Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 21:56
General
-
Target
45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe
-
Size
233KB
-
MD5
45ad003da58b4f8ecd9d574443dce020
-
SHA1
79feaf9f95cd5f35bc5e6378445f9db73154edf5
-
SHA256
4e8bf1c7e1ec9cbf4ab3fc8ad5d508ead2bfd791a797e33ba9372dc34b5bc8c9
-
SHA512
0c325c4ea53f063ab08ae5d06a0475a95c4d44d896980ff197a75b9ae12bfc9d0f49045a750553c7f683c6be6ddf636bf7d9c831b6686251e0ccf2c8685db387
-
SSDEEP
6144:kcm4FmowdHoSSGpJw4PqhraHcpOmFTHDGYhEf5X2a9E:y4wFHoSSGpJwGeeFmFTNAp2AE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxllf.exec:\rrfxllf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlxlf.exec:\xfxlxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttht.exec:\bnttht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdjj.exec:\9pdjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrxf.exec:\rlffrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrxxr.exec:\xxfrxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnt.exec:\bthnnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrll.exec:\fxxlrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnth.exec:\nhnnth.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdj.exec:\vjjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhntbn.exec:\bhntbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvv.exec:\jpjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrxll.exec:\xrlrxll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttht.exec:\hbttht.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdd.exec:\pppdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbbh.exec:\tthbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxrxr.exec:\5rrxrxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnttn.exec:\ttnttn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpv.exec:\pvjpv.exe23⤵
- Executes dropped EXE
-
\??\c:\frxxxxx.exec:\frxxxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe26⤵
- Executes dropped EXE
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe27⤵
- Executes dropped EXE
-
\??\c:\1xffllf.exec:\1xffllf.exe28⤵
- Executes dropped EXE
-
\??\c:\bbttbb.exec:\bbttbb.exe29⤵
- Executes dropped EXE
-
\??\c:\3pjpj.exec:\3pjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\3rfrfrf.exec:\3rfrfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\bhnnhb.exec:\bhnnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe34⤵
- Executes dropped EXE
-
\??\c:\1xfxrrl.exec:\1xfxrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe36⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe38⤵
- Executes dropped EXE
-
\??\c:\bhbbnh.exec:\bhbbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe42⤵
- Executes dropped EXE
-
\??\c:\5rfxxxx.exec:\5rfxxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\bhhhht.exec:\bhhhht.exe44⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe46⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\lrlffll.exec:\lrlffll.exe49⤵
- Executes dropped EXE
-
\??\c:\ttnhbb.exec:\ttnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\hhnnbb.exec:\hhnnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrxflr.exec:\rfrxflr.exe53⤵
- Executes dropped EXE
-
\??\c:\thnhbb.exec:\thnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\7frxrrr.exec:\7frxrrr.exe57⤵
- Executes dropped EXE
-
\??\c:\htnhht.exec:\htnhht.exe58⤵
- Executes dropped EXE
-
\??\c:\3ntnbb.exec:\3ntnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\1ddvv.exec:\1ddvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lflxrrr.exec:\lflxrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\xlfxxrl.exec:\xlfxxrl.exe62⤵
- Executes dropped EXE
-
\??\c:\3thbtt.exec:\3thbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe64⤵
- Executes dropped EXE
-
\??\c:\djvpp.exec:\djvpp.exe65⤵
- Executes dropped EXE
-
\??\c:\rffxxll.exec:\rffxxll.exe66⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe67⤵
-
\??\c:\jdddd.exec:\jdddd.exe68⤵
-
\??\c:\7xrlrxf.exec:\7xrlrxf.exe69⤵
-
\??\c:\9ffffff.exec:\9ffffff.exe70⤵
-
\??\c:\nntttn.exec:\nntttn.exe71⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe72⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe73⤵
-
\??\c:\flrlxxf.exec:\flrlxxf.exe74⤵
-
\??\c:\1rxffxr.exec:\1rxffxr.exe75⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe76⤵
-
\??\c:\djvpp.exec:\djvpp.exe77⤵
-
\??\c:\flfrlxx.exec:\flfrlxx.exe78⤵
-
\??\c:\7bbbhh.exec:\7bbbhh.exe79⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe80⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe81⤵
-
\??\c:\rrrlfll.exec:\rrrlfll.exe82⤵
-
\??\c:\lrrffxx.exec:\lrrffxx.exe83⤵
-
\??\c:\tbbhhh.exec:\tbbhhh.exe84⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe85⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe86⤵
-
\??\c:\btbthh.exec:\btbthh.exe87⤵
-
\??\c:\jvpjd.exec:\jvpjd.exe88⤵
-
\??\c:\lfffllf.exec:\lfffllf.exe89⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe90⤵
-
\??\c:\1jpjd.exec:\1jpjd.exe91⤵
-
\??\c:\rxffxrr.exec:\rxffxrr.exe92⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe93⤵
-
\??\c:\pvdvv.exec:\pvdvv.exe94⤵
-
\??\c:\xrflfll.exec:\xrflfll.exe95⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe96⤵
-
\??\c:\ntnbbh.exec:\ntnbbh.exe97⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe98⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe99⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe100⤵
-
\??\c:\5xfffxl.exec:\5xfffxl.exe101⤵
-
\??\c:\fflxrrx.exec:\fflxrrx.exe102⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe103⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe104⤵
-
\??\c:\rrrfxll.exec:\rrrfxll.exe105⤵
-
\??\c:\bbbhhh.exec:\bbbhhh.exe106⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe107⤵
-
\??\c:\lrrlffx.exec:\lrrlffx.exe108⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe109⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe110⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe111⤵
-
\??\c:\1flllrr.exec:\1flllrr.exe112⤵
-
\??\c:\bttttt.exec:\bttttt.exe113⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe114⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe115⤵
-
\??\c:\llrfllr.exec:\llrfllr.exe116⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe117⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe118⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe119⤵
-
\??\c:\frfxrlx.exec:\frfxrlx.exe120⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-