Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 01:50
General
-
Target
7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe
-
Size
365KB
-
MD5
7172126158ab77902e0f68a0eadba970
-
SHA1
0c935d475865024cfc7541a6472eccbb85e68e6a
-
SHA256
0754ec5a288c358ddd09cb7d9bac10492a38f649aca7e20ca24ed2e795661caf
-
SHA512
3a89f25de3f5c569ace4d9010a9dde7f741a9396fbea5d9b05cd3d18a3bbdd9da9fe7a8e5712bcf799f0ddd181583b14f6e7021baac8cbfe7a2076de45fada22
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwu1b26X1wjdgyPPBR:R4wFHoSHYHUrAwqzQ7PPr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7172126158ab77902e0f68a0eadba970_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrlll.exec:\ffrrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bttth.exec:\9bttth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlrlf.exec:\xlrlrlf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfflff.exec:\lxfflff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbthn.exec:\btbthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjj.exec:\jdjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhb.exec:\hnnnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjj.exec:\vpvjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllll.exec:\lxlllll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppj.exec:\pjppj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflxxlf.exec:\fflxxlf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxrllf.exec:\9rxrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtntn.exec:\bbtntn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxrrl.exec:\5rfxrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbtn.exec:\nntbtn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe23⤵
- Executes dropped EXE
-
\??\c:\9bthbh.exec:\9bthbh.exe24⤵
- Executes dropped EXE
-
\??\c:\rllflfx.exec:\rllflfx.exe25⤵
- Executes dropped EXE
-
\??\c:\lrxrfff.exec:\lrxrfff.exe26⤵
- Executes dropped EXE
-
\??\c:\djvjd.exec:\djvjd.exe27⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe28⤵
- Executes dropped EXE
-
\??\c:\xlfrfxr.exec:\xlfrfxr.exe29⤵
- Executes dropped EXE
-
\??\c:\frfflrr.exec:\frfflrr.exe30⤵
- Executes dropped EXE
-
\??\c:\nthbth.exec:\nthbth.exe31⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\7flfxxr.exec:\7flfxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe34⤵
- Executes dropped EXE
-
\??\c:\llrrfxl.exec:\llrrfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe36⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe37⤵
- Executes dropped EXE
-
\??\c:\fffflfl.exec:\fffflfl.exe38⤵
- Executes dropped EXE
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe39⤵
- Executes dropped EXE
-
\??\c:\bhnhbn.exec:\bhnhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxfffrx.exec:\xxfffrx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlfffl.exec:\fxlfffl.exe45⤵
- Executes dropped EXE
-
\??\c:\5ntbtb.exec:\5ntbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\rxfffxr.exec:\rxfffxr.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnhht.exec:\tnnhht.exe49⤵
- Executes dropped EXE
-
\??\c:\9lllfff.exec:\9lllfff.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe51⤵
- Executes dropped EXE
-
\??\c:\xfrlffx.exec:\xfrlffx.exe52⤵
- Executes dropped EXE
-
\??\c:\hnhhbn.exec:\hnhhbn.exe53⤵
- Executes dropped EXE
-
\??\c:\pppvv.exec:\pppvv.exe54⤵
- Executes dropped EXE
-
\??\c:\btbbbt.exec:\btbbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe56⤵
- Executes dropped EXE
-
\??\c:\vpppv.exec:\vpppv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfffrrf.exec:\lfffrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\nttnhh.exec:\nttnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\7bhbtt.exec:\7bhbtt.exe60⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe61⤵
- Executes dropped EXE
-
\??\c:\lflllll.exec:\lflllll.exe62⤵
- Executes dropped EXE
-
\??\c:\tbttnh.exec:\tbttnh.exe63⤵
- Executes dropped EXE
-
\??\c:\hnnthh.exec:\hnnthh.exe64⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe65⤵
- Executes dropped EXE
-
\??\c:\lllrxxl.exec:\lllrxxl.exe66⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe67⤵
-
\??\c:\ttnnbh.exec:\ttnnbh.exe68⤵
-
\??\c:\ddppv.exec:\ddppv.exe69⤵
-
\??\c:\rlrxxxr.exec:\rlrxxxr.exe70⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe71⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe72⤵
-
\??\c:\7lrllll.exec:\7lrllll.exe73⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe74⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe75⤵
-
\??\c:\1rxfxxf.exec:\1rxfxxf.exe76⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe77⤵
-
\??\c:\nnbbbb.exec:\nnbbbb.exe78⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe79⤵
-
\??\c:\fxrlrfl.exec:\fxrlrfl.exe80⤵
-
\??\c:\nthhbb.exec:\nthhbb.exe81⤵
-
\??\c:\9nhnhn.exec:\9nhnhn.exe82⤵
-
\??\c:\pdvpd.exec:\pdvpd.exe83⤵
-
\??\c:\rxrlffl.exec:\rxrlffl.exe84⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe85⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe86⤵
-
\??\c:\pjddj.exec:\pjddj.exe87⤵
-
\??\c:\lflfxxr.exec:\lflfxxr.exe88⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe89⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe90⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe91⤵
-
\??\c:\xfffllf.exec:\xfffllf.exe92⤵
-
\??\c:\xlxrlll.exec:\xlxrlll.exe93⤵
-
\??\c:\5tbbbb.exec:\5tbbbb.exe94⤵
-
\??\c:\7bhhtt.exec:\7bhhtt.exe95⤵
-
\??\c:\vdppv.exec:\vdppv.exe96⤵
-
\??\c:\xrlfrll.exec:\xrlfrll.exe97⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe98⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe99⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe100⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe101⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe102⤵
-
\??\c:\9flfflf.exec:\9flfflf.exe103⤵
-
\??\c:\bbnbtt.exec:\bbnbtt.exe104⤵
-
\??\c:\ntbtnn.exec:\ntbtnn.exe105⤵
-
\??\c:\djvpj.exec:\djvpj.exe106⤵
-
\??\c:\rllfrlf.exec:\rllfrlf.exe107⤵
-
\??\c:\7hhhbb.exec:\7hhhbb.exe108⤵
-
\??\c:\3hhhbb.exec:\3hhhbb.exe109⤵
-
\??\c:\djppj.exec:\djppj.exe110⤵
-
\??\c:\9xfrflf.exec:\9xfrflf.exe111⤵
-
\??\c:\1fxrrxr.exec:\1fxrrxr.exe112⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe113⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe114⤵
-
\??\c:\flllfff.exec:\flllfff.exe115⤵
-
\??\c:\bhhhbt.exec:\bhhhbt.exe116⤵
-
\??\c:\pddvj.exec:\pddvj.exe117⤵
-
\??\c:\7xrxrfx.exec:\7xrxrfx.exe118⤵
-
\??\c:\bhtnnb.exec:\bhtnnb.exe119⤵
-
\??\c:\3jjjd.exec:\3jjjd.exe120⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-