Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21/05/2024, 13:22
General
-
Target
5482fb1cb32b170d5d992f4291d60b731f6a3b1dcf83ad32c810ff7de95b1f20_NeikiAnalytics.exe
-
Size
114KB
-
MD5
f50f633566efa86b028cf97908a33fc0
-
SHA1
be20df94fe090b45d0b809973173dd1b581e0b36
-
SHA256
5482fb1cb32b170d5d992f4291d60b731f6a3b1dcf83ad32c810ff7de95b1f20
-
SHA512
76dd8141291f28e3d1c1c0d8ed8d0c508a0cfb135a93ad50a76ed0ef2cfcd4d30dd2eb9e0eac9b56d0e54e68c747752087d0946eb764fd460f2b3916f9a8dec9
-
SSDEEP
3072:chOmTsF93UYfwC6GIout5pi8rY9AABa1U+a88r:ccm4FmowdHoS5ddWX+a1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5482fb1cb32b170d5d992f4291d60b731f6a3b1dcf83ad32c810ff7de95b1f20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5482fb1cb32b170d5d992f4291d60b731f6a3b1dcf83ad32c810ff7de95b1f20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllffx.exec:\xrllffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfffl.exec:\lllfffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdj.exec:\vvjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxlll.exec:\fflxlll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxxrl.exec:\xffxxrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhh.exec:\hhhbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrrll.exec:\ffxrrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrrrr.exec:\rxxrrrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhnn.exec:\nhnhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttn.exec:\nttttn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdjv.exec:\pjdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrllx.exec:\ffxrllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlll.exec:\xrrrlll.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbh.exec:\nbhhbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbthh.exec:\5bbthh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdv.exec:\ddjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvp.exec:\dpdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxffl.exec:\lfxxffl.exe23⤵
- Executes dropped EXE
-
\??\c:\7lrxrxx.exec:\7lrxrxx.exe24⤵
- Executes dropped EXE
-
\??\c:\tbnnhb.exec:\tbnnhb.exe25⤵
- Executes dropped EXE
-
\??\c:\djjdv.exec:\djjdv.exe26⤵
- Executes dropped EXE
-
\??\c:\rlffffl.exec:\rlffffl.exe27⤵
- Executes dropped EXE
-
\??\c:\xxxrlfr.exec:\xxxrlfr.exe28⤵
- Executes dropped EXE
-
\??\c:\5bbtnn.exec:\5bbtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe30⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe31⤵
- Executes dropped EXE
-
\??\c:\xffrfff.exec:\xffrfff.exe32⤵
- Executes dropped EXE
-
\??\c:\ffffxlf.exec:\ffffxlf.exe33⤵
- Executes dropped EXE
-
\??\c:\bhnhnn.exec:\bhnhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe35⤵
- Executes dropped EXE
-
\??\c:\9ddjd.exec:\9ddjd.exe36⤵
- Executes dropped EXE
-
\??\c:\fffxllf.exec:\fffxllf.exe37⤵
- Executes dropped EXE
-
\??\c:\1xxrlfx.exec:\1xxrlfx.exe38⤵
- Executes dropped EXE
-
\??\c:\bhtnhh.exec:\bhtnhh.exe39⤵
- Executes dropped EXE
-
\??\c:\5tnhtb.exec:\5tnhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe41⤵
- Executes dropped EXE
-
\??\c:\lxfxrrf.exec:\lxfxrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnhbb.exec:\nbnhbb.exe43⤵
- Executes dropped EXE
-
\??\c:\tnnbbt.exec:\tnnbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe45⤵
- Executes dropped EXE
-
\??\c:\3djdv.exec:\3djdv.exe46⤵
- Executes dropped EXE
-
\??\c:\lrlxrrf.exec:\lrlxrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\hhtntt.exec:\hhtntt.exe48⤵
- Executes dropped EXE
-
\??\c:\hhtnnh.exec:\hhtnnh.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\3pvjd.exec:\3pvjd.exe51⤵
- Executes dropped EXE
-
\??\c:\1lxlfxl.exec:\1lxlfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\5ffxxxr.exec:\5ffxxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\3hhhbb.exec:\3hhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\httnhb.exec:\httnhb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe56⤵
- Executes dropped EXE
-
\??\c:\3jdvj.exec:\3jdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\3vvpp.exec:\3vvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\5rxrlrl.exec:\5rxrlrl.exe59⤵
- Executes dropped EXE
-
\??\c:\9bhbbb.exec:\9bhbbb.exe60⤵
- Executes dropped EXE
-
\??\c:\htbtnt.exec:\htbtnt.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe62⤵
- Executes dropped EXE
-
\??\c:\jpjjv.exec:\jpjjv.exe63⤵
- Executes dropped EXE
-
\??\c:\llrffff.exec:\llrffff.exe64⤵
- Executes dropped EXE
-
\??\c:\7xrxlrl.exec:\7xrxlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\btbtnb.exec:\btbtnb.exe66⤵
-
\??\c:\hnhbbb.exec:\hnhbbb.exe67⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe68⤵
-
\??\c:\7jpdp.exec:\7jpdp.exe69⤵
-
\??\c:\frxrlrr.exec:\frxrlrr.exe70⤵
-
\??\c:\xfffxxr.exec:\xfffxxr.exe71⤵
-
\??\c:\rrlxrrr.exec:\rrlxrrr.exe72⤵
-
\??\c:\bttbtn.exec:\bttbtn.exe73⤵
-
\??\c:\1ddpv.exec:\1ddpv.exe74⤵
-
\??\c:\3jjdp.exec:\3jjdp.exe75⤵
-
\??\c:\llllfxr.exec:\llllfxr.exe76⤵
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe77⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe78⤵
-
\??\c:\hhtntt.exec:\hhtntt.exe79⤵
-
\??\c:\pddvv.exec:\pddvv.exe80⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe81⤵
-
\??\c:\9fxxrrr.exec:\9fxxrrr.exe82⤵
-
\??\c:\flrrrrr.exec:\flrrrrr.exe83⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe84⤵
-
\??\c:\9tnbtn.exec:\9tnbtn.exe85⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe86⤵
-
\??\c:\jpddv.exec:\jpddv.exe87⤵
-
\??\c:\rfxrrlf.exec:\rfxrrlf.exe88⤵
-
\??\c:\lffxxxx.exec:\lffxxxx.exe89⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe90⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe91⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe92⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe93⤵
-
\??\c:\xllfxrl.exec:\xllfxrl.exe94⤵
-
\??\c:\bhnbtt.exec:\bhnbtt.exe95⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe96⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe97⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe98⤵
-
\??\c:\fflrxrr.exec:\fflrxrr.exe99⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe100⤵
-
\??\c:\bhbtnn.exec:\bhbtnn.exe101⤵
-
\??\c:\xlrfrrl.exec:\xlrfrrl.exe102⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe103⤵
-
\??\c:\hnnhtb.exec:\hnnhtb.exe104⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe105⤵
-
\??\c:\1ppdv.exec:\1ppdv.exe106⤵
-
\??\c:\flllxrr.exec:\flllxrr.exe107⤵
-
\??\c:\ffflfll.exec:\ffflfll.exe108⤵
-
\??\c:\5bttnn.exec:\5bttnn.exe109⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe110⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe111⤵
-
\??\c:\vvpjj.exec:\vvpjj.exe112⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe113⤵
-
\??\c:\9fxfrlf.exec:\9fxfrlf.exe114⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe115⤵
-
\??\c:\nnnbtn.exec:\nnnbtn.exe116⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe117⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe118⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe119⤵
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe120⤵
-
\??\c:\3flxlxf.exec:\3flxlxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-