Analysis
-
max time kernel
150s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
28-05-2024 08:58
General
-
Target
3c493674068d0af156602861c20661c0_NeikiAnalytics.exe
-
Size
153KB
-
MD5
3c493674068d0af156602861c20661c0
-
SHA1
f3ba9f6a2d77f52bc69a40b531f4b473583d3c69
-
SHA256
e04a147d4176fb7637c7ffd8b5c260818b4f65b0cc3b75a4b1e5bddb3e3d51c1
-
SHA512
5e5bcf9018f67caf96d044a29a4a24997ac414dc25af9631172805ae4a37230ba0a192f50d8e76a44853337e3859d985eac45d3815ef23007865d02a48b878dd
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmX5k2LrCimBaH8UH303g:n3C9BRIG0asYFm71mJkzpaH8m37
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3c493674068d0af156602861c20661c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3c493674068d0af156602861c20661c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffr.exec:\xrfxffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlll.exec:\rxxrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnnnn.exec:\7nnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpp.exec:\dvvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjj.exec:\1jpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrxfxx.exec:\frrxfxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbbb.exec:\nnbbbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnbh.exec:\hbtnbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpp.exec:\pvvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdv.exec:\vjjdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfrrr.exec:\lxlfrrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnthh.exec:\tbnthh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlxlx.exec:\lxrlxlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtt.exec:\tnnhtt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflfffx.exec:\rflfffx.exe23⤵
- Executes dropped EXE
-
\??\c:\nnbhbh.exec:\nnbhbh.exe24⤵
- Executes dropped EXE
-
\??\c:\vjvvp.exec:\vjvvp.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe26⤵
- Executes dropped EXE
-
\??\c:\bnhbtn.exec:\bnhbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\dppdv.exec:\dppdv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrffll.exec:\lfrffll.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\frxfxrl.exec:\frxfxrl.exe31⤵
- Executes dropped EXE
-
\??\c:\rxfrrff.exec:\rxfrrff.exe32⤵
- Executes dropped EXE
-
\??\c:\htnbtn.exec:\htnbtn.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe34⤵
- Executes dropped EXE
-
\??\c:\xfffrll.exec:\xfffrll.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnbnh.exec:\bnnbnh.exe36⤵
- Executes dropped EXE
-
\??\c:\bbthbt.exec:\bbthbt.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe38⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxfxfxf.exec:\fxfxfxf.exe40⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe41⤵
- Executes dropped EXE
-
\??\c:\7tnhbt.exec:\7tnhbt.exe42⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe43⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe44⤵
- Executes dropped EXE
-
\??\c:\3llxrfx.exec:\3llxrfx.exe45⤵
- Executes dropped EXE
-
\??\c:\3ntnhh.exec:\3ntnhh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe47⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe48⤵
- Executes dropped EXE
-
\??\c:\lfxrlff.exec:\lfxrlff.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhbtt.exec:\hbhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\bthbhb.exec:\bthbhb.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe53⤵
- Executes dropped EXE
-
\??\c:\rxxxfrf.exec:\rxxxfrf.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhbbh.exec:\hbhbbh.exe55⤵
- Executes dropped EXE
-
\??\c:\bnnhbb.exec:\bnnhbb.exe56⤵
- Executes dropped EXE
-
\??\c:\9vvpd.exec:\9vvpd.exe57⤵
- Executes dropped EXE
-
\??\c:\1lxlfrr.exec:\1lxlfrr.exe58⤵
- Executes dropped EXE
-
\??\c:\7xxxrxl.exec:\7xxxrxl.exe59⤵
- Executes dropped EXE
-
\??\c:\5nbbth.exec:\5nbbth.exe60⤵
- Executes dropped EXE
-
\??\c:\nttnnn.exec:\nttnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\lrrxrlf.exec:\lrrxrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe65⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe66⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe67⤵
-
\??\c:\lfxffxf.exec:\lfxffxf.exe68⤵
-
\??\c:\5nbtbb.exec:\5nbtbb.exe69⤵
-
\??\c:\jvddp.exec:\jvddp.exe70⤵
-
\??\c:\jdddv.exec:\jdddv.exe71⤵
-
\??\c:\fxffffr.exec:\fxffffr.exe72⤵
-
\??\c:\btthnb.exec:\btthnb.exe73⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe74⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe75⤵
-
\??\c:\7nbnbt.exec:\7nbnbt.exe76⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe77⤵
-
\??\c:\rlffxrr.exec:\rlffxrr.exe78⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe79⤵
-
\??\c:\tbhhbh.exec:\tbhhbh.exe80⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe81⤵
-
\??\c:\xrxxrxx.exec:\xrxxrxx.exe82⤵
-
\??\c:\fflllll.exec:\fflllll.exe83⤵
-
\??\c:\ntnnhh.exec:\ntnnhh.exe84⤵
-
\??\c:\tntntt.exec:\tntntt.exe85⤵
-
\??\c:\1jvpd.exec:\1jvpd.exe86⤵
-
\??\c:\lrrlfxf.exec:\lrrlfxf.exe87⤵
-
\??\c:\xrfxllf.exec:\xrfxllf.exe88⤵
-
\??\c:\7hnhtn.exec:\7hnhtn.exe89⤵
-
\??\c:\tnhbhn.exec:\tnhbhn.exe90⤵
-
\??\c:\jddpd.exec:\jddpd.exe91⤵
-
\??\c:\rxflrrf.exec:\rxflrrf.exe92⤵
-
\??\c:\llrllff.exec:\llrllff.exe93⤵
-
\??\c:\3ttnnt.exec:\3ttnnt.exe94⤵
-
\??\c:\nbhtnh.exec:\nbhtnh.exe95⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe96⤵
-
\??\c:\dpjvj.exec:\dpjvj.exe97⤵
-
\??\c:\rlllrrx.exec:\rlllrrx.exe98⤵
-
\??\c:\ffxxlxf.exec:\ffxxlxf.exe99⤵
-
\??\c:\bbbtnh.exec:\bbbtnh.exe100⤵
-
\??\c:\tttnnb.exec:\tttnnb.exe101⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe102⤵
-
\??\c:\rrrrrxl.exec:\rrrrrxl.exe103⤵
-
\??\c:\rlrrllr.exec:\rlrrllr.exe104⤵
-
\??\c:\btnnhb.exec:\btnnhb.exe105⤵
-
\??\c:\1bhhhh.exec:\1bhhhh.exe106⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe107⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe108⤵
-
\??\c:\7dddd.exec:\7dddd.exe109⤵
-
\??\c:\xxxllll.exec:\xxxllll.exe110⤵
-
\??\c:\1hhhhh.exec:\1hhhhh.exe111⤵
-
\??\c:\7bhhbh.exec:\7bhhbh.exe112⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe113⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe114⤵
-
\??\c:\flrllll.exec:\flrllll.exe115⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe116⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe117⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe118⤵
-
\??\c:\9xrrffx.exec:\9xrrffx.exe119⤵
-
\??\c:\9nhbtn.exec:\9nhbtn.exe120⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-