Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
01-06-2024 10:52
General
-
Target
37ace104493fc601d378121297017200_NeikiAnalytics.exe
-
Size
56KB
-
MD5
37ace104493fc601d378121297017200
-
SHA1
8f12daec013402982b6b1753abf47949dc316b43
-
SHA256
03edc67a971ca7ff5d91525980507167627342ea39009f50abdf90a3c233abc9
-
SHA512
91c9384b94c83a81205f25c53a093b77ba1de8fdac195f29c7cb7e8858da7848a24a4d033e5cec01da0c24a7902a913c5b99ccbe4d2a98127c1b900d46250907
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chV+:ymb3NkkiQ3mdBjF0cr+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37ace104493fc601d378121297017200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\37ace104493fc601d378121297017200_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrlffx.exec:\lxrlffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnhn.exec:\9hnnhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdj.exec:\dpjdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlfff.exec:\flrlfff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffflf.exec:\lfffflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnn.exec:\tbhtnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddd.exec:\ddddd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlll.exec:\rfrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxxrx.exec:\lffxxrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnn.exec:\bntnnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hnnhh.exec:\3hnnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjpp.exec:\jpjpp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lffrrr.exec:\1lffrrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnnb.exec:\hnnnnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrrlrr.exec:\flrrlrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhnth.exec:\tbhnth.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpv.exec:\pjvpv.exe23⤵
- Executes dropped EXE
-
\??\c:\frrlrlf.exec:\frrlrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\jdddp.exec:\jdddp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlllxxl.exec:\rlllxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\rflffxx.exec:\rflffxx.exe28⤵
- Executes dropped EXE
-
\??\c:\thnhnn.exec:\thnhnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpdd.exec:\vvpdd.exe30⤵
- Executes dropped EXE
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe32⤵
- Executes dropped EXE
-
\??\c:\7bnhhn.exec:\7bnhhn.exe33⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe34⤵
- Executes dropped EXE
-
\??\c:\xfxfxxf.exec:\xfxfxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\fffxxxx.exec:\fffxxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe37⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe38⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe39⤵
- Executes dropped EXE
-
\??\c:\fxffrrx.exec:\fxffrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\lrlfrlx.exec:\lrlfrlx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe42⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe43⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrlrxx.exec:\rrrlrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\frxlfxl.exec:\frxlfxl.exe46⤵
- Executes dropped EXE
-
\??\c:\xrrrrrf.exec:\xrrrrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe48⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe49⤵
- Executes dropped EXE
-
\??\c:\3jvpp.exec:\3jvpp.exe50⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\xxrlrrf.exec:\xxrlrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\hhhbtb.exec:\hhhbtb.exe53⤵
- Executes dropped EXE
-
\??\c:\ppvpv.exec:\ppvpv.exe54⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe56⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe57⤵
- Executes dropped EXE
-
\??\c:\htbnnn.exec:\htbnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\3xfxlrr.exec:\3xfxlrr.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrrlrr.exec:\rlrrlrr.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe62⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe63⤵
- Executes dropped EXE
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe64⤵
- Executes dropped EXE
-
\??\c:\rlffffx.exec:\rlffffx.exe65⤵
- Executes dropped EXE
-
\??\c:\nbbbnn.exec:\nbbbnn.exe66⤵
-
\??\c:\vjdvp.exec:\vjdvp.exe67⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe68⤵
-
\??\c:\xrrlxxf.exec:\xrrlxxf.exe69⤵
-
\??\c:\rlxlxlx.exec:\rlxlxlx.exe70⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe71⤵
-
\??\c:\vvppv.exec:\vvppv.exe72⤵
-
\??\c:\jpdvp.exec:\jpdvp.exe73⤵
-
\??\c:\ffflxrf.exec:\ffflxrf.exe74⤵
-
\??\c:\rfllfxx.exec:\rfllfxx.exe75⤵
-
\??\c:\tntthb.exec:\tntthb.exe76⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe77⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe78⤵
-
\??\c:\fxlfxrr.exec:\fxlfxrr.exe79⤵
-
\??\c:\httbtb.exec:\httbtb.exe80⤵
-
\??\c:\5vppd.exec:\5vppd.exe81⤵
-
\??\c:\rfxllrr.exec:\rfxllrr.exe82⤵
-
\??\c:\bnhthh.exec:\bnhthh.exe83⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe84⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe85⤵
-
\??\c:\llxrfrf.exec:\llxrfrf.exe86⤵
-
\??\c:\lrrrlrl.exec:\lrrrlrl.exe87⤵
-
\??\c:\bhttht.exec:\bhttht.exe88⤵
-
\??\c:\7bttnn.exec:\7bttnn.exe89⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe90⤵
-
\??\c:\5xlxxll.exec:\5xlxxll.exe91⤵
-
\??\c:\rrxrlll.exec:\rrxrlll.exe92⤵
-
\??\c:\nhbhth.exec:\nhbhth.exe93⤵
-
\??\c:\bhnhbn.exec:\bhnhbn.exe94⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe95⤵
-
\??\c:\llrrxfx.exec:\llrrxfx.exe96⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe97⤵
-
\??\c:\ntbttb.exec:\ntbttb.exe98⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe99⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe100⤵
-
\??\c:\xxfllrx.exec:\xxfllrx.exe101⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe102⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe103⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe104⤵
-
\??\c:\llrlxxr.exec:\llrlxxr.exe105⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe106⤵
-
\??\c:\5nbbbb.exec:\5nbbbb.exe107⤵
-
\??\c:\vddvd.exec:\vddvd.exe108⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe109⤵
-
\??\c:\fxxfllf.exec:\fxxfllf.exe110⤵
-
\??\c:\1ffxrrr.exec:\1ffxrrr.exe111⤵
-
\??\c:\nhnnhh.exec:\nhnnhh.exe112⤵
-
\??\c:\jddvp.exec:\jddvp.exe113⤵
-
\??\c:\jddjj.exec:\jddjj.exe114⤵
-
\??\c:\7rlfxrx.exec:\7rlfxrx.exe115⤵
-
\??\c:\nnbbnt.exec:\nnbbnt.exe116⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe117⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe118⤵
-
\??\c:\ppvpv.exec:\ppvpv.exe119⤵
-
\??\c:\vdppp.exec:\vdppp.exe120⤵
-
\??\c:\rfrrrfl.exec:\rfrrrfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-