfxlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrrllx.exec:\xrrrllx.exe61⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\5xlxllf.exec:\5xlxllf.exe64⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbhtn.exec:\bnbhtn.exe66⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe67⤵
-
\??\c:\dppjv.exec:\dppjv.exe68⤵
-
\??\c:\rlxrffx.exec:\rlxrffx.exe69⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe70⤵
-
\??\c:\htthhb.exec:\htthhb.exe71⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe72⤵
-
\??\c:\xfxrrxr.exec:\xfxrrxr.exe73⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe74⤵
-
\??\c:\tnnthb.exec:\tnnthb.exe75⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe76⤵
-
\??\c:\7vpvp.exec:\7vpvp.exe77⤵
-
\??\c:\5rrfrlf.exec:\5rrfrlf.exe78⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe79⤵
-
\??\c:\tnhbtn.exec:\tnhbtn.exe80⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe81⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe82⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe83⤵
-
\??\c:\xlxllrf.exec:\xlxllrf.exe84⤵
-
\??\c:\xxxrllf.exec:\xxxrllf.exe85⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe86⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe87⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe88⤵
-
\??\c:\rlfrffx.exec:\rlfrffx.exe89⤵
-
\??\c:\rxlffxr.exec:\rxlffxr.exe90⤵
-
\??\c:\rxxrfxf.exec:\rxxrfxf.exe91⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe92⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe93⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe94⤵
-
\??\c:\lxrlfxr.exec:\lxrlfxr.exe95⤵
-
\??\c:\xfllffx.exec:\xfllffx.exe96⤵
-
\??\c:\3tnbtt.exec:\3tnbtt.exe97⤵
-
\??\c:\hnhtth.exec:\hnhtth.exe98⤵
-
\??\c:\jvddv.exec:\jvddv.exe99⤵
-
\??\c:\ddddp.exec:\ddddp.exe100⤵
-
\??\c:\5xxxrxx.exec:\5xxxrxx.exe101⤵
-
\??\c:\3xxxrll.exec:\3xxxrll.exe102⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe103⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe104⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe105⤵
-
\??\c:\jppjd.exec:\jppjd.exe106⤵
-
\??\c:\fxfxlll.exec:\fxfxlll.exe107⤵
-
\??\c:\xrllfff.exec:\xrllfff.exe108⤵
-
\??\c:\hbthtn.exec:\hbthtn.exe109⤵
-
\??\c:\djjjv.exec:\djjjv.exe110⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe111⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe112⤵
-
\??\c:\lxlrrfr.exec:\lxlrrfr.exe113⤵
-
\??\c:\bttntn.exec:\bttntn.exe114⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe115⤵
-
\??\c:\pvvjd.exec:\pvvjd.exe116⤵
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe117⤵
-
\??\c:\thhtbt.exec:\thhtbt.exe118⤵
-
\??\c:\5tbbbh.exec:\5tbbbh.exe119⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe120⤵
-
\??\c:\pddpj.exec:\pddpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-