Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27/05/2024, 17:30
General
-
Target
03a161f1b06e9ecf748b62a0c327b9d0_NeikiAnalytics.exe
-
Size
61KB
-
MD5
03a161f1b06e9ecf748b62a0c327b9d0
-
SHA1
edd1b1b023a4fcfa608508cb7d4d1feae118e7fe
-
SHA256
7a54f1ec4ce70604fbf6751cdf32c43cc1092b887951e9cbb0e2f04850a25c97
-
SHA512
c3e72b155f14f8a071f34513593ab599e3e2ae172a0ffe57cce590276560ec357994ed9bd567d24b945b6f05f1705c8fa734c85d436c7f129eca873ff2c8400f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJLD:ymb3NkkiQ3mdBjFIvAvD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\03a161f1b06e9ecf748b62a0c327b9d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\03a161f1b06e9ecf748b62a0c327b9d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjd.exec:\3vjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxlrl.exec:\xxrxlrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbbh.exec:\7bbbbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bnhnb.exec:\9bnhnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djjp.exec:\7djjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrrrx.exec:\xxrrrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddd.exec:\1dddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllllf.exec:\rrllllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrxr.exec:\fxfxrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnt.exec:\tnttnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djjj.exec:\3djjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nttnt.exec:\9nttnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlflf.exec:\lfrlflf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnhb.exec:\btnnhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrxfr.exec:\lfxrxfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhb.exec:\hthbhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrfx.exec:\fxflrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe25⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe26⤵
- Executes dropped EXE
-
\??\c:\llllxff.exec:\llllxff.exe27⤵
- Executes dropped EXE
-
\??\c:\htttbn.exec:\htttbn.exe28⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe29⤵
- Executes dropped EXE
-
\??\c:\7fxrxfx.exec:\7fxrxfx.exe30⤵
- Executes dropped EXE
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\hntbbh.exec:\hntbbh.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe33⤵
- Executes dropped EXE
-
\??\c:\xfrlrfl.exec:\xfrlrfl.exe34⤵
- Executes dropped EXE
-
\??\c:\hnhtht.exec:\hnhtht.exe35⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe36⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\lffxxrx.exec:\lffxxrx.exe38⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe39⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe40⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\frxlxfx.exec:\frxlxfx.exe42⤵
- Executes dropped EXE
-
\??\c:\bhtnnn.exec:\bhtnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\9btnnb.exec:\9btnnb.exe44⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe45⤵
- Executes dropped EXE
-
\??\c:\frxrxfl.exec:\frxrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\lxffxfl.exec:\lxffxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\1hnhhn.exec:\1hnhhn.exe48⤵
- Executes dropped EXE
-
\??\c:\nbhbhb.exec:\nbhbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\xlrllrx.exec:\xlrllrx.exe51⤵
- Executes dropped EXE
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\nhnhhh.exec:\nhnhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnbtt.exec:\bhnbtt.exe54⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe55⤵
- Executes dropped EXE
-
\??\c:\lxfrrrl.exec:\lxfrrrl.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrffff.exec:\rlrffff.exe57⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe58⤵
- Executes dropped EXE
-
\??\c:\btthtn.exec:\btthtn.exe59⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe60⤵
- Executes dropped EXE
-
\??\c:\3ddvp.exec:\3ddvp.exe61⤵
- Executes dropped EXE
-
\??\c:\fxxrflr.exec:\fxxrflr.exe62⤵
- Executes dropped EXE
-
\??\c:\1thbtt.exec:\1thbtt.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhtbh.exec:\tnhtbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe65⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe66⤵
-
\??\c:\7frfffx.exec:\7frfffx.exe67⤵
-
\??\c:\bnnhbt.exec:\bnnhbt.exe68⤵
-
\??\c:\vpddv.exec:\vpddv.exe69⤵
-
\??\c:\3xlllrx.exec:\3xlllrx.exe70⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe71⤵
-
\??\c:\tnnntt.exec:\tnnntt.exe72⤵
-
\??\c:\1pvvv.exec:\1pvvv.exe73⤵
-
\??\c:\rrrfrxl.exec:\rrrfrxl.exe74⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe75⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe76⤵
-
\??\c:\dvppj.exec:\dvppj.exe77⤵
-
\??\c:\5rfrxxl.exec:\5rfrxxl.exe78⤵
-
\??\c:\btttth.exec:\btttth.exe79⤵
-
\??\c:\hnhbtt.exec:\hnhbtt.exe80⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe81⤵
-
\??\c:\flffxff.exec:\flffxff.exe82⤵
-
\??\c:\lfrrffx.exec:\lfrrffx.exe83⤵
-
\??\c:\5btnhn.exec:\5btnhn.exe84⤵
-
\??\c:\jjpvj.exec:\jjpvj.exe85⤵
-
\??\c:\lrxxxxf.exec:\lrxxxxf.exe86⤵
-
\??\c:\xrllfxl.exec:\xrllfxl.exe87⤵
-
\??\c:\hthhhn.exec:\hthhhn.exe88⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe89⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe90⤵
-
\??\c:\5xrrrrr.exec:\5xrrrrr.exe91⤵
-
\??\c:\1flxrfx.exec:\1flxrfx.exe92⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe93⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe94⤵
-
\??\c:\jdddd.exec:\jdddd.exe95⤵
-
\??\c:\xrrllfx.exec:\xrrllfx.exe96⤵
-
\??\c:\bnhhbb.exec:\bnhhbb.exe97⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe98⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe99⤵
-
\??\c:\xfrrxff.exec:\xfrrxff.exe100⤵
-
\??\c:\bttbbt.exec:\bttbbt.exe101⤵
-
\??\c:\pdvdv.exec:\pdvdv.exe102⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe103⤵
-
\??\c:\3frrlrr.exec:\3frrlrr.exe104⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe105⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe106⤵
-
\??\c:\jpvdj.exec:\jpvdj.exe107⤵
-
\??\c:\xrrfxxl.exec:\xrrfxxl.exe108⤵
-
\??\c:\3ttnhh.exec:\3ttnhh.exe109⤵
-
\??\c:\tntntb.exec:\tntntb.exe110⤵
-
\??\c:\5hthbn.exec:\5hthbn.exe111⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe112⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe113⤵
-
\??\c:\llfllll.exec:\llfllll.exe114⤵
-
\??\c:\1nnnbb.exec:\1nnnbb.exe115⤵
-
\??\c:\5bbtnn.exec:\5bbtnn.exe116⤵
-
\??\c:\ppppp.exec:\ppppp.exe117⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe118⤵
-
\??\c:\xllfrrl.exec:\xllfrrl.exe119⤵
-
\??\c:\1rrrrrr.exec:\1rrrrrr.exe120⤵
-
\??\c:\bnthhh.exec:\bnthhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-