Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
21-05-2024 19:23
General
-
Target
062fbc89edfabbe4d40646eaaa1df6f0_NeikiAnalytics.exe
-
Size
74KB
-
MD5
062fbc89edfabbe4d40646eaaa1df6f0
-
SHA1
deb31373d58cbe019bc3df1758aee381151444e3
-
SHA256
006eca97dc6bb8d62ffd77d69cd7a8977a8b8ba321f21a9825c673a08764a80a
-
SHA512
ef116305234975e178c54d8f8d412f2c3e908e3904ebfdc4127c1f71729c6d95c71c85ad7ddb42bc01f4763eba13413ef4588deb165cb069787c63c6e4e9893f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJI:ymb3NkkiQ3mdBjFIwsDhbN6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\062fbc89edfabbe4d40646eaaa1df6f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\062fbc89edfabbe4d40646eaaa1df6f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnbbb.exec:\bhnbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhthb.exec:\hnhthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddv.exec:\jjddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxlrx.exec:\lxlxlrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbnh.exec:\nhnbnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhtt.exec:\bnnhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrfxr.exec:\lxlrfxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntt.exec:\nhtntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdd.exec:\vvjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrllll.exec:\9xrllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnhhh.exec:\hbnhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddv.exec:\ddddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbbtb.exec:\7hbbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbtt.exec:\ttnbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppvd.exec:\dppvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlrrfl.exec:\rxlrrfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhbh.exec:\9bhhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\hhbbnt.exec:\hhbbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\5ddvj.exec:\5ddvj.exe25⤵
- Executes dropped EXE
-
\??\c:\xffrllf.exec:\xffrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\fxfxffr.exec:\fxfxffr.exe27⤵
- Executes dropped EXE
-
\??\c:\hnnnnn.exec:\hnnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\xflxfrl.exec:\xflxfrl.exe30⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe31⤵
- Executes dropped EXE
-
\??\c:\7djjd.exec:\7djjd.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe33⤵
- Executes dropped EXE
-
\??\c:\llrllff.exec:\llrllff.exe34⤵
- Executes dropped EXE
-
\??\c:\3xxrllf.exec:\3xxrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe36⤵
- Executes dropped EXE
-
\??\c:\3bthhh.exec:\3bthhh.exe37⤵
- Executes dropped EXE
-
\??\c:\7jdvp.exec:\7jdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\3ffxffx.exec:\3ffxffx.exe39⤵
- Executes dropped EXE
-
\??\c:\xlrxxfx.exec:\xlrxxfx.exe40⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe41⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe42⤵
- Executes dropped EXE
-
\??\c:\1xfxrrr.exec:\1xfxrrr.exe43⤵
- Executes dropped EXE
-
\??\c:\fllfxrr.exec:\fllfxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\3nnhbh.exec:\3nnhbh.exe45⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe46⤵
- Executes dropped EXE
-
\??\c:\vdvvd.exec:\vdvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\9pjvp.exec:\9pjvp.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe49⤵
- Executes dropped EXE
-
\??\c:\3rxfrrr.exec:\3rxfrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\tbbtbb.exec:\tbbtbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe53⤵
- Executes dropped EXE
-
\??\c:\rffxxrr.exec:\rffxxrr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\ffrlfff.exec:\ffrlfff.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\9bhhhh.exec:\9bhhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\rrlflfx.exec:\rrlflfx.exe63⤵
- Executes dropped EXE
-
\??\c:\btbbbt.exec:\btbbbt.exe64⤵
- Executes dropped EXE
-
\??\c:\ththnh.exec:\ththnh.exe65⤵
- Executes dropped EXE
-
\??\c:\3jdvd.exec:\3jdvd.exe66⤵
-
\??\c:\ppdpd.exec:\ppdpd.exe67⤵
-
\??\c:\rfxrlfr.exec:\rfxrlfr.exe68⤵
-
\??\c:\5nthbt.exec:\5nthbt.exe69⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe70⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe71⤵
-
\??\c:\llxrllf.exec:\llxrllf.exe72⤵
-
\??\c:\bhtbht.exec:\bhtbht.exe73⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe74⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe75⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe76⤵
-
\??\c:\9rlfrlx.exec:\9rlfrlx.exe77⤵
-
\??\c:\7nthtn.exec:\7nthtn.exe78⤵
-
\??\c:\pvjvd.exec:\pvjvd.exe79⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe80⤵
-
\??\c:\7llfxxr.exec:\7llfxxr.exe81⤵
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe82⤵
-
\??\c:\bnhbtn.exec:\bnhbtn.exe83⤵
-
\??\c:\dpppv.exec:\dpppv.exe84⤵
-
\??\c:\flrxxxl.exec:\flrxxxl.exe85⤵
-
\??\c:\rlllxll.exec:\rlllxll.exe86⤵
-
\??\c:\hnnhbt.exec:\hnnhbt.exe87⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe88⤵
-
\??\c:\7pppv.exec:\7pppv.exe89⤵
-
\??\c:\xrlxlxr.exec:\xrlxlxr.exe90⤵
-
\??\c:\llffflr.exec:\llffflr.exe91⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe92⤵
-
\??\c:\1djvp.exec:\1djvp.exe93⤵
-
\??\c:\vjppd.exec:\vjppd.exe94⤵
-
\??\c:\1xlxlfx.exec:\1xlxlfx.exe95⤵
-
\??\c:\frfrrrr.exec:\frfrrrr.exe96⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe97⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe98⤵
-
\??\c:\vpppv.exec:\vpppv.exe99⤵
-
\??\c:\llxrxlr.exec:\llxrxlr.exe100⤵
-
\??\c:\fxlfrlf.exec:\fxlfrlf.exe101⤵
-
\??\c:\bhbthh.exec:\bhbthh.exe102⤵
-
\??\c:\nbthnh.exec:\nbthnh.exe103⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe104⤵
-
\??\c:\jddvj.exec:\jddvj.exe105⤵
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe106⤵
-
\??\c:\hbbhhb.exec:\hbbhhb.exe107⤵
-
\??\c:\nnbthh.exec:\nnbthh.exe108⤵
-
\??\c:\pppdp.exec:\pppdp.exe109⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe110⤵
-
\??\c:\xrrllff.exec:\xrrllff.exe111⤵
-
\??\c:\xlfxxxr.exec:\xlfxxxr.exe112⤵
-
\??\c:\3tttnn.exec:\3tttnn.exe113⤵
-
\??\c:\5hbthn.exec:\5hbthn.exe114⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe115⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe116⤵
-
\??\c:\frxxrfx.exec:\frxxrfx.exe117⤵
-
\??\c:\bbbtbt.exec:\bbbtbt.exe118⤵
-
\??\c:\nthbnh.exec:\nthbnh.exe119⤵
-
\??\c:\3jpjj.exec:\3jpjj.exe120⤵
-
\??\c:\vpppj.exec:\vpppj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-