Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 13:46
General
-
Target
a566634b4b0d6d5453c6e630dac89c10_NeikiAnalytics.exe
-
Size
224KB
-
MD5
a566634b4b0d6d5453c6e630dac89c10
-
SHA1
b1310e09e26a00284ff773ecab00b5e977ef781a
-
SHA256
f4761659efea3ff46d73acfa28b0fde50f94a6a08810cb0e31f5fff9f07ee58d
-
SHA512
ef4cefd1be22942c54bcc0c667059ada333320b4437141d19f6d6fa48595999e69c6a729f33cbb646b46576f97eb2a1023fcfc84190ae4a43f81ea133702acc3
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xL76:n3C9BRo7MlrWKo+lxKG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a566634b4b0d6d5453c6e630dac89c10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a566634b4b0d6d5453c6e630dac89c10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrllr.exec:\lffrllr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthbt.exec:\nnthbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdv.exec:\ppvdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvp.exec:\pvdvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtt.exec:\thhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvdv.exec:\vdvdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrlff.exec:\rlrrlff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbbh.exec:\hnhbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxflx.exec:\rxxxflx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhhn.exec:\nnnhhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxflr.exec:\llxxflr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxlrl.exec:\fffxlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhhb.exec:\tnhhhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvd.exec:\jdvvd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrxr.exec:\llffrxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbbh.exec:\bbnbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntthtt.exec:\ntthtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjdv.exec:\pvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrllf.exec:\rfxrllf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnttnt.exec:\hnttnt.exe23⤵
- Executes dropped EXE
-
\??\c:\5ddpj.exec:\5ddpj.exe24⤵
- Executes dropped EXE
-
\??\c:\rlllxrx.exec:\rlllxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\7ntnhh.exec:\7ntnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe27⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe28⤵
- Executes dropped EXE
-
\??\c:\5vjdj.exec:\5vjdj.exe29⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe31⤵
- Executes dropped EXE
-
\??\c:\bbbhth.exec:\bbbhth.exe32⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe33⤵
- Executes dropped EXE
-
\??\c:\rxffxxr.exec:\rxffxxr.exe34⤵
- Executes dropped EXE
-
\??\c:\tntnnh.exec:\tntnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\lrfffrr.exec:\lrfffrr.exe37⤵
- Executes dropped EXE
-
\??\c:\frlllll.exec:\frlllll.exe38⤵
- Executes dropped EXE
-
\??\c:\hnbbbb.exec:\hnbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe40⤵
- Executes dropped EXE
-
\??\c:\lxfxffl.exec:\lxfxffl.exe41⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\pvddv.exec:\pvddv.exe43⤵
- Executes dropped EXE
-
\??\c:\pvdpp.exec:\pvdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\ffrrllf.exec:\ffrrllf.exe45⤵
- Executes dropped EXE
-
\??\c:\3tbtnt.exec:\3tbtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe47⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxlfrf.exec:\fxxlfrf.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxffrx.exec:\lxxffrx.exe50⤵
- Executes dropped EXE
-
\??\c:\bbbttt.exec:\bbbttt.exe51⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe52⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe54⤵
- Executes dropped EXE
-
\??\c:\rflfxxx.exec:\rflfxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\vpppd.exec:\vpppd.exe58⤵
- Executes dropped EXE
-
\??\c:\xfxxxxf.exec:\xfxxxxf.exe59⤵
- Executes dropped EXE
-
\??\c:\bhttnn.exec:\bhttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5vjpj.exec:\5vjpj.exe61⤵
- Executes dropped EXE
-
\??\c:\rrrrrrl.exec:\rrrrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\flxxrrr.exec:\flxxrrr.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbhbh.exec:\ttbhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe66⤵
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe67⤵
-
\??\c:\hbhhbb.exec:\hbhhbb.exe68⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe69⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe70⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe71⤵
-
\??\c:\rrfxrrr.exec:\rrfxrrr.exe72⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe73⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe74⤵
-
\??\c:\vdppj.exec:\vdppj.exe75⤵
-
\??\c:\rllfffl.exec:\rllfffl.exe76⤵
-
\??\c:\tnbbbt.exec:\tnbbbt.exe77⤵
-
\??\c:\lxfxxrr.exec:\lxfxxrr.exe78⤵
-
\??\c:\xrrxrff.exec:\xrrxrff.exe79⤵
-
\??\c:\nhhbbn.exec:\nhhbbn.exe80⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe81⤵
-
\??\c:\xrffxrl.exec:\xrffxrl.exe82⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe83⤵
-
\??\c:\bbhtnt.exec:\bbhtnt.exe84⤵
-
\??\c:\djdjd.exec:\djdjd.exe85⤵
-
\??\c:\llrrrll.exec:\llrrrll.exe86⤵
-
\??\c:\bttttt.exec:\bttttt.exe87⤵
-
\??\c:\bnbbtt.exec:\bnbbtt.exe88⤵
-
\??\c:\7jpvp.exec:\7jpvp.exe89⤵
-
\??\c:\ffllxff.exec:\ffllxff.exe90⤵
-
\??\c:\rxfffxr.exec:\rxfffxr.exe91⤵
-
\??\c:\7hbhhn.exec:\7hbhhn.exe92⤵
-
\??\c:\7jjjd.exec:\7jjjd.exe93⤵
-
\??\c:\3ffxxxl.exec:\3ffxxxl.exe94⤵
-
\??\c:\5xxxrxr.exec:\5xxxrxr.exe95⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe96⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe97⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe98⤵
-
\??\c:\rrxrfxf.exec:\rrxrfxf.exe99⤵
-
\??\c:\lfflfrr.exec:\lfflfrr.exe100⤵
-
\??\c:\jjvpv.exec:\jjvpv.exe101⤵
-
\??\c:\rrrrrrr.exec:\rrrrrrr.exe102⤵
-
\??\c:\htnnbb.exec:\htnnbb.exe103⤵
-
\??\c:\9hbbnn.exec:\9hbbnn.exe104⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe105⤵
-
\??\c:\fxfxrll.exec:\fxfxrll.exe106⤵
-
\??\c:\lfrxlfr.exec:\lfrxlfr.exe107⤵
-
\??\c:\hnnntb.exec:\hnnntb.exe108⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe109⤵
-
\??\c:\jjpjp.exec:\jjpjp.exe110⤵
-
\??\c:\lllxrrr.exec:\lllxrrr.exe111⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe112⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe113⤵
-
\??\c:\3pdvj.exec:\3pdvj.exe114⤵
-
\??\c:\3rxrllf.exec:\3rxrllf.exe115⤵
-
\??\c:\lfxffff.exec:\lfxffff.exe116⤵
-
\??\c:\hhnhnn.exec:\hhnhnn.exe117⤵
-
\??\c:\pjpjp.exec:\pjpjp.exe118⤵
-
\??\c:\jpjdd.exec:\jpjdd.exe119⤵
-
\??\c:\xxllxxx.exec:\xxllxxx.exe120⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-