Analysis
-
max time kernel
150s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 21:25
General
-
Target
3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
3f9749336d3c821526de4a61502a1cd0
-
SHA1
23d1e7b3540c250946fdded77d56879eda2767aa
-
SHA256
3d413113005b2b2714358ce0d10600bfb0b08cb87d618afa98832d212fb421c3
-
SHA512
db2d7f7ace3c8ee294abb71d3b1bcedebdae0d0276d25455030d17c5f42c61b5c2662132ec0691df6d0751b46e781439f3ba522b1ce4bc91c7d4497410ad0329
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn+:ymb3NkkiQ3mdBjF0cr+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhb.exec:\tnhnhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnbb.exec:\hhnnbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxlll.exec:\3lfxlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttt.exec:\bntttt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvp.exec:\pdpvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlrrxx.exec:\7xlrrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrlll.exec:\fffrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrfrf.exec:\rrfrfrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhh.exec:\nttnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrllf.exec:\lxrrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnhb.exec:\nnhnhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvp.exec:\vvvvp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffrrl.exec:\xlffrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbht.exec:\bbtbht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnbb.exec:\bttnbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbb.exec:\tnbtbb.exe23⤵
- Executes dropped EXE
-
\??\c:\9jddd.exec:\9jddd.exe24⤵
- Executes dropped EXE
-
\??\c:\5rxrffr.exec:\5rxrffr.exe25⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhhbh.exec:\tbhhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe28⤵
- Executes dropped EXE
-
\??\c:\lrlfrrl.exec:\lrlfrrl.exe29⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe30⤵
- Executes dropped EXE
-
\??\c:\bhnnnn.exec:\bhnnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\7vppp.exec:\7vppp.exe32⤵
- Executes dropped EXE
-
\??\c:\lflrxlx.exec:\lflrxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhhbh.exec:\bbhhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\lxfxlll.exec:\lxfxlll.exe35⤵
- Executes dropped EXE
-
\??\c:\rllrxll.exec:\rllrxll.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe37⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe38⤵
- Executes dropped EXE
-
\??\c:\vdjjd.exec:\vdjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\rxrfrfr.exec:\rxrfrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\rrrlllf.exec:\rrrlllf.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe43⤵
- Executes dropped EXE
-
\??\c:\lllfxrx.exec:\lllfxrx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbbnhb.exec:\hbbnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe46⤵
- Executes dropped EXE
-
\??\c:\rrffffl.exec:\rrffffl.exe47⤵
- Executes dropped EXE
-
\??\c:\xlxlfxl.exec:\xlxlfxl.exe48⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe50⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe51⤵
- Executes dropped EXE
-
\??\c:\1xfxxrr.exec:\1xfxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\nthhhb.exec:\nthhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe54⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe55⤵
- Executes dropped EXE
-
\??\c:\ffrlxxl.exec:\ffrlxxl.exe56⤵
- Executes dropped EXE
-
\??\c:\5tbbbh.exec:\5tbbbh.exe57⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe58⤵
- Executes dropped EXE
-
\??\c:\xxxxlfx.exec:\xxxxlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\xrrrlll.exec:\xrrrlll.exe60⤵
- Executes dropped EXE
-
\??\c:\htttnt.exec:\htttnt.exe61⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrlfxx.exec:\fxrlfxx.exe64⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe65⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe66⤵
-
\??\c:\vpppp.exec:\vpppp.exe67⤵
-
\??\c:\rrrlfrf.exec:\rrrlfrf.exe68⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe69⤵
-
\??\c:\bbnbtb.exec:\bbnbtb.exe70⤵
-
\??\c:\5djpj.exec:\5djpj.exe71⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe72⤵
-
\??\c:\rrrlrrr.exec:\rrrlrrr.exe73⤵
-
\??\c:\xffffff.exec:\xffffff.exe74⤵
-
\??\c:\ntnbnb.exec:\ntnbnb.exe75⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe76⤵
-
\??\c:\pvpjd.exec:\pvpjd.exe77⤵
-
\??\c:\xlxxlrf.exec:\xlxxlrf.exe78⤵
-
\??\c:\xxlllll.exec:\xxlllll.exe79⤵
-
\??\c:\btbtnn.exec:\btbtnn.exe80⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe81⤵
-
\??\c:\djjdv.exec:\djjdv.exe82⤵
-
\??\c:\lfrlllr.exec:\lfrlllr.exe83⤵
-
\??\c:\nnbttn.exec:\nnbttn.exe84⤵
-
\??\c:\ppjdj.exec:\ppjdj.exe85⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe86⤵
-
\??\c:\xfrfrxf.exec:\xfrfrxf.exe87⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe88⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe89⤵
-
\??\c:\fflrllr.exec:\fflrllr.exe90⤵
-
\??\c:\rrxxffr.exec:\rrxxffr.exe91⤵
-
\??\c:\tbhhth.exec:\tbhhth.exe92⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe93⤵
-
\??\c:\xxffllr.exec:\xxffllr.exe94⤵
-
\??\c:\lfrflrl.exec:\lfrflrl.exe95⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe96⤵
-
\??\c:\thhtnt.exec:\thhtnt.exe97⤵
-
\??\c:\1vdvp.exec:\1vdvp.exe98⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe99⤵
-
\??\c:\rlxlfxx.exec:\rlxlfxx.exe100⤵
-
\??\c:\bhbbtt.exec:\bhbbtt.exe101⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe102⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe103⤵
-
\??\c:\lxfflrr.exec:\lxfflrr.exe104⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe105⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe106⤵
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe107⤵
-
\??\c:\rxlxrrl.exec:\rxlxrrl.exe108⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe109⤵
-
\??\c:\jjppp.exec:\jjppp.exe110⤵
-
\??\c:\bnbttb.exec:\bnbttb.exe111⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe112⤵
-
\??\c:\xxfflll.exec:\xxfflll.exe113⤵
-
\??\c:\xxlfffr.exec:\xxlfffr.exe114⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe115⤵
-
\??\c:\5vddp.exec:\5vddp.exe116⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe117⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe118⤵
-
\??\c:\lflfrrf.exec:\lflfrrf.exe119⤵
-
\??\c:\nttnnt.exec:\nttnnt.exe120⤵
-
\??\c:\pddjj.exec:\pddjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-