Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
22-05-2024 05:00
General
-
Target
1ebf60c0cfb3947ce82c66b3ef5b2020_NeikiAnalytics.exe
-
Size
62KB
-
MD5
1ebf60c0cfb3947ce82c66b3ef5b2020
-
SHA1
928d93df72d5ef691cdcb49e8d3d715c57676952
-
SHA256
24e8254dc2bf7b061be0f0988e0a9a553e3e13c11d23ff476079d95fc469f6f3
-
SHA512
f4948f2dfc4f5d87e61c0b175f64f8419bf91872c0a6926fe7e529518754c503aea3db68f36ca965d775fa6657fbd4134f1b497b1ad5a0fa6d45ec9e8504b756
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDISoFGDa:ymb3NkkiQ3mdBjFIk+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ebf60c0cfb3947ce82c66b3ef5b2020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ebf60c0cfb3947ce82c66b3ef5b2020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdp.exec:\djjdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlllx.exec:\xlrlllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfflf.exec:\lfxfflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttt.exec:\bbbttt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjv.exec:\dpjjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxllx.exec:\xrfxllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhthb.exec:\hhhthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtnn.exec:\bbbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjd.exec:\vjjjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxlrll.exec:\xrxlrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbt.exec:\thbnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjpj.exec:\pdjpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjpj.exec:\7pjpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrl.exec:\fllfxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnh.exec:\btnbnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbtn.exec:\tbnbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpjp.exec:\3vpjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvpj.exec:\djvpj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffrlf.exec:\xfffrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbnh.exec:\hthbnh.exe23⤵
- Executes dropped EXE
-
\??\c:\btbhbt.exec:\btbhbt.exe24⤵
- Executes dropped EXE
-
\??\c:\pdvpj.exec:\pdvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\rrrlxlf.exec:\rrrlxlf.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe27⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe29⤵
- Executes dropped EXE
-
\??\c:\rflxllx.exec:\rflxllx.exe30⤵
- Executes dropped EXE
-
\??\c:\7lrllff.exec:\7lrllff.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbttn.exec:\nhbttn.exe32⤵
- Executes dropped EXE
-
\??\c:\tbtnhb.exec:\tbtnhb.exe33⤵
- Executes dropped EXE
-
\??\c:\pdpjv.exec:\pdpjv.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrlxlf.exec:\lfrlxlf.exe36⤵
- Executes dropped EXE
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe38⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe39⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\rllfrfx.exec:\rllfrfx.exe41⤵
- Executes dropped EXE
-
\??\c:\rffrxrx.exec:\rffrxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\7ntnnh.exec:\7ntnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\bhbhtn.exec:\bhbhtn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\7vjjj.exec:\7vjjj.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe47⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe50⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\fxlxrlf.exec:\fxlxrlf.exe53⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe55⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe57⤵
- Executes dropped EXE
-
\??\c:\7xrrxxl.exec:\7xrrxxl.exe58⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\htnbbn.exec:\htnbbn.exe60⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\7lfxllf.exec:\7lfxllf.exe63⤵
- Executes dropped EXE
-
\??\c:\tbtnbt.exec:\tbtnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe66⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe67⤵
-
\??\c:\xrrllxf.exec:\xrrllxf.exe68⤵
-
\??\c:\5nttbt.exec:\5nttbt.exe69⤵
-
\??\c:\bnntnn.exec:\bnntnn.exe70⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe71⤵
-
\??\c:\pvjdj.exec:\pvjdj.exe72⤵
-
\??\c:\rlxxxxr.exec:\rlxxxxr.exe73⤵
-
\??\c:\ffllllf.exec:\ffllllf.exe74⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe75⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe76⤵
-
\??\c:\rllffff.exec:\rllffff.exe77⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe78⤵
-
\??\c:\1hhnhb.exec:\1hhnhb.exe79⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe80⤵
-
\??\c:\pppjp.exec:\pppjp.exe81⤵
-
\??\c:\fxlffll.exec:\fxlffll.exe82⤵
-
\??\c:\frrfxfx.exec:\frrfxfx.exe83⤵
-
\??\c:\nttnhn.exec:\nttnhn.exe84⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe85⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe86⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe87⤵
-
\??\c:\xrfxlfx.exec:\xrfxlfx.exe88⤵
-
\??\c:\hnntnn.exec:\hnntnn.exe89⤵
-
\??\c:\7hnhtn.exec:\7hnhtn.exe90⤵
-
\??\c:\btntnt.exec:\btntnt.exe91⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe92⤵
-
\??\c:\djvjd.exec:\djvjd.exe93⤵
-
\??\c:\rrxxrxf.exec:\rrxxrxf.exe94⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe95⤵
-
\??\c:\tthhbt.exec:\tthhbt.exe96⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe97⤵
-
\??\c:\5vpvv.exec:\5vpvv.exe98⤵
-
\??\c:\xxfxrll.exec:\xxfxrll.exe99⤵
-
\??\c:\xllxxff.exec:\xllxxff.exe100⤵
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe101⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe102⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe103⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe104⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe105⤵
-
\??\c:\xlfxlll.exec:\xlfxlll.exe106⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe107⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe108⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe109⤵
-
\??\c:\7vvpp.exec:\7vvpp.exe110⤵
-
\??\c:\5jppd.exec:\5jppd.exe111⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe112⤵
-
\??\c:\fxxrrlr.exec:\fxxrrlr.exe113⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe114⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe115⤵
-
\??\c:\djddd.exec:\djddd.exe116⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe117⤵
-
\??\c:\llfxxrl.exec:\llfxxrl.exe118⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe119⤵
-
\??\c:\bnnbhb.exec:\bnnbhb.exe120⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-