Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 05:25
General
-
Target
0bf85f34e230e5ee5c18a7ad37f42440_NeikiAnalytics.exe
-
Size
71KB
-
MD5
0bf85f34e230e5ee5c18a7ad37f42440
-
SHA1
c9d3c8fb9e9c85dbd73dd1a68961fa813548731d
-
SHA256
1f009b5cf965ed2aa81a1a733317173d195346de000fd10e78e9bb721ad6f22e
-
SHA512
2c12d44c3d43ecef70d88322895cc20ef5f277183eca99778f6a31f5dacfd9345db73a24b6f2bd02b879c2fa75b6e2bd144522d3669d5add7515222fda09718b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSp:ymb3NkkiQ3mdBjFIynIKp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 31 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0bf85f34e230e5ee5c18a7ad37f42440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0bf85f34e230e5ee5c18a7ad37f42440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxrrx.exec:\rffxrrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrllf.exec:\rllrllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbh.exec:\nnthbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpj.exec:\7pvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppv.exec:\dpppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlxr.exec:\lflrlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhnn.exec:\bbhhnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdddp.exec:\pdddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffffl.exec:\rxffffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhh.exec:\hhhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjd.exec:\pvvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbbn.exec:\hhtbbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppv.exec:\ppppv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xllrrx.exec:\1xllrrx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfxxr.exec:\xrlfxxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbttt.exec:\btbttt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvjd.exec:\9pvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrllf.exec:\rlrrllf.exe23⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\lxrrxlf.exec:\lxrrxlf.exe25⤵
- Executes dropped EXE
-
\??\c:\xxffxrl.exec:\xxffxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe27⤵
- Executes dropped EXE
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\5rffxff.exec:\5rffxff.exe29⤵
- Executes dropped EXE
-
\??\c:\bthhbb.exec:\bthhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\1dvvj.exec:\1dvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxrllf.exec:\xrxrllf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe36⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\fxlfllr.exec:\fxlfllr.exe38⤵
- Executes dropped EXE
-
\??\c:\hthhbh.exec:\hthhbh.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe41⤵
- Executes dropped EXE
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe44⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllrfx.exec:\xxllrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnnnn.exec:\tbnnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\1pvpv.exec:\1pvpv.exe48⤵
- Executes dropped EXE
-
\??\c:\5rffllr.exec:\5rffllr.exe49⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe50⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe51⤵
- Executes dropped EXE
-
\??\c:\xflrlrx.exec:\xflrlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\frfxxxx.exec:\frfxxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjjjp.exec:\vjjjp.exe55⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe56⤵
- Executes dropped EXE
-
\??\c:\xlllrlf.exec:\xlllrlf.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\9btnbb.exec:\9btnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe61⤵
- Executes dropped EXE
-
\??\c:\9lrrfff.exec:\9lrrfff.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhhhh.exec:\hbhhhh.exe63⤵
- Executes dropped EXE
-
\??\c:\tnnnhh.exec:\tnnnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\pjjpd.exec:\pjjpd.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvpd.exec:\dpvpd.exe66⤵
-
\??\c:\lxrrflf.exec:\lxrrflf.exe67⤵
-
\??\c:\rlllxxr.exec:\rlllxxr.exe68⤵
-
\??\c:\tntttt.exec:\tntttt.exe69⤵
-
\??\c:\bbhbbt.exec:\bbhbbt.exe70⤵
-
\??\c:\ddddd.exec:\ddddd.exe71⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe72⤵
-
\??\c:\xlrfxxl.exec:\xlrfxxl.exe73⤵
-
\??\c:\fxrllfx.exec:\fxrllfx.exe74⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe75⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe76⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe77⤵
-
\??\c:\nbnbnh.exec:\nbnbnh.exe78⤵
-
\??\c:\djjpj.exec:\djjpj.exe79⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe80⤵
-
\??\c:\rrlfrrr.exec:\rrlfrrr.exe81⤵
-
\??\c:\htttnn.exec:\htttnn.exe82⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe83⤵
-
\??\c:\ddppp.exec:\ddppp.exe84⤵
-
\??\c:\vppjj.exec:\vppjj.exe85⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe86⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe87⤵
-
\??\c:\hhntnt.exec:\hhntnt.exe88⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe89⤵
-
\??\c:\fxxrlfr.exec:\fxxrlfr.exe90⤵
-
\??\c:\xxrrrlf.exec:\xxrrrlf.exe91⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe92⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe93⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe94⤵
-
\??\c:\jddvp.exec:\jddvp.exe95⤵
-
\??\c:\flrrlll.exec:\flrrlll.exe96⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe97⤵
-
\??\c:\9tthhh.exec:\9tthhh.exe98⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe99⤵
-
\??\c:\7jjdp.exec:\7jjdp.exe100⤵
-
\??\c:\rlllflf.exec:\rlllflf.exe101⤵
-
\??\c:\rlffrfl.exec:\rlffrfl.exe102⤵
-
\??\c:\5bnhbb.exec:\5bnhbb.exe103⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe104⤵
-
\??\c:\5jpvv.exec:\5jpvv.exe105⤵
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe106⤵
-
\??\c:\fxrxrrx.exec:\fxrxrrx.exe107⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe108⤵
-
\??\c:\pppjj.exec:\pppjj.exe109⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe110⤵
-
\??\c:\xxlfffr.exec:\xxlfffr.exe111⤵
-
\??\c:\xfffxrr.exec:\xfffxrr.exe112⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe113⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe114⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe115⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe116⤵
-
\??\c:\5rxrllf.exec:\5rxrllf.exe117⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe118⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe119⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe120⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-