Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 18:24
General
-
Target
06d70f148025e5b316ed7b27a84655c0_NeikiAnalytics.exe
-
Size
78KB
-
MD5
06d70f148025e5b316ed7b27a84655c0
-
SHA1
870704c520381dd4e9664553634bdb46b7f776e9
-
SHA256
280663903f1b693b5761558f4df307a00592514bffe7405568b1ab0ebd4914c3
-
SHA512
120b09854711d96d0ac860c0572cc3c6edbb3804e2a73003e35c2143e9037c3218775a02d032010249a9dfaca16ef7aabfec508e08bd4326d5d99ab7aa2e5751
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdctf:ymb3NkkiQ3mdBjFo68YBVIJc9Jtxtf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06d70f148025e5b316ed7b27a84655c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06d70f148025e5b316ed7b27a84655c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdvp.exec:\vjdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbnh.exec:\tttbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvp.exec:\pjvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrrrl.exec:\llfrrrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttt.exec:\bttttt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxfxff.exec:\5rxfxff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnntb.exec:\bbnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbbn.exec:\httbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbb.exec:\btnhbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdd.exec:\ddvdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxrr.exec:\rrfxxrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnn.exec:\nnnnnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbh.exec:\nbbhbh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvd.exec:\pjdvd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rffxxx.exec:\1rffxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnbtn.exec:\nhnbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\ffxlffl.exec:\ffxlffl.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbtnt.exec:\hbbtnt.exe26⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe27⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe28⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe30⤵
- Executes dropped EXE
-
\??\c:\7ffffrr.exec:\7ffffrr.exe31⤵
- Executes dropped EXE
-
\??\c:\hntnhb.exec:\hntnhb.exe32⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\fxxrfrr.exec:\fxxrfrr.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbbhn.exec:\tnbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe36⤵
- Executes dropped EXE
-
\??\c:\3djpj.exec:\3djpj.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe38⤵
- Executes dropped EXE
-
\??\c:\bhhbbh.exec:\bhhbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe40⤵
- Executes dropped EXE
-
\??\c:\ppvvj.exec:\ppvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\7rrlffx.exec:\7rrlffx.exe42⤵
- Executes dropped EXE
-
\??\c:\xlxfffx.exec:\xlxfffx.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe44⤵
- Executes dropped EXE
-
\??\c:\3ppjj.exec:\3ppjj.exe45⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\llxxxxf.exec:\llxxxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\lflffff.exec:\lflffff.exe48⤵
- Executes dropped EXE
-
\??\c:\ttttbb.exec:\ttttbb.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbttt.exec:\hhbttt.exe50⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe51⤵
- Executes dropped EXE
-
\??\c:\3jppd.exec:\3jppd.exe52⤵
- Executes dropped EXE
-
\??\c:\llllxxx.exec:\llllxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\lxflrrr.exec:\lxflrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\5bhhbb.exec:\5bhhbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tnttnb.exec:\tnttnb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\vvvvv.exec:\vvvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrrllr.exec:\rfrrllr.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\3hnttt.exec:\3hnttt.exe61⤵
- Executes dropped EXE
-
\??\c:\tbnhbb.exec:\tbnhbb.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\frlrfll.exec:\frlrfll.exe65⤵
- Executes dropped EXE
-
\??\c:\frfffll.exec:\frfffll.exe66⤵
-
\??\c:\nhhnnn.exec:\nhhnnn.exe67⤵
-
\??\c:\fffrrxl.exec:\fffrrxl.exe68⤵
-
\??\c:\rlrlfxx.exec:\rlrlfxx.exe69⤵
-
\??\c:\tbbttt.exec:\tbbttt.exe70⤵
-
\??\c:\bttbtt.exec:\bttbtt.exe71⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe72⤵
-
\??\c:\xxxxxrr.exec:\xxxxxrr.exe73⤵
-
\??\c:\xxlxllr.exec:\xxlxllr.exe74⤵
-
\??\c:\5tnhnn.exec:\5tnhnn.exe75⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe76⤵
-
\??\c:\xflfxlf.exec:\xflfxlf.exe77⤵
-
\??\c:\rrfflrx.exec:\rrfflrx.exe78⤵
-
\??\c:\httbtt.exec:\httbtt.exe79⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe80⤵
-
\??\c:\fxfffxl.exec:\fxfffxl.exe81⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe82⤵
-
\??\c:\1bhhtb.exec:\1bhhtb.exe83⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe84⤵
-
\??\c:\ddppj.exec:\ddppj.exe85⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe86⤵
-
\??\c:\rrxfffl.exec:\rrxfffl.exe87⤵
-
\??\c:\9tbtnh.exec:\9tbtnh.exe88⤵
-
\??\c:\bntttn.exec:\bntttn.exe89⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe90⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe91⤵
-
\??\c:\lrlllfx.exec:\lrlllfx.exe92⤵
-
\??\c:\btbtth.exec:\btbtth.exe93⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe94⤵
-
\??\c:\jjddv.exec:\jjddv.exe95⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe96⤵
-
\??\c:\rxrlfff.exec:\rxrlfff.exe97⤵
-
\??\c:\bbnhht.exec:\bbnhht.exe98⤵
-
\??\c:\3hnnnn.exec:\3hnnnn.exe99⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe100⤵
-
\??\c:\7pvpj.exec:\7pvpj.exe101⤵
-
\??\c:\rllflfx.exec:\rllflfx.exe102⤵
-
\??\c:\xfffxrr.exec:\xfffxrr.exe103⤵
-
\??\c:\hnhhnn.exec:\hnhhnn.exe104⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe105⤵
-
\??\c:\1djjd.exec:\1djjd.exe106⤵
-
\??\c:\rllfxfx.exec:\rllfxfx.exe107⤵
-
\??\c:\lfllrrl.exec:\lfllrrl.exe108⤵
-
\??\c:\5hbhht.exec:\5hbhht.exe109⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe110⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe111⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe112⤵
-
\??\c:\3rfxrxx.exec:\3rfxrxx.exe113⤵
-
\??\c:\lfxrrfx.exec:\lfxrrfx.exe114⤵
-
\??\c:\htbnth.exec:\htbnth.exe115⤵
-
\??\c:\pppjv.exec:\pppjv.exe116⤵
-
\??\c:\rlfxrxx.exec:\rlfxrxx.exe117⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe118⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe119⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe120⤵
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-