Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03-06-2024 03:54
General
-
Target
9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe
-
Size
835KB
-
MD5
9ab072ccd484d8da62ebb19ebdde2f60
-
SHA1
9912dc7816a7a9e8544ee7477cefcba7ddd0d011
-
SHA256
672913e70c81197a5f6633d5c5376330f7617a16c81c947183a2e4b7721953de
-
SHA512
dca4e79d183478b9322617e73648ee7807ecd47d8b262bdb225d805a356bd4e7b5eeac3023500917f31cad18b60051acd6d113126a4d4c5a36da49c4e474ba46
-
SSDEEP
24576:Sgdn8whSenedn8whhdn76gdn8whSfgdn8whSzn:TFyVPfm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjj.exec:\pdjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxfrlr.exec:\rrxfrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntt.exec:\tnnntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frllrfx.exec:\frllrfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvp.exec:\pvjvp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrfllr.exec:\5rrfllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvv.exec:\9vpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxxff.exec:\fxlxxff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttbb.exec:\hhttbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvv.exec:\vpdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxffff.exec:\fxxffff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntbnh.exec:\bntbnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvvd.exec:\7vvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxxfr.exec:\llxxxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhhh.exec:\tthhhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddj.exec:\dvddj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxffrxl.exec:\lxffrxl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntttb.exec:\bntttb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jvvj.exec:\5jvvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflrfl.exec:\xfflrfl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbb.exec:\ntbbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\xrfrffr.exec:\xrfrffr.exe25⤵
- Executes dropped EXE
-
\??\c:\nnnhbt.exec:\nnnhbt.exe26⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe27⤵
- Executes dropped EXE
-
\??\c:\tbtnbb.exec:\tbtnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjppp.exec:\jjppp.exe29⤵
- Executes dropped EXE
-
\??\c:\5rxxflr.exec:\5rxxflr.exe30⤵
- Executes dropped EXE
-
\??\c:\btbhht.exec:\btbhht.exe31⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrfrxx.exec:\rrrfrxx.exe33⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe34⤵
- Executes dropped EXE
-
\??\c:\flxxllx.exec:\flxxllx.exe35⤵
- Executes dropped EXE
-
\??\c:\nntnbt.exec:\nntnbt.exe36⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrxflr.exec:\rrrxflr.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhnbn.exec:\tnhnbn.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrrfll.exec:\lfrrfll.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\jvpvv.exec:\jvpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxfffl.exec:\rrxfffl.exe43⤵
- Executes dropped EXE
-
\??\c:\nnttth.exec:\nnttth.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe45⤵
- Executes dropped EXE
-
\??\c:\lrrrrrr.exec:\lrrrrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\thbhhn.exec:\thbhhn.exe47⤵
- Executes dropped EXE
-
\??\c:\1vvvv.exec:\1vvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rxlrrxf.exec:\rxlrrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\nthhnn.exec:\nthhnn.exe50⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe51⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe52⤵
- Executes dropped EXE
-
\??\c:\hbtttt.exec:\hbtttt.exe53⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnbnh.exec:\bhnbnh.exe55⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxxrxf.exec:\lxxxrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\hhnbtn.exec:\hhnbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\bnbbtb.exec:\bnbbtb.exe60⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe61⤵
- Executes dropped EXE
-
\??\c:\flffrfx.exec:\flffrfx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhnnh.exec:\nbhnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnnnt.exec:\nnnnnt.exe65⤵
- Executes dropped EXE
-
\??\c:\jvdpv.exec:\jvdpv.exe66⤵
-
\??\c:\fffflrx.exec:\fffflrx.exe67⤵
-
\??\c:\ttttbh.exec:\ttttbh.exe68⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe69⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe70⤵
-
\??\c:\nnbhnt.exec:\nnbhnt.exe71⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe72⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe73⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe74⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe75⤵
-
\??\c:\llllflx.exec:\llllflx.exe76⤵
-
\??\c:\btbbhh.exec:\btbbhh.exe77⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe78⤵
-
\??\c:\rllllff.exec:\rllllff.exe79⤵
-
\??\c:\tnhbnt.exec:\tnhbnt.exe80⤵
-
\??\c:\jppvv.exec:\jppvv.exe81⤵
-
\??\c:\xxxflrx.exec:\xxxflrx.exe82⤵
-
\??\c:\nhtnnt.exec:\nhtnnt.exe83⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe84⤵
-
\??\c:\rrxxxrx.exec:\rrxxxrx.exe85⤵
-
\??\c:\hnntbb.exec:\hnntbb.exe86⤵
-
\??\c:\pvddd.exec:\pvddd.exe87⤵
-
\??\c:\bhhhhn.exec:\bhhhhn.exe88⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe89⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe90⤵
-
\??\c:\ppvdd.exec:\ppvdd.exe91⤵
-
\??\c:\frxxlxr.exec:\frxxlxr.exe92⤵
-
\??\c:\httbtb.exec:\httbtb.exe93⤵
-
\??\c:\frrxfrf.exec:\frrxfrf.exe94⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe95⤵
-
\??\c:\llxxffx.exec:\llxxffx.exe96⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe97⤵
-
\??\c:\rrlrrxx.exec:\rrlrrxx.exe98⤵
-
\??\c:\bbtnbb.exec:\bbtnbb.exe99⤵
-
\??\c:\rfxfflr.exec:\rfxfflr.exe100⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe101⤵
-
\??\c:\9pjdp.exec:\9pjdp.exe102⤵
-
\??\c:\llrrrfx.exec:\llrrrfx.exe103⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe104⤵
-
\??\c:\xxfllxf.exec:\xxfllxf.exe105⤵
-
\??\c:\pdppp.exec:\pdppp.exe106⤵
-
\??\c:\lxfxrxr.exec:\lxfxrxr.exe107⤵
-
\??\c:\jppvd.exec:\jppvd.exe108⤵
-
\??\c:\xfrlrlf.exec:\xfrlrlf.exe109⤵
-
\??\c:\ntnnbn.exec:\ntnnbn.exe110⤵
-
\??\c:\xrfrrfl.exec:\xrfrrfl.exe111⤵
-
\??\c:\tbhhht.exec:\tbhhht.exe112⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe113⤵
-
\??\c:\frxlrrx.exec:\frxlrrx.exe114⤵
-
\??\c:\9bhhhh.exec:\9bhhhh.exe115⤵
-
\??\c:\lffxxll.exec:\lffxxll.exe116⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe117⤵
-
\??\c:\pvppv.exec:\pvppv.exe118⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe119⤵
-
\??\c:\lrrrxfl.exec:\lrrrxfl.exe120⤵
-
\??\c:\hhthhh.exec:\hhthhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-