Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 15:22
General
-
Target
0dd5cfd56bced358eff752d77482d0c0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
0dd5cfd56bced358eff752d77482d0c0
-
SHA1
a21e3078aa4ad70d54086a69f91a93905f4422c5
-
SHA256
aa7d71b70f6f3c4a2e3be99394724a3a4c3a7b16cb5ce54913a1aaabb1dbc37f
-
SHA512
5c84b689389182c1bb73095e1c47e96eb76d7e01a3f8a85f0c98edd6fb86bc874ada04e7c87e5674090e858b2467eafa056facce5d3cd3c3c8fd7a24f12ab518
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvdt:ymb3NkkiQ3mdBjF0yMlu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0dd5cfd56bced358eff752d77482d0c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0dd5cfd56bced358eff752d77482d0c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrlx.exec:\lxfxrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnhn.exec:\bhnnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddd.exec:\3vddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddv.exec:\dvddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llllrx.exec:\5llllrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbbtt.exec:\3bbbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvv.exec:\vjpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllfll.exec:\rfllfll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbtb.exec:\tntbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbb.exec:\nnbbbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdv.exec:\ppvdv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrl.exec:\rllfrrl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthb.exec:\nhbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvp.exec:\pvvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfxxrr.exec:\1lfxxrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bhbhh.exec:\7bhbhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjd.exec:\jjpjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbthh.exec:\ttbthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe23⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe24⤵
- Executes dropped EXE
-
\??\c:\3dvdj.exec:\3dvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\llxrxfl.exec:\llxrxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbhht.exec:\hbbhht.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjdj.exec:\jpjdj.exe28⤵
- Executes dropped EXE
-
\??\c:\nthnbt.exec:\nthnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfxrrf.exec:\fxfxrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\bnhthb.exec:\bnhthb.exe32⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe33⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe34⤵
- Executes dropped EXE
-
\??\c:\lfllrlf.exec:\lfllrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnnhbn.exec:\tnnhbn.exe36⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe37⤵
- Executes dropped EXE
-
\??\c:\7pjpd.exec:\7pjpd.exe38⤵
- Executes dropped EXE
-
\??\c:\lffxrrr.exec:\lffxrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\9rxxllx.exec:\9rxxllx.exe40⤵
- Executes dropped EXE
-
\??\c:\tbbhbb.exec:\tbbhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\jvpjd.exec:\jvpjd.exe42⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe44⤵
- Executes dropped EXE
-
\??\c:\5hbttt.exec:\5hbttt.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe46⤵
- Executes dropped EXE
-
\??\c:\1ddjv.exec:\1ddjv.exe47⤵
- Executes dropped EXE
-
\??\c:\lxrlfxx.exec:\lxrlfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\hhnnbt.exec:\hhnnbt.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhhbb.exec:\nnhhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe51⤵
- Executes dropped EXE
-
\??\c:\5rxlrrx.exec:\5rxlrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\ttnhhn.exec:\ttnhhn.exe53⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe55⤵
- Executes dropped EXE
-
\??\c:\rlrllrx.exec:\rlrllrx.exe56⤵
- Executes dropped EXE
-
\??\c:\9llllrx.exec:\9llllrx.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbtnh.exec:\tnbtnh.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\9xrlxrr.exec:\9xrlxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\flxxrrr.exec:\flxxrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe63⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe64⤵
- Executes dropped EXE
-
\??\c:\tbttnn.exec:\tbttnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ntbttt.exec:\ntbttt.exe66⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe67⤵
-
\??\c:\pppjd.exec:\pppjd.exe68⤵
-
\??\c:\xllfffl.exec:\xllfffl.exe69⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe70⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe71⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe72⤵
-
\??\c:\nbhtnn.exec:\nbhtnn.exe73⤵
-
\??\c:\9htnnh.exec:\9htnnh.exe74⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe75⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe76⤵
-
\??\c:\xrrlflf.exec:\xrrlflf.exe77⤵
-
\??\c:\tthhbb.exec:\tthhbb.exe78⤵
-
\??\c:\htthtn.exec:\htthtn.exe79⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe80⤵
-
\??\c:\9frlrrx.exec:\9frlrrx.exe81⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe82⤵
-
\??\c:\bhbbbt.exec:\bhbbbt.exe83⤵
-
\??\c:\fxlfflr.exec:\fxlfflr.exe84⤵
-
\??\c:\nnttbb.exec:\nnttbb.exe85⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe86⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe87⤵
-
\??\c:\xrrlffx.exec:\xrrlffx.exe88⤵
-
\??\c:\btttbb.exec:\btttbb.exe89⤵
-
\??\c:\5vjjd.exec:\5vjjd.exe90⤵
-
\??\c:\7pjdv.exec:\7pjdv.exe91⤵
-
\??\c:\xrxlfxf.exec:\xrxlfxf.exe92⤵
-
\??\c:\bhbntb.exec:\bhbntb.exe93⤵
-
\??\c:\bttthh.exec:\bttthh.exe94⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe95⤵
-
\??\c:\xxfxlrf.exec:\xxfxlrf.exe96⤵
-
\??\c:\fxllrll.exec:\fxllrll.exe97⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe98⤵
-
\??\c:\hbtnhb.exec:\hbtnhb.exe99⤵
-
\??\c:\jpvjd.exec:\jpvjd.exe100⤵
-
\??\c:\xrfrfxf.exec:\xrfrfxf.exe101⤵
-
\??\c:\xfrlflf.exec:\xfrlflf.exe102⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe103⤵
-
\??\c:\rfllflf.exec:\rfllflf.exe104⤵
-
\??\c:\xxxxlxr.exec:\xxxxlxr.exe105⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe106⤵
-
\??\c:\djjjp.exec:\djjjp.exe107⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe108⤵
-
\??\c:\3llfrxl.exec:\3llfrxl.exe109⤵
-
\??\c:\9bhbbh.exec:\9bhbbh.exe110⤵
-
\??\c:\hbtnhn.exec:\hbtnhn.exe111⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe112⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe113⤵
-
\??\c:\rrffxfx.exec:\rrffxfx.exe114⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe115⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe116⤵
-
\??\c:\9tbntn.exec:\9tbntn.exe117⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe118⤵
-
\??\c:\7xllflr.exec:\7xllflr.exe119⤵
-
\??\c:\frxxxff.exec:\frxxxff.exe120⤵
-
\??\c:\frfllfx.exec:\frfllfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-