Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 09:09
General
-
Target
8ddbc8099fe1edc089c729a99d6d5ea0_NeikiAnalytics.exe
-
Size
68KB
-
MD5
8ddbc8099fe1edc089c729a99d6d5ea0
-
SHA1
f28af04022f24346385622184ef2f476757c1b4a
-
SHA256
26dc6bf9f5c8c5c7cd19a25d0af62608d0344f8cb890ddd5e78bd38547f06d83
-
SHA512
c13c579f1042cc758978e39437a8f29bc69f19b95d04daacefff318e7971b5a69be469724d5f3da71e90ba52d14b34a98b69a1e992998ca84312cea161579383
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbuf:ymb3NkkiQ3mdBjFIfvTfCD+H/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ddbc8099fe1edc089c729a99d6d5ea0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8ddbc8099fe1edc089c729a99d6d5ea0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxflff.exec:\rxxflff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfxfx.exec:\7llfxfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbbnn.exec:\5bbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ttnbt.exec:\7ttnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxxr.exec:\rlllxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnn.exec:\bnttnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpjp.exec:\5jpjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlff.exec:\flrrlff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdpj.exec:\3jdpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvdp.exec:\5pvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxxfx.exec:\fxrxxfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtt.exec:\hnbbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxrxr.exec:\1xfxrxr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbnb.exec:\bbbbnb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbnn.exec:\tnnbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpj.exec:\pdvpj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxlfxr.exec:\7xxlfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lxfxrlf.exec:\lxfxrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\htnhtb.exec:\htnhtb.exe28⤵
- Executes dropped EXE
-
\??\c:\dvvdv.exec:\dvvdv.exe29⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe30⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe31⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\3fxxrrl.exec:\3fxxrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\1bbnhh.exec:\1bbnhh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\fxxrllr.exec:\fxxrllr.exe37⤵
- Executes dropped EXE
-
\??\c:\hnnhhb.exec:\hnnhhb.exe38⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe40⤵
- Executes dropped EXE
-
\??\c:\vppjv.exec:\vppjv.exe41⤵
- Executes dropped EXE
-
\??\c:\lxlrffx.exec:\lxlrffx.exe42⤵
- Executes dropped EXE
-
\??\c:\hhhtnb.exec:\hhhtnb.exe43⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe44⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\9frxrrr.exec:\9frxrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\lxffllx.exec:\lxffllx.exe47⤵
- Executes dropped EXE
-
\??\c:\ttbthh.exec:\ttbthh.exe48⤵
- Executes dropped EXE
-
\??\c:\thbtnb.exec:\thbtnb.exe49⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\xrlrrrf.exec:\xrlrrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\frffllf.exec:\frffllf.exe53⤵
- Executes dropped EXE
-
\??\c:\9btnnn.exec:\9btnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\htbthh.exec:\htbthh.exe55⤵
- Executes dropped EXE
-
\??\c:\jjjpp.exec:\jjjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\frrlxll.exec:\frrlxll.exe57⤵
- Executes dropped EXE
-
\??\c:\flrrrfx.exec:\flrrrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\nttbbb.exec:\nttbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3hhbtn.exec:\3hhbtn.exe60⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe61⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe62⤵
- Executes dropped EXE
-
\??\c:\rxrllff.exec:\rxrllff.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrrlff.exec:\xfrrlff.exe64⤵
- Executes dropped EXE
-
\??\c:\hnbbbh.exec:\hnbbbh.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbthh.exec:\bnbthh.exe66⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe67⤵
-
\??\c:\vppdj.exec:\vppdj.exe68⤵
-
\??\c:\xrrxxxx.exec:\xrrxxxx.exe69⤵
-
\??\c:\9fllffx.exec:\9fllffx.exe70⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe71⤵
-
\??\c:\7htttb.exec:\7htttb.exe72⤵
-
\??\c:\5vpjd.exec:\5vpjd.exe73⤵
-
\??\c:\dpjvp.exec:\dpjvp.exe74⤵
-
\??\c:\rfrxxxx.exec:\rfrxxxx.exe75⤵
-
\??\c:\rllffff.exec:\rllffff.exe76⤵
-
\??\c:\tnnnnb.exec:\tnnnnb.exe77⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe78⤵
-
\??\c:\3pjvp.exec:\3pjvp.exe79⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe80⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe81⤵
-
\??\c:\1bhhhn.exec:\1bhhhn.exe82⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe83⤵
-
\??\c:\jddpp.exec:\jddpp.exe84⤵
-
\??\c:\frxxxfx.exec:\frxxxfx.exe85⤵
-
\??\c:\xxfxfrx.exec:\xxfxfrx.exe86⤵
-
\??\c:\7nhhhh.exec:\7nhhhh.exe87⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe88⤵
-
\??\c:\fxrllrx.exec:\fxrllrx.exe89⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe90⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe91⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe92⤵
-
\??\c:\lllfxlf.exec:\lllfxlf.exe93⤵
-
\??\c:\rxrrlfx.exec:\rxrrlfx.exe94⤵
-
\??\c:\bbbbtb.exec:\bbbbtb.exe95⤵
-
\??\c:\nhtttt.exec:\nhtttt.exe96⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe97⤵
-
\??\c:\fxfffxr.exec:\fxfffxr.exe98⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe99⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe100⤵
-
\??\c:\djjvp.exec:\djjvp.exe101⤵
-
\??\c:\lffxlfx.exec:\lffxlfx.exe102⤵
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe103⤵
-
\??\c:\1flfrlf.exec:\1flfrlf.exe104⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe105⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe106⤵
-
\??\c:\9ddvj.exec:\9ddvj.exe107⤵
-
\??\c:\9xxfrxr.exec:\9xxfrxr.exe108⤵
-
\??\c:\ffrlllf.exec:\ffrlllf.exe109⤵
-
\??\c:\7ffxrlx.exec:\7ffxrlx.exe110⤵
-
\??\c:\tbbbtb.exec:\tbbbtb.exe111⤵
-
\??\c:\1nhbnh.exec:\1nhbnh.exe112⤵
-
\??\c:\pddvj.exec:\pddvj.exe113⤵
-
\??\c:\ddddv.exec:\ddddv.exe114⤵
-
\??\c:\rfxxrxf.exec:\rfxxrxf.exe115⤵
-
\??\c:\lrrrllf.exec:\lrrrllf.exe116⤵
-
\??\c:\5ttnnh.exec:\5ttnnh.exe117⤵
-
\??\c:\nbbnnt.exec:\nbbnnt.exe118⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe119⤵
-
\??\c:\7pjdp.exec:\7pjdp.exe120⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-