Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
31/05/2024, 19:25
General
-
Target
0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe
-
Size
62KB
-
MD5
0c86dfa8feef7c24c5b5137eae705760
-
SHA1
4521e0c33a974b2a1e64f2ab6e7997046916c7eb
-
SHA256
f049bc9b8865d0927215c0f6052f96263ff357ef8947bb92966dadb2cf58279a
-
SHA512
0f90a04a8bb8d871ee6d46ee765d9acbed8fc031fa572d82d8c624870f3ca7298fa741c21f7374892b4e65d3e1bef59540e7c567b3b62116ebc9eb790e273ecd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKE4:ymb3NkkiQ3mdBjFII9ZvHKE4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrxl.exec:\xrlrrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnbhn.exec:\3nnbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttttt.exec:\9ttttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrfl.exec:\rlrrrfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrffx.exec:\rfxrffx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhn.exec:\nhtbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvj.exec:\5jvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllll.exec:\fllllll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbttt.exec:\1tbttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdj.exec:\vjvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllfll.exec:\lfllfll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttt.exec:\tttttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhhhn.exec:\9bhhhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjj.exec:\pvdjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrrrrl.exec:\lrrrrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhbh.exec:\htnhbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjp.exec:\jpjjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxffll.exec:\rlxffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbtn.exec:\hhtbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe24⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe25⤵
- Executes dropped EXE
-
\??\c:\lllxrxx.exec:\lllxrxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe27⤵
- Executes dropped EXE
-
\??\c:\bbbbbh.exec:\bbbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe29⤵
- Executes dropped EXE
-
\??\c:\rrfffff.exec:\rrfffff.exe30⤵
- Executes dropped EXE
-
\??\c:\nntbht.exec:\nntbht.exe31⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\9dddd.exec:\9dddd.exe33⤵
- Executes dropped EXE
-
\??\c:\1frrxff.exec:\1frrxff.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxfxxf.exec:\ffxfxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe36⤵
- Executes dropped EXE
-
\??\c:\djppd.exec:\djppd.exe37⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\xlxrxrl.exec:\xlxrxrl.exe39⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\3nbbhn.exec:\3nbbhn.exe41⤵
-
\??\c:\dpddd.exec:\dpddd.exe42⤵
- Executes dropped EXE
-
\??\c:\7ddvv.exec:\7ddvv.exe43⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe44⤵
- Executes dropped EXE
-
\??\c:\fffrrrr.exec:\fffrrrr.exe45⤵
- Executes dropped EXE
-
\??\c:\9ntnnn.exec:\9ntnnn.exe46⤵
- Executes dropped EXE
-
\??\c:\bhtbhh.exec:\bhtbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vvvvp.exec:\vvvvp.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe49⤵
- Executes dropped EXE
-
\??\c:\lffflll.exec:\lffflll.exe50⤵
- Executes dropped EXE
-
\??\c:\rxflrrr.exec:\rxflrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\tbhhbh.exec:\tbhhbh.exe52⤵
- Executes dropped EXE
-
\??\c:\tntbbb.exec:\tntbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\hbbtnt.exec:\hbbtnt.exe54⤵
- Executes dropped EXE
-
\??\c:\1jpjd.exec:\1jpjd.exe55⤵
- Executes dropped EXE
-
\??\c:\lrxlfxl.exec:\lrxlfxl.exe56⤵
- Executes dropped EXE
-
\??\c:\frfflrx.exec:\frfflrx.exe57⤵
- Executes dropped EXE
-
\??\c:\hhnhtn.exec:\hhnhtn.exe58⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\7lrxxff.exec:\7lrxxff.exe61⤵
- Executes dropped EXE
-
\??\c:\lxfxxxr.exec:\lxfxxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe63⤵
- Executes dropped EXE
-
\??\c:\3nhnnn.exec:\3nhnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\djjpp.exec:\djjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\7dddv.exec:\7dddv.exe66⤵
- Executes dropped EXE
-
\??\c:\rxrxllf.exec:\rxrxllf.exe67⤵
-
\??\c:\rflllrr.exec:\rflllrr.exe68⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe69⤵
-
\??\c:\tththn.exec:\tththn.exe70⤵
-
\??\c:\3pvvd.exec:\3pvvd.exe71⤵
-
\??\c:\jjppj.exec:\jjppj.exe72⤵
-
\??\c:\7xlllrf.exec:\7xlllrf.exe73⤵
-
\??\c:\xrfxxff.exec:\xrfxxff.exe74⤵
-
\??\c:\nntnnb.exec:\nntnnb.exe75⤵
-
\??\c:\ttnnht.exec:\ttnnht.exe76⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe77⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe78⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe79⤵
-
\??\c:\1xxlxxf.exec:\1xxlxxf.exe80⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe81⤵
-
\??\c:\nbnttb.exec:\nbnttb.exe82⤵
-
\??\c:\ppddp.exec:\ppddp.exe83⤵
-
\??\c:\jjdvd.exec:\jjdvd.exe84⤵
-
\??\c:\rfrxrxf.exec:\rfrxrxf.exe85⤵
-
\??\c:\5rffrxx.exec:\5rffrxx.exe86⤵
-
\??\c:\hhhhhn.exec:\hhhhhn.exe87⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe88⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe89⤵
-
\??\c:\vvddd.exec:\vvddd.exe90⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe91⤵
-
\??\c:\3vvpp.exec:\3vvpp.exe92⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe93⤵
-
\??\c:\fxxfxff.exec:\fxxfxff.exe94⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe95⤵
-
\??\c:\5hntnn.exec:\5hntnn.exe96⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe97⤵
-
\??\c:\llxxffr.exec:\llxxffr.exe98⤵
-
\??\c:\bthhhn.exec:\bthhhn.exe99⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe100⤵
-
\??\c:\ppppj.exec:\ppppj.exe101⤵
-
\??\c:\ddppj.exec:\ddppj.exe102⤵
-
\??\c:\xxfflll.exec:\xxfflll.exe103⤵
-
\??\c:\9flrxff.exec:\9flrxff.exe104⤵
-
\??\c:\3hhnhb.exec:\3hhnhb.exe105⤵
-
\??\c:\htttnt.exec:\htttnt.exe106⤵
-
\??\c:\vvddv.exec:\vvddv.exe107⤵
-
\??\c:\jdjjd.exec:\jdjjd.exe108⤵
-
\??\c:\rxrxxll.exec:\rxrxxll.exe109⤵
-
\??\c:\lflfrrx.exec:\lflfrrx.exe110⤵
-
\??\c:\1tttbh.exec:\1tttbh.exe111⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe112⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe113⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe114⤵
-
\??\c:\xxrrlll.exec:\xxrrlll.exe115⤵
-
\??\c:\3fflxxl.exec:\3fflxxl.exe116⤵
-
\??\c:\thhttb.exec:\thhttb.exe117⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe118⤵
-
\??\c:\jjppp.exec:\jjppp.exe119⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe120⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-