Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 19:53
General
-
Target
21e503679a62b666e270e1662410cb40_NeikiAnalytics.exe
-
Size
72KB
-
MD5
21e503679a62b666e270e1662410cb40
-
SHA1
9a1fac33d75ab7ce255e8cb4de4bdabe3e092014
-
SHA256
654baa2fe470c1f9f5c32d860220002af96c3e15f920ca4b101801119e1a8739
-
SHA512
f1b6ac105a27af12f83bb3015e2961b8f3ddcfc44687c4e468faf63a9615c973160123b736d01b50be7c49f515abb1e375bb0355b515b39b0c6cfc13410ca6dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfv7+afCD+QsQbKQPVxX:ymb3NkkiQ3mdBjFIfvTfCD+HlQLX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21e503679a62b666e270e1662410cb40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\21e503679a62b666e270e1662410cb40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrllrx.exec:\5lrllrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nthhh.exec:\7nthhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ttnhh.exec:\9ttnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfxrr.exec:\5xxfxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntn.exec:\hbnntn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddd.exec:\3vddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllxflr.exec:\xllxflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxrxx.exec:\1rxxrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhhbb.exec:\5hhhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdv.exec:\jvvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrfr.exec:\lfllrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbth.exec:\bbtbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvp.exec:\pddvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxflllf.exec:\rxflllf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhh.exec:\hbbbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnttb.exec:\nnnttb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlllrl.exec:\9rlllrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbt.exec:\tnbtbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxlxf.exec:\rrrxlxf.exe23⤵
- Executes dropped EXE
-
\??\c:\3bbnhh.exec:\3bbnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe25⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe26⤵
- Executes dropped EXE
-
\??\c:\lffxrlf.exec:\lffxrlf.exe27⤵
- Executes dropped EXE
-
\??\c:\rffrlff.exec:\rffrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\3hhhht.exec:\3hhhht.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe30⤵
- Executes dropped EXE
-
\??\c:\3bhhbb.exec:\3bhhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\9hnnhn.exec:\9hnnhn.exe32⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe33⤵
- Executes dropped EXE
-
\??\c:\9flfxlf.exec:\9flfxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\bnntnt.exec:\bnntnt.exe35⤵
- Executes dropped EXE
-
\??\c:\7pvdd.exec:\7pvdd.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrlffx.exec:\lxrlffx.exe37⤵
- Executes dropped EXE
-
\??\c:\9ttnhh.exec:\9ttnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe40⤵
- Executes dropped EXE
-
\??\c:\vdddv.exec:\vdddv.exe41⤵
- Executes dropped EXE
-
\??\c:\7rxrflf.exec:\7rxrflf.exe42⤵
- Executes dropped EXE
-
\??\c:\rflrllf.exec:\rflrllf.exe43⤵
- Executes dropped EXE
-
\??\c:\hbbnnt.exec:\hbbnnt.exe44⤵
- Executes dropped EXE
-
\??\c:\tbntbb.exec:\tbntbb.exe45⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe46⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe47⤵
- Executes dropped EXE
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe48⤵
- Executes dropped EXE
-
\??\c:\xrrrlxx.exec:\xrrrlxx.exe49⤵
- Executes dropped EXE
-
\??\c:\hntthb.exec:\hntthb.exe50⤵
- Executes dropped EXE
-
\??\c:\5hbtnb.exec:\5hbtnb.exe51⤵
- Executes dropped EXE
-
\??\c:\djjjj.exec:\djjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe53⤵
- Executes dropped EXE
-
\??\c:\xlffxxr.exec:\xlffxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\llfffff.exec:\llfffff.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\tbnnnb.exec:\tbnnnb.exe57⤵
- Executes dropped EXE
-
\??\c:\3pvvp.exec:\3pvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\1vvpp.exec:\1vvpp.exe59⤵
- Executes dropped EXE
-
\??\c:\lrlfrxf.exec:\lrlfrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\ffxxxlf.exec:\ffxxxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe62⤵
- Executes dropped EXE
-
\??\c:\9bbtnh.exec:\9bbtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe64⤵
- Executes dropped EXE
-
\??\c:\1pjjj.exec:\1pjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe66⤵
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe67⤵
-
\??\c:\xlrlfff.exec:\xlrlfff.exe68⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe69⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe70⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe71⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe72⤵
-
\??\c:\fxlfrfx.exec:\fxlfrfx.exe73⤵
-
\??\c:\xlrrlrl.exec:\xlrrlrl.exe74⤵
-
\??\c:\9bhbhh.exec:\9bhbhh.exe75⤵
-
\??\c:\hbbntn.exec:\hbbntn.exe76⤵
-
\??\c:\nnhhhn.exec:\nnhhhn.exe77⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe78⤵
-
\??\c:\pjddp.exec:\pjddp.exe79⤵
-
\??\c:\rlfxrrr.exec:\rlfxrrr.exe80⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe81⤵
-
\??\c:\htnthh.exec:\htnthh.exe82⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe83⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe84⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe85⤵
-
\??\c:\rrxrrrr.exec:\rrxrrrr.exe86⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe87⤵
-
\??\c:\ntbhbb.exec:\ntbhbb.exe88⤵
-
\??\c:\dddjj.exec:\dddjj.exe89⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe90⤵
-
\??\c:\ffxxfll.exec:\ffxxfll.exe91⤵
-
\??\c:\llrlfff.exec:\llrlfff.exe92⤵
-
\??\c:\5bbhhn.exec:\5bbhhn.exe93⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe94⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe95⤵
-
\??\c:\9rxrfff.exec:\9rxrfff.exe96⤵
-
\??\c:\3xxxrxr.exec:\3xxxrxr.exe97⤵
-
\??\c:\3tbbbb.exec:\3tbbbb.exe98⤵
-
\??\c:\hhhnht.exec:\hhhnht.exe99⤵
-
\??\c:\ppppd.exec:\ppppd.exe100⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe101⤵
-
\??\c:\ffxrllf.exec:\ffxrllf.exe102⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe103⤵
-
\??\c:\hntnnn.exec:\hntnnn.exe104⤵
-
\??\c:\ntnhhn.exec:\ntnhhn.exe105⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe106⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe107⤵
-
\??\c:\rllfrrr.exec:\rllfrrr.exe108⤵
-
\??\c:\7lllfll.exec:\7lllfll.exe109⤵
-
\??\c:\tnnhnh.exec:\tnnhnh.exe110⤵
-
\??\c:\bhbttb.exec:\bhbttb.exe111⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe112⤵
-
\??\c:\fxrllll.exec:\fxrllll.exe113⤵
-
\??\c:\ffxxrrf.exec:\ffxxrrf.exe114⤵
-
\??\c:\thnnhh.exec:\thnnhh.exe115⤵
-
\??\c:\hbbttn.exec:\hbbttn.exe116⤵
-
\??\c:\nbnhtb.exec:\nbnhtb.exe117⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe118⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe119⤵
-
\??\c:\fxxxxxr.exec:\fxxxxxr.exe120⤵
-
\??\c:\xrrllll.exec:\xrrllll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-