Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-05-2024 01:59
General
-
Target
2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe
-
Size
56KB
-
MD5
2cc1b47cdbfd32db5694b2edb07ceb10
-
SHA1
4fb78a4047a4afbcf5ea04cc942d246f947308ed
-
SHA256
53ae40a5f5e64a10d74076f1cca0230657775f3a74cfd3d716f2dc48b8deec50
-
SHA512
d3c3ae309d2a596cc8c3a8f3aa2033451553a34fe512cbf4bbc02535ee3cf5c7767bb9089678ae8ef2a5a42d955b38544ec77793c3218722c8af312d9e27c62a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFH:ymb3NkkiQ3mdBjFIvIFH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvj.exec:\vvdvj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhh.exec:\tttnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvpv.exec:\5dvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrllf.exec:\rlxrllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdd.exec:\3pjdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpd.exec:\9pvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flflxlx.exec:\flflxlx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntnt.exec:\htntnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjd.exec:\ddjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxxll.exec:\xrrxxll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbbtt.exec:\1nbbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfllxxx.exec:\rfllxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3flxrxx.exec:\3flxrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbhh.exec:\tthbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbh.exec:\bthbbh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjd.exec:\pdjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlffxf.exec:\rxlffxf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdpv.exec:\9pdpv.exe23⤵
- Executes dropped EXE
-
\??\c:\lxxfrxx.exec:\lxxfrxx.exe24⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe25⤵
- Executes dropped EXE
-
\??\c:\7tbhbt.exec:\7tbhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\nnnbnh.exec:\nnnbnh.exe27⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe28⤵
- Executes dropped EXE
-
\??\c:\ffrlrxl.exec:\ffrlrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\frrrrrr.exec:\frrrrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\3tbbtb.exec:\3tbbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\9djjd.exec:\9djjd.exe32⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe33⤵
- Executes dropped EXE
-
\??\c:\llfflrr.exec:\llfflrr.exe34⤵
- Executes dropped EXE
-
\??\c:\nnnttb.exec:\nnnttb.exe35⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\3rrfxxx.exec:\3rrfxxx.exe37⤵
- Executes dropped EXE
-
\??\c:\nntbnn.exec:\nntbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\hhbhtt.exec:\hhbhtt.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\nntntb.exec:\nntntb.exe41⤵
- Executes dropped EXE
-
\??\c:\7hhbnn.exec:\7hhbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe43⤵
- Executes dropped EXE
-
\??\c:\rlfxrrl.exec:\rlfxrrl.exe44⤵
- Executes dropped EXE
-
\??\c:\xxflrxl.exec:\xxflrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\1nnnnb.exec:\1nnnnb.exe46⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxllxx.exec:\fxxllxx.exe49⤵
- Executes dropped EXE
-
\??\c:\lxflffl.exec:\lxflffl.exe50⤵
- Executes dropped EXE
-
\??\c:\nhtnbt.exec:\nhtnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\3pvpj.exec:\3pvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\ppjjj.exec:\ppjjj.exe53⤵
- Executes dropped EXE
-
\??\c:\llrlxxf.exec:\llrlxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe55⤵
- Executes dropped EXE
-
\??\c:\nthhbb.exec:\nthhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\lxlxxrr.exec:\lxlxxrr.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhbtn.exec:\nhhbtn.exe60⤵
- Executes dropped EXE
-
\??\c:\ttbnhn.exec:\ttbnhn.exe61⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xlrlffx.exec:\xlrlffx.exe64⤵
- Executes dropped EXE
-
\??\c:\btbtth.exec:\btbtth.exe65⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe66⤵
-
\??\c:\vvddv.exec:\vvddv.exe67⤵
-
\??\c:\xfrrlrl.exec:\xfrrlrl.exe68⤵
-
\??\c:\btnhnb.exec:\btnhnb.exe69⤵
-
\??\c:\9jpvv.exec:\9jpvv.exe70⤵
-
\??\c:\pdvjv.exec:\pdvjv.exe71⤵
-
\??\c:\xxfxrrr.exec:\xxfxrrr.exe72⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe73⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe74⤵
-
\??\c:\lrrxfxl.exec:\lrrxfxl.exe75⤵
-
\??\c:\hnhhnt.exec:\hnhhnt.exe76⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe77⤵
-
\??\c:\vpppp.exec:\vpppp.exe78⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe79⤵
-
\??\c:\9xlrflx.exec:\9xlrflx.exe80⤵
-
\??\c:\lrrrrll.exec:\lrrrrll.exe81⤵
-
\??\c:\bnnnnn.exec:\bnnnnn.exe82⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe83⤵
-
\??\c:\djpjd.exec:\djpjd.exe84⤵
-
\??\c:\frrllrr.exec:\frrllrr.exe85⤵
-
\??\c:\9tbbbb.exec:\9tbbbb.exe86⤵
-
\??\c:\bhnbht.exec:\bhnbht.exe87⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe88⤵
-
\??\c:\7frxfll.exec:\7frxfll.exe89⤵
-
\??\c:\1nbbtb.exec:\1nbbtb.exe90⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe91⤵
-
\??\c:\rlxrllr.exec:\rlxrllr.exe92⤵
-
\??\c:\1rfrrff.exec:\1rfrrff.exe93⤵
-
\??\c:\ttnnnn.exec:\ttnnnn.exe94⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe95⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe96⤵
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe97⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe98⤵
-
\??\c:\ttbbbn.exec:\ttbbbn.exe99⤵
-
\??\c:\1pjjd.exec:\1pjjd.exe100⤵
-
\??\c:\vvpjd.exec:\vvpjd.exe101⤵
-
\??\c:\fxffffl.exec:\fxffffl.exe102⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe103⤵
-
\??\c:\bhbtbn.exec:\bhbtbn.exe104⤵
-
\??\c:\7vpjv.exec:\7vpjv.exe105⤵
-
\??\c:\frffxxr.exec:\frffxxr.exe106⤵
-
\??\c:\1nnnnn.exec:\1nnnnn.exe107⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe108⤵
-
\??\c:\jdddv.exec:\jdddv.exe109⤵
-
\??\c:\fllllrl.exec:\fllllrl.exe110⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe111⤵
-
\??\c:\htbtbb.exec:\htbtbb.exe112⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe113⤵
-
\??\c:\lfrlfff.exec:\lfrlfff.exe114⤵
-
\??\c:\lxxffff.exec:\lxxffff.exe115⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe116⤵
-
\??\c:\3thbtt.exec:\3thbtt.exe117⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe118⤵
-
\??\c:\rffrfrf.exec:\rffrfrf.exe119⤵
-
\??\c:\nhhbhh.exec:\nhhbhh.exe120⤵
-
\??\c:\3vjdv.exec:\3vjdv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-