Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23/05/2024, 00:16 UTC
General
-
Target
6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe
-
Size
61KB
-
MD5
6007507ee4e870d54002d695cf047710
-
SHA1
11585ef509848e568948f2a16b3f37a57db61eb3
-
SHA256
cc8e602b9e85e6a4f8648c27ca62f8e62fc68b58d9abe06acec52d7bcf72fe05
-
SHA512
5d4cf564dabea7755e3a920a5579684b965b06a2a66488145fdcf28caf5fb804354e8b3324268a8e9929f3ac53d7468e84fde0b83657e5ee389f80845394ff27
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL8:ymb3NkkiQ3mdBjFIvAv8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllllx.exec:\ffllllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttt.exec:\nhnttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfflfr.exec:\xxfflfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhn.exec:\bnnnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxx.exec:\fxfxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnhb.exec:\7ttnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhtn.exec:\5hhhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdv.exec:\dvpdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxrrl.exec:\fflxrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxrxl.exec:\ffrxrxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnh.exec:\httnnh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdp.exec:\pdjdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdp.exec:\3pjdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfxxr.exec:\rrlfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbhhh.exec:\ntbhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe24⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe25⤵
- Executes dropped EXE
-
\??\c:\ffrlllf.exec:\ffrlllf.exe26⤵
- Executes dropped EXE
-
\??\c:\bbhhtn.exec:\bbhhtn.exe27⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe28⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfrllll.exec:\lfrllll.exe30⤵
- Executes dropped EXE
-
\??\c:\nbnnhn.exec:\nbnnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\thnhnn.exec:\thnhnn.exe32⤵
- Executes dropped EXE
-
\??\c:\dvdvd.exec:\dvdvd.exe33⤵
- Executes dropped EXE
-
\??\c:\xxxfffl.exec:\xxxfffl.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe35⤵
- Executes dropped EXE
-
\??\c:\pddjj.exec:\pddjj.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\rflfrll.exec:\rflfrll.exe38⤵
- Executes dropped EXE
-
\??\c:\nhnnbh.exec:\nhnnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbtnn.exec:\bnbtnn.exe40⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxxxxl.exec:\xrxxxxl.exe42⤵
-
\??\c:\rrrlllf.exec:\rrrlllf.exe43⤵
- Executes dropped EXE
-
\??\c:\7bntbb.exec:\7bntbb.exe44⤵
- Executes dropped EXE
-
\??\c:\hnnthh.exec:\hnnthh.exe45⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe46⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe47⤵
- Executes dropped EXE
-
\??\c:\lffxlll.exec:\lffxlll.exe48⤵
- Executes dropped EXE
-
\??\c:\lfrrxrr.exec:\lfrrxrr.exe49⤵
- Executes dropped EXE
-
\??\c:\7ntnbb.exec:\7ntnbb.exe50⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe51⤵
- Executes dropped EXE
-
\??\c:\7vddd.exec:\7vddd.exe52⤵
- Executes dropped EXE
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\llflllr.exec:\llflllr.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe55⤵
- Executes dropped EXE
-
\??\c:\hnthhn.exec:\hnthhn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe57⤵
- Executes dropped EXE
-
\??\c:\5frrrfl.exec:\5frrrfl.exe58⤵
- Executes dropped EXE
-
\??\c:\lflfffl.exec:\lflfffl.exe59⤵
- Executes dropped EXE
-
\??\c:\tnttth.exec:\tnttth.exe60⤵
- Executes dropped EXE
-
\??\c:\djpdp.exec:\djpdp.exe61⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\5xllrxr.exec:\5xllrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\lflflll.exec:\lflflll.exe66⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe67⤵
-
\??\c:\hnbtnt.exec:\hnbtnt.exe68⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe69⤵
-
\??\c:\fxfxxfl.exec:\fxfxxfl.exe70⤵
-
\??\c:\xlflrrx.exec:\xlflrrx.exe71⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe72⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe73⤵
-
\??\c:\bttnnh.exec:\bttnnh.exe74⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe75⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe76⤵
-
\??\c:\lrlrfff.exec:\lrlrfff.exe77⤵
-
\??\c:\xlffxfx.exec:\xlffxfx.exe78⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe79⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe80⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe81⤵
-
\??\c:\7fffllf.exec:\7fffllf.exe82⤵
-
\??\c:\xxfxxll.exec:\xxfxxll.exe83⤵
-
\??\c:\5hhbbb.exec:\5hhbbb.exe84⤵
-
\??\c:\vppjd.exec:\vppjd.exe85⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe86⤵
-
\??\c:\3xfrrrr.exec:\3xfrrrr.exe87⤵
-
\??\c:\bhnhtb.exec:\bhnhtb.exe88⤵
-
\??\c:\1ntthh.exec:\1ntthh.exe89⤵
-
\??\c:\1pvvp.exec:\1pvvp.exe90⤵
-
\??\c:\5xffxxl.exec:\5xffxxl.exe91⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe92⤵
-
\??\c:\3nttnb.exec:\3nttnb.exe93⤵
-
\??\c:\jjddv.exec:\jjddv.exe94⤵
-
\??\c:\rxlxlrx.exec:\rxlxlrx.exe95⤵
-
\??\c:\xxlxrlx.exec:\xxlxrlx.exe96⤵
-
\??\c:\htbthn.exec:\htbthn.exe97⤵
-
\??\c:\pvpdp.exec:\pvpdp.exe98⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe99⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe100⤵
-
\??\c:\lrrxrff.exec:\lrrxrff.exe101⤵
-
\??\c:\htttnt.exec:\htttnt.exe102⤵
-
\??\c:\vjvjv.exec:\vjvjv.exe103⤵
-
\??\c:\ddpdd.exec:\ddpdd.exe104⤵
-
\??\c:\fxfrlll.exec:\fxfrlll.exe105⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe106⤵
-
\??\c:\bhtnnn.exec:\bhtnnn.exe107⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe108⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe109⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe110⤵
-
\??\c:\lfffllr.exec:\lfffllr.exe111⤵
-
\??\c:\xlxfflr.exec:\xlxfflr.exe112⤵
-
\??\c:\3hnthh.exec:\3hnthh.exe113⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe114⤵
-
\??\c:\jjddj.exec:\jjddj.exe115⤵
-
\??\c:\lxlrlxx.exec:\lxlrlxx.exe116⤵
-
\??\c:\xlffxff.exec:\xlffxff.exe117⤵
-
\??\c:\ntnnbh.exec:\ntnnbh.exe118⤵
-
\??\c:\3tbbhn.exec:\3tbbhn.exe119⤵
-
\??\c:\jvppv.exec:\jvppv.exe120⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-