Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
02-06-2024 01:24
General
-
Target
1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe
-
Size
57KB
-
MD5
1be7273c7fbab4c570bef17218151d60
-
SHA1
bb232c294015701e576aa3d3a2052d345be62040
-
SHA256
5f9d638fe63a8d9b14f183e8a2a8c97e788e427a52f52d879fdc8f1e64a4b3c9
-
SHA512
f5efdaba92ceac4da85baf14ff6129bb0786b50379b4a9a624067db304b2c4c2e35949d6e2e99994a8f567ff7e7c008d516a8400d757ad34f982c39a3b6c877b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFNr:ymb3NkkiQ3mdBjFIvIFNr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\224002.exec:\224002.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvpj.exec:\3jvpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnht.exec:\htnnht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20268.exec:\20268.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxxxx.exec:\rlfxxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnbt.exec:\nbnnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a6222.exec:\a6222.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u282222.exec:\u282222.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrxxl.exec:\lfxrxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8622622.exec:\8622622.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdj.exec:\ddjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttnhh.exec:\bttnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlllr.exec:\xlrlllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\84240.exec:\84240.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtb.exec:\tnnhtb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8240260.exec:\8240260.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00622.exec:\00622.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g6648.exec:\g6648.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrfxx.exec:\lflrfxx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlllrr.exec:\fxlllrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrffxf.exec:\rfrffxf.exe23⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe25⤵
- Executes dropped EXE
-
\??\c:\nnbtht.exec:\nnbtht.exe26⤵
- Executes dropped EXE
-
\??\c:\llffxrr.exec:\llffxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\086228.exec:\086228.exe28⤵
- Executes dropped EXE
-
\??\c:\5lrrlrl.exec:\5lrrlrl.exe29⤵
- Executes dropped EXE
-
\??\c:\thnbtt.exec:\thnbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\m6282.exec:\m6282.exe31⤵
- Executes dropped EXE
-
\??\c:\jjjdd.exec:\jjjdd.exe32⤵
- Executes dropped EXE
-
\??\c:\02828.exec:\02828.exe33⤵
- Executes dropped EXE
-
\??\c:\688604.exec:\688604.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\4088666.exec:\4088666.exe36⤵
- Executes dropped EXE
-
\??\c:\htbbnb.exec:\htbbnb.exe37⤵
- Executes dropped EXE
-
\??\c:\2680028.exec:\2680028.exe38⤵
- Executes dropped EXE
-
\??\c:\64628.exec:\64628.exe39⤵
- Executes dropped EXE
-
\??\c:\nbbttt.exec:\nbbttt.exe40⤵
- Executes dropped EXE
-
\??\c:\9rxxffr.exec:\9rxxffr.exe41⤵
- Executes dropped EXE
-
\??\c:\84660.exec:\84660.exe42⤵
- Executes dropped EXE
-
\??\c:\ffxrxlx.exec:\ffxrxlx.exe43⤵
-
\??\c:\64604.exec:\64604.exe44⤵
- Executes dropped EXE
-
\??\c:\004608.exec:\004608.exe45⤵
- Executes dropped EXE
-
\??\c:\0806228.exec:\0806228.exe46⤵
- Executes dropped EXE
-
\??\c:\0688660.exec:\0688660.exe47⤵
- Executes dropped EXE
-
\??\c:\046626.exec:\046626.exe48⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjvj.exec:\pdjvj.exe50⤵
- Executes dropped EXE
-
\??\c:\468806.exec:\468806.exe51⤵
- Executes dropped EXE
-
\??\c:\fxrlffx.exec:\fxrlffx.exe52⤵
- Executes dropped EXE
-
\??\c:\04440.exec:\04440.exe53⤵
- Executes dropped EXE
-
\??\c:\5ffffff.exec:\5ffffff.exe54⤵
- Executes dropped EXE
-
\??\c:\26228.exec:\26228.exe55⤵
- Executes dropped EXE
-
\??\c:\m4008.exec:\m4008.exe56⤵
- Executes dropped EXE
-
\??\c:\xfrxxff.exec:\xfrxxff.exe57⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe58⤵
- Executes dropped EXE
-
\??\c:\6420404.exec:\6420404.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvvv.exec:\jdvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\tttthb.exec:\tttthb.exe61⤵
- Executes dropped EXE
-
\??\c:\lflfrrr.exec:\lflfrrr.exe62⤵
- Executes dropped EXE
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\82844.exec:\82844.exe64⤵
- Executes dropped EXE
-
\??\c:\262600.exec:\262600.exe65⤵
- Executes dropped EXE
-
\??\c:\42868.exec:\42868.exe66⤵
- Executes dropped EXE
-
\??\c:\hhbthh.exec:\hhbthh.exe67⤵
-
\??\c:\64846.exec:\64846.exe68⤵
-
\??\c:\ntnhtt.exec:\ntnhtt.exe69⤵
-
\??\c:\c662600.exec:\c662600.exe70⤵
-
\??\c:\httbbb.exec:\httbbb.exe71⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe72⤵
-
\??\c:\nbtttt.exec:\nbtttt.exe73⤵
-
\??\c:\20280.exec:\20280.exe74⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe75⤵
-
\??\c:\htbbbb.exec:\htbbbb.exe76⤵
-
\??\c:\c060000.exec:\c060000.exe77⤵
-
\??\c:\626222.exec:\626222.exe78⤵
-
\??\c:\hhbbnn.exec:\hhbbnn.exe79⤵
-
\??\c:\5ppjp.exec:\5ppjp.exe80⤵
-
\??\c:\o262266.exec:\o262266.exe81⤵
-
\??\c:\vpppj.exec:\vpppj.exe82⤵
-
\??\c:\hhnnbh.exec:\hhnnbh.exe83⤵
-
\??\c:\40826.exec:\40826.exe84⤵
-
\??\c:\pdvvp.exec:\pdvvp.exe85⤵
-
\??\c:\lffxlxr.exec:\lffxlxr.exe86⤵
-
\??\c:\6400004.exec:\6400004.exe87⤵
-
\??\c:\bhhhnh.exec:\bhhhnh.exe88⤵
-
\??\c:\ddddd.exec:\ddddd.exe89⤵
-
\??\c:\5jdvv.exec:\5jdvv.exe90⤵
-
\??\c:\9lllxrr.exec:\9lllxrr.exe91⤵
-
\??\c:\i644006.exec:\i644006.exe92⤵
-
\??\c:\m6604.exec:\m6604.exe93⤵
-
\??\c:\c280486.exec:\c280486.exe94⤵
-
\??\c:\008488.exec:\008488.exe95⤵
-
\??\c:\vpddj.exec:\vpddj.exe96⤵
-
\??\c:\vvjjj.exec:\vvjjj.exe97⤵
-
\??\c:\frffrrx.exec:\frffrrx.exe98⤵
-
\??\c:\lrlflrr.exec:\lrlflrr.exe99⤵
-
\??\c:\46204.exec:\46204.exe100⤵
-
\??\c:\606046.exec:\606046.exe101⤵
-
\??\c:\2406426.exec:\2406426.exe102⤵
-
\??\c:\8288226.exec:\8288226.exe103⤵
-
\??\c:\422206.exec:\422206.exe104⤵
-
\??\c:\thhtbh.exec:\thhtbh.exe105⤵
-
\??\c:\5tnhnn.exec:\5tnhnn.exe106⤵
-
\??\c:\684800.exec:\684800.exe107⤵
-
\??\c:\w62200.exec:\w62200.exe108⤵
-
\??\c:\4884680.exec:\4884680.exe109⤵
-
\??\c:\2808642.exec:\2808642.exe110⤵
-
\??\c:\5rxrrxr.exec:\5rxrrxr.exe111⤵
-
\??\c:\424826.exec:\424826.exe112⤵
-
\??\c:\68004.exec:\68004.exe113⤵
-
\??\c:\djjjv.exec:\djjjv.exe114⤵
-
\??\c:\9nhbtn.exec:\9nhbtn.exe115⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe116⤵
-
\??\c:\fxfxllf.exec:\fxfxllf.exe117⤵
-
\??\c:\48484.exec:\48484.exe118⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe119⤵
-
\??\c:\ttntht.exec:\ttntht.exe120⤵
-
\??\c:\4220004.exec:\4220004.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-