Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 22:47
General
-
Target
05b0c83c51cc2b7a7ff53dffcac32f50_NeikiAnalytics.exe
-
Size
366KB
-
MD5
05b0c83c51cc2b7a7ff53dffcac32f50
-
SHA1
579b0de65d7d9eb40fa802a4394107aedfd74bc2
-
SHA256
1bfaf5f11b399053a4dc442715ef4d110be93acf121af3089fd2b4477220f261
-
SHA512
a3e87d88b1b047dcd7d8db19553081ba69a84a25f89f7ca6d0da19c58b37e3179aa58b7788b02696b7c9828ab08b828e21dd87ca68e410fc106b81e6f3379065
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFha:n3C9ytvnVXFUXoSWlnwJv90aKToFqwfw
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\05b0c83c51cc2b7a7ff53dffcac32f50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\05b0c83c51cc2b7a7ff53dffcac32f50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpjj.exec:\7dpjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbttb.exec:\tbbttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppv.exec:\dvppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxfx.exec:\rllfxfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbb.exec:\nnnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjd.exec:\dvjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlllfx.exec:\xxlllfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhhb.exec:\ttnhhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddvp.exec:\1ddvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfxxr.exec:\rfrfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrlfl.exec:\xxxrlfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbbb.exec:\hbnbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfllr.exec:\xxrfllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllfxx.exec:\3lllfxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thbtt.exec:\5thbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpd.exec:\jdvpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlffxr.exec:\lxlffxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfflrll.exec:\lfflrll.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnh.exec:\hbnnnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe24⤵
- Executes dropped EXE
-
\??\c:\bntttn.exec:\bntttn.exe25⤵
- Executes dropped EXE
-
\??\c:\pvdvv.exec:\pvdvv.exe26⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\rxllfxl.exec:\rxllfxl.exe28⤵
- Executes dropped EXE
-
\??\c:\tttnnn.exec:\tttnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe30⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe31⤵
- Executes dropped EXE
-
\??\c:\frrllfx.exec:\frrllfx.exe32⤵
- Executes dropped EXE
-
\??\c:\nbnhhh.exec:\nbnhhh.exe33⤵
- Executes dropped EXE
-
\??\c:\jdddd.exec:\jdddd.exe34⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\1xlffff.exec:\1xlffff.exe36⤵
- Executes dropped EXE
-
\??\c:\1rrrlfx.exec:\1rrrlfx.exe37⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe40⤵
- Executes dropped EXE
-
\??\c:\rllfffx.exec:\rllfffx.exe41⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\bnnhhh.exec:\bnnhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe44⤵
- Executes dropped EXE
-
\??\c:\ffrxxrx.exec:\ffrxxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\rfrrrxx.exec:\rfrrrxx.exe46⤵
- Executes dropped EXE
-
\??\c:\3hnttt.exec:\3hnttt.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe48⤵
- Executes dropped EXE
-
\??\c:\7lrxrrl.exec:\7lrxrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbbbbb.exec:\bbbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\pjvpj.exec:\pjvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\vdppp.exec:\vdppp.exe53⤵
- Executes dropped EXE
-
\??\c:\xlfxxxr.exec:\xlfxxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\5bnnnt.exec:\5bnnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe56⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe57⤵
- Executes dropped EXE
-
\??\c:\xfxlrll.exec:\xfxlrll.exe58⤵
- Executes dropped EXE
-
\??\c:\xlxffff.exec:\xlxffff.exe59⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe60⤵
- Executes dropped EXE
-
\??\c:\5vjdv.exec:\5vjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\xlllffr.exec:\xlllffr.exe63⤵
- Executes dropped EXE
-
\??\c:\hnnhhb.exec:\hnnhhb.exe64⤵
- Executes dropped EXE
-
\??\c:\1jpvp.exec:\1jpvp.exe65⤵
- Executes dropped EXE
-
\??\c:\nbttbh.exec:\nbttbh.exe66⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe67⤵
-
\??\c:\llfrllf.exec:\llfrllf.exe68⤵
-
\??\c:\nbbnnt.exec:\nbbnnt.exe69⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe70⤵
-
\??\c:\rflrlrr.exec:\rflrlrr.exe71⤵
-
\??\c:\bbtnnh.exec:\bbtnnh.exe72⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe73⤵
-
\??\c:\xrrfxff.exec:\xrrfxff.exe74⤵
-
\??\c:\bttnnb.exec:\bttnnb.exe75⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe76⤵
-
\??\c:\rlxflfl.exec:\rlxflfl.exe77⤵
-
\??\c:\tbbntt.exec:\tbbntt.exe78⤵
-
\??\c:\3tbbnn.exec:\3tbbnn.exe79⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe80⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe81⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe82⤵
-
\??\c:\lfrllff.exec:\lfrllff.exe83⤵
-
\??\c:\1bhnnh.exec:\1bhnnh.exe84⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe85⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe86⤵
-
\??\c:\rlffffl.exec:\rlffffl.exe87⤵
-
\??\c:\7hhbtt.exec:\7hhbtt.exe88⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe89⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe90⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe91⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe92⤵
-
\??\c:\rxxfrxx.exec:\rxxfrxx.exe93⤵
-
\??\c:\hbbthb.exec:\hbbthb.exe94⤵
-
\??\c:\pvpjp.exec:\pvpjp.exe95⤵
-
\??\c:\ffrfffx.exec:\ffrfffx.exe96⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe97⤵
-
\??\c:\fxrllrl.exec:\fxrllrl.exe98⤵
-
\??\c:\hntttb.exec:\hntttb.exe99⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe100⤵
-
\??\c:\fxlffff.exec:\fxlffff.exe101⤵
-
\??\c:\rflrllf.exec:\rflrllf.exe102⤵
-
\??\c:\nhhbbt.exec:\nhhbbt.exe103⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe104⤵
-
\??\c:\pppvv.exec:\pppvv.exe105⤵
-
\??\c:\rlfxrlx.exec:\rlfxrlx.exe106⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe107⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe108⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe109⤵
-
\??\c:\3xlrlrr.exec:\3xlrlrr.exe110⤵
-
\??\c:\5xxrrrr.exec:\5xxrrrr.exe111⤵
-
\??\c:\nhnhbb.exec:\nhnhbb.exe112⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe113⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe114⤵
-
\??\c:\xxlllrx.exec:\xxlllrx.exe115⤵
-
\??\c:\httnbb.exec:\httnbb.exe116⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe117⤵
-
\??\c:\jpddd.exec:\jpddd.exe118⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe119⤵
-
\??\c:\tnnttn.exec:\tnnttn.exe120⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-