Analysis
-
max time kernel
150s -
max time network
116s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 03:18
General
-
Target
1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe
-
Size
94KB
-
MD5
1c43acdffaceee861fc39ff61a659960
-
SHA1
4acfca21813bcfc7160af8d1fc7137f7898cf70f
-
SHA256
8bffe28b1fa4f4ac40b854942d9d2428513740ba1926d6c6a5dbcab6819143d1
-
SHA512
bcccd9b911fa18619c379ad1ea0a5e676b6696a3cdeae365e779e1d6d4a33ee2123a084aeae12b118fa5deee461b28ac7e971f1ecaf0b111d49d3b2a6b3f3eff
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxE6vr/mAF:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+bE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jddp.exec:\1jddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffflf.exec:\xfffflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttbh.exec:\bnttbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdpp.exec:\pvdpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppp.exec:\jjppp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjd.exec:\pvdjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtb.exec:\hhbbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxxrff.exec:\5fxxrff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvv.exec:\vjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xxxrrl.exec:\9xxxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhht.exec:\nbnhht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvvv.exec:\1vvvv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlxrl.exec:\ffrlxrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtb.exec:\bbtbtb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbht.exec:\bbhbht.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe23⤵
- Executes dropped EXE
-
\??\c:\hhnnhn.exec:\hhnnhn.exe24⤵
- Executes dropped EXE
-
\??\c:\1nntth.exec:\1nntth.exe25⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxffff.exec:\xlxffff.exe27⤵
- Executes dropped EXE
-
\??\c:\nnthbb.exec:\nnthbb.exe28⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxxlrr.exec:\ffxxlrr.exe30⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxffff.exec:\lfxffff.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\xxllflr.exec:\xxllflr.exe36⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe37⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe38⤵
- Executes dropped EXE
-
\??\c:\llxfxfr.exec:\llxfxfr.exe39⤵
- Executes dropped EXE
-
\??\c:\9xxxxff.exec:\9xxxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbtbt.exec:\nhbtbt.exe41⤵
- Executes dropped EXE
-
\??\c:\nntnhn.exec:\nntnhn.exe42⤵
- Executes dropped EXE
-
\??\c:\5djpv.exec:\5djpv.exe43⤵
- Executes dropped EXE
-
\??\c:\xxllxlx.exec:\xxllxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\bnnhbn.exec:\bnnhbn.exe45⤵
- Executes dropped EXE
-
\??\c:\bbhbtb.exec:\bbhbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrllfx.exec:\rlrllfx.exe48⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\vjddv.exec:\vjddv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxfxlff.exec:\fxfxlff.exe51⤵
- Executes dropped EXE
-
\??\c:\thbtnt.exec:\thbtnt.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhbnn.exec:\bhhbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe55⤵
- Executes dropped EXE
-
\??\c:\xllfrrx.exec:\xllfrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhntn.exec:\bnhntn.exe57⤵
- Executes dropped EXE
-
\??\c:\ntttnt.exec:\ntttnt.exe58⤵
- Executes dropped EXE
-
\??\c:\3ddpd.exec:\3ddpd.exe59⤵
- Executes dropped EXE
-
\??\c:\fxlllrr.exec:\fxlllrr.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxfrff.exec:\ffxfrff.exe61⤵
- Executes dropped EXE
-
\??\c:\btbhhn.exec:\btbhhn.exe62⤵
- Executes dropped EXE
-
\??\c:\tttbnb.exec:\tttbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe64⤵
- Executes dropped EXE
-
\??\c:\fffxxlx.exec:\fffxxlx.exe65⤵
- Executes dropped EXE
-
\??\c:\fffrrfx.exec:\fffrrfx.exe66⤵
-
\??\c:\ntbhhn.exec:\ntbhhn.exe67⤵
-
\??\c:\5dvdd.exec:\5dvdd.exe68⤵
-
\??\c:\frffllr.exec:\frffllr.exe69⤵
-
\??\c:\llflrfr.exec:\llflrfr.exe70⤵
-
\??\c:\nbhbbn.exec:\nbhbbn.exe71⤵
-
\??\c:\jjjpj.exec:\jjjpj.exe72⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe73⤵
-
\??\c:\flxrlrl.exec:\flxrlrl.exe74⤵
-
\??\c:\lffffff.exec:\lffffff.exe75⤵
-
\??\c:\ntthtb.exec:\ntthtb.exe76⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe77⤵
-
\??\c:\jvddp.exec:\jvddp.exe78⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe79⤵
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe80⤵
-
\??\c:\nhtntt.exec:\nhtntt.exe81⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe82⤵
-
\??\c:\rxlrxlx.exec:\rxlrxlx.exe83⤵
-
\??\c:\tbnnnh.exec:\tbnnnh.exe84⤵
-
\??\c:\fxlrlxr.exec:\fxlrlxr.exe85⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe86⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe87⤵
-
\??\c:\rrlllxr.exec:\rrlllxr.exe88⤵
-
\??\c:\lrlrxff.exec:\lrlrxff.exe89⤵
-
\??\c:\bhbhbt.exec:\bhbhbt.exe90⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe91⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe92⤵
-
\??\c:\1llllfr.exec:\1llllfr.exe93⤵
-
\??\c:\btnnth.exec:\btnnth.exe94⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe95⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe96⤵
-
\??\c:\9fffxfx.exec:\9fffxfx.exe97⤵
-
\??\c:\rfffxxx.exec:\rfffxxx.exe98⤵
-
\??\c:\1bnnnb.exec:\1bnnnb.exe99⤵
-
\??\c:\dddjj.exec:\dddjj.exe100⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe101⤵
-
\??\c:\lrxxfff.exec:\lrxxfff.exe102⤵
-
\??\c:\rxfffrl.exec:\rxfffrl.exe103⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe104⤵
-
\??\c:\bhnttt.exec:\bhnttt.exe105⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe106⤵
-
\??\c:\rllxllx.exec:\rllxllx.exe107⤵
-
\??\c:\llxrxxx.exec:\llxrxxx.exe108⤵
-
\??\c:\nbhbbh.exec:\nbhbbh.exe109⤵
-
\??\c:\nnnhht.exec:\nnnhht.exe110⤵
-
\??\c:\3pvdp.exec:\3pvdp.exe111⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe112⤵
-
\??\c:\1rlfxfr.exec:\1rlfxfr.exe113⤵
-
\??\c:\flllllf.exec:\flllllf.exe114⤵
-
\??\c:\ttnnht.exec:\ttnnht.exe115⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe116⤵
-
\??\c:\vpppj.exec:\vpppj.exe117⤵
-
\??\c:\9xxrllf.exec:\9xxrllf.exe118⤵
-
\??\c:\frlxfrl.exec:\frlxfrl.exe119⤵
-
\??\c:\tbnhhn.exec:\tbnhhn.exe120⤵
-
\??\c:\3bttnb.exec:\3bttnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-