Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 23:26
General
-
Target
5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
5795e7d1e5ae624b824c2fe9e3cfd4c0
-
SHA1
20e3134dceec4f5e91e332de5c19382a004bf0d6
-
SHA256
22c2c9a00d98dca419a0dd3285b1622eddf585b7e66d588d90d22ab70db80f64
-
SHA512
d5afc922f75b8d21c16fd1ee581e00770228b81d015c9fb972adfac6b7e753d32c050419f622649e93a18d79b9f497433e6b923db80d2fc622388f0cef557d1e
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7QGIC:zhOmTsF93UYfwC6GIoutiTU2HVS63Qg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrrrf.exec:\frlrrrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbhb.exec:\tnnbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpv.exec:\pjjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rfffll.exec:\3rfffll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnnt.exec:\tbtnnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjp.exec:\pjjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrllxf.exec:\lrrllxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtntb.exec:\nbtntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbbh.exec:\bbhbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrxxxl.exec:\lrrxxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthbh.exec:\nhthbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pddj.exec:\1pddj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtn.exec:\bthhtn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfrfrr.exec:\rxfrfrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbbh.exec:\nhbbbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdd.exec:\jdjdd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttb.exec:\nnnttb.exe23⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\rllllrx.exec:\rllllrx.exe26⤵
- Executes dropped EXE
-
\??\c:\3hhnnt.exec:\3hhnnt.exe27⤵
- Executes dropped EXE
-
\??\c:\hhnnnb.exec:\hhnnnb.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrrlxf.exec:\xlrrlxf.exe29⤵
- Executes dropped EXE
-
\??\c:\tnnntt.exec:\tnnntt.exe30⤵
- Executes dropped EXE
-
\??\c:\jddpp.exec:\jddpp.exe31⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe32⤵
- Executes dropped EXE
-
\??\c:\tbhnnt.exec:\tbhnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe34⤵
- Executes dropped EXE
-
\??\c:\rfxlrrl.exec:\rfxlrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\jvvdp.exec:\jvvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe38⤵
- Executes dropped EXE
-
\??\c:\lrfrlxr.exec:\lrfrlxr.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvdj.exec:\pvvdj.exe41⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe42⤵
- Executes dropped EXE
-
\??\c:\lxrlfff.exec:\lxrlfff.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbntt.exec:\bnbntt.exe44⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\rfllrff.exec:\rfllrff.exe46⤵
- Executes dropped EXE
-
\??\c:\1lrrxrf.exec:\1lrrxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\nbhttt.exec:\nbhttt.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvjd.exec:\vjvjd.exe49⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe50⤵
- Executes dropped EXE
-
\??\c:\xlrlflf.exec:\xlrlflf.exe51⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe52⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\lrrrrxr.exec:\lrrrrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe57⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe58⤵
- Executes dropped EXE
-
\??\c:\3lrrlrr.exec:\3lrrlrr.exe59⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe60⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe61⤵
- Executes dropped EXE
-
\??\c:\5djpp.exec:\5djpp.exe62⤵
- Executes dropped EXE
-
\??\c:\rxfrrxr.exec:\rxfrrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe65⤵
- Executes dropped EXE
-
\??\c:\lxfxlll.exec:\lxfxlll.exe66⤵
-
\??\c:\hhbtbt.exec:\hhbtbt.exe67⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe68⤵
-
\??\c:\xflrllx.exec:\xflrllx.exe69⤵
-
\??\c:\3ttttn.exec:\3ttttn.exe70⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe71⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe72⤵
-
\??\c:\xrrrfrr.exec:\xrrrfrr.exe73⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe74⤵
-
\??\c:\djpjj.exec:\djpjj.exe75⤵
-
\??\c:\llrrrxl.exec:\llrrrxl.exe76⤵
-
\??\c:\fflfffx.exec:\fflfffx.exe77⤵
-
\??\c:\ttbnnh.exec:\ttbnnh.exe78⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe79⤵
-
\??\c:\xflflfx.exec:\xflflfx.exe80⤵
-
\??\c:\xfrflfl.exec:\xfrflfl.exe81⤵
-
\??\c:\djjpj.exec:\djjpj.exe82⤵
-
\??\c:\ddjjp.exec:\ddjjp.exe83⤵
-
\??\c:\lxxflfl.exec:\lxxflfl.exe84⤵
-
\??\c:\rrrrxrr.exec:\rrrrxrr.exe85⤵
-
\??\c:\tbbhnn.exec:\tbbhnn.exe86⤵
-
\??\c:\djppp.exec:\djppp.exe87⤵
-
\??\c:\jppjv.exec:\jppjv.exe88⤵
-
\??\c:\flxffrr.exec:\flxffrr.exe89⤵
-
\??\c:\nntbnh.exec:\nntbnh.exe90⤵
-
\??\c:\nbbhbn.exec:\nbbhbn.exe91⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe92⤵
-
\??\c:\7dvpp.exec:\7dvpp.exe93⤵
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe94⤵
-
\??\c:\xllllxf.exec:\xllllxf.exe95⤵
-
\??\c:\btttbb.exec:\btttbb.exe96⤵
-
\??\c:\htbntn.exec:\htbntn.exe97⤵
-
\??\c:\ffllxxf.exec:\ffllxxf.exe98⤵
-
\??\c:\nbttth.exec:\nbttth.exe99⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe100⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe101⤵
-
\??\c:\frxfxlf.exec:\frxfxlf.exe102⤵
-
\??\c:\ffrxlll.exec:\ffrxlll.exe103⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe104⤵
-
\??\c:\nnttnn.exec:\nnttnn.exe105⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe106⤵
-
\??\c:\rfxfllf.exec:\rfxfllf.exe107⤵
-
\??\c:\thnntt.exec:\thnntt.exe108⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe109⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe110⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe111⤵
-
\??\c:\flxfxfx.exec:\flxfxfx.exe112⤵
-
\??\c:\ttthnh.exec:\ttthnh.exe113⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe114⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe115⤵
-
\??\c:\ffrrflx.exec:\ffrrflx.exe116⤵
-
\??\c:\fflxfxx.exec:\fflxfxx.exe117⤵
-
\??\c:\tttttt.exec:\tttttt.exe118⤵
-
\??\c:\1htbbn.exec:\1htbbn.exe119⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe120⤵
-
\??\c:\lffllrl.exec:\lffllrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-