Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-06-2024 04:08
General
-
Target
8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe
-
Size
105KB
-
MD5
8cf49fb36ba7877d2a6507fb8d7087c0
-
SHA1
a9c7e49481ed62eac53a0db7175c91ab796a51b8
-
SHA256
b8772df95e941b06040c9fb9ab27e41c1032b0a1b0d2c78909e4c419a1d5eccf
-
SHA512
99c8fe53121bcd2c36b10b961a83c61e44373c1c905ad3c730ce1b1a9ef263ee7d82d3e97a373e9ea035b192a7e68aab07a426a1c9b237f2969d6b343ce8c006
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJNI:ymb3NkkiQ3mdBjFo5KDe88g1fDI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbnb.exec:\bhhbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvvv.exec:\djvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btnbb.exec:\9btnbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdv.exec:\vvpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxrr.exec:\llfxxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhbb.exec:\nbhhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnbt.exec:\hbnnbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppj.exec:\vdppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfflf.exec:\lrxfflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbbn.exec:\tntbbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlfxrl.exec:\1xlfxrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxxfl.exec:\fxxxxfl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbtth.exec:\bbbtth.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjp.exec:\jjpjp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjj.exec:\vvpjj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxfrlx.exec:\3xxfrlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvvv.exec:\5vvvv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrlflx.exec:\xfrlflx.exe23⤵
- Executes dropped EXE
-
\??\c:\3rrrrrl.exec:\3rrrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe25⤵
- Executes dropped EXE
-
\??\c:\frrxrxr.exec:\frrxrxr.exe26⤵
- Executes dropped EXE
-
\??\c:\hnthbn.exec:\hnthbn.exe27⤵
- Executes dropped EXE
-
\??\c:\hhbbbh.exec:\hhbbbh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe29⤵
- Executes dropped EXE
-
\??\c:\1xflxlx.exec:\1xflxlx.exe30⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe31⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe32⤵
- Executes dropped EXE
-
\??\c:\fllllxx.exec:\fllllxx.exe33⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe36⤵
- Executes dropped EXE
-
\??\c:\xxffxff.exec:\xxffxff.exe37⤵
- Executes dropped EXE
-
\??\c:\btthhn.exec:\btthhn.exe38⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe39⤵
- Executes dropped EXE
-
\??\c:\llxxfff.exec:\llxxfff.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlrrrx.exec:\xxlrrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\ttbbhh.exec:\ttbbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\9hhbtt.exec:\9hhbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe44⤵
- Executes dropped EXE
-
\??\c:\llrfxrx.exec:\llrfxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\7nnbbn.exec:\7nnbbn.exe46⤵
- Executes dropped EXE
-
\??\c:\tbtnnn.exec:\tbtnnn.exe47⤵
- Executes dropped EXE
-
\??\c:\xxfllxx.exec:\xxfllxx.exe48⤵
- Executes dropped EXE
-
\??\c:\lfffxrl.exec:\lfffxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe50⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe51⤵
- Executes dropped EXE
-
\??\c:\lrrxxfx.exec:\lrrxxfx.exe52⤵
- Executes dropped EXE
-
\??\c:\bnnbbh.exec:\bnnbbh.exe53⤵
- Executes dropped EXE
-
\??\c:\nnttbt.exec:\nnttbt.exe54⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\tthbnt.exec:\tthbnt.exe58⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrffxxx.exec:\rrffxxx.exe60⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpvp.exec:\dvpvp.exe62⤵
- Executes dropped EXE
-
\??\c:\xxrfrlf.exec:\xxrfrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\7xxfrlf.exec:\7xxfrlf.exe64⤵
- Executes dropped EXE
-
\??\c:\hbnhbn.exec:\hbnhbn.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe66⤵
-
\??\c:\xrlxrrl.exec:\xrlxrrl.exe67⤵
-
\??\c:\fxrflrx.exec:\fxrflrx.exe68⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe69⤵
-
\??\c:\ppddv.exec:\ppddv.exe70⤵
-
\??\c:\9xrlxxx.exec:\9xrlxxx.exe71⤵
-
\??\c:\bbthhh.exec:\bbthhh.exe72⤵
-
\??\c:\7bnhhn.exec:\7bnhhn.exe73⤵
-
\??\c:\pppdp.exec:\pppdp.exe74⤵
-
\??\c:\djjdd.exec:\djjdd.exe75⤵
-
\??\c:\nhhtnn.exec:\nhhtnn.exe76⤵
-
\??\c:\nnbttb.exec:\nnbttb.exe77⤵
-
\??\c:\jdddd.exec:\jdddd.exe78⤵
-
\??\c:\7lfrllx.exec:\7lfrllx.exe79⤵
-
\??\c:\tnnbth.exec:\tnnbth.exe80⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe81⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe82⤵
-
\??\c:\fxfxfrl.exec:\fxfxfrl.exe83⤵
-
\??\c:\hthtbt.exec:\hthtbt.exe84⤵
-
\??\c:\vdpdd.exec:\vdpdd.exe85⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe86⤵
-
\??\c:\9rfxxfx.exec:\9rfxxfx.exe87⤵
-
\??\c:\rlxrxxx.exec:\rlxrxxx.exe88⤵
-
\??\c:\bbtthb.exec:\bbtthb.exe89⤵
-
\??\c:\hhnhbb.exec:\hhnhbb.exe90⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe91⤵
-
\??\c:\xrxxflr.exec:\xrxxflr.exe92⤵
-
\??\c:\bbbttn.exec:\bbbttn.exe93⤵
-
\??\c:\ttbbhn.exec:\ttbbhn.exe94⤵
-
\??\c:\3djjp.exec:\3djjp.exe95⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe96⤵
-
\??\c:\3xxfxfl.exec:\3xxfxfl.exe97⤵
-
\??\c:\fxrxxxf.exec:\fxrxxxf.exe98⤵
-
\??\c:\5thhtb.exec:\5thhtb.exe99⤵
-
\??\c:\bbtbhh.exec:\bbtbhh.exe100⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe101⤵
-
\??\c:\tnbbtb.exec:\tnbbtb.exe102⤵
-
\??\c:\dvppd.exec:\dvppd.exe103⤵
-
\??\c:\jjvdd.exec:\jjvdd.exe104⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe105⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe106⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe107⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe108⤵
-
\??\c:\lrxrlxx.exec:\lrxrlxx.exe109⤵
-
\??\c:\xlxllfl.exec:\xlxllfl.exe110⤵
-
\??\c:\nnhnnt.exec:\nnhnnt.exe111⤵
-
\??\c:\thbhhh.exec:\thbhhh.exe112⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe113⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe114⤵
-
\??\c:\llllfxx.exec:\llllfxx.exe115⤵
-
\??\c:\llrxrxl.exec:\llrxrxl.exe116⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe117⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe118⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe119⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe120⤵
-
\??\c:\lfrrlrf.exec:\lfrrlrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-