Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03/06/2024, 20:34
General
-
Target
4c9ebf971096ef51047f38e79eac9e80_NeikiAnalytics.exe
-
Size
71KB
-
MD5
4c9ebf971096ef51047f38e79eac9e80
-
SHA1
869ef826f9b6114324a3f1db6ded67666569c4ad
-
SHA256
649d7e9c06ddc4c49a4caa9d2d182387a135cb8658de9112c1b2aa6bac5f6bd4
-
SHA512
1da1131d1b6d64cb5be3453d3366416468c05af948864fe40dc20e04a362fefb1a4d2d502ffef3df4e4490b4edd64548d63c60cea4bcbfe1e8831229529c04f8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7GTi3ldk:ymb3NkkiQ3mdBjFIWYG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c9ebf971096ef51047f38e79eac9e80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4c9ebf971096ef51047f38e79eac9e80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrlfll.exec:\9lrlfll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnnnn.exec:\nnnnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnnn.exec:\hhnnnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjjj.exec:\9vjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrrrf.exec:\rlrrrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbtnn.exec:\1hbtnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnnt.exec:\hbnnnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjd.exec:\1pdjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxfxrr.exec:\7rxfxrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbhn.exec:\nhhbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdjd.exec:\jpdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxllx.exec:\xxrxllx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnttn.exec:\9hnttn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3httbh.exec:\3httbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpp.exec:\ppvpp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffrr.exec:\fxfffrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhhh.exec:\htbhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe24⤵
- Executes dropped EXE
-
\??\c:\5frrrff.exec:\5frrrff.exe25⤵
- Executes dropped EXE
-
\??\c:\hnnnht.exec:\hnnnht.exe26⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\1ppjj.exec:\1ppjj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxfxxff.exec:\xxfxxff.exe29⤵
- Executes dropped EXE
-
\??\c:\7lffrxl.exec:\7lffrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhhhh.exec:\nhhhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\lflrxfl.exec:\lflrxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\5hhnnt.exec:\5hhnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbbbh.exec:\ntbbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrllr.exec:\rlrrllr.exe36⤵
- Executes dropped EXE
-
\??\c:\thbthn.exec:\thbthn.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbbbb.exec:\nnbbbb.exe38⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe39⤵
- Executes dropped EXE
-
\??\c:\djjjp.exec:\djjjp.exe40⤵
- Executes dropped EXE
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe41⤵
- Executes dropped EXE
-
\??\c:\5thtbh.exec:\5thtbh.exe42⤵
- Executes dropped EXE
-
\??\c:\bhbhbh.exec:\bhbhbh.exe43⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\rrrrrxx.exec:\rrrrrxx.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllrrr.exec:\xxllrrr.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnnnt.exec:\tbnnnt.exe47⤵
- Executes dropped EXE
-
\??\c:\tttthb.exec:\tttthb.exe48⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe49⤵
- Executes dropped EXE
-
\??\c:\xxfffll.exec:\xxfffll.exe50⤵
- Executes dropped EXE
-
\??\c:\xxfxxxx.exec:\xxfxxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\hhnnnt.exec:\hhnnnt.exe52⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe54⤵
- Executes dropped EXE
-
\??\c:\5djjj.exec:\5djjj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfxxlff.exec:\lfxxlff.exe56⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe58⤵
- Executes dropped EXE
-
\??\c:\jjppj.exec:\jjppj.exe59⤵
- Executes dropped EXE
-
\??\c:\rrlllrx.exec:\rrlllrx.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrxfrf.exec:\xxrxfrf.exe61⤵
- Executes dropped EXE
-
\??\c:\tbttnt.exec:\tbttnt.exe62⤵
- Executes dropped EXE
-
\??\c:\nbttnt.exec:\nbttnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9dpvv.exec:\9dpvv.exe64⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxlfff.exec:\xrxlfff.exe66⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe67⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe68⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe69⤵
-
\??\c:\rxfffrr.exec:\rxfffrr.exe70⤵
-
\??\c:\5hnttb.exec:\5hnttb.exe71⤵
-
\??\c:\djppv.exec:\djppv.exe72⤵
-
\??\c:\dvddd.exec:\dvddd.exe73⤵
-
\??\c:\rrrxxfl.exec:\rrrxxfl.exe74⤵
-
\??\c:\5bnnnh.exec:\5bnnnh.exe75⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe76⤵
-
\??\c:\9pvjd.exec:\9pvjd.exe77⤵
-
\??\c:\rlxffrf.exec:\rlxffrf.exe78⤵
-
\??\c:\tbnbhh.exec:\tbnbhh.exe79⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe80⤵
-
\??\c:\1jvjd.exec:\1jvjd.exe81⤵
-
\??\c:\ppddv.exec:\ppddv.exe82⤵
-
\??\c:\llrrrrx.exec:\llrrrrx.exe83⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe84⤵
-
\??\c:\httnnn.exec:\httnnn.exe85⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe86⤵
-
\??\c:\pddpp.exec:\pddpp.exe87⤵
-
\??\c:\vdddj.exec:\vdddj.exe88⤵
-
\??\c:\lrrxfxf.exec:\lrrxfxf.exe89⤵
-
\??\c:\lflrlrr.exec:\lflrlrr.exe90⤵
-
\??\c:\bhbnhn.exec:\bhbnhn.exe91⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe92⤵
-
\??\c:\5dppj.exec:\5dppj.exe93⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe94⤵
-
\??\c:\rrrrlrl.exec:\rrrrlrl.exe95⤵
-
\??\c:\fflrrxf.exec:\fflrrxf.exe96⤵
-
\??\c:\7bbbbh.exec:\7bbbbh.exe97⤵
-
\??\c:\ttnhhn.exec:\ttnhhn.exe98⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe99⤵
-
\??\c:\pjppv.exec:\pjppv.exe100⤵
-
\??\c:\rlffxff.exec:\rlffxff.exe101⤵
-
\??\c:\lxlrrxl.exec:\lxlrrxl.exe102⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe103⤵
-
\??\c:\bbnbbb.exec:\bbnbbb.exe104⤵
-
\??\c:\jvppp.exec:\jvppp.exe105⤵
-
\??\c:\pvvdj.exec:\pvvdj.exe106⤵
-
\??\c:\llllfxf.exec:\llllfxf.exe107⤵
-
\??\c:\lrxrllf.exec:\lrxrllf.exe108⤵
-
\??\c:\bttttt.exec:\bttttt.exe109⤵
-
\??\c:\hhtbhh.exec:\hhtbhh.exe110⤵
-
\??\c:\bbhhbh.exec:\bbhhbh.exe111⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe112⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe113⤵
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe114⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe115⤵
-
\??\c:\nnnnnn.exec:\nnnnnn.exe116⤵
-
\??\c:\hntbbt.exec:\hntbbt.exe117⤵
-
\??\c:\hhntnh.exec:\hhntnh.exe118⤵
-
\??\c:\djddv.exec:\djddv.exe119⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe120⤵
-
\??\c:\xrrxfff.exec:\xrrxfff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-