Analysis
-
max time kernel
89s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 13:21
General
-
Target
f126b1e8ce8b2a1298cdb3093a145b80_NeikiAnalytics.exe
-
Size
66KB
-
MD5
f126b1e8ce8b2a1298cdb3093a145b80
-
SHA1
398f85dcf69c3f11d871c08e3833fb6ac01499d6
-
SHA256
8e9d0b3112637052664be15d41887feeb56957273153dd5f9c3d78f945981318
-
SHA512
7cda7eb93c5dd4d48c27cc9876fa99bc6ad9a9dcd08929fd6db8a55f92ccdb4d841114bdf64a1213a4cca831d139286db88888e50cb35f26bca0b59a145d09a0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUPqrDZLi:ymb3NkkiQ3mdBjF0yUmdi
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f126b1e8ce8b2a1298cdb3093a145b80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f126b1e8ce8b2a1298cdb3093a145b80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlllr.exec:\xrrlllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxlll.exec:\lxrxlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdvv.exec:\jpdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbhh.exec:\httbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fflfxl.exec:\7fflfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbbt.exec:\nbbbbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpp.exec:\jpvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttbb.exec:\htttbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvj.exec:\vvpvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbttn.exec:\tnbttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpp.exec:\vpvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttn.exec:\nhtttn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbb.exec:\nhntbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxlrlx.exec:\rfxlrlx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpj.exec:\jdvpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbn.exec:\bbhtbn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhb.exec:\hnhhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvv.exec:\pdpvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrxrf.exec:\flfrxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\hbtnhb.exec:\hbtnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\flrrlxr.exec:\flrrlxr.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe26⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\xxrllxf.exec:\xxrllxf.exe29⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\lfflflr.exec:\lfflflr.exe31⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\fxllllf.exec:\fxllllf.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\1pvpp.exec:\1pvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\tbhbtn.exec:\tbhbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\httbbn.exec:\httbbn.exe39⤵
- Executes dropped EXE
-
\??\c:\lflfllf.exec:\lflfllf.exe40⤵
- Executes dropped EXE
-
\??\c:\flrxxrx.exec:\flrxxrx.exe41⤵
- Executes dropped EXE
-
\??\c:\rxlxxxr.exec:\rxlxxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\5bhtth.exec:\5bhtth.exe44⤵
- Executes dropped EXE
-
\??\c:\bhbnbn.exec:\bhbnbn.exe45⤵
- Executes dropped EXE
-
\??\c:\9vdjj.exec:\9vdjj.exe46⤵
- Executes dropped EXE
-
\??\c:\thbtbt.exec:\thbtbt.exe47⤵
- Executes dropped EXE
-
\??\c:\llxxrff.exec:\llxxrff.exe48⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe49⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\rfllllf.exec:\rfllllf.exe51⤵
- Executes dropped EXE
-
\??\c:\rfrlllx.exec:\rfrlllx.exe52⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe53⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe54⤵
- Executes dropped EXE
-
\??\c:\5xfflxr.exec:\5xfflxr.exe55⤵
- Executes dropped EXE
-
\??\c:\lrrfrff.exec:\lrrfrff.exe56⤵
- Executes dropped EXE
-
\??\c:\fxfflxr.exec:\fxfflxr.exe57⤵
- Executes dropped EXE
-
\??\c:\rxrxfxl.exec:\rxrxfxl.exe58⤵
- Executes dropped EXE
-
\??\c:\jpjpv.exec:\jpjpv.exe59⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe60⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe61⤵
- Executes dropped EXE
-
\??\c:\flxrxrx.exec:\flxrxrx.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\bnthnh.exec:\bnthnh.exe64⤵
- Executes dropped EXE
-
\??\c:\tbbhbh.exec:\tbbhbh.exe65⤵
- Executes dropped EXE
-
\??\c:\xllrlrr.exec:\xllrlrr.exe66⤵
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe67⤵
-
\??\c:\rflrrlr.exec:\rflrrlr.exe68⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe69⤵
-
\??\c:\hhnbnb.exec:\hhnbnb.exe70⤵
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe71⤵
-
\??\c:\bbbbhb.exec:\bbbbhb.exe72⤵
-
\??\c:\nnbntt.exec:\nnbntt.exe73⤵
-
\??\c:\ntttnb.exec:\ntttnb.exe74⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe75⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe76⤵
-
\??\c:\bnbtnn.exec:\bnbtnn.exe77⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe78⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe79⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe80⤵
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe81⤵
-
\??\c:\9xrrfrl.exec:\9xrrfrl.exe82⤵
-
\??\c:\jvvpv.exec:\jvvpv.exe83⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe84⤵
-
\??\c:\jjppd.exec:\jjppd.exe85⤵
-
\??\c:\ddppp.exec:\ddppp.exe86⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe87⤵
-
\??\c:\fflfxrx.exec:\fflfxrx.exe88⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe89⤵
-
\??\c:\rxlflxx.exec:\rxlflxx.exe90⤵
-
\??\c:\1xrxlxr.exec:\1xrxlxr.exe91⤵
-
\??\c:\vdjvd.exec:\vdjvd.exe92⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe93⤵
-
\??\c:\hhbntb.exec:\hhbntb.exe94⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe95⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe96⤵
-
\??\c:\djvpv.exec:\djvpv.exe97⤵
-
\??\c:\nthbnh.exec:\nthbnh.exe98⤵
-
\??\c:\tbhtnn.exec:\tbhtnn.exe99⤵
-
\??\c:\pjddd.exec:\pjddd.exe100⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe101⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe102⤵
-
\??\c:\pdppd.exec:\pdppd.exe103⤵
-
\??\c:\nthbhh.exec:\nthbhh.exe104⤵
-
\??\c:\lxllflf.exec:\lxllflf.exe105⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe106⤵
-
\??\c:\hnbtnn.exec:\hnbtnn.exe107⤵
-
\??\c:\bbttbt.exec:\bbttbt.exe108⤵
-
\??\c:\fxrrllf.exec:\fxrrllf.exe109⤵
-
\??\c:\pvppv.exec:\pvppv.exe110⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe111⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe112⤵
-
\??\c:\ppppp.exec:\ppppp.exe113⤵
-
\??\c:\bntthh.exec:\bntthh.exe114⤵
-
\??\c:\bbtnbn.exec:\bbtnbn.exe115⤵
-
\??\c:\hbhhth.exec:\hbhhth.exe116⤵
-
\??\c:\xlrlrxf.exec:\xlrlrxf.exe117⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe118⤵
-
\??\c:\fxllxfx.exec:\fxllxfx.exe119⤵
-
\??\c:\ttttnn.exec:\ttttnn.exe120⤵
-
\??\c:\rrxxlxx.exec:\rrxxlxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-