Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 03:13
General
-
Target
152ce54299cea73d2dad55769b74a770_NeikiAnalytics.exe
-
Size
169KB
-
MD5
152ce54299cea73d2dad55769b74a770
-
SHA1
d1c60b3fea941a80511458832b2aad5e5411f49b
-
SHA256
4f63a80b019bab3517d8412ecfdf7a1c8489589459726c46de10309b57eeef89
-
SHA512
4f1b5237e86fde7897be60c80b68b3c673668297e55eb57e91f7b0bebdc3e2413dc636b3fb3b56169b53eadd14c8591a7793a49321592ee7baa8fa0bf299d072
-
SSDEEP
1536:HvQBeOGtrYS3srx93UBWfwC6Ggnouy8CUYj7FK4O8A1o4XEc3YtxD8/Ai2T:HhOmTsF93UYfwC6GIoutX8Ki3c3YT8Vk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\152ce54299cea73d2dad55769b74a770_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\152ce54299cea73d2dad55769b74a770_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhtt.exec:\nbbhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthbn.exec:\7bthbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrxlf.exec:\lrxrxlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjv.exec:\pvvjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxxxf.exec:\5xfxxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbt.exec:\htnnbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbn.exec:\nbbnbn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrrf.exec:\fxfxrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbb.exec:\nbtnbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdj.exec:\pjpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthth.exec:\ntthth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbh.exec:\nnttbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddp.exec:\7pddp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rrfrlx.exec:\3rrfrlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthb.exec:\bhbthb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppv.exec:\ppppv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnn.exec:\tnnhnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbt.exec:\tbhhbt.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrlffl.exec:\rfrlffl.exe24⤵
- Executes dropped EXE
-
\??\c:\7bbthb.exec:\7bbthb.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe26⤵
- Executes dropped EXE
-
\??\c:\lffxlfx.exec:\lffxlfx.exe27⤵
- Executes dropped EXE
-
\??\c:\thnnhb.exec:\thnnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\5xlfllx.exec:\5xlfllx.exe29⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe30⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\9fxrfxl.exec:\9fxrfxl.exe32⤵
- Executes dropped EXE
-
\??\c:\hhnbnb.exec:\hhnbnb.exe33⤵
- Executes dropped EXE
-
\??\c:\ddjpp.exec:\ddjpp.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\lrxlxlf.exec:\lrxlxlf.exe36⤵
- Executes dropped EXE
-
\??\c:\ttthbn.exec:\ttthbn.exe37⤵
- Executes dropped EXE
-
\??\c:\bnnhbh.exec:\bnnhbh.exe38⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe39⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe40⤵
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\fflrffx.exec:\fflrffx.exe42⤵
- Executes dropped EXE
-
\??\c:\htbntn.exec:\htbntn.exe43⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe44⤵
- Executes dropped EXE
-
\??\c:\1vdvj.exec:\1vdvj.exe45⤵
- Executes dropped EXE
-
\??\c:\5frxlfr.exec:\5frxlfr.exe46⤵
- Executes dropped EXE
-
\??\c:\xrlfxlf.exec:\xrlfxlf.exe47⤵
- Executes dropped EXE
-
\??\c:\5nbtbt.exec:\5nbtbt.exe48⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe50⤵
- Executes dropped EXE
-
\??\c:\htnnbt.exec:\htnnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\hnthtn.exec:\hnthtn.exe52⤵
- Executes dropped EXE
-
\??\c:\9dvpd.exec:\9dvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\lxxrfrx.exec:\lxxrfrx.exe54⤵
- Executes dropped EXE
-
\??\c:\hhtnbt.exec:\hhtnbt.exe55⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\flrlxrf.exec:\flrlxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\btbbnh.exec:\btbbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\xrlfxrl.exec:\xrlfxrl.exe60⤵
- Executes dropped EXE
-
\??\c:\xfffrrf.exec:\xfffrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe63⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\3xrrfxl.exec:\3xrrfxl.exe65⤵
- Executes dropped EXE
-
\??\c:\ntntnn.exec:\ntntnn.exe66⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe67⤵
-
\??\c:\9jjvj.exec:\9jjvj.exe68⤵
-
\??\c:\rxxlfxr.exec:\rxxlfxr.exe69⤵
-
\??\c:\bnbbtb.exec:\bnbbtb.exe70⤵
-
\??\c:\djjdp.exec:\djjdp.exe71⤵
-
\??\c:\vdddv.exec:\vdddv.exe72⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe73⤵
-
\??\c:\1nnhbb.exec:\1nnhbb.exe74⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe75⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe76⤵
-
\??\c:\fxrffxf.exec:\fxrffxf.exe77⤵
-
\??\c:\rllfxxl.exec:\rllfxxl.exe78⤵
-
\??\c:\1nhnbt.exec:\1nhnbt.exe79⤵
-
\??\c:\dppdv.exec:\dppdv.exe80⤵
-
\??\c:\1vpjp.exec:\1vpjp.exe81⤵
-
\??\c:\xxlfrlf.exec:\xxlfrlf.exe82⤵
-
\??\c:\7xxrffx.exec:\7xxrffx.exe83⤵
-
\??\c:\vppjj.exec:\vppjj.exe84⤵
-
\??\c:\dppjv.exec:\dppjv.exe85⤵
-
\??\c:\1xxfxfx.exec:\1xxfxfx.exe86⤵
-
\??\c:\7tnthb.exec:\7tnthb.exe87⤵
-
\??\c:\hthtnh.exec:\hthtnh.exe88⤵
-
\??\c:\jddpd.exec:\jddpd.exe89⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe90⤵
-
\??\c:\frfrxlx.exec:\frfrxlx.exe91⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe92⤵
-
\??\c:\tbbhbt.exec:\tbbhbt.exe93⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe94⤵
-
\??\c:\9vjjd.exec:\9vjjd.exe95⤵
-
\??\c:\lrlfrlf.exec:\lrlfrlf.exe96⤵
-
\??\c:\tthnbt.exec:\tthnbt.exe97⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe98⤵
-
\??\c:\vjppv.exec:\vjppv.exe99⤵
-
\??\c:\djpjd.exec:\djpjd.exe100⤵
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe101⤵
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe102⤵
-
\??\c:\tnhtnh.exec:\tnhtnh.exe103⤵
-
\??\c:\5tnbnh.exec:\5tnbnh.exe104⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe105⤵
-
\??\c:\flxffff.exec:\flxffff.exe106⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe107⤵
-
\??\c:\htbnhb.exec:\htbnhb.exe108⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe109⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe110⤵
-
\??\c:\xxrlrrl.exec:\xxrlrrl.exe111⤵
-
\??\c:\9rrlrll.exec:\9rrlrll.exe112⤵
-
\??\c:\hnthtn.exec:\hnthtn.exe113⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe114⤵
-
\??\c:\rrrffxl.exec:\rrrffxl.exe115⤵
-
\??\c:\rlrlxfr.exec:\rlrlxfr.exe116⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe117⤵
-
\??\c:\bbbnbb.exec:\bbbnbb.exe118⤵
-
\??\c:\1dpjv.exec:\1dpjv.exe119⤵
-
\??\c:\3vjvd.exec:\3vjvd.exe120⤵
-
\??\c:\rrlxrlx.exec:\rrlxrlx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-