Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
21/05/2024, 20:41
General
-
Target
0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
0a81d6de9a73518776e3c141cd3f17e0
-
SHA1
00583453fc75b583c5dca7a87887fa6f4e1bb345
-
SHA256
f67e3022b39d951607d0f7ad6047d931091f9e1dfb8851ac98bc7142d0e51fcd
-
SHA512
ca528e304bf1e7cb4608ef52064b464acae017baf5fae7d1c2fd8966eba5cd5baadedf355f67bb02a80c7c4bf303b8fad8885d610fc8644c42bc37dfd5aae42f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wk:ymb3NkkiQ3mdBjFILmT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbhnn.exec:\1hbhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppvv.exec:\jppvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpdj.exec:\9jpdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntnnn.exec:\9ntnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrxxx.exec:\lflrxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhb.exec:\hhhbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxrxx.exec:\lfxxrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthtb.exec:\5tthtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdd.exec:\vpjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrlffl.exec:\3rrlffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbth.exec:\7htbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntnbt.exec:\5ntnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flfxxl.exec:\3flfxxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttn.exec:\bttttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbtn.exec:\tbbbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\5rxxrll.exec:\5rxxrll.exe24⤵
- Executes dropped EXE
-
\??\c:\fxxllrr.exec:\fxxllrr.exe25⤵
- Executes dropped EXE
-
\??\c:\bnnnbh.exec:\bnnnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\9dpvp.exec:\9dpvp.exe27⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfffrrr.exec:\lfffrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\7ttthn.exec:\7ttthn.exe31⤵
- Executes dropped EXE
-
\??\c:\jvdpv.exec:\jvdpv.exe32⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe33⤵
- Executes dropped EXE
-
\??\c:\5ntbnn.exec:\5ntbnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\jjpjj.exec:\jjpjj.exe36⤵
- Executes dropped EXE
-
\??\c:\xfrfffx.exec:\xfrfffx.exe37⤵
- Executes dropped EXE
-
\??\c:\rffxfff.exec:\rffxfff.exe38⤵
- Executes dropped EXE
-
\??\c:\bntbhn.exec:\bntbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\nnhttt.exec:\nnhttt.exe40⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe41⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe42⤵
- Executes dropped EXE
-
\??\c:\rxfrfxl.exec:\rxfrfxl.exe43⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe44⤵
- Executes dropped EXE
-
\??\c:\hnhttb.exec:\hnhttb.exe45⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xxffrxx.exec:\xxffrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\lfflfrl.exec:\lfflfrl.exe48⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\7vdvv.exec:\7vdvv.exe50⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe51⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe52⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe53⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe55⤵
- Executes dropped EXE
-
\??\c:\3dvpj.exec:\3dvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rrflllx.exec:\rrflllx.exe57⤵
- Executes dropped EXE
-
\??\c:\hnhtnn.exec:\hnhtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\5vppj.exec:\5vppj.exe60⤵
- Executes dropped EXE
-
\??\c:\1fflfff.exec:\1fflfff.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhhbh.exec:\hbhhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\tbnnhn.exec:\tbnnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\1vjvv.exec:\1vjvv.exe64⤵
- Executes dropped EXE
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe66⤵
-
\??\c:\htbbtb.exec:\htbbtb.exe67⤵
-
\??\c:\ttbnhb.exec:\ttbnhb.exe68⤵
-
\??\c:\djjjd.exec:\djjjd.exe69⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe70⤵
-
\??\c:\3lrfxff.exec:\3lrfxff.exe71⤵
-
\??\c:\frxfxfl.exec:\frxfxfl.exe72⤵
-
\??\c:\5bhhnh.exec:\5bhhnh.exe73⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe74⤵
-
\??\c:\dppvd.exec:\dppvd.exe75⤵
-
\??\c:\lxfflrl.exec:\lxfflrl.exe76⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe77⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe78⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe79⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe80⤵
-
\??\c:\5rrxrfx.exec:\5rrxrfx.exe81⤵
-
\??\c:\ffxfrxx.exec:\ffxfrxx.exe82⤵
-
\??\c:\bbhbtn.exec:\bbhbtn.exe83⤵
-
\??\c:\bbthht.exec:\bbthht.exe84⤵
-
\??\c:\1djjd.exec:\1djjd.exe85⤵
-
\??\c:\jdppj.exec:\jdppj.exe86⤵
-
\??\c:\5frxrrr.exec:\5frxrrr.exe87⤵
-
\??\c:\rrxxrfx.exec:\rrxxrfx.exe88⤵
-
\??\c:\nbnnbh.exec:\nbnnbh.exe89⤵
-
\??\c:\7nnbtn.exec:\7nnbtn.exe90⤵
-
\??\c:\dvddp.exec:\dvddp.exe91⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe92⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe93⤵
-
\??\c:\fflllrr.exec:\fflllrr.exe94⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe95⤵
-
\??\c:\hbhbhb.exec:\hbhbhb.exe96⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe97⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe98⤵
-
\??\c:\xfxrlff.exec:\xfxrlff.exe99⤵
-
\??\c:\tbhbbh.exec:\tbhbbh.exe100⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe101⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe102⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe103⤵
-
\??\c:\7lrxrxx.exec:\7lrxrxx.exe104⤵
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe105⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe106⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe107⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe108⤵
-
\??\c:\dvppp.exec:\dvppp.exe109⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe110⤵
-
\??\c:\llxxxxx.exec:\llxxxxx.exe111⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe112⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe113⤵
-
\??\c:\flxxrrl.exec:\flxxrrl.exe114⤵
-
\??\c:\fxrrlrx.exec:\fxrrlrx.exe115⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe116⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe117⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe118⤵
-
\??\c:\9pppj.exec:\9pppj.exe119⤵
-
\??\c:\1lfrrxx.exec:\1lfrrxx.exe120⤵
-
\??\c:\lrrrrfr.exec:\lrrrrfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-