Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
27-05-2024 21:11
General
-
Target
1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe
-
Size
65KB
-
MD5
1ae80551df6570005b4b063d8de75df0
-
SHA1
fbc31232b6dda1f9152c5037a9e57227b1be6c1b
-
SHA256
07ce7578dafd7e47a7eb1b62b1e9be888f02ce4e37bad463dd87ff04e57272b5
-
SHA512
826e328310feb3a40ec4a84dc66cee3a9eaf16f1ab0bef2e137aef99de20b7a17af62c30555d4560df3652b2a38640d8c7c7d6f584bab42e11699d7ad98e76d6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfMTu:ymb3NkkiQ3mdBjFI4V4Tu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1ae80551df6570005b4b063d8de75df0NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbtt.exec:\nbhbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjjp.exec:\3vjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrrxl.exec:\lflrrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xffxfr.exec:\1xffxfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhntb.exec:\bhhntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbhn.exec:\thnbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjd.exec:\vppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxrxxr.exec:\1lxrxxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxlrr.exec:\xlrxlrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfllrr.exec:\fxfllrr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbhh.exec:\tbhbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpj.exec:\dvvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffflr.exec:\xrffflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhttb.exec:\bbhttb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhtt.exec:\hbhhtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvpp.exec:\vvvpp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvv.exec:\7ddvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxxll.exec:\xrrxxll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbbn.exec:\nbnbbn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbthn.exec:\tnbthn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe25⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe26⤵
- Executes dropped EXE
-
\??\c:\3llfxfx.exec:\3llfxfx.exe27⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\nhnhtt.exec:\nhnhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\pppjj.exec:\pppjj.exe30⤵
- Executes dropped EXE
-
\??\c:\5lrrlrr.exec:\5lrrlrr.exe31⤵
- Executes dropped EXE
-
\??\c:\nthhbb.exec:\nthhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnbnh.exec:\tnnbnh.exe33⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlxlxr.exec:\fxlxlxr.exe36⤵
- Executes dropped EXE
-
\??\c:\bntnbb.exec:\bntnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhhbt.exec:\bnhhbt.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlfxfr.exec:\rrlfxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\rrxrllx.exec:\rrxrllx.exe41⤵
- Executes dropped EXE
-
\??\c:\ntthhb.exec:\ntthhb.exe42⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe43⤵
- Executes dropped EXE
-
\??\c:\lllfrfr.exec:\lllfrfr.exe44⤵
- Executes dropped EXE
-
\??\c:\xrffxff.exec:\xrffxff.exe45⤵
- Executes dropped EXE
-
\??\c:\nbntnt.exec:\nbntnt.exe46⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\jjpdd.exec:\jjpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\xxxxffx.exec:\xxxxffx.exe49⤵
- Executes dropped EXE
-
\??\c:\nbhnhh.exec:\nbhnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tbhbnt.exec:\tbhbnt.exe51⤵
- Executes dropped EXE
-
\??\c:\jdppj.exec:\jdppj.exe52⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxrrlr.exec:\rfxrrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\btnntn.exec:\btnntn.exe55⤵
- Executes dropped EXE
-
\??\c:\nbttht.exec:\nbttht.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe57⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe58⤵
- Executes dropped EXE
-
\??\c:\rxffxxx.exec:\rxffxxx.exe59⤵
- Executes dropped EXE
-
\??\c:\fllxrxr.exec:\fllxrxr.exe60⤵
- Executes dropped EXE
-
\??\c:\hbhhhb.exec:\hbhhhb.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe63⤵
- Executes dropped EXE
-
\??\c:\xfrrffr.exec:\xfrrffr.exe64⤵
- Executes dropped EXE
-
\??\c:\5bhhbh.exec:\5bhhbh.exe65⤵
- Executes dropped EXE
-
\??\c:\9ttnnn.exec:\9ttnnn.exe66⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe67⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe68⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe69⤵
-
\??\c:\rlfrlrx.exec:\rlfrlrx.exe70⤵
-
\??\c:\xxfffff.exec:\xxfffff.exe71⤵
-
\??\c:\bnnbbn.exec:\bnnbbn.exe72⤵
-
\??\c:\1bhhtb.exec:\1bhhtb.exe73⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe74⤵
-
\??\c:\lxfxrrx.exec:\lxfxrrx.exe75⤵
-
\??\c:\fxffrrr.exec:\fxffrrr.exe76⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe77⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe78⤵
-
\??\c:\hbhbbh.exec:\hbhbbh.exe79⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe80⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe81⤵
-
\??\c:\llrllll.exec:\llrllll.exe82⤵
-
\??\c:\ffflfrr.exec:\ffflfrr.exe83⤵
-
\??\c:\5bbtnt.exec:\5bbtnt.exe84⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe85⤵
-
\??\c:\vppvp.exec:\vppvp.exe86⤵
-
\??\c:\xrrrlll.exec:\xrrrlll.exe87⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe88⤵
-
\??\c:\ttbnhn.exec:\ttbnhn.exe89⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe90⤵
-
\??\c:\jdddv.exec:\jdddv.exe91⤵
-
\??\c:\ffffxll.exec:\ffffxll.exe92⤵
-
\??\c:\lxrrlll.exec:\lxrrlll.exe93⤵
-
\??\c:\htbbtn.exec:\htbbtn.exe94⤵
-
\??\c:\tthhbh.exec:\tthhbh.exe95⤵
-
\??\c:\xrxrllf.exec:\xrxrllf.exe96⤵
-
\??\c:\rlxllfl.exec:\rlxllfl.exe97⤵
-
\??\c:\ttttnh.exec:\ttttnh.exe98⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe99⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe100⤵
-
\??\c:\xlxxlfx.exec:\xlxxlfx.exe101⤵
-
\??\c:\frffxrx.exec:\frffxrx.exe102⤵
-
\??\c:\5hhhbb.exec:\5hhhbb.exe103⤵
-
\??\c:\hhhntb.exec:\hhhntb.exe104⤵
-
\??\c:\5ddvj.exec:\5ddvj.exe105⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe106⤵
-
\??\c:\3frrfrr.exec:\3frrfrr.exe107⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe108⤵
-
\??\c:\3tttnt.exec:\3tttnt.exe109⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe110⤵
-
\??\c:\dddjp.exec:\dddjp.exe111⤵
-
\??\c:\djpjd.exec:\djpjd.exe112⤵
-
\??\c:\xffxrlr.exec:\xffxrlr.exe113⤵
-
\??\c:\3htnnn.exec:\3htnnn.exe114⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe115⤵
-
\??\c:\hbbnht.exec:\hbbnht.exe116⤵
-
\??\c:\vdjjj.exec:\vdjjj.exe117⤵
-
\??\c:\pppvj.exec:\pppvj.exe118⤵
-
\??\c:\xxrllrx.exec:\xxrllrx.exe119⤵
-
\??\c:\fxxrllf.exec:\fxxrllf.exe120⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-