Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 23:40
General
-
Target
128b2457e9b1a219b9c84d6841fa84c0_NeikiAnalytics.exe
-
Size
479KB
-
MD5
128b2457e9b1a219b9c84d6841fa84c0
-
SHA1
cfcdd2f6f32980fc9ff54cb5d753b32be73584a4
-
SHA256
d25dd510a4755cd9e20452c3ab1a5f9262352a7c1c8b04bcce67ae163dc87765
-
SHA512
493e514e85a890ddd61a9a1bf2220071ee66e1075680ad3ae8a1a00a8fa2491742be5d86eb7aa97bc26a59291dea152672dc2ba88b4f94f3d8cda0566762e1a1
-
SSDEEP
6144:Pcm7ImGddXtWrXD486jJq1BStv4Ib1Hm7cs:d7Tc9Wj16A3StvxHs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\128b2457e9b1a219b9c84d6841fa84c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\128b2457e9b1a219b9c84d6841fa84c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbtt.exec:\btbbtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfll.exec:\lrrlfll.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbhb.exec:\tthbhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjj.exec:\djpjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxrl.exec:\llfxxrl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbnbb.exec:\nhbnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbth.exec:\tttbth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfffxxr.exec:\rfffxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrl.exec:\rlxfrrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdd.exec:\ddjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrflx.exec:\fflrflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppjj.exec:\pppjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflrxxl.exec:\xflrxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbbn.exec:\btbbbn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhbtt.exec:\1nhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtt.exec:\tbhbtt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxrlfx.exec:\5rxrlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxrlr.exec:\fxfxrlr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbtnn.exec:\nbbtnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrrl.exec:\rllfrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\fxfxllf.exec:\fxfxllf.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe26⤵
- Executes dropped EXE
-
\??\c:\rrllffx.exec:\rrllffx.exe27⤵
- Executes dropped EXE
-
\??\c:\bttnhb.exec:\bttnhb.exe28⤵
- Executes dropped EXE
-
\??\c:\thtnhb.exec:\thtnhb.exe29⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\rxrflxl.exec:\rxrflxl.exe31⤵
- Executes dropped EXE
-
\??\c:\9vvvp.exec:\9vvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe33⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe34⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe35⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbttt.exec:\nnbttt.exe38⤵
- Executes dropped EXE
-
\??\c:\1ddvv.exec:\1ddvv.exe39⤵
- Executes dropped EXE
-
\??\c:\rlrlflf.exec:\rlrlflf.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe42⤵
- Executes dropped EXE
-
\??\c:\ffrllll.exec:\ffrllll.exe43⤵
- Executes dropped EXE
-
\??\c:\tnttbt.exec:\tnttbt.exe44⤵
- Executes dropped EXE
-
\??\c:\pvjvp.exec:\pvjvp.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\xffrfrr.exec:\xffrfrr.exe47⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\llfxlfx.exec:\llfxlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\bnnbnb.exec:\bnnbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe52⤵
- Executes dropped EXE
-
\??\c:\xlrllll.exec:\xlrllll.exe53⤵
- Executes dropped EXE
-
\??\c:\5hbttt.exec:\5hbttt.exe54⤵
- Executes dropped EXE
-
\??\c:\ppvpp.exec:\ppvpp.exe55⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xxxxlff.exec:\xxxxlff.exe57⤵
- Executes dropped EXE
-
\??\c:\tnnhnn.exec:\tnnhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe59⤵
- Executes dropped EXE
-
\??\c:\xxfxxrx.exec:\xxfxxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfllxxr.exec:\lfllxxr.exe61⤵
- Executes dropped EXE
-
\??\c:\5hhbtt.exec:\5hhbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\jddvp.exec:\jddvp.exe63⤵
- Executes dropped EXE
-
\??\c:\3flfxxr.exec:\3flfxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\9nnhtt.exec:\9nnhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\1ddvd.exec:\1ddvd.exe66⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe67⤵
-
\??\c:\frflfxx.exec:\frflfxx.exe68⤵
-
\??\c:\9hnnhh.exec:\9hnnhh.exe69⤵
-
\??\c:\3ppdv.exec:\3ppdv.exe70⤵
-
\??\c:\lxfrrlf.exec:\lxfrrlf.exe71⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe72⤵
-
\??\c:\bbbbbb.exec:\bbbbbb.exe73⤵
-
\??\c:\1djpp.exec:\1djpp.exe74⤵
-
\??\c:\xrfxflr.exec:\xrfxflr.exe75⤵
-
\??\c:\thbtbt.exec:\thbtbt.exe76⤵
-
\??\c:\5tbntn.exec:\5tbntn.exe77⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe78⤵
-
\??\c:\ffxrlfx.exec:\ffxrlfx.exe79⤵
-
\??\c:\httnhn.exec:\httnhn.exe80⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe81⤵
-
\??\c:\xxfxrlf.exec:\xxfxrlf.exe82⤵
-
\??\c:\9nnhbb.exec:\9nnhbb.exe83⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe84⤵
-
\??\c:\rxlffff.exec:\rxlffff.exe85⤵
-
\??\c:\nhnhth.exec:\nhnhth.exe86⤵
-
\??\c:\jpdvv.exec:\jpdvv.exe87⤵
-
\??\c:\rlllfxx.exec:\rlllfxx.exe88⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe89⤵
-
\??\c:\bbnbbt.exec:\bbnbbt.exe90⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe91⤵
-
\??\c:\rlxrllf.exec:\rlxrllf.exe92⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe93⤵
-
\??\c:\5xlfrrl.exec:\5xlfrrl.exe94⤵
-
\??\c:\hnntnt.exec:\hnntnt.exe95⤵
-
\??\c:\jppdp.exec:\jppdp.exe96⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe97⤵
-
\??\c:\bbbbhn.exec:\bbbbhn.exe98⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe99⤵
-
\??\c:\3lrfxxr.exec:\3lrfxxr.exe100⤵
-
\??\c:\3nbhtn.exec:\3nbhtn.exe101⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe102⤵
-
\??\c:\xrlflfx.exec:\xrlflfx.exe103⤵
-
\??\c:\1nhnbb.exec:\1nhnbb.exe104⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe105⤵
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe106⤵
-
\??\c:\nthtnh.exec:\nthtnh.exe107⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe108⤵
-
\??\c:\jppdp.exec:\jppdp.exe109⤵
-
\??\c:\llxxllx.exec:\llxxllx.exe110⤵
-
\??\c:\tbbbnb.exec:\tbbbnb.exe111⤵
-
\??\c:\vpvpp.exec:\vpvpp.exe112⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe113⤵
-
\??\c:\nhtnnn.exec:\nhtnnn.exe114⤵
-
\??\c:\9jvdj.exec:\9jvdj.exe115⤵
-
\??\c:\frxrxrr.exec:\frxrxrr.exe116⤵
-
\??\c:\hnnttt.exec:\hnnttt.exe117⤵
-
\??\c:\xfrfrll.exec:\xfrfrll.exe118⤵
-
\??\c:\thntnn.exec:\thntnn.exe119⤵
-
\??\c:\lxflrfx.exec:\lxflrfx.exe120⤵
-
\??\c:\nbntth.exec:\nbntth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-