Analysis
-
max time kernel
150s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 01:03
General
-
Target
12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe
-
Size
441KB
-
MD5
12fe4659700f67a4d6813a77feeb3ed0
-
SHA1
5f4daa79699e0861a2c93ddb9113edcc4609cc1b
-
SHA256
a1b9907c04cfc85c546b3678e93a9045c19268aa60502284f3512a1afa2de094
-
SHA512
8aefa8907d3583e9cf8c5f57858c7decb92c0ea114a58e9f29b8bc3d8e386b3687338960700bceb59004cfa69d29e158b162365bd4b10926ee4edd59d89cbe55
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluw:UrR/nPV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfxxrx.exec:\rxfxxrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrlfx.exec:\lrfrlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnhb.exec:\7ttnhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnn.exec:\thtnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdv.exec:\pjpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flrrlf.exec:\7flrrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrllfl.exec:\7lrllfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhh.exec:\nnbbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnht.exec:\hbbnht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttn.exec:\htbttn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfxrl.exec:\rflfxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxrxr.exec:\fffxrxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvvp.exec:\7vvvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhb.exec:\nhnnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbttb.exec:\bnbttb.exe25⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe26⤵
- Executes dropped EXE
-
\??\c:\5vjdv.exec:\5vjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\bhhhbh.exec:\bhhhbh.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\llrlfxl.exec:\llrlfxl.exe31⤵
- Executes dropped EXE
-
\??\c:\hnbhnh.exec:\hnbhnh.exe32⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\ffllllx.exec:\ffllllx.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlllxx.exec:\rrlllxx.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe39⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe40⤵
- Executes dropped EXE
-
\??\c:\frxrrxr.exec:\frxrrxr.exe41⤵
- Executes dropped EXE
-
\??\c:\5nnnnt.exec:\5nnnnt.exe42⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\lffxrfx.exec:\lffxrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe45⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe46⤵
- Executes dropped EXE
-
\??\c:\3djdd.exec:\3djdd.exe47⤵
- Executes dropped EXE
-
\??\c:\lxllffx.exec:\lxllffx.exe48⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe49⤵
- Executes dropped EXE
-
\??\c:\hhtbhn.exec:\hhtbhn.exe50⤵
- Executes dropped EXE
-
\??\c:\1lxrlfl.exec:\1lxrlfl.exe51⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\nthbtt.exec:\nthbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\pvjjv.exec:\pvjjv.exe55⤵
- Executes dropped EXE
-
\??\c:\rllxxrl.exec:\rllxxrl.exe56⤵
- Executes dropped EXE
-
\??\c:\hhhbbb.exec:\hhhbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\5hnhbb.exec:\5hnhbb.exe58⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe59⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe60⤵
- Executes dropped EXE
-
\??\c:\lxfffll.exec:\lxfffll.exe61⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\5jvvd.exec:\5jvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\rxfffff.exec:\rxfffff.exe64⤵
- Executes dropped EXE
-
\??\c:\1thbnn.exec:\1thbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe66⤵
-
\??\c:\xxfflrf.exec:\xxfflrf.exe67⤵
-
\??\c:\bnbttt.exec:\bnbttt.exe68⤵
-
\??\c:\bhnnnn.exec:\bhnnnn.exe69⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe70⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe71⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe72⤵
-
\??\c:\dpddd.exec:\dpddd.exe73⤵
-
\??\c:\rrlffff.exec:\rrlffff.exe74⤵
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe75⤵
-
\??\c:\5nnhnt.exec:\5nnhnt.exe76⤵
-
\??\c:\pddvp.exec:\pddvp.exe77⤵
-
\??\c:\9flfxxr.exec:\9flfxxr.exe78⤵
-
\??\c:\hhtttn.exec:\hhtttn.exe79⤵
-
\??\c:\vddvp.exec:\vddvp.exe80⤵
-
\??\c:\nntbbt.exec:\nntbbt.exe81⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe82⤵
-
\??\c:\jjpvd.exec:\jjpvd.exe83⤵
-
\??\c:\9lllffx.exec:\9lllffx.exe84⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe85⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe86⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe87⤵
-
\??\c:\3llrrll.exec:\3llrrll.exe88⤵
-
\??\c:\ntntnt.exec:\ntntnt.exe89⤵
-
\??\c:\jvvdd.exec:\jvvdd.exe90⤵
-
\??\c:\fxllflr.exec:\fxllflr.exe91⤵
-
\??\c:\nnnntn.exec:\nnnntn.exe92⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe93⤵
-
\??\c:\fllffff.exec:\fllffff.exe94⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe95⤵
-
\??\c:\9xfxxxr.exec:\9xfxxxr.exe96⤵
-
\??\c:\ttnttn.exec:\ttnttn.exe97⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe98⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe99⤵
-
\??\c:\fxrllrr.exec:\fxrllrr.exe100⤵
-
\??\c:\nnhhhh.exec:\nnhhhh.exe101⤵
-
\??\c:\3jppp.exec:\3jppp.exe102⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe103⤵
-
\??\c:\rxrxxxx.exec:\rxrxxxx.exe104⤵
-
\??\c:\bhhhtb.exec:\bhhhtb.exe105⤵
-
\??\c:\bhnhhn.exec:\bhnhhn.exe106⤵
-
\??\c:\ddddj.exec:\ddddj.exe107⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe108⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe109⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe110⤵
-
\??\c:\lxllxlx.exec:\lxllxlx.exe111⤵
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe112⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe113⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe114⤵
-
\??\c:\3llfxxr.exec:\3llfxxr.exe115⤵
-
\??\c:\lxllflf.exec:\lxllflf.exe116⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe117⤵
-
\??\c:\5jvpv.exec:\5jvpv.exe118⤵
-
\??\c:\5rfffff.exec:\5rfffff.exe119⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe120⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-