Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
24-05-2024 15:30
General
-
Target
9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
9f36cba1e2229a267117063f837dcee0
-
SHA1
b91582059302d36e4db32ca63c463283619510ba
-
SHA256
dc7db52111af0fd58d64e58947db9c09ead0e2f1565893a94cae34a70a947478
-
SHA512
6daaa9d656a22c056fb356072f51a4ef2d5c25cd66f4447f9bb2ac587dc2f30996620dc16de3cb47a8b98dad03305935bcad0736d6098bdf05469857476cea4f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK2:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7rfxrlf.exec:\7rfxrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbnh.exec:\9nhbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbnh.exec:\hnbbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvd.exec:\vjdvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlfr.exec:\rlfxlfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnhtt.exec:\3tnhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpp.exec:\7pvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxllf.exec:\rlfxllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntht.exec:\ttntht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxflxxr.exec:\rxflxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnnn.exec:\1hbnnn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfrlfx.exec:\xlfrlfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnn.exec:\hnnbnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtttn.exec:\thtttn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdp.exec:\pvjdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllflx.exec:\xrllflx.exe23⤵
- Executes dropped EXE
-
\??\c:\rflffxx.exec:\rflffxx.exe24⤵
- Executes dropped EXE
-
\??\c:\hhhthn.exec:\hhhthn.exe25⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\rfllllr.exec:\rfllllr.exe27⤵
- Executes dropped EXE
-
\??\c:\3nbthb.exec:\3nbthb.exe28⤵
- Executes dropped EXE
-
\??\c:\tbhbnn.exec:\tbhbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfxlfr.exec:\fxfxlfr.exe31⤵
- Executes dropped EXE
-
\??\c:\rrrlfxx.exec:\rrrlfxx.exe32⤵
- Executes dropped EXE
-
\??\c:\nbbtnh.exec:\nbbtnh.exe33⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvpd.exec:\pvvpd.exe35⤵
- Executes dropped EXE
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\9tnntn.exec:\9tnntn.exe37⤵
- Executes dropped EXE
-
\??\c:\bbthtn.exec:\bbthtn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe39⤵
- Executes dropped EXE
-
\??\c:\rlllrrf.exec:\rlllrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\lxlrrlr.exec:\lxlrrlr.exe41⤵
- Executes dropped EXE
-
\??\c:\btbhbn.exec:\btbhbn.exe42⤵
- Executes dropped EXE
-
\??\c:\jvpdp.exec:\jvpdp.exe43⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe44⤵
- Executes dropped EXE
-
\??\c:\llrllrx.exec:\llrllrx.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe46⤵
- Executes dropped EXE
-
\??\c:\7hnnbh.exec:\7hnnbh.exe47⤵
- Executes dropped EXE
-
\??\c:\jjdpj.exec:\jjdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfrffr.exec:\fxfrffr.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxxxlf.exec:\rlxxxlf.exe51⤵
- Executes dropped EXE
-
\??\c:\hbntnn.exec:\hbntnn.exe52⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe53⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe54⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhtbn.exec:\bnhtbn.exe56⤵
- Executes dropped EXE
-
\??\c:\nhbnhb.exec:\nhbnhb.exe57⤵
- Executes dropped EXE
-
\??\c:\djvpv.exec:\djvpv.exe58⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\llrlxrf.exec:\llrlxrf.exe60⤵
- Executes dropped EXE
-
\??\c:\tbnhht.exec:\tbnhht.exe61⤵
- Executes dropped EXE
-
\??\c:\tbhbnt.exec:\tbhbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe63⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe64⤵
- Executes dropped EXE
-
\??\c:\rrfxrll.exec:\rrfxrll.exe65⤵
- Executes dropped EXE
-
\??\c:\9flxrll.exec:\9flxrll.exe66⤵
-
\??\c:\hhhtnt.exec:\hhhtnt.exe67⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe68⤵
-
\??\c:\djpjv.exec:\djpjv.exe69⤵
-
\??\c:\jdvdv.exec:\jdvdv.exe70⤵
-
\??\c:\llrxxlf.exec:\llrxxlf.exe71⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe72⤵
-
\??\c:\hbhbbt.exec:\hbhbbt.exe73⤵
-
\??\c:\jvvdv.exec:\jvvdv.exe74⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe75⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe76⤵
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe77⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe78⤵
-
\??\c:\nbnnhh.exec:\nbnnhh.exe79⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe80⤵
-
\??\c:\9frfxxf.exec:\9frfxxf.exe81⤵
-
\??\c:\nhhntb.exec:\nhhntb.exe82⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe83⤵
-
\??\c:\5vjjv.exec:\5vjjv.exe84⤵
-
\??\c:\9pvjj.exec:\9pvjj.exe85⤵
-
\??\c:\fxlfffl.exec:\fxlfffl.exe86⤵
-
\??\c:\7fxxrxx.exec:\7fxxrxx.exe87⤵
-
\??\c:\3nnhbn.exec:\3nnhbn.exe88⤵
-
\??\c:\hhbthh.exec:\hhbthh.exe89⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe90⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe91⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe92⤵
-
\??\c:\bnnhbh.exec:\bnnhbh.exe93⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe94⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe95⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe96⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe97⤵
-
\??\c:\5ffxrrr.exec:\5ffxrrr.exe98⤵
-
\??\c:\bttnnt.exec:\bttnnt.exe99⤵
-
\??\c:\jddvp.exec:\jddvp.exe100⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe101⤵
-
\??\c:\fxxxrlx.exec:\fxxxrlx.exe102⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe103⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe104⤵
-
\??\c:\jddvj.exec:\jddvj.exe105⤵
-
\??\c:\vddvd.exec:\vddvd.exe106⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe107⤵
-
\??\c:\xlfxrrl.exec:\xlfxrrl.exe108⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe109⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe110⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe111⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe112⤵
-
\??\c:\xffxrlf.exec:\xffxrlf.exe113⤵
-
\??\c:\nthnnn.exec:\nthnnn.exe114⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe115⤵
-
\??\c:\xxfxlfl.exec:\xxfxlfl.exe116⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe117⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe118⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe119⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe120⤵
-
\??\c:\7xfxxxf.exec:\7xfxxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-