Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
27/05/2024, 20:36
General
-
Target
18f36b0a187b1cc0d0d53845d2bc2090NeikiAnalytics.exe
-
Size
306KB
-
MD5
18f36b0a187b1cc0d0d53845d2bc2090
-
SHA1
edd81614f44930665a75a5a8335549c362ae2090
-
SHA256
bc69da80983e37d6636f3afec6a3316f13730e864c635a38979ca0d971c17e44
-
SHA512
5b3083af89e027e03073728e03c6f0a662bc40a7a3b44de54709cfc55a87208c736a6b3134f32fd5f371c228de31699212c5d7cb13176b67e6b8caea8e6de8cf
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2va:n3C9uUnAvtd3Ogld2va
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\18f36b0a187b1cc0d0d53845d2bc2090NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\18f36b0a187b1cc0d0d53845d2bc2090NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxrrrr.exec:\7fxrrrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntt.exec:\tttntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtb.exec:\nhhbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfrrl.exec:\lflfrrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxrf.exec:\lfxlxrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjvv.exec:\ppjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththth.exec:\ththth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnbb.exec:\tttnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxxf.exec:\rlflxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxrr.exec:\ffffxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djpj.exec:\1djpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrffl.exec:\lxxrffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbtt.exec:\hhnbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dppv.exec:\5dppv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlllf.exec:\xlrlllf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnhhh.exec:\bhnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe23⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhhbh.exec:\nhhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\3xrllrl.exec:\3xrllrl.exe26⤵
- Executes dropped EXE
-
\??\c:\lxffxxl.exec:\lxffxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\thhhnn.exec:\thhhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe29⤵
- Executes dropped EXE
-
\??\c:\3rxrlfx.exec:\3rxrlfx.exe30⤵
- Executes dropped EXE
-
\??\c:\ntthth.exec:\ntthth.exe31⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxfxxr.exec:\ffxfxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\5jdjv.exec:\5jdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe36⤵
- Executes dropped EXE
-
\??\c:\xlrlfxl.exec:\xlrlfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\ntnnhb.exec:\ntnnhb.exe38⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe40⤵
- Executes dropped EXE
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe41⤵
- Executes dropped EXE
-
\??\c:\rrxxxxf.exec:\rrxxxxf.exe42⤵
- Executes dropped EXE
-
\??\c:\bbttnn.exec:\bbttnn.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\7lrfrrr.exec:\7lrfrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\9xxrlrl.exec:\9xxrlrl.exe46⤵
- Executes dropped EXE
-
\??\c:\bttnnn.exec:\bttnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\tthhbh.exec:\tthhbh.exe48⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\lrlllll.exec:\lrlllll.exe51⤵
- Executes dropped EXE
-
\??\c:\thhhtt.exec:\thhhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe54⤵
- Executes dropped EXE
-
\??\c:\ffrlllr.exec:\ffrlllr.exe55⤵
- Executes dropped EXE
-
\??\c:\nntntn.exec:\nntntn.exe56⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrlllf.exec:\rfrlllf.exe59⤵
- Executes dropped EXE
-
\??\c:\bnhbnh.exec:\bnhbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe61⤵
- Executes dropped EXE
-
\??\c:\7lffxxx.exec:\7lffxxx.exe62⤵
- Executes dropped EXE
-
\??\c:\htbhbn.exec:\htbhbn.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe64⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe66⤵
-
\??\c:\nttttt.exec:\nttttt.exe67⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe68⤵
-
\??\c:\lffxlll.exec:\lffxlll.exe69⤵
-
\??\c:\tbnnnh.exec:\tbnnnh.exe70⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe71⤵
-
\??\c:\pdjdv.exec:\pdjdv.exe72⤵
-
\??\c:\ppvpj.exec:\ppvpj.exe73⤵
-
\??\c:\rxlfrrr.exec:\rxlfrrr.exe74⤵
-
\??\c:\5nbtnn.exec:\5nbtnn.exe75⤵
-
\??\c:\vjjpj.exec:\vjjpj.exe76⤵
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe77⤵
-
\??\c:\xfxxrrr.exec:\xfxxrrr.exe78⤵
-
\??\c:\bbnntn.exec:\bbnntn.exe79⤵
-
\??\c:\ttnhnh.exec:\ttnhnh.exe80⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe81⤵
-
\??\c:\ffrrllr.exec:\ffrrllr.exe82⤵
-
\??\c:\rxfxxrr.exec:\rxfxxrr.exe83⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe84⤵
-
\??\c:\tbhthb.exec:\tbhthb.exe85⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe86⤵
-
\??\c:\9lrlfff.exec:\9lrlfff.exe87⤵
-
\??\c:\frlfxrl.exec:\frlfxrl.exe88⤵
-
\??\c:\tnnhhb.exec:\tnnhhb.exe89⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe90⤵
-
\??\c:\djdvv.exec:\djdvv.exe91⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe92⤵
-
\??\c:\flfxxxf.exec:\flfxxxf.exe93⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe94⤵
-
\??\c:\thnhtb.exec:\thnhtb.exe95⤵
-
\??\c:\jjjdp.exec:\jjjdp.exe96⤵
-
\??\c:\flxrllf.exec:\flxrllf.exe97⤵
-
\??\c:\7xfrxxx.exec:\7xfrxxx.exe98⤵
-
\??\c:\ntbbhn.exec:\ntbbhn.exe99⤵
-
\??\c:\thtnhb.exec:\thtnhb.exe100⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe101⤵
-
\??\c:\9rrrlfx.exec:\9rrrlfx.exe102⤵
-
\??\c:\3fllfrl.exec:\3fllfrl.exe103⤵
-
\??\c:\tthhnt.exec:\tthhnt.exe104⤵
-
\??\c:\bnhbnb.exec:\bnhbnb.exe105⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe106⤵
-
\??\c:\xrlffff.exec:\xrlffff.exe107⤵
-
\??\c:\hbbnhb.exec:\hbbnhb.exe108⤵
-
\??\c:\httttb.exec:\httttb.exe109⤵
-
\??\c:\frxrxxx.exec:\frxrxxx.exe110⤵
-
\??\c:\lfffxxx.exec:\lfffxxx.exe111⤵
-
\??\c:\htbttb.exec:\htbttb.exe112⤵
-
\??\c:\tnhbbt.exec:\tnhbbt.exe113⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe114⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe115⤵
-
\??\c:\frxrfff.exec:\frxrfff.exe116⤵
-
\??\c:\hnbntn.exec:\hnbntn.exe117⤵
-
\??\c:\1hnhth.exec:\1hnhth.exe118⤵
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe119⤵
-
\??\c:\1bhthh.exec:\1bhthh.exe120⤵
-
\??\c:\5bnbnb.exec:\5bnbnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-