Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
04/06/2024, 22:08
General
-
Target
0ba969ec7a2b428b3bc4ad47e3709700_NeikiAnalytics.exe
-
Size
146KB
-
MD5
0ba969ec7a2b428b3bc4ad47e3709700
-
SHA1
71a960e96a9ce7a48e49940a78719d2c1ff61511
-
SHA256
774c54e1cb3a8b7a74bf6650bf9a40dd6ea07e02dcf07703110bc45928d956b6
-
SHA512
a16e19e0c6983c699d313ce204371401cd3a8c95e452d353cb686244167cda21c1077d14f6141ad45b9d08b5d100607715d22208fb8f3634c8552b4c96aabb1f
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjDUOy/nmPmT9se4:n3C9BRo7tvnJ9oH0IRgZvjDhy+Pmxse4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ba969ec7a2b428b3bc4ad47e3709700_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0ba969ec7a2b428b3bc4ad47e3709700_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\httnnh.exec:\httnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvp.exec:\jvdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjv.exec:\pvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpd.exec:\pdvpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxxlfl.exec:\9lxxlfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxfxf.exec:\lffxfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbnnt.exec:\tbbnnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfffr.exec:\lrlfffr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtht.exec:\hbbtht.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfrlf.exec:\rfxfrlf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnttt.exec:\thnttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlfxl.exec:\lrxlfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbttt.exec:\nnbttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpp.exec:\vddpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrxlx.exec:\rxxrxlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbtb.exec:\nnhbtb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvdd.exec:\vvvdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxrxf.exec:\flfxrxf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhhh.exec:\9nnhhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdv.exec:\pdjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxrfx.exec:\rllxrfx.exe23⤵
- Executes dropped EXE
-
\??\c:\hbttnb.exec:\hbttnb.exe24⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\xxfxrfl.exec:\xxfxrfl.exe26⤵
- Executes dropped EXE
-
\??\c:\9hhhnn.exec:\9hhhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxrrrr.exec:\xfxrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnnnt.exec:\bnnnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe31⤵
- Executes dropped EXE
-
\??\c:\btbhbn.exec:\btbhbn.exe32⤵
- Executes dropped EXE
-
\??\c:\rxlxrrx.exec:\rxlxrrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbbtb.exec:\hbbbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\7vvvp.exec:\7vvvp.exe35⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xxflrfx.exec:\xxflrfx.exe37⤵
- Executes dropped EXE
-
\??\c:\xlrxxxf.exec:\xlrxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtttn.exec:\hbtttn.exe39⤵
- Executes dropped EXE
-
\??\c:\nttttn.exec:\nttttn.exe40⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe42⤵
- Executes dropped EXE
-
\??\c:\rfxfrxl.exec:\rfxfrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\tbbttn.exec:\tbbttn.exe44⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe46⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe47⤵
- Executes dropped EXE
-
\??\c:\7ffffff.exec:\7ffffff.exe48⤵
- Executes dropped EXE
-
\??\c:\1rrlfxx.exec:\1rrlfxx.exe49⤵
- Executes dropped EXE
-
\??\c:\tthhhh.exec:\tthhhh.exe50⤵
- Executes dropped EXE
-
\??\c:\tbnhnt.exec:\tbnhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\lxlrxlr.exec:\lxlrxlr.exe53⤵
- Executes dropped EXE
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe54⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe55⤵
- Executes dropped EXE
-
\??\c:\dpdvp.exec:\dpdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\djddv.exec:\djddv.exe57⤵
- Executes dropped EXE
-
\??\c:\rrlrrfx.exec:\rrlrrfx.exe58⤵
- Executes dropped EXE
-
\??\c:\lllrrrr.exec:\lllrrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbbntb.exec:\tbbntb.exe60⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe61⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe62⤵
- Executes dropped EXE
-
\??\c:\xrfrffl.exec:\xrfrffl.exe63⤵
- Executes dropped EXE
-
\??\c:\3lffxxx.exec:\3lffxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\3ntnbt.exec:\3ntnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\hnnbbb.exec:\hnnbbb.exe66⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe67⤵
-
\??\c:\rrlflxf.exec:\rrlflxf.exe68⤵
-
\??\c:\fxrxrlr.exec:\fxrxrlr.exe69⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe70⤵
-
\??\c:\djdvj.exec:\djdvj.exe71⤵
-
\??\c:\djjjj.exec:\djjjj.exe72⤵
-
\??\c:\xrllllf.exec:\xrllllf.exe73⤵
-
\??\c:\7xfxxxr.exec:\7xfxxxr.exe74⤵
-
\??\c:\btbttb.exec:\btbttb.exe75⤵
-
\??\c:\djvpj.exec:\djvpj.exe76⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe77⤵
-
\??\c:\llxxxxr.exec:\llxxxxr.exe78⤵
-
\??\c:\xllffrf.exec:\xllffrf.exe79⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe80⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe81⤵
-
\??\c:\9jjdd.exec:\9jjdd.exe82⤵
-
\??\c:\llrrlxf.exec:\llrrlxf.exe83⤵
-
\??\c:\5tttth.exec:\5tttth.exe84⤵
-
\??\c:\1jjdv.exec:\1jjdv.exe85⤵
-
\??\c:\lflfrxl.exec:\lflfrxl.exe86⤵
-
\??\c:\3ddpj.exec:\3ddpj.exe87⤵
-
\??\c:\flffxll.exec:\flffxll.exe88⤵
-
\??\c:\hhnnhh.exec:\hhnnhh.exe89⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe90⤵
-
\??\c:\rxxfxxl.exec:\rxxfxxl.exe91⤵
-
\??\c:\frrffff.exec:\frrffff.exe92⤵
-
\??\c:\5bbhhh.exec:\5bbhhh.exe93⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe94⤵
-
\??\c:\rfxfllr.exec:\rfxfllr.exe95⤵
-
\??\c:\xfrxfxx.exec:\xfrxfxx.exe96⤵
-
\??\c:\hbhnhn.exec:\hbhnhn.exe97⤵
-
\??\c:\btbbbb.exec:\btbbbb.exe98⤵
-
\??\c:\dppjd.exec:\dppjd.exe99⤵
-
\??\c:\bttbbb.exec:\bttbbb.exe100⤵
-
\??\c:\9dvpp.exec:\9dvpp.exe101⤵
-
\??\c:\pvpjj.exec:\pvpjj.exe102⤵
-
\??\c:\xxxxrlf.exec:\xxxxrlf.exe103⤵
-
\??\c:\9xrllll.exec:\9xrllll.exe104⤵
-
\??\c:\thbttt.exec:\thbttt.exe105⤵
-
\??\c:\dvddv.exec:\dvddv.exe106⤵
-
\??\c:\vjjjj.exec:\vjjjj.exe107⤵
-
\??\c:\flrlllf.exec:\flrlllf.exe108⤵
-
\??\c:\nhntnb.exec:\nhntnb.exe109⤵
-
\??\c:\bbtnhb.exec:\bbtnhb.exe110⤵
-
\??\c:\vjddv.exec:\vjddv.exe111⤵
-
\??\c:\9rxxrrf.exec:\9rxxrrf.exe112⤵
-
\??\c:\thnhtb.exec:\thnhtb.exe113⤵
-
\??\c:\vjppj.exec:\vjppj.exe114⤵
-
\??\c:\lrrrlxx.exec:\lrrrlxx.exe115⤵
-
\??\c:\hbnnht.exec:\hbnnht.exe116⤵
-
\??\c:\nhbbbb.exec:\nhbbbb.exe117⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe118⤵
-
\??\c:\xllffrl.exec:\xllffrl.exe119⤵
-
\??\c:\thnhtt.exec:\thnhtt.exe120⤵
-
\??\c:\ttbbth.exec:\ttbbth.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-