Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 23:59
General
-
Target
5d8bd9945c2e8afbb4e7750d915fe710_NeikiAnalytics.exe
-
Size
75KB
-
MD5
5d8bd9945c2e8afbb4e7750d915fe710
-
SHA1
4ef7c31a0c94cdc3a007ad8d129381cfa71e2140
-
SHA256
59c3a634218a1177ef47820c411e28acad2cb0fdb19c53339669d7703df4c830
-
SHA512
3a1f379a41f79d51c352d88d07f5a757eeebc1d011e44e70c0d6e812b2cbc95600eea7c0b1d49123ba8dbf93c5e41a38d92142cc96a1827e6ee515cd8ccfe05b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSZe6:ymb3NkkiQ3mdBjFIjek5V6
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d8bd9945c2e8afbb4e7750d915fe710_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5d8bd9945c2e8afbb4e7750d915fe710_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjj.exec:\jdvjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxflrr.exec:\xxxflrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhbb.exec:\tnnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htttn.exec:\7htttn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdd.exec:\vdvdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllflxf.exec:\xllflxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlrr.exec:\lxxrlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhh.exec:\btnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpdp.exec:\1vpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbtnn.exec:\5nbtnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tntnt.exec:\1tntnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxxxf.exec:\xxfxxxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfffr.exec:\xllfffr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnbh.exec:\hbhnbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttbb.exec:\bbttbb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjdv.exec:\9vjdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxlll.exec:\xrfxlll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrr.exec:\fxrlxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbn.exec:\tnbbbn.exe23⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe24⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\rllllxr.exec:\rllllxr.exe27⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\bbhnhh.exec:\bbhnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\rxffxff.exec:\rxffxff.exe32⤵
- Executes dropped EXE
-
\??\c:\lxxrffl.exec:\lxxrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\9hhbbb.exec:\9hhbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvvd.exec:\vvvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\rxffllr.exec:\rxffllr.exe38⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe39⤵
- Executes dropped EXE
-
\??\c:\btnhbb.exec:\btnhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\7pjjj.exec:\7pjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lflfxrl.exec:\lflfxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\fxffxxr.exec:\fxffxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\1vvjv.exec:\1vvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe47⤵
- Executes dropped EXE
-
\??\c:\xfxlfrf.exec:\xfxlfrf.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxrrlf.exec:\lfxrrlf.exe49⤵
- Executes dropped EXE
-
\??\c:\hbthtt.exec:\hbthtt.exe50⤵
- Executes dropped EXE
-
\??\c:\3dpjp.exec:\3dpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\1vdjv.exec:\1vdjv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxxrffx.exec:\lxxrffx.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\ntnbnn.exec:\ntnbnn.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxlxlfx.exec:\fxlxlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\thbnnh.exec:\thbnnh.exe59⤵
- Executes dropped EXE
-
\??\c:\thnthh.exec:\thnthh.exe60⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\xxflrrx.exec:\xxflrrx.exe62⤵
- Executes dropped EXE
-
\??\c:\rxrfrxx.exec:\rxrfrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\1tnhnh.exec:\1tnhnh.exe64⤵
- Executes dropped EXE
-
\??\c:\3hnbnh.exec:\3hnbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\5pjjv.exec:\5pjjv.exe66⤵
-
\??\c:\rfxlxxx.exec:\rfxlxxx.exe67⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe68⤵
-
\??\c:\bnbnbb.exec:\bnbnbb.exe69⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe70⤵
-
\??\c:\pdddd.exec:\pdddd.exe71⤵
-
\??\c:\frxxfxr.exec:\frxxfxr.exe72⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe73⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe74⤵
-
\??\c:\7jjvp.exec:\7jjvp.exe75⤵
-
\??\c:\lxrlxrf.exec:\lxrlxrf.exe76⤵
-
\??\c:\fxffxll.exec:\fxffxll.exe77⤵
-
\??\c:\thtbnh.exec:\thtbnh.exe78⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe79⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe80⤵
-
\??\c:\9lxlffx.exec:\9lxlffx.exe81⤵
-
\??\c:\hnhhbb.exec:\hnhhbb.exe82⤵
-
\??\c:\7lfxlfr.exec:\7lfxlfr.exe83⤵
-
\??\c:\9xrlxrf.exec:\9xrlxrf.exe84⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe85⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe86⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe87⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe88⤵
-
\??\c:\xrlrfxr.exec:\xrlrfxr.exe89⤵
-
\??\c:\xrfrfxl.exec:\xrfrfxl.exe90⤵
-
\??\c:\3tnhth.exec:\3tnhth.exe91⤵
-
\??\c:\7vvjj.exec:\7vvjj.exe92⤵
-
\??\c:\9vjpj.exec:\9vjpj.exe93⤵
-
\??\c:\rxrfxrl.exec:\rxrfxrl.exe94⤵
-
\??\c:\xlfrlxr.exec:\xlfrlxr.exe95⤵
-
\??\c:\htthbn.exec:\htthbn.exe96⤵
-
\??\c:\1ththb.exec:\1ththb.exe97⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe98⤵
-
\??\c:\1ppdp.exec:\1ppdp.exe99⤵
-
\??\c:\fxxrrlx.exec:\fxxrrlx.exe100⤵
-
\??\c:\fxxlfxr.exec:\fxxlfxr.exe101⤵
-
\??\c:\bnbnbn.exec:\bnbnbn.exe102⤵
-
\??\c:\ttbnbn.exec:\ttbnbn.exe103⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe104⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe105⤵
-
\??\c:\9lrrrrr.exec:\9lrrrrr.exe106⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe107⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe108⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe109⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe110⤵
-
\??\c:\7fffrfl.exec:\7fffrfl.exe111⤵
-
\??\c:\rlllfff.exec:\rlllfff.exe112⤵
-
\??\c:\htbbbh.exec:\htbbbh.exe113⤵
-
\??\c:\3nnbtt.exec:\3nnbtt.exe114⤵
-
\??\c:\1pdjd.exec:\1pdjd.exe115⤵
-
\??\c:\flfxrrl.exec:\flfxrrl.exe116⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe117⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe118⤵
-
\??\c:\rffxrlf.exec:\rffxrlf.exe119⤵
-
\??\c:\rxrrrrr.exec:\rxrrrrr.exe120⤵
-
\??\c:\nhnhbt.exec:\nhnhbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-