Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
01/06/2024, 02:02
General
-
Target
8939e53c1085f7e29719d7aca08250d0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
8939e53c1085f7e29719d7aca08250d0
-
SHA1
19a8b0fc5ae52a49efa69fb8536bd2c242b2ac58
-
SHA256
90383a843e10e1e3eebcb088a9bd5903fd61a2a6ffe55b290371872032b8fe41
-
SHA512
65dcb934d7b561bdf57e561009934e5f15c588ddb8b39c0214f713e54a8c695b4371b65bbe46c3b5c430bbdefb431930b433c0ebd30c201209b6a0305b6db70d
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+IJPhbMiFC:zhOmTsF93UYfwC6GIoutiTm5hIiFC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8939e53c1085f7e29719d7aca08250d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8939e53c1085f7e29719d7aca08250d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlrrr.exec:\rrxlrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrflf.exec:\flrrflf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnbh.exec:\nbbnbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppd.exec:\pvppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrrxfr.exec:\frrrxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffxxr.exec:\rlffxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnhh.exec:\bnnnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpd.exec:\dpvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnt.exec:\nnttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllrlrr.exec:\rllrlrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtbb.exec:\htbtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvp.exec:\jvpvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjjj.exec:\djjjj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhht.exec:\bbbhht.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fllfrf.exec:\5fllfrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnnn.exec:\bnnnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjdd.exec:\dvjdd.exe24⤵
- Executes dropped EXE
-
\??\c:\fllfxxx.exec:\fllfxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\tnnnnb.exec:\tnnnnb.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnhhn.exec:\bnnhhn.exe27⤵
- Executes dropped EXE
-
\??\c:\flxxxxx.exec:\flxxxxx.exe28⤵
- Executes dropped EXE
-
\??\c:\nbbtnn.exec:\nbbtnn.exe29⤵
- Executes dropped EXE
-
\??\c:\ttttnn.exec:\ttttnn.exe30⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe31⤵
- Executes dropped EXE
-
\??\c:\lxrllxr.exec:\lxrllxr.exe32⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe33⤵
- Executes dropped EXE
-
\??\c:\htbbhn.exec:\htbbhn.exe34⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe35⤵
- Executes dropped EXE
-
\??\c:\fxxxrxx.exec:\fxxxrxx.exe36⤵
- Executes dropped EXE
-
\??\c:\bttbbb.exec:\bttbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\1bnntt.exec:\1bnntt.exe38⤵
- Executes dropped EXE
-
\??\c:\jdjvp.exec:\jdjvp.exe39⤵
- Executes dropped EXE
-
\??\c:\ffrffll.exec:\ffrffll.exe40⤵
- Executes dropped EXE
-
\??\c:\btntnb.exec:\btntnb.exe41⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe42⤵
- Executes dropped EXE
-
\??\c:\xflrxll.exec:\xflrxll.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrlxxr.exec:\lfrlxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\hnttnt.exec:\hnttnt.exe45⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe46⤵
- Executes dropped EXE
-
\??\c:\fflrrxf.exec:\fflrrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\1rllfff.exec:\1rllfff.exe48⤵
- Executes dropped EXE
-
\??\c:\thbbtt.exec:\thbbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\nnhhbh.exec:\nnhhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vppvv.exec:\vppvv.exe51⤵
- Executes dropped EXE
-
\??\c:\lrrrlrx.exec:\lrrrlrx.exe52⤵
- Executes dropped EXE
-
\??\c:\rflllrx.exec:\rflllrx.exe53⤵
- Executes dropped EXE
-
\??\c:\nhhnnn.exec:\nhhnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnbth.exec:\hbnbth.exe55⤵
- Executes dropped EXE
-
\??\c:\dvpjp.exec:\dvpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\xffxxxx.exec:\xffxxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\fxxrlrf.exec:\fxxrlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe59⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe60⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe61⤵
- Executes dropped EXE
-
\??\c:\flxxflx.exec:\flxxflx.exe62⤵
- Executes dropped EXE
-
\??\c:\nntnhn.exec:\nntnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe64⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe65⤵
- Executes dropped EXE
-
\??\c:\llffrrr.exec:\llffrrr.exe66⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe67⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe68⤵
-
\??\c:\9nbhbb.exec:\9nbhbb.exe69⤵
-
\??\c:\pjvpj.exec:\pjvpj.exe70⤵
-
\??\c:\lrflrxx.exec:\lrflrxx.exe71⤵
-
\??\c:\bthbnn.exec:\bthbnn.exe72⤵
-
\??\c:\htthnb.exec:\htthnb.exe73⤵
-
\??\c:\djppp.exec:\djppp.exe74⤵
-
\??\c:\jddpv.exec:\jddpv.exe75⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe76⤵
-
\??\c:\tbnnht.exec:\tbnnht.exe77⤵
-
\??\c:\dvddj.exec:\dvddj.exe78⤵
-
\??\c:\9dppp.exec:\9dppp.exe79⤵
-
\??\c:\lxlxllf.exec:\lxlxllf.exe80⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe81⤵
-
\??\c:\bnnnhh.exec:\bnnnhh.exe82⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe83⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe84⤵
-
\??\c:\xxrlrxr.exec:\xxrlrxr.exe85⤵
-
\??\c:\lxlfffx.exec:\lxlfffx.exe86⤵
-
\??\c:\tthhbn.exec:\tthhbn.exe87⤵
-
\??\c:\7djdp.exec:\7djdp.exe88⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe89⤵
-
\??\c:\fxfxrxx.exec:\fxfxrxx.exe90⤵
-
\??\c:\lllfxfx.exec:\lllfxfx.exe91⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe92⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe93⤵
-
\??\c:\lflffxx.exec:\lflffxx.exe94⤵
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe95⤵
-
\??\c:\hbnbnn.exec:\hbnbnn.exe96⤵
-
\??\c:\djdvd.exec:\djdvd.exe97⤵
-
\??\c:\xrrrlff.exec:\xrrrlff.exe98⤵
-
\??\c:\9tbhht.exec:\9tbhht.exe99⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe100⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe101⤵
-
\??\c:\rxfxflf.exec:\rxfxflf.exe102⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe103⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe104⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe105⤵
-
\??\c:\rffxrrr.exec:\rffxrrr.exe106⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe107⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe108⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe109⤵
-
\??\c:\vjpdp.exec:\vjpdp.exe110⤵
-
\??\c:\lrxrrrx.exec:\lrxrrrx.exe111⤵
-
\??\c:\bntnhh.exec:\bntnhh.exe112⤵
-
\??\c:\nntnhh.exec:\nntnhh.exe113⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe114⤵
-
\??\c:\vvppv.exec:\vvppv.exe115⤵
-
\??\c:\bttnbh.exec:\bttnbh.exe116⤵
-
\??\c:\frfrllr.exec:\frfrllr.exe117⤵
-
\??\c:\rflfxrr.exec:\rflfxrr.exe118⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe119⤵
-
\??\c:\vppvv.exec:\vppvv.exe120⤵
-
\??\c:\pdddv.exec:\pdddv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-