Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01/06/2024, 07:07
General
-
Target
91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe
-
Size
103KB
-
MD5
91ff6c48df9c11d80cf91dd37b3b1a10
-
SHA1
c3ae48eb15c61b918b6a02a3366621534229bc4a
-
SHA256
c0396674dc1f3bd16806afe2fb51c53358126b51b28290139cce6bacf316a505
-
SHA512
06b54e9c84d4e938217eebbfdc4dd5ac11a4c02996b272734fbee0ba3c78c490d33d2c70524caa0be7a1c2ff63f8e54893500bf006bf2155b0e008ebfc4ee454
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfnLnN3oT:ymb3NkkiQ3mdBjFo5KDe88g1fR8R
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\91ff6c48df9c11d80cf91dd37b3b1a10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flffrff.exec:\flffrff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlff.exec:\xrrrlff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnnhh.exec:\3tnnhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjj.exec:\vjjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjj.exec:\ddjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfxrrr.exec:\9xfxrrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhthbb.exec:\bhthbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxrrr.exec:\rrxxrrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhhhh.exec:\5bhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvvj.exec:\9jvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllffff.exec:\xllffff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhhb.exec:\hnhhhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvp.exec:\vpdvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvpp.exec:\jdvpp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrllf.exec:\lxrrllf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtb.exec:\btbbtb.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbnh.exec:\tntbnh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjjd.exec:\jpjjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxxx.exec:\rxlfxxx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnbb.exec:\bbnnbb.exe23⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe24⤵
- Executes dropped EXE
-
\??\c:\dddvp.exec:\dddvp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrrllf.exec:\fxrrllf.exe26⤵
- Executes dropped EXE
-
\??\c:\ttttnt.exec:\ttttnt.exe27⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe28⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\rrxffxx.exec:\rrxffxx.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnhhn.exec:\nnnhhn.exe31⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe32⤵
- Executes dropped EXE
-
\??\c:\lfxxxxr.exec:\lfxxxxr.exe33⤵
- Executes dropped EXE
-
\??\c:\fxffxfr.exec:\fxffxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\flrllff.exec:\flrllff.exe38⤵
- Executes dropped EXE
-
\??\c:\frxfrll.exec:\frxfrll.exe39⤵
- Executes dropped EXE
-
\??\c:\htbbnt.exec:\htbbnt.exe40⤵
- Executes dropped EXE
-
\??\c:\3ttnhh.exec:\3ttnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\lxrrlfl.exec:\lxrrlfl.exe43⤵
- Executes dropped EXE
-
\??\c:\9flfxxr.exec:\9flfxxr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe46⤵
- Executes dropped EXE
-
\??\c:\7jppp.exec:\7jppp.exe47⤵
- Executes dropped EXE
-
\??\c:\3xllxrr.exec:\3xllxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\1thbhn.exec:\1thbhn.exe49⤵
- Executes dropped EXE
-
\??\c:\7dddp.exec:\7dddp.exe50⤵
- Executes dropped EXE
-
\??\c:\9flfrxr.exec:\9flfrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlrffl.exec:\fxlrffl.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnnnn.exec:\bhnnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\vdppj.exec:\vdppj.exe54⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe55⤵
- Executes dropped EXE
-
\??\c:\5fllfff.exec:\5fllfff.exe56⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe57⤵
- Executes dropped EXE
-
\??\c:\1frlxxf.exec:\1frlxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nntnhh.exec:\nntnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\pvvpj.exec:\pvvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxxffr.exec:\lfxxffr.exe62⤵
- Executes dropped EXE
-
\??\c:\frrlllr.exec:\frrlllr.exe63⤵
- Executes dropped EXE
-
\??\c:\thhthn.exec:\thhthn.exe64⤵
- Executes dropped EXE
-
\??\c:\9ttttt.exec:\9ttttt.exe65⤵
- Executes dropped EXE
-
\??\c:\5pvdp.exec:\5pvdp.exe66⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe67⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe68⤵
-
\??\c:\nnbbht.exec:\nnbbht.exe69⤵
-
\??\c:\btnhhh.exec:\btnhhh.exe70⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe71⤵
-
\??\c:\1flfxll.exec:\1flfxll.exe72⤵
-
\??\c:\htttnb.exec:\htttnb.exe73⤵
-
\??\c:\rrflrxl.exec:\rrflrxl.exe74⤵
-
\??\c:\7bnnnt.exec:\7bnnnt.exe75⤵
-
\??\c:\ddppd.exec:\ddppd.exe76⤵
-
\??\c:\vdppp.exec:\vdppp.exe77⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe78⤵
-
\??\c:\rrfxrfl.exec:\rrfxrfl.exe79⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe80⤵
-
\??\c:\vddvp.exec:\vddvp.exe81⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe82⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe83⤵
-
\??\c:\bbbtnt.exec:\bbbtnt.exe84⤵
-
\??\c:\9pvpp.exec:\9pvpp.exe85⤵
-
\??\c:\jpvvp.exec:\jpvvp.exe86⤵
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe87⤵
-
\??\c:\fxxrxfx.exec:\fxxrxfx.exe88⤵
-
\??\c:\7thbbb.exec:\7thbbb.exe89⤵
-
\??\c:\9ttbtb.exec:\9ttbtb.exe90⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe91⤵
-
\??\c:\fffffrl.exec:\fffffrl.exe92⤵
-
\??\c:\7hhbnh.exec:\7hhbnh.exe93⤵
-
\??\c:\nthhht.exec:\nthhht.exe94⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe95⤵
-
\??\c:\pjddv.exec:\pjddv.exe96⤵
-
\??\c:\5lrxlrl.exec:\5lrxlrl.exe97⤵
-
\??\c:\xxrlrrr.exec:\xxrlrrr.exe98⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe99⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe100⤵
-
\??\c:\1dddv.exec:\1dddv.exe101⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe102⤵
-
\??\c:\frrxrrl.exec:\frrxrrl.exe103⤵
-
\??\c:\nnnnbb.exec:\nnnnbb.exe104⤵
-
\??\c:\9bbbhh.exec:\9bbbhh.exe105⤵
-
\??\c:\pjddv.exec:\pjddv.exe106⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe107⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe108⤵
-
\??\c:\1hbtnb.exec:\1hbtnb.exe109⤵
-
\??\c:\ntbbbh.exec:\ntbbbh.exe110⤵
-
\??\c:\pppvv.exec:\pppvv.exe111⤵
-
\??\c:\7ppjd.exec:\7ppjd.exe112⤵
-
\??\c:\xrlfffx.exec:\xrlfffx.exe113⤵
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe114⤵
-
\??\c:\htbbth.exec:\htbbth.exe115⤵
-
\??\c:\9ntnhn.exec:\9ntnhn.exe116⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe117⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe118⤵
-
\??\c:\rlrllfr.exec:\rlrllfr.exe119⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe120⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-