Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29/05/2024, 13:03
General
-
Target
54fd12996f12514733f5cb3b262148b0_NeikiAnalytics.exe
-
Size
497KB
-
MD5
54fd12996f12514733f5cb3b262148b0
-
SHA1
07309c4593849367e14c646a2cc3836c4969db9b
-
SHA256
e76c32aa146b517ab517bb72f368196f9613ea476e77606c1465b5c0f469414f
-
SHA512
5d3ec0338dad8bf82f304ac96cd8d006ae874a80a7e2c60d1a019407ecab5d39a8996673355d76482b94c17647ac1a60632fb5c97bd0d01b7945f334936c7317
-
SSDEEP
12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxS:0KFmFVtrRcFEFmFA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\54fd12996f12514733f5cb3b262148b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\54fd12996f12514733f5cb3b262148b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllrfxl.exec:\fllrfxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrfxl.exec:\ffrrfxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ntnhb.exec:\3ntnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxrrl.exec:\xxfxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttnn.exec:\bhttnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdp.exec:\vdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjp.exec:\vvjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrxr.exec:\fxfrrxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbb.exec:\bbnhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflfff.exec:\lrflfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nntnt.exec:\7nntnt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxlfff.exec:\frxlfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrlrr.exec:\fxlrlrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhbh.exec:\9hhhbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe23⤵
- Executes dropped EXE
-
\??\c:\3xlflfx.exec:\3xlflfx.exe24⤵
- Executes dropped EXE
-
\??\c:\bbbnnt.exec:\bbbnnt.exe25⤵
- Executes dropped EXE
-
\??\c:\djpvv.exec:\djpvv.exe26⤵
- Executes dropped EXE
-
\??\c:\frlrfxr.exec:\frlrfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\thttnh.exec:\thttnh.exe28⤵
- Executes dropped EXE
-
\??\c:\1nnnhh.exec:\1nnnhh.exe29⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrxrrl.exec:\xrrxrrl.exe31⤵
- Executes dropped EXE
-
\??\c:\9hnhbb.exec:\9hnhbb.exe32⤵
- Executes dropped EXE
-
\??\c:\3jjdd.exec:\3jjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\rxlrrlr.exec:\rxlrrlr.exe34⤵
- Executes dropped EXE
-
\??\c:\rflfffx.exec:\rflfffx.exe35⤵
- Executes dropped EXE
-
\??\c:\ttbhbh.exec:\ttbhbh.exe36⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe37⤵
- Executes dropped EXE
-
\??\c:\rllllfx.exec:\rllllfx.exe38⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe39⤵
- Executes dropped EXE
-
\??\c:\nttbtn.exec:\nttbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe41⤵
- Executes dropped EXE
-
\??\c:\ddpdd.exec:\ddpdd.exe42⤵
- Executes dropped EXE
-
\??\c:\7xxxlll.exec:\7xxxlll.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbbtn.exec:\bnbbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\xlrrrlf.exec:\xlrrrlf.exe46⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe47⤵
- Executes dropped EXE
-
\??\c:\bbhbtt.exec:\bbhbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\5flfxxx.exec:\5flfxxx.exe49⤵
- Executes dropped EXE
-
\??\c:\xlxrlfx.exec:\xlxrlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\hhttbh.exec:\hhttbh.exe51⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xrxffrr.exec:\xrxffrr.exe53⤵
- Executes dropped EXE
-
\??\c:\lxrlrlr.exec:\lxrlrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe56⤵
- Executes dropped EXE
-
\??\c:\rxlxllf.exec:\rxlxllf.exe57⤵
- Executes dropped EXE
-
\??\c:\hnbtnt.exec:\hnbtnt.exe58⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe59⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxflffl.exec:\xxflffl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\ppjjd.exec:\ppjjd.exe63⤵
- Executes dropped EXE
-
\??\c:\jdppp.exec:\jdppp.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe65⤵
- Executes dropped EXE
-
\??\c:\nbbbtn.exec:\nbbbtn.exe66⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe67⤵
-
\??\c:\9fffxll.exec:\9fffxll.exe68⤵
-
\??\c:\3htnht.exec:\3htnht.exe69⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe70⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe71⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe72⤵
-
\??\c:\frrllfr.exec:\frrllfr.exe73⤵
-
\??\c:\fxrlfll.exec:\fxrlfll.exe74⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe75⤵
-
\??\c:\pvddd.exec:\pvddd.exe76⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe77⤵
-
\??\c:\nnbtbb.exec:\nnbtbb.exe78⤵
-
\??\c:\1jddd.exec:\1jddd.exe79⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe80⤵
-
\??\c:\rrxrfff.exec:\rrxrfff.exe81⤵
-
\??\c:\hhthnn.exec:\hhthnn.exe82⤵
-
\??\c:\pdjvp.exec:\pdjvp.exe83⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe84⤵
-
\??\c:\lrrlllf.exec:\lrrlllf.exe85⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe86⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe87⤵
-
\??\c:\pjddd.exec:\pjddd.exe88⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe89⤵
-
\??\c:\nbnhbb.exec:\nbnhbb.exe90⤵
-
\??\c:\nthbbb.exec:\nthbbb.exe91⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe92⤵
-
\??\c:\xrlfxrx.exec:\xrlfxrx.exe93⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe94⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe95⤵
-
\??\c:\jvdpj.exec:\jvdpj.exe96⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe97⤵
-
\??\c:\5hnnhn.exec:\5hnnhn.exe98⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe99⤵
-
\??\c:\vdpjv.exec:\vdpjv.exe100⤵
-
\??\c:\llxrffr.exec:\llxrffr.exe101⤵
-
\??\c:\ntthbt.exec:\ntthbt.exe102⤵
-
\??\c:\dpppj.exec:\dpppj.exe103⤵
-
\??\c:\9dddv.exec:\9dddv.exe104⤵
-
\??\c:\xlxrxxr.exec:\xlxrxxr.exe105⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe106⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe107⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe108⤵
-
\??\c:\xflllll.exec:\xflllll.exe109⤵
-
\??\c:\bhhhtt.exec:\bhhhtt.exe110⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe111⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe112⤵
-
\??\c:\rlfflff.exec:\rlfflff.exe113⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe114⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe115⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe116⤵
-
\??\c:\fflffff.exec:\fflffff.exe117⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe118⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe119⤵
-
\??\c:\vdjdv.exec:\vdjdv.exe120⤵
-
\??\c:\xxfxxfx.exec:\xxfxxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-