Analysis
-
max time kernel
150s -
max time network
109s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 12:34
General
-
Target
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe
-
Size
56KB
-
MD5
b0a9a55fbebae79c87ac820fc23cc970
-
SHA1
0034c370f57336bd29b0afbdc9cd4d328e198a55
-
SHA256
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff
-
SHA512
ab834ec8c469838fbe15955b4d807d2ef9fa6330e6db7eeddd4e7879630f51cbcbbba7aab43acb552c1a1fc9461f7b2dfac69f4427c25f3faa93af344cf103ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFeD:ymb3NkkiQ3mdBjFIFeD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxxfx.exec:\xfrxxfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ttbth.exec:\3ttbth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htthh.exec:\5htthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpd.exec:\vpvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfrrl.exec:\llxfrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhnhn.exec:\hhhnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnnb.exec:\nhhnnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrrrl.exec:\rllrrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnhbb.exec:\7hnhbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlfrr.exec:\frxlfrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thhbh.exec:\1thhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jjdd.exec:\3jjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxfx.exec:\fxflxfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnnn.exec:\tnnnnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjjj.exec:\1jjjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrrfx.exec:\fxrrrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe28⤵
- Executes dropped EXE
-
\??\c:\5llrlxl.exec:\5llrlxl.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe30⤵
- Executes dropped EXE
-
\??\c:\dvvpd.exec:\dvvpd.exe31⤵
- Executes dropped EXE
-
\??\c:\frlxfxl.exec:\frlxfxl.exe32⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe34⤵
- Executes dropped EXE
-
\??\c:\jdjdv.exec:\jdjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe36⤵
- Executes dropped EXE
-
\??\c:\rxxrfxr.exec:\rxxrfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbthb.exec:\bnbthb.exe38⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe39⤵
- Executes dropped EXE
-
\??\c:\1jppd.exec:\1jppd.exe40⤵
- Executes dropped EXE
-
\??\c:\lllxxxl.exec:\lllxxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\9frrlrl.exec:\9frrlrl.exe42⤵
- Executes dropped EXE
-
\??\c:\hnnhnh.exec:\hnnhnh.exe43⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe44⤵
- Executes dropped EXE
-
\??\c:\5vddd.exec:\5vddd.exe45⤵
- Executes dropped EXE
-
\??\c:\3vjjj.exec:\3vjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\3rxrlll.exec:\3rxrlll.exe47⤵
- Executes dropped EXE
-
\??\c:\hhntnb.exec:\hhntnb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\rrrrllr.exec:\rrrrllr.exe51⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhbb.exec:\bhnhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe54⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe55⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe56⤵
- Executes dropped EXE
-
\??\c:\9ffffff.exec:\9ffffff.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnhbn.exec:\nhnhbn.exe58⤵
- Executes dropped EXE
-
\??\c:\hbhbnt.exec:\hbhbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe60⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe61⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe62⤵
- Executes dropped EXE
-
\??\c:\rrxxxxx.exec:\rrxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xxlllrx.exec:\xxlllrx.exe64⤵
- Executes dropped EXE
-
\??\c:\3bhhht.exec:\3bhhht.exe65⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe66⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe67⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe68⤵
-
\??\c:\jdppp.exec:\jdppp.exe69⤵
-
\??\c:\3fllfff.exec:\3fllfff.exe70⤵
-
\??\c:\xrfxffx.exec:\xrfxffx.exe71⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe72⤵
-
\??\c:\nnttnb.exec:\nnttnb.exe73⤵
-
\??\c:\5dvvd.exec:\5dvvd.exe74⤵
-
\??\c:\djpjd.exec:\djpjd.exe75⤵
-
\??\c:\fxllrrr.exec:\fxllrrr.exe76⤵
-
\??\c:\1fllrrx.exec:\1fllrrx.exe77⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe78⤵
-
\??\c:\9hhhth.exec:\9hhhth.exe79⤵
-
\??\c:\ppppj.exec:\ppppj.exe80⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe81⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe82⤵
-
\??\c:\lrxxrrl.exec:\lrxxrrl.exe83⤵
-
\??\c:\htnntb.exec:\htnntb.exe84⤵
-
\??\c:\1ntnbb.exec:\1ntnbb.exe85⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe86⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe87⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe88⤵
-
\??\c:\fxrxrll.exec:\fxrxrll.exe89⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe90⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe91⤵
-
\??\c:\ttttbb.exec:\ttttbb.exe92⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe93⤵
-
\??\c:\vpddv.exec:\vpddv.exe94⤵
-
\??\c:\fllfxlf.exec:\fllfxlf.exe95⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe96⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe97⤵
-
\??\c:\xfxxrxx.exec:\xfxxrxx.exe98⤵
-
\??\c:\3tbbtb.exec:\3tbbtb.exe99⤵
-
\??\c:\dddvp.exec:\dddvp.exe100⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe101⤵
-
\??\c:\llrflff.exec:\llrflff.exe102⤵
-
\??\c:\3bhbhn.exec:\3bhbhn.exe103⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe104⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe105⤵
-
\??\c:\9xlllrx.exec:\9xlllrx.exe106⤵
-
\??\c:\rlrfffx.exec:\rlrfffx.exe107⤵
-
\??\c:\7lfflrf.exec:\7lfflrf.exe108⤵
-
\??\c:\httbtt.exec:\httbtt.exe109⤵
-
\??\c:\tnhnnb.exec:\tnhnnb.exe110⤵
-
\??\c:\jppjd.exec:\jppjd.exe111⤵
-
\??\c:\9xfxlll.exec:\9xfxlll.exe112⤵
-
\??\c:\7rrlllr.exec:\7rrlllr.exe113⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe114⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe115⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe116⤵
-
\??\c:\llfrlfl.exec:\llfrlfl.exe117⤵
-
\??\c:\xfffffx.exec:\xfffffx.exe118⤵
-
\??\c:\xxlfllr.exec:\xxlfllr.exe119⤵
-
\??\c:\9bhbhn.exec:\9bhbhn.exe120⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-