Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
26/05/2024, 18:23
General
-
Target
b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe
-
Size
441KB
-
MD5
b6227b51478fc50c793c1097f9a25270
-
SHA1
3cc4c3e0c12515ffe4a2b48934db399039ba516a
-
SHA256
004ab26c1eee3145a14af87d783262944abb7fd17de982d202e44f046a13c58c
-
SHA512
151b11fe654b43b815c7ec4fe8f6f60ec8073fcb75fa50348a12e94db63779b69bcf14e099973ec5b268f12108e9aea858697675e5d42b1b41bb7cb26a562cb9
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluz:UrR/nPs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxrx.exec:\flxxxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbbnt.exec:\3bbbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthb.exec:\thhthb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjj.exec:\dppjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllllrx.exec:\rllllrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthht.exec:\htthht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppp.exec:\jvppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrxl.exec:\xrffrxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntbb.exec:\htntbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvp.exec:\vddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlllf.exec:\rfrlllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthhn.exec:\btthhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnntt.exec:\htnntt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppp.exec:\pdppp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxxlx.exec:\xrrxxlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhbt.exec:\bnhhbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dddd.exec:\7dddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlllxxl.exec:\rlllxxl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbb.exec:\bbhtbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvd.exec:\ddvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\1ddpd.exec:\1ddpd.exe24⤵
- Executes dropped EXE
-
\??\c:\7fffrff.exec:\7fffrff.exe25⤵
- Executes dropped EXE
-
\??\c:\tttbht.exec:\tttbht.exe26⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxxlfx.exec:\xfxxlfx.exe29⤵
- Executes dropped EXE
-
\??\c:\bhbbbb.exec:\bhbbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\7dppj.exec:\7dppj.exe31⤵
- Executes dropped EXE
-
\??\c:\llffffl.exec:\llffffl.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlrlxf.exec:\rxlrlxf.exe33⤵
- Executes dropped EXE
-
\??\c:\tbbbhh.exec:\tbbbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\3dvpp.exec:\3dvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrrxx.exec:\fxrrrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\thnhhh.exec:\thnhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\jpddd.exec:\jpddd.exe39⤵
- Executes dropped EXE
-
\??\c:\frrllll.exec:\frrllll.exe40⤵
- Executes dropped EXE
-
\??\c:\hnnhbh.exec:\hnnhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe42⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\9httnn.exec:\9httnn.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe45⤵
- Executes dropped EXE
-
\??\c:\3jpjd.exec:\3jpjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xffflfr.exec:\xffflfr.exe47⤵
- Executes dropped EXE
-
\??\c:\bbbhbb.exec:\bbbhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\rfxxrrl.exec:\rfxxrrl.exe50⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe51⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxxrrf.exec:\rfxxrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe55⤵
- Executes dropped EXE
-
\??\c:\1pdvp.exec:\1pdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\fllxxxr.exec:\fllxxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\nbhbbt.exec:\nbhbbt.exe58⤵
- Executes dropped EXE
-
\??\c:\3nnhbb.exec:\3nnhbb.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvvp.exec:\jvvvp.exe60⤵
- Executes dropped EXE
-
\??\c:\lllxxrl.exec:\lllxxrl.exe61⤵
- Executes dropped EXE
-
\??\c:\ntntbt.exec:\ntntbt.exe62⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe63⤵
- Executes dropped EXE
-
\??\c:\fllxrrl.exec:\fllxrrl.exe64⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe65⤵
- Executes dropped EXE
-
\??\c:\tthbnh.exec:\tthbnh.exe66⤵
-
\??\c:\ddddv.exec:\ddddv.exe67⤵
-
\??\c:\lfflfxr.exec:\lfflfxr.exe68⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe69⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe70⤵
-
\??\c:\rfllrrl.exec:\rfllrrl.exe71⤵
-
\??\c:\llxrlfx.exec:\llxrlfx.exe72⤵
-
\??\c:\nhhbbn.exec:\nhhbbn.exe73⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe74⤵
-
\??\c:\5fxrllf.exec:\5fxrllf.exe75⤵
-
\??\c:\lfflfrr.exec:\lfflfrr.exe76⤵
-
\??\c:\btttnh.exec:\btttnh.exe77⤵
-
\??\c:\jpddd.exec:\jpddd.exe78⤵
-
\??\c:\7pppp.exec:\7pppp.exe79⤵
-
\??\c:\rxfffll.exec:\rxfffll.exe80⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe81⤵
-
\??\c:\dddjp.exec:\dddjp.exe82⤵
-
\??\c:\7rfxxxx.exec:\7rfxxxx.exe83⤵
-
\??\c:\xfrrffr.exec:\xfrrffr.exe84⤵
-
\??\c:\btbhtn.exec:\btbhtn.exe85⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe86⤵
-
\??\c:\flflfrf.exec:\flflfrf.exe87⤵
-
\??\c:\7nhbhh.exec:\7nhbhh.exe88⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe89⤵
-
\??\c:\ddddd.exec:\ddddd.exe90⤵
-
\??\c:\xrrrrfl.exec:\xrrrrfl.exe91⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe92⤵
-
\??\c:\3httth.exec:\3httth.exe93⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe94⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe95⤵
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe96⤵
-
\??\c:\bhhhnn.exec:\bhhhnn.exe97⤵
-
\??\c:\djjpj.exec:\djjpj.exe98⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe99⤵
-
\??\c:\fxrrrff.exec:\fxrrrff.exe100⤵
-
\??\c:\1bnhhn.exec:\1bnhhn.exe101⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe102⤵
-
\??\c:\jddjv.exec:\jddjv.exe103⤵
-
\??\c:\lxrrlrr.exec:\lxrrlrr.exe104⤵
-
\??\c:\bbnbhb.exec:\bbnbhb.exe105⤵
-
\??\c:\bntthb.exec:\bntthb.exe106⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe107⤵
-
\??\c:\1frllfr.exec:\1frllfr.exe108⤵
-
\??\c:\nhnntn.exec:\nhnntn.exe109⤵
-
\??\c:\vpppp.exec:\vpppp.exe110⤵
-
\??\c:\1pddv.exec:\1pddv.exe111⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe112⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe113⤵
-
\??\c:\3bhhnt.exec:\3bhhnt.exe114⤵
-
\??\c:\ddddv.exec:\ddddv.exe115⤵
-
\??\c:\xflllll.exec:\xflllll.exe116⤵
-
\??\c:\bthhtb.exec:\bthhtb.exe117⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe118⤵
-
\??\c:\vdppv.exec:\vdppv.exe119⤵
-
\??\c:\3rffrxl.exec:\3rffrxl.exe120⤵
-
\??\c:\xxrrfff.exec:\xxrrfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-