Analysis
-
max time kernel
150s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
03-06-2024 15:54
General
-
Target
43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
43e4b1e7f3c60a1d63ad81c65210cfd0
-
SHA1
9df315a64de32e61e5c2efb9f9068840d075b4c6
-
SHA256
d5f2bd91ab8e41fee17f3bc66849168b684607b3875be32da111cbd97e1a9157
-
SHA512
19cdf939cd69bad90d736be913243e75114bbf8dbdabadc8dbe1a017f0c469cb6a5459987d0cb76a5b6045804df66f8627e3a3623f6b24a10781b967b7dc614b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wL:ymb3NkkiQ3mdBjFILmu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxrxxl.exec:\llxrxxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxxll.exec:\5xxxxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbbb.exec:\nbbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbbh.exec:\nbtbbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpp.exec:\jjdpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllfxxx.exec:\lllfxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrxf.exec:\xxrxrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhhh.exec:\hhhhhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nttnt.exec:\7nttnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vvpj.exec:\3vvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvp.exec:\vvdvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrrlr.exec:\xxrrrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnhh.exec:\nnnnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhbb.exec:\1bnhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vddj.exec:\7vddj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxfxlr.exec:\9fxfxlr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfxxfl.exec:\3lfxxfl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttttt.exec:\tttttt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnhh.exec:\nhhnhh.exe23⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe25⤵
- Executes dropped EXE
-
\??\c:\3lxxxxf.exec:\3lxxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\1hhttt.exec:\1hhttt.exe27⤵
- Executes dropped EXE
-
\??\c:\bthhhn.exec:\bthhhn.exe28⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe29⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe30⤵
- Executes dropped EXE
-
\??\c:\llffffl.exec:\llffffl.exe31⤵
- Executes dropped EXE
-
\??\c:\xflfffx.exec:\xflfffx.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrllrl.exec:\xrrllrl.exe33⤵
- Executes dropped EXE
-
\??\c:\tthnnh.exec:\tthnnh.exe34⤵
- Executes dropped EXE
-
\??\c:\ttbtbb.exec:\ttbtbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe37⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe39⤵
- Executes dropped EXE
-
\??\c:\1rrrffx.exec:\1rrrffx.exe40⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\vvddd.exec:\vvddd.exe44⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe45⤵
- Executes dropped EXE
-
\??\c:\3xxrfff.exec:\3xxrfff.exe46⤵
- Executes dropped EXE
-
\??\c:\fflfflx.exec:\fflfflx.exe47⤵
- Executes dropped EXE
-
\??\c:\rxffffx.exec:\rxffffx.exe48⤵
- Executes dropped EXE
-
\??\c:\bhhhhn.exec:\bhhhhn.exe49⤵
- Executes dropped EXE
-
\??\c:\5bbnht.exec:\5bbnht.exe50⤵
- Executes dropped EXE
-
\??\c:\5jpvp.exec:\5jpvp.exe51⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrrxxr.exec:\xrrrxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\rrlllll.exec:\rrlllll.exe56⤵
- Executes dropped EXE
-
\??\c:\hhbhhh.exec:\hhbhhh.exe57⤵
- Executes dropped EXE
-
\??\c:\3tbtnn.exec:\3tbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\7vjdv.exec:\7vjdv.exe59⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe60⤵
- Executes dropped EXE
-
\??\c:\fflfxff.exec:\fflfxff.exe61⤵
- Executes dropped EXE
-
\??\c:\xfflrxx.exec:\xfflrxx.exe62⤵
- Executes dropped EXE
-
\??\c:\xflfxxr.exec:\xflfxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\hhhnhh.exec:\hhhnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe65⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe66⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe67⤵
-
\??\c:\9fxfrrr.exec:\9fxfrrr.exe68⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe69⤵
-
\??\c:\3rxrrll.exec:\3rxrrll.exe70⤵
-
\??\c:\bbnthh.exec:\bbnthh.exe71⤵
-
\??\c:\5nnnnn.exec:\5nnnnn.exe72⤵
-
\??\c:\jpjjd.exec:\jpjjd.exe73⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe74⤵
-
\??\c:\pddjj.exec:\pddjj.exe75⤵
-
\??\c:\lffllrx.exec:\lffllrx.exe76⤵
-
\??\c:\llxrrfx.exec:\llxrrfx.exe77⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe78⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe79⤵
-
\??\c:\1dpvd.exec:\1dpvd.exe80⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe81⤵
-
\??\c:\jjvjj.exec:\jjvjj.exe82⤵
-
\??\c:\flxllxf.exec:\flxllxf.exe83⤵
-
\??\c:\rrlrfxx.exec:\rrlrfxx.exe84⤵
-
\??\c:\bbbbtt.exec:\bbbbtt.exe85⤵
-
\??\c:\1hhbhh.exec:\1hhbhh.exe86⤵
-
\??\c:\3htntt.exec:\3htntt.exe87⤵
-
\??\c:\jjjjd.exec:\jjjjd.exe88⤵
-
\??\c:\xxlfffl.exec:\xxlfffl.exe89⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe90⤵
-
\??\c:\hntbbt.exec:\hntbbt.exe91⤵
-
\??\c:\jjppp.exec:\jjppp.exe92⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe93⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe94⤵
-
\??\c:\9lxfxxr.exec:\9lxfxxr.exe95⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe96⤵
-
\??\c:\hnntbh.exec:\hnntbh.exe97⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe98⤵
-
\??\c:\9pvdv.exec:\9pvdv.exe99⤵
-
\??\c:\frfxxff.exec:\frfxxff.exe100⤵
-
\??\c:\nnnntt.exec:\nnnntt.exe101⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe102⤵
-
\??\c:\xrlfxfx.exec:\xrlfxfx.exe103⤵
-
\??\c:\7hhhbh.exec:\7hhhbh.exe104⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe105⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe106⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe107⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe108⤵
-
\??\c:\bbhhhn.exec:\bbhhhn.exe109⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe110⤵
-
\??\c:\3fxfxxl.exec:\3fxfxxl.exe111⤵
-
\??\c:\hthntb.exec:\hthntb.exe112⤵
-
\??\c:\jdppp.exec:\jdppp.exe113⤵
-
\??\c:\rrllllf.exec:\rrllllf.exe114⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe115⤵
-
\??\c:\tntttb.exec:\tntttb.exe116⤵
-
\??\c:\jjjjj.exec:\jjjjj.exe117⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe118⤵
-
\??\c:\lrlrllx.exec:\lrlrllx.exe119⤵
-
\??\c:\nhnbhb.exec:\nhnbhb.exe120⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-