Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27-05-2024 17:55
General
-
Target
06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe
-
Size
63KB
-
MD5
06b32bde5b260c24fa49ee30b9eae520
-
SHA1
db18fa1d3ea1dd87cca7e34e01d522580d443278
-
SHA256
bb7961612d580ad3338b2aa4739faa5782bd9c1f7929eea36efcfa7d3aab4a32
-
SHA512
ff8026089c715cb9d1bc9c161ac13a9cd0ac3bad612b2d55475b8d844970ed9134b237d47c3889b1340b616b8760bc18ab34d608b2e7ef647238a666035a1534
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/w+d:ymb3NkkiQ3mdBjFILmPd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnnn.exec:\tttnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbtb.exec:\ntbbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppj.exec:\pvppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllxff.exec:\ffllxff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhhn.exec:\bbbhhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppj.exec:\jjppj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxrxx.exec:\xfrxrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxlx.exec:\xrxxxlx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhtb.exec:\ttbhtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbh.exec:\nbnhbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfllrr.exec:\frfllrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfffll.exec:\xxfffll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfrrr.exec:\xxlfrrr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxllr.exec:\rxxxllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnttb.exec:\bbnttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tbhhb.exec:\7tbhhb.exe23⤵
- Executes dropped EXE
-
\??\c:\thhhtn.exec:\thhhtn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\rfxrllf.exec:\rfxrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\tbbhhh.exec:\tbbhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\tbtttb.exec:\tbtttb.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\rlrllfx.exec:\rlrllfx.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrrxxx.exec:\lfrrxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhtbtt.exec:\hhtbtt.exe32⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe34⤵
- Executes dropped EXE
-
\??\c:\5rllfll.exec:\5rllfll.exe35⤵
- Executes dropped EXE
-
\??\c:\fxrrxff.exec:\fxrrxff.exe36⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\9pppj.exec:\9pppj.exe38⤵
- Executes dropped EXE
-
\??\c:\rrlxxff.exec:\rrlxxff.exe39⤵
- Executes dropped EXE
-
\??\c:\nhtbbt.exec:\nhtbbt.exe40⤵
- Executes dropped EXE
-
\??\c:\1bthbt.exec:\1bthbt.exe41⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lllfxff.exec:\lllfxff.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhnhb.exec:\nhhnhb.exe46⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe48⤵
- Executes dropped EXE
-
\??\c:\lfllfll.exec:\lfllfll.exe49⤵
- Executes dropped EXE
-
\??\c:\nnnnnb.exec:\nnnnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrllrl.exec:\lfrllrl.exe53⤵
- Executes dropped EXE
-
\??\c:\fflllxx.exec:\fflllxx.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\ddpdd.exec:\ddpdd.exe56⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe57⤵
- Executes dropped EXE
-
\??\c:\flxxrxx.exec:\flxxrxx.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxxxff.exec:\rfxxxff.exe59⤵
- Executes dropped EXE
-
\??\c:\tthtbh.exec:\tthtbh.exe60⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\frxfflr.exec:\frxfflr.exe63⤵
- Executes dropped EXE
-
\??\c:\llrflrf.exec:\llrflrf.exe64⤵
- Executes dropped EXE
-
\??\c:\nntbbh.exec:\nntbbh.exe65⤵
- Executes dropped EXE
-
\??\c:\hnbbbn.exec:\hnbbbn.exe66⤵
- Executes dropped EXE
-
\??\c:\jpdjj.exec:\jpdjj.exe67⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe68⤵
-
\??\c:\frlrrxf.exec:\frlrrxf.exe69⤵
-
\??\c:\xlxffll.exec:\xlxffll.exe70⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe71⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe72⤵
-
\??\c:\pdpvp.exec:\pdpvp.exe73⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe74⤵
-
\??\c:\xrlrlxf.exec:\xrlrlxf.exe75⤵
-
\??\c:\9ffllll.exec:\9ffllll.exe76⤵
-
\??\c:\thnntt.exec:\thnntt.exe77⤵
-
\??\c:\hnbbht.exec:\hnbbht.exe78⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe79⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe80⤵
-
\??\c:\xrffxxx.exec:\xrffxxx.exe81⤵
-
\??\c:\xrrxflr.exec:\xrrxflr.exe82⤵
-
\??\c:\nnnttb.exec:\nnnttb.exe83⤵
-
\??\c:\9tbbtb.exec:\9tbbtb.exe84⤵
-
\??\c:\jjdjp.exec:\jjdjp.exe85⤵
-
\??\c:\rlrxxfl.exec:\rlrxxfl.exe86⤵
-
\??\c:\5ntbnb.exec:\5ntbnb.exe87⤵
-
\??\c:\tbtnth.exec:\tbtnth.exe88⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe89⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe90⤵
-
\??\c:\fffrxxf.exec:\fffrxxf.exe91⤵
-
\??\c:\rffxxrf.exec:\rffxxrf.exe92⤵
-
\??\c:\1nbnnb.exec:\1nbnnb.exe93⤵
-
\??\c:\jvppp.exec:\jvppp.exe94⤵
-
\??\c:\dpddd.exec:\dpddd.exe95⤵
-
\??\c:\rrxlllf.exec:\rrxlllf.exe96⤵
-
\??\c:\hbbbnh.exec:\hbbbnh.exe97⤵
-
\??\c:\dppjp.exec:\dppjp.exe98⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe99⤵
-
\??\c:\lxxxrff.exec:\lxxxrff.exe100⤵
-
\??\c:\xrxxxxr.exec:\xrxxxxr.exe101⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe102⤵
-
\??\c:\jpddj.exec:\jpddj.exe103⤵
-
\??\c:\frrxrxx.exec:\frrxrxx.exe104⤵
-
\??\c:\5lfrrxx.exec:\5lfrrxx.exe105⤵
-
\??\c:\hhbhtt.exec:\hhbhtt.exe106⤵
-
\??\c:\hnnnnt.exec:\hnnnnt.exe107⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe108⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe109⤵
-
\??\c:\flrlffl.exec:\flrlffl.exe110⤵
-
\??\c:\7xfffrr.exec:\7xfffrr.exe111⤵
-
\??\c:\ffllrxx.exec:\ffllrxx.exe112⤵
-
\??\c:\hnbhbh.exec:\hnbhbh.exe113⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe114⤵
-
\??\c:\vpppj.exec:\vpppj.exe115⤵
-
\??\c:\rrfrxff.exec:\rrfrxff.exe116⤵
-
\??\c:\rflrrrr.exec:\rflrrrr.exe117⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe118⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe119⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe120⤵
-
\??\c:\ffffxfx.exec:\ffffxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-