Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 05:05
General
-
Target
1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe
-
Size
64KB
-
MD5
1f2c6bf219350ecd07168d1cd92eb370
-
SHA1
af2e906c4b71037750bf3f8c68f97d86ae32a6fe
-
SHA256
f2c0891f0b29c29ff9e3b00a377dd15af1deb8f1efd9b0d2d8ad1ec6621d7d20
-
SHA512
3025a8207dea7258b66b9f0e31afc7171d24d19d61cf3aa5a7e41474d0cee0e9c29f06da1d7eac49f4a647f7b0eae27f70c5f263b93e21206970bdb71501bfbd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfw:ymb3NkkiQ3mdBjFI4VE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffx.exec:\flrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttttt.exec:\nttttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvp.exec:\3pjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llfxxr.exec:\9llfxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhh.exec:\tnnhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbttn.exec:\htbttn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlxr.exec:\rlrrlxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrrrll.exec:\5rrrrll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnhhb.exec:\ntnhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjd.exec:\vjvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlll.exec:\lrxrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrllf.exec:\rrlrllf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthnb.exec:\bhthnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fllrrr.exec:\9fllrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhbhh.exec:\3hhbhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbhb.exec:\hhhbhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvd.exec:\jddvd.exe23⤵
- Executes dropped EXE
-
\??\c:\llllfff.exec:\llllfff.exe24⤵
- Executes dropped EXE
-
\??\c:\hnbnnt.exec:\hnbnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\thbbnh.exec:\thbbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\ffxxflx.exec:\ffxxflx.exe27⤵
- Executes dropped EXE
-
\??\c:\rfllxfx.exec:\rfllxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\pvvdd.exec:\pvvdd.exe30⤵
- Executes dropped EXE
-
\??\c:\vvddv.exec:\vvddv.exe31⤵
- Executes dropped EXE
-
\??\c:\llfxfff.exec:\llfxfff.exe32⤵
- Executes dropped EXE
-
\??\c:\xrffxxr.exec:\xrffxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\7bbbtt.exec:\7bbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\5jdjj.exec:\5jdjj.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\7xrrflf.exec:\7xrrflf.exe37⤵
- Executes dropped EXE
-
\??\c:\rfffffx.exec:\rfffffx.exe38⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe39⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe40⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\dpdpd.exec:\dpdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe43⤵
- Executes dropped EXE
-
\??\c:\nttnnh.exec:\nttnnh.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\pddjd.exec:\pddjd.exe47⤵
- Executes dropped EXE
-
\??\c:\lfflffl.exec:\lfflffl.exe48⤵
- Executes dropped EXE
-
\??\c:\bttttt.exec:\bttttt.exe49⤵
- Executes dropped EXE
-
\??\c:\ntnhbb.exec:\ntnhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pvddp.exec:\pvddp.exe51⤵
- Executes dropped EXE
-
\??\c:\3xxrrxx.exec:\3xxrrxx.exe52⤵
- Executes dropped EXE
-
\??\c:\frxxxff.exec:\frxxxff.exe53⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe54⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrrrfff.exec:\xrrrfff.exe56⤵
- Executes dropped EXE
-
\??\c:\lrfxffl.exec:\lrfxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtnbb.exec:\hbtnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe62⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\fxxrlll.exec:\fxxrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe65⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe66⤵
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe67⤵
-
\??\c:\bttbth.exec:\bttbth.exe68⤵
-
\??\c:\ddddd.exec:\ddddd.exe69⤵
-
\??\c:\1pppd.exec:\1pppd.exe70⤵
-
\??\c:\xrrlxxf.exec:\xrrlxxf.exe71⤵
-
\??\c:\3xrrrrl.exec:\3xrrrrl.exe72⤵
-
\??\c:\btbthh.exec:\btbthh.exe73⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe74⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe75⤵
-
\??\c:\5pvpd.exec:\5pvpd.exe76⤵
-
\??\c:\jpppj.exec:\jpppj.exe77⤵
-
\??\c:\rlxrlll.exec:\rlxrlll.exe78⤵
-
\??\c:\rlxxflr.exec:\rlxxflr.exe79⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe80⤵
-
\??\c:\3bnhbb.exec:\3bnhbb.exe81⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe82⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe83⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe84⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe85⤵
-
\??\c:\fxllfff.exec:\fxllfff.exe86⤵
-
\??\c:\tbbttn.exec:\tbbttn.exe87⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe88⤵
-
\??\c:\pjpvp.exec:\pjpvp.exe89⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe90⤵
-
\??\c:\9fffrrr.exec:\9fffrrr.exe91⤵
-
\??\c:\rlrxxrr.exec:\rlrxxrr.exe92⤵
-
\??\c:\5bbbtt.exec:\5bbbtt.exe93⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe94⤵
-
\??\c:\7jddv.exec:\7jddv.exe95⤵
-
\??\c:\9fflxll.exec:\9fflxll.exe96⤵
-
\??\c:\tttnnn.exec:\tttnnn.exe97⤵
-
\??\c:\jdppj.exec:\jdppj.exe98⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe99⤵
-
\??\c:\ttbtnn.exec:\ttbtnn.exe100⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe101⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe102⤵
-
\??\c:\frflrrr.exec:\frflrrr.exe103⤵
-
\??\c:\7rrlffx.exec:\7rrlffx.exe104⤵
-
\??\c:\3nhhhh.exec:\3nhhhh.exe105⤵
-
\??\c:\9htnnn.exec:\9htnnn.exe106⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe107⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe108⤵
-
\??\c:\1lrrfll.exec:\1lrrfll.exe109⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe110⤵
-
\??\c:\bnnnth.exec:\bnnnth.exe111⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe112⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe113⤵
-
\??\c:\jdddv.exec:\jdddv.exe114⤵
-
\??\c:\vvdvp.exec:\vvdvp.exe115⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe116⤵
-
\??\c:\rxlrllf.exec:\rxlrllf.exe117⤵
-
\??\c:\ffrlllf.exec:\ffrlllf.exe118⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe119⤵
-
\??\c:\thttnt.exec:\thttnt.exe120⤵
-
\??\c:\1vvvp.exec:\1vvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-