Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26-05-2024 08:35
General
-
Target
073df16d266f2426e71999432c7cbf30_NeikiAnalytics.exe
-
Size
66KB
-
MD5
073df16d266f2426e71999432c7cbf30
-
SHA1
e7c8145a4385f02844a5963612369f79b7a86069
-
SHA256
f81d7aa3d3fe48d7ea3d5b570d7cc37f068222b7f092745f5a27b95abaf5eb44
-
SHA512
5f93c45bf4d4c177e026d0cc3ffa6d2c955e79c76a2b9b450424b81ff6bba7d48c15df86c4a82fec431e0c19be9a24c356bef703300493f9b8133af1e8c48f34
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJUDbAI8:ymb3NkkiQ3mdBjFIFdJ8bu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\073df16d266f2426e71999432c7cbf30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\073df16d266f2426e71999432c7cbf30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhhbb.exec:\7hhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxrffl.exec:\3lxrffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnhb.exec:\htnnhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhbh.exec:\hhnhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppj.exec:\vpppj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxlfr.exec:\flfxlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlfxrl.exec:\3xlfxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnnh.exec:\hntnnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhh.exec:\hbtnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpv.exec:\ddjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhh.exec:\hntnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrff.exec:\9xfxrff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbbtb.exec:\9tbbtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrlll.exec:\rlxrlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbb.exec:\nnhbbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvd.exec:\jdjvd.exe23⤵
- Executes dropped EXE
-
\??\c:\7llfflf.exec:\7llfflf.exe24⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe26⤵
- Executes dropped EXE
-
\??\c:\3flfffx.exec:\3flfffx.exe27⤵
- Executes dropped EXE
-
\??\c:\flrrxfl.exec:\flrrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnbnh.exec:\ntnbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe30⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rllffff.exec:\rllffff.exe32⤵
- Executes dropped EXE
-
\??\c:\fxffflf.exec:\fxffflf.exe33⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\3jdvp.exec:\3jdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\7fxxrlx.exec:\7fxxrlx.exe36⤵
- Executes dropped EXE
-
\??\c:\bhnntn.exec:\bhnntn.exe37⤵
- Executes dropped EXE
-
\??\c:\nhnnhh.exec:\nhnnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\vjdpd.exec:\vjdpd.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrxxrl.exec:\rfrxxrl.exe40⤵
- Executes dropped EXE
-
\??\c:\xrllllr.exec:\xrllllr.exe41⤵
- Executes dropped EXE
-
\??\c:\hntbtn.exec:\hntbtn.exe42⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\rlxlfxf.exec:\rlxlfxf.exe44⤵
- Executes dropped EXE
-
\??\c:\3rrlflf.exec:\3rrlflf.exe45⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\1ttnhh.exec:\1ttnhh.exe47⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe49⤵
- Executes dropped EXE
-
\??\c:\lflfxff.exec:\lflfxff.exe50⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe51⤵
- Executes dropped EXE
-
\??\c:\bhhbtt.exec:\bhhbtt.exe52⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrlrrr.exec:\rlrlrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\btnbhh.exec:\btnbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\jjjjd.exec:\jjjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\lrfrxlx.exec:\lrfrxlx.exe57⤵
- Executes dropped EXE
-
\??\c:\hthhnb.exec:\hthhnb.exe58⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\1vppj.exec:\1vppj.exe60⤵
- Executes dropped EXE
-
\??\c:\frxrlrr.exec:\frxrlrr.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhbbb.exec:\nhhbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\3ddvp.exec:\3ddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\5pdjv.exec:\5pdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\xrllllr.exec:\xrllllr.exe65⤵
- Executes dropped EXE
-
\??\c:\tthbbt.exec:\tthbbt.exe66⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe67⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe68⤵
-
\??\c:\1pppj.exec:\1pppj.exe69⤵
-
\??\c:\llfxfff.exec:\llfxfff.exe70⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe71⤵
-
\??\c:\hbbbbn.exec:\hbbbbn.exe72⤵
-
\??\c:\ddppd.exec:\ddppd.exe73⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe74⤵
-
\??\c:\lrfxllf.exec:\lrfxllf.exe75⤵
-
\??\c:\htnbht.exec:\htnbht.exe76⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe77⤵
-
\??\c:\xllrlxl.exec:\xllrlxl.exe78⤵
-
\??\c:\nhthth.exec:\nhthth.exe79⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe80⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe81⤵
-
\??\c:\3frrflx.exec:\3frrflx.exe82⤵
-
\??\c:\xxffffx.exec:\xxffffx.exe83⤵
-
\??\c:\nnthbt.exec:\nnthbt.exe84⤵
-
\??\c:\1nbhbt.exec:\1nbhbt.exe85⤵
-
\??\c:\9vvpv.exec:\9vvpv.exe86⤵
-
\??\c:\rrxfxrl.exec:\rrxfxrl.exe87⤵
-
\??\c:\xrfflrr.exec:\xrfflrr.exe88⤵
-
\??\c:\thttnn.exec:\thttnn.exe89⤵
-
\??\c:\tntbtt.exec:\tntbtt.exe90⤵
-
\??\c:\hhbtnb.exec:\hhbtnb.exe91⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe92⤵
-
\??\c:\rflxrrr.exec:\rflxrrr.exe93⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe94⤵
-
\??\c:\lxfxffr.exec:\lxfxffr.exe95⤵
-
\??\c:\5nnhtt.exec:\5nnhtt.exe96⤵
-
\??\c:\htntbb.exec:\htntbb.exe97⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe98⤵
-
\??\c:\jvddv.exec:\jvddv.exe99⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe100⤵
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe101⤵
-
\??\c:\thnhhb.exec:\thnhhb.exe102⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe103⤵
-
\??\c:\vpppj.exec:\vpppj.exe104⤵
-
\??\c:\vpvjj.exec:\vpvjj.exe105⤵
-
\??\c:\5frlffx.exec:\5frlffx.exe106⤵
-
\??\c:\nbtnhh.exec:\nbtnhh.exe107⤵
-
\??\c:\pjppd.exec:\pjppd.exe108⤵
-
\??\c:\9vdvp.exec:\9vdvp.exe109⤵
-
\??\c:\xffffrr.exec:\xffffrr.exe110⤵
-
\??\c:\lfxrrrl.exec:\lfxrrrl.exe111⤵
-
\??\c:\btntnn.exec:\btntnn.exe112⤵
-
\??\c:\7jvpd.exec:\7jvpd.exe113⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe114⤵
-
\??\c:\rfrlffx.exec:\rfrlffx.exe115⤵
-
\??\c:\fxlllff.exec:\fxlllff.exe116⤵
-
\??\c:\bbbthh.exec:\bbbthh.exe117⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe118⤵
-
\??\c:\7jvvp.exec:\7jvvp.exe119⤵
-
\??\c:\xlrfxrl.exec:\xlrfxrl.exe120⤵
-
\??\c:\3fllxxf.exec:\3fllxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-