Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/05/2024, 19:24
General
-
Target
10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe
-
Size
66KB
-
MD5
10576250f3bca1089e6277e9e44ecb30
-
SHA1
b320daf96da6c4a165e181407028ced066016f9b
-
SHA256
f714f902b143b780e5d2a433fd664ef8e99d649f50f7a0ce5aa7427a6277e9f4
-
SHA512
b78839afc98e0f3ad2665fe233ad68e4c05d1930f6f97b2a3bc3c72f9e362e147eaaf8a77181ff0ad284c5b50dfccd2dd44389d520695353a39b2c3087f0d58a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmcz:ymb3NkkiQ3mdBjFI46TQyXmcz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrfrlf.exec:\5xrfrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrlll.exec:\lflrlll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnnhh.exec:\9tnnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ntbtt.exec:\9ntbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lllllf.exec:\9lllllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxrl.exec:\rfffxrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnht.exec:\tnbnht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhnt.exec:\hhhhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpj.exec:\vvvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrxf.exec:\lflrrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrrf.exec:\xrffrrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhtt.exec:\nbnhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjd.exec:\jvpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvj.exec:\7ddvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrffx.exec:\7xrrffx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtht.exec:\tnbtht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdvd.exec:\1vdvd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllffx.exec:\flllffx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbbt.exec:\ttbbbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbth.exec:\ttnbth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\fffrllf.exec:\fffrllf.exe24⤵
- Executes dropped EXE
-
\??\c:\fflffxf.exec:\fflffxf.exe25⤵
- Executes dropped EXE
-
\??\c:\tbbbnh.exec:\tbbbnh.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\5xrlxfx.exec:\5xrlxfx.exe28⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe30⤵
- Executes dropped EXE
-
\??\c:\1xxxxff.exec:\1xxxxff.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhnnn.exec:\hhhnnn.exe32⤵
- Executes dropped EXE
-
\??\c:\9ntttb.exec:\9ntttb.exe33⤵
- Executes dropped EXE
-
\??\c:\1pvdd.exec:\1pvdd.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\1lrrlrl.exec:\1lrrlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\3hhnnn.exec:\3hhnnn.exe37⤵
- Executes dropped EXE
-
\??\c:\7hnhtb.exec:\7hnhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\vdvpv.exec:\vdvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe41⤵
- Executes dropped EXE
-
\??\c:\ffxfxxr.exec:\ffxfxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe43⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe44⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrfff.exec:\xrlrfff.exe46⤵
- Executes dropped EXE
-
\??\c:\xrfxxxx.exec:\xrfxxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\rfrrlrx.exec:\rfrrlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe49⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe50⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe51⤵
- Executes dropped EXE
-
\??\c:\fflfrll.exec:\fflfrll.exe52⤵
- Executes dropped EXE
-
\??\c:\thhhbh.exec:\thhhbh.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\7xllrrf.exec:\7xllrrf.exe55⤵
- Executes dropped EXE
-
\??\c:\1bnnnt.exec:\1bnnnt.exe56⤵
- Executes dropped EXE
-
\??\c:\7hhhbh.exec:\7hhhbh.exe57⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe58⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe59⤵
- Executes dropped EXE
-
\??\c:\xxxrxxx.exec:\xxxrxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\rxrllrl.exec:\rxrllrl.exe61⤵
- Executes dropped EXE
-
\??\c:\ttbhhn.exec:\ttbhhn.exe62⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe63⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe64⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\xrllffr.exec:\xrllffr.exe66⤵
-
\??\c:\lfflrxx.exec:\lfflrxx.exe67⤵
-
\??\c:\rlxllll.exec:\rlxllll.exe68⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe69⤵
-
\??\c:\nttbbh.exec:\nttbbh.exe70⤵
-
\??\c:\vdddd.exec:\vdddd.exe71⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe72⤵
-
\??\c:\rlrxxff.exec:\rlrxxff.exe73⤵
-
\??\c:\fflxxxx.exec:\fflxxxx.exe74⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe75⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe76⤵
-
\??\c:\jjppv.exec:\jjppv.exe77⤵
-
\??\c:\pvvvv.exec:\pvvvv.exe78⤵
-
\??\c:\fxfllll.exec:\fxfllll.exe79⤵
-
\??\c:\fflllxx.exec:\fflllxx.exe80⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe81⤵
-
\??\c:\bhhhbb.exec:\bhhhbb.exe82⤵
-
\??\c:\hthbhh.exec:\hthbhh.exe83⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe84⤵
-
\??\c:\5vddv.exec:\5vddv.exe85⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe86⤵
-
\??\c:\llrrflx.exec:\llrrflx.exe87⤵
-
\??\c:\xxrrfff.exec:\xxrrfff.exe88⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe89⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe90⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe91⤵
-
\??\c:\xxffrxx.exec:\xxffrxx.exe92⤵
-
\??\c:\ffrlflr.exec:\ffrlflr.exe93⤵
-
\??\c:\7ttnnn.exec:\7ttnnn.exe94⤵
-
\??\c:\ttttth.exec:\ttttth.exe95⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe96⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe97⤵
-
\??\c:\lrxllxx.exec:\lrxllxx.exe98⤵
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe99⤵
-
\??\c:\lffrlrr.exec:\lffrlrr.exe100⤵
-
\??\c:\7nnnnn.exec:\7nnnnn.exe101⤵
-
\??\c:\hhnttb.exec:\hhnttb.exe102⤵
-
\??\c:\djjdd.exec:\djjdd.exe103⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe104⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe105⤵
-
\??\c:\9flrrxx.exec:\9flrrxx.exe106⤵
-
\??\c:\rxfflfx.exec:\rxfflfx.exe107⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe108⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe109⤵
-
\??\c:\vpppp.exec:\vpppp.exe110⤵
-
\??\c:\ddppp.exec:\ddppp.exe111⤵
-
\??\c:\llxrrrr.exec:\llxrrrr.exe112⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe113⤵
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe114⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe115⤵
-
\??\c:\bbtttt.exec:\bbtttt.exe116⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe117⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe118⤵
-
\??\c:\fxllflf.exec:\fxllflf.exe119⤵
-
\??\c:\lrflrff.exec:\lrflrff.exe120⤵
-
\??\c:\hntbbh.exec:\hntbbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-