Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
04-06-2024 01:43
General
-
Target
1e4396f9762910d948b9ac3f4d102440_NeikiAnalytics.exe
-
Size
234KB
-
MD5
1e4396f9762910d948b9ac3f4d102440
-
SHA1
c36446138cd462cef6a226a8697217558adbb933
-
SHA256
42a3e7b46f0cde7079020d42b5915a357b32a8ddc7ac9661dcc88921b2136a85
-
SHA512
26e9690e006f8b4ff8b647483b3eed9bd2dcf237e5bf8bc9915c14abd1a800ea661bd18feed11ad8dabd6f407fcc1415e6c8e518a6e3498a5a20b84429fb740a
-
SSDEEP
6144:kcm4FmowdHoSSGpJw4PqhraHcpOmFTHDGYhEf5X2a1:y4wFHoSSGpJwGeeFmFTNAp2G
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1e4396f9762910d948b9ac3f4d102440_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1e4396f9762910d948b9ac3f4d102440_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frlfxxx.exec:\frlfxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrfrl.exec:\frxrfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpjd.exec:\djpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxxlfl.exec:\lxxxlfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthhb.exec:\hhthhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdvd.exec:\9vdvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddj.exec:\jdddj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlfxr.exec:\lrrlfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhbt.exec:\9hnhbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvvp.exec:\5pvvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpj.exec:\dpvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrllr.exec:\frxrllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtt.exec:\tnnhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvj.exec:\pjdvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflfl.exec:\fxlflfl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ntnnt.exec:\7ntnnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjd.exec:\7ppjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfffll.exec:\rxfffll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhnh.exec:\hthhnh.exe23⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe24⤵
- Executes dropped EXE
-
\??\c:\frxrflf.exec:\frxrflf.exe25⤵
- Executes dropped EXE
-
\??\c:\frllfxx.exec:\frllfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnbtnh.exec:\bnbtnh.exe27⤵
- Executes dropped EXE
-
\??\c:\pvpjd.exec:\pvpjd.exe28⤵
- Executes dropped EXE
-
\??\c:\xfxxxxx.exec:\xfxxxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\lxxrlrf.exec:\lxxrlrf.exe30⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe31⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe32⤵
- Executes dropped EXE
-
\??\c:\9lrffff.exec:\9lrffff.exe33⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe34⤵
- Executes dropped EXE
-
\??\c:\bhbbnn.exec:\bhbbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe36⤵
- Executes dropped EXE
-
\??\c:\7ffxrlf.exec:\7ffxrlf.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxxxxf.exec:\xrxxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\ththth.exec:\ththth.exe39⤵
- Executes dropped EXE
-
\??\c:\3hhnhb.exec:\3hhnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe41⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe42⤵
- Executes dropped EXE
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe43⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\1rlrrff.exec:\1rlrrff.exe47⤵
- Executes dropped EXE
-
\??\c:\xxxrlrx.exec:\xxxrlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbnhhh.exec:\bbnhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\tthbtt.exec:\tthbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe51⤵
- Executes dropped EXE
-
\??\c:\3fxlffr.exec:\3fxlffr.exe52⤵
- Executes dropped EXE
-
\??\c:\xxxfffr.exec:\xxxfffr.exe53⤵
- Executes dropped EXE
-
\??\c:\ntbtnn.exec:\ntbtnn.exe54⤵
- Executes dropped EXE
-
\??\c:\7hnhbt.exec:\7hnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\pvddd.exec:\pvddd.exe57⤵
- Executes dropped EXE
-
\??\c:\rffrrrf.exec:\rffrrrf.exe58⤵
- Executes dropped EXE
-
\??\c:\bnbhbn.exec:\bnbhbn.exe59⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\rrlffxx.exec:\rrlffxx.exe63⤵
- Executes dropped EXE
-
\??\c:\bhhtbt.exec:\bhhtbt.exe64⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe66⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe67⤵
-
\??\c:\lffxrrl.exec:\lffxrrl.exe68⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe69⤵
-
\??\c:\httnhh.exec:\httnhh.exe70⤵
-
\??\c:\1pvpj.exec:\1pvpj.exe71⤵
-
\??\c:\jddvp.exec:\jddvp.exe72⤵
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe73⤵
-
\??\c:\3xxrllf.exec:\3xxrllf.exe74⤵
-
\??\c:\ntnbtt.exec:\ntnbtt.exe75⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe76⤵
-
\??\c:\pppjj.exec:\pppjj.exe77⤵
-
\??\c:\5pvvv.exec:\5pvvv.exe78⤵
-
\??\c:\xrfxrlf.exec:\xrfxrlf.exe79⤵
-
\??\c:\9lffxxl.exec:\9lffxxl.exe80⤵
-
\??\c:\bnhtbh.exec:\bnhtbh.exe81⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe82⤵
-
\??\c:\vjjvp.exec:\vjjvp.exe83⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe84⤵
-
\??\c:\rffrlxx.exec:\rffrlxx.exe85⤵
-
\??\c:\lffrfxx.exec:\lffrfxx.exe86⤵
-
\??\c:\3bnhtn.exec:\3bnhtn.exe87⤵
-
\??\c:\nnbttt.exec:\nnbttt.exe88⤵
-
\??\c:\pvddp.exec:\pvddp.exe89⤵
-
\??\c:\7ddpd.exec:\7ddpd.exe90⤵
-
\??\c:\xlfxrlf.exec:\xlfxrlf.exe91⤵
-
\??\c:\lxrfxfr.exec:\lxrfxfr.exe92⤵
-
\??\c:\3ttnnh.exec:\3ttnnh.exe93⤵
-
\??\c:\hnbnnh.exec:\hnbnnh.exe94⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe95⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe96⤵
-
\??\c:\xrlxxrr.exec:\xrlxxrr.exe97⤵
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe98⤵
-
\??\c:\nnnbtn.exec:\nnnbtn.exe99⤵
-
\??\c:\bnthbt.exec:\bnthbt.exe100⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe101⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe102⤵
-
\??\c:\flfxlfr.exec:\flfxlfr.exe103⤵
-
\??\c:\3fflxrl.exec:\3fflxrl.exe104⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe105⤵
-
\??\c:\tnnnhh.exec:\tnnnhh.exe106⤵
-
\??\c:\bnnbtn.exec:\bnnbtn.exe107⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe108⤵
-
\??\c:\flrrrrl.exec:\flrrrrl.exe109⤵
-
\??\c:\9xxllfr.exec:\9xxllfr.exe110⤵
-
\??\c:\1hhhbb.exec:\1hhhbb.exe111⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe112⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe113⤵
-
\??\c:\3pjdv.exec:\3pjdv.exe114⤵
-
\??\c:\djjdj.exec:\djjdj.exe115⤵
-
\??\c:\rfrlrlx.exec:\rfrlrlx.exe116⤵
-
\??\c:\fllxrlf.exec:\fllxrlf.exe117⤵
-
\??\c:\hnhhtn.exec:\hnhhtn.exe118⤵
-
\??\c:\bhtnhn.exec:\bhtnhn.exe119⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe120⤵
-
\??\c:\jppjv.exec:\jppjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-