Analysis
-
max time kernel
139s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
29/05/2024, 00:17
General
-
Target
1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe
-
Size
520KB
-
MD5
1d8241f54bc9fe616a9d278a6110ae10
-
SHA1
3421919049276645bef654f50dce75b3dc34e8d3
-
SHA256
03d1811f1ab5eb5a2827997f50c2600acf0ba1d94f1f7e9a459b61aee413786f
-
SHA512
d0e2bd521690c0926bcbc9776113f8347bcb68c2b9ee2e44c85258c56e25a2f3c701008e008ab52d5693bec38ca1571addfcb1211e15b207377f8592fadc45bc
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3w:q7Tc2NYHUrAwfMHNnpls489A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtn.exec:\nhhbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlfx.exec:\ffxxlfx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpdp.exec:\djpdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjp.exec:\dpdjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtn.exec:\thhbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllffx.exec:\llllffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5djdv.exec:\5djdv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrlfx.exec:\fllrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvj.exec:\dddvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtt.exec:\bhhbtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvv.exec:\djdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5llfxxx.exec:\5llfxxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnnb.exec:\btnnnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvv.exec:\vvvvv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnh.exec:\bhnnnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvv.exec:\djvvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhhh.exec:\bbnhhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\lxfxrff.exec:\lxfxrff.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\llxfrrf.exec:\llxfrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe28⤵
- Executes dropped EXE
-
\??\c:\hbbbth.exec:\hbbbth.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrrlll.exec:\xrrrlll.exe30⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe31⤵
- Executes dropped EXE
-
\??\c:\1vjjd.exec:\1vjjd.exe32⤵
- Executes dropped EXE
-
\??\c:\rfllxfx.exec:\rfllxfx.exe33⤵
- Executes dropped EXE
-
\??\c:\jvdjv.exec:\jvdjv.exe34⤵
- Executes dropped EXE
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe36⤵
- Executes dropped EXE
-
\??\c:\5vjdd.exec:\5vjdd.exe37⤵
- Executes dropped EXE
-
\??\c:\3rxrlll.exec:\3rxrlll.exe38⤵
- Executes dropped EXE
-
\??\c:\ffxxrrl.exec:\ffxxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe40⤵
- Executes dropped EXE
-
\??\c:\vpvpv.exec:\vpvpv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\tbbnbh.exec:\tbbnbh.exe43⤵
- Executes dropped EXE
-
\??\c:\pjdvv.exec:\pjdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\3lrlfxl.exec:\3lrlfxl.exe45⤵
- Executes dropped EXE
-
\??\c:\9nbttt.exec:\9nbttt.exe46⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe47⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rllflll.exec:\rllflll.exe49⤵
- Executes dropped EXE
-
\??\c:\1vdvp.exec:\1vdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\fflffff.exec:\fflffff.exe51⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\5ttnnn.exec:\5ttnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vjddd.exec:\vjddd.exe54⤵
- Executes dropped EXE
-
\??\c:\ffxxrrr.exec:\ffxxrrr.exe55⤵
- Executes dropped EXE
-
\??\c:\5bttth.exec:\5bttth.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjjj.exec:\vvjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\frxrllf.exec:\frxrllf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbbtn.exec:\nhbbtn.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe60⤵
- Executes dropped EXE
-
\??\c:\xllfxlf.exec:\xllfxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\5bhbtb.exec:\5bhbtb.exe62⤵
- Executes dropped EXE
-
\??\c:\bhbnhh.exec:\bhbnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe64⤵
- Executes dropped EXE
-
\??\c:\rflflfx.exec:\rflflfx.exe65⤵
- Executes dropped EXE
-
\??\c:\rrrlffx.exec:\rrrlffx.exe66⤵
-
\??\c:\tthnth.exec:\tthnth.exe67⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe68⤵
-
\??\c:\tthbnh.exec:\tthbnh.exe69⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe70⤵
-
\??\c:\xrxxrlf.exec:\xrxxrlf.exe71⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe72⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe73⤵
-
\??\c:\9xfrlfx.exec:\9xfrlfx.exe74⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe75⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe76⤵
-
\??\c:\xfxlfff.exec:\xfxlfff.exe77⤵
-
\??\c:\1bhbbb.exec:\1bhbbb.exe78⤵
-
\??\c:\dddvv.exec:\dddvv.exe79⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe80⤵
-
\??\c:\rllffxx.exec:\rllffxx.exe81⤵
-
\??\c:\nntnnh.exec:\nntnnh.exe82⤵
-
\??\c:\5thbhn.exec:\5thbhn.exe83⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe84⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe85⤵
-
\??\c:\bhnthn.exec:\bhnthn.exe86⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe87⤵
-
\??\c:\jjjdj.exec:\jjjdj.exe88⤵
-
\??\c:\1frlfxr.exec:\1frlfxr.exe89⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe90⤵
-
\??\c:\vjdvj.exec:\vjdvj.exe91⤵
-
\??\c:\lrxffrx.exec:\lrxffrx.exe92⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe93⤵
-
\??\c:\htbnht.exec:\htbnht.exe94⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe95⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe96⤵
-
\??\c:\tbtnhh.exec:\tbtnhh.exe97⤵
-
\??\c:\jvddv.exec:\jvddv.exe98⤵
-
\??\c:\3lfxlfx.exec:\3lfxlfx.exe99⤵
-
\??\c:\rrrrrxr.exec:\rrrrrxr.exe100⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe101⤵
-
\??\c:\djjdv.exec:\djjdv.exe102⤵
-
\??\c:\frxrlfl.exec:\frxrlfl.exe103⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe104⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe105⤵
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe106⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe107⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe108⤵
-
\??\c:\3vvpj.exec:\3vvpj.exe109⤵
-
\??\c:\3flxfxf.exec:\3flxfxf.exe110⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe111⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe112⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe113⤵
-
\??\c:\lflxxrx.exec:\lflxxrx.exe114⤵
-
\??\c:\hhtthn.exec:\hhtthn.exe115⤵
-
\??\c:\9jvpp.exec:\9jvpp.exe116⤵
-
\??\c:\xfffxfx.exec:\xfffxfx.exe117⤵
-
\??\c:\btbttn.exec:\btbttn.exe118⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe119⤵
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe120⤵
-
\??\c:\hbtnth.exec:\hbtnth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-