Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-05-2024 22:06
General
-
Target
6a3b73961aaf59a68034c98cea3f1a30_NeikiAnalytics.exe
-
Size
487KB
-
MD5
6a3b73961aaf59a68034c98cea3f1a30
-
SHA1
0a78f5c8625735cc39e3fb1e05966803d747e260
-
SHA256
61113d46fac84c03255967f8d498b74667f5352e20cd16eb90dec8db2150c181
-
SHA512
c823195fcd1a51cc5f168efe73b2480dc732391a1c4a270862127bf9f4797fb35dcf3644cf2f6a218fb69fd91601becdb49a54202544bbb6d75c95f1f84769fb
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkUo7tvnJ9oH0IiVByq9CPobNVlv:n3C9ytvngQjgtvngSV3CPobNVp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
njRAT/Bladabindi
Widely used RAT written in .NET.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a3b73961aaf59a68034c98cea3f1a30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a3b73961aaf59a68034c98cea3f1a30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxxxr.exec:\rffxxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbb.exec:\nhnhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xffllr.exec:\9xffllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjd.exec:\pjpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxlxr.exec:\xllxlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ttnnn.exec:\5ttnnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlll.exec:\xrrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjd.exec:\9vpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxffll.exec:\rrxffll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jddv.exec:\7jddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbt.exec:\hnnhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvvp.exec:\3vvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlxrl.exec:\5lrlxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfllrr.exec:\7xfllrr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbthb.exec:\bhbthb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdj.exec:\pdvdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hhnnb.exec:\7hhnnb.exe23⤵
- Executes dropped EXE
-
\??\c:\1djdj.exec:\1djdj.exe24⤵
- Executes dropped EXE
-
\??\c:\1dvpj.exec:\1dvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe26⤵
- Executes dropped EXE
-
\??\c:\nhthtn.exec:\nhthtn.exe27⤵
- Executes dropped EXE
-
\??\c:\3lfxrrl.exec:\3lfxrrl.exe28⤵
- Executes dropped EXE
-
\??\c:\tntnbn.exec:\tntnbn.exe29⤵
- Executes dropped EXE
-
\??\c:\hhthbb.exec:\hhthbb.exe30⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe31⤵
- Executes dropped EXE
-
\??\c:\lffxrrl.exec:\lffxrrl.exe32⤵
- Executes dropped EXE
-
\??\c:\tnbthb.exec:\tnbthb.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe34⤵
- Executes dropped EXE
-
\??\c:\3ppjv.exec:\3ppjv.exe35⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe36⤵
- Executes dropped EXE
-
\??\c:\3tbthb.exec:\3tbthb.exe37⤵
- Executes dropped EXE
-
\??\c:\3vdvv.exec:\3vdvv.exe38⤵
- Executes dropped EXE
-
\??\c:\1fxrllf.exec:\1fxrllf.exe39⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe40⤵
- Executes dropped EXE
-
\??\c:\9pjdv.exec:\9pjdv.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe42⤵
- Executes dropped EXE
-
\??\c:\5hhtbt.exec:\5hhtbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrxrll.exec:\rrrxrll.exe45⤵
- Executes dropped EXE
-
\??\c:\frrlffx.exec:\frrlffx.exe46⤵
- Executes dropped EXE
-
\??\c:\nbhhbt.exec:\nbhhbt.exe47⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxrfxr.exec:\rrxrfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\btnthn.exec:\btnthn.exe50⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe51⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe52⤵
- Executes dropped EXE
-
\??\c:\7flfllf.exec:\7flfllf.exe53⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe54⤵
- Executes dropped EXE
-
\??\c:\7llxrlf.exec:\7llxrlf.exe55⤵
- Executes dropped EXE
-
\??\c:\xlfrfff.exec:\xlfrfff.exe56⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe57⤵
- Executes dropped EXE
-
\??\c:\jddpj.exec:\jddpj.exe58⤵
- Executes dropped EXE
-
\??\c:\lffxllx.exec:\lffxllx.exe59⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\rlrxlfl.exec:\rlrxlfl.exe62⤵
- Executes dropped EXE
-
\??\c:\bthtth.exec:\bthtth.exe63⤵
- Executes dropped EXE
-
\??\c:\nbnbhb.exec:\nbnbhb.exe64⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe65⤵
- Executes dropped EXE
-
\??\c:\xflfrrl.exec:\xflfrrl.exe66⤵
-
\??\c:\htbthb.exec:\htbthb.exe67⤵
-
\??\c:\nbbthb.exec:\nbbthb.exe68⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe69⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe70⤵
-
\??\c:\fffrfxr.exec:\fffrfxr.exe71⤵
-
\??\c:\djdvp.exec:\djdvp.exe72⤵
-
\??\c:\5ffxrlf.exec:\5ffxrlf.exe73⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe74⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe75⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe76⤵
-
\??\c:\rrlrrlf.exec:\rrlrrlf.exe77⤵
-
\??\c:\hhttnh.exec:\hhttnh.exe78⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe79⤵
-
\??\c:\jpppj.exec:\jpppj.exe80⤵
-
\??\c:\7lllflf.exec:\7lllflf.exe81⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe82⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe83⤵
-
\??\c:\1bbttt.exec:\1bbttt.exe84⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe85⤵
-
\??\c:\frlxlrl.exec:\frlxlrl.exe86⤵
-
\??\c:\7lllffx.exec:\7lllffx.exe87⤵
-
\??\c:\hbnnhb.exec:\hbnnhb.exe88⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe89⤵
-
\??\c:\ppppj.exec:\ppppj.exe90⤵
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe91⤵
-
\??\c:\thbbtt.exec:\thbbtt.exe92⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe93⤵
-
\??\c:\9jvjp.exec:\9jvjp.exe94⤵
-
\??\c:\rxxxxxr.exec:\rxxxxxr.exe95⤵
-
\??\c:\7xxrllr.exec:\7xxrllr.exe96⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe97⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe98⤵
-
\??\c:\9rlfxxx.exec:\9rlfxxx.exe99⤵
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe100⤵
-
\??\c:\btntbt.exec:\btntbt.exe101⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe102⤵
-
\??\c:\3ddvv.exec:\3ddvv.exe103⤵
-
\??\c:\ffrlxxf.exec:\ffrlxxf.exe104⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe105⤵
-
\??\c:\ppppd.exec:\ppppd.exe106⤵
-
\??\c:\xrrrlrr.exec:\xrrrlrr.exe107⤵
-
\??\c:\3rxxrrr.exec:\3rxxrrr.exe108⤵
-
\??\c:\5nbtbb.exec:\5nbtbb.exe109⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe110⤵
-
\??\c:\dppdj.exec:\dppdj.exe111⤵
-
\??\c:\rlxxllf.exec:\rlxxllf.exe112⤵
-
\??\c:\3nttnn.exec:\3nttnn.exe113⤵
-
\??\c:\bbnhtt.exec:\bbnhtt.exe114⤵
-
\??\c:\1dpdj.exec:\1dpdj.exe115⤵
-
\??\c:\fxrrlll.exec:\fxrrlll.exe116⤵
-
\??\c:\lllfxxr.exec:\lllfxxr.exe117⤵
-
\??\c:\hbhbnn.exec:\hbhbnn.exe118⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe119⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe120⤵
-
\??\c:\llrlxrr.exec:\llrlxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-