Analysis
-
max time kernel
150s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
06-06-2024 21:23
General
-
Target
1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe
-
Size
63KB
-
MD5
1bbfd0ca0a3151322a6522498592de10
-
SHA1
095759eeaebfcacc4e81c481d89de1fc127b28c8
-
SHA256
e863add68e6d290408035c6363bef0c9a4f2070ddc6d8f93fcc41ed306528bf9
-
SHA512
b74a4b257899ca31138070d4c1d09856c6cb60a106a58975574313ea7923e5e7573d76544473397f2f017e715e6f1a78670aa00cc49b8ebd77388f297b029b58
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bL6Nf:ymb3NkkiQ3mdBjFIugph
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvp.exec:\dvdvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhnbn.exec:\bbhnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdjd.exec:\jvdjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflfff.exec:\xfflfff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thhtn.exec:\1thhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpj.exec:\dpjpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlxxfl.exec:\3rlxxfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrrrx.exec:\7lrrrrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhbtb.exec:\bhhbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjj.exec:\vdpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlllll.exec:\frlllll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhnt.exec:\hnhhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjd.exec:\vpdjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxllrf.exec:\rxxllrf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ntnhn.exec:\1ntnhn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhtbn.exec:\3nhtbn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjdj.exec:\3vjdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflllr.exec:\xrflllr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbttn.exec:\bnbttn.exe23⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe24⤵
- Executes dropped EXE
-
\??\c:\frxrrrx.exec:\frxrrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhbhh.exec:\bbhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe27⤵
- Executes dropped EXE
-
\??\c:\ppppj.exec:\ppppj.exe28⤵
- Executes dropped EXE
-
\??\c:\3flfrrr.exec:\3flfrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\lrxxlxx.exec:\lrxxlxx.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtnhh.exec:\hbtnhh.exe31⤵
- Executes dropped EXE
-
\??\c:\dppjd.exec:\dppjd.exe32⤵
- Executes dropped EXE
-
\??\c:\xxfxrrf.exec:\xxfxrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\ntbtnt.exec:\ntbtnt.exe34⤵
- Executes dropped EXE
-
\??\c:\pjppj.exec:\pjppj.exe35⤵
- Executes dropped EXE
-
\??\c:\pddvd.exec:\pddvd.exe36⤵
- Executes dropped EXE
-
\??\c:\3xllxxf.exec:\3xllxxf.exe37⤵
- Executes dropped EXE
-
\??\c:\xflflrx.exec:\xflflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\nbtbhn.exec:\nbtbhn.exe39⤵
- Executes dropped EXE
-
\??\c:\3djdv.exec:\3djdv.exe40⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\fxllxrf.exec:\fxllxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\lfffrlr.exec:\lfffrlr.exe43⤵
- Executes dropped EXE
-
\??\c:\btttnh.exec:\btttnh.exe44⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrrrxx.exec:\lrrrrxx.exe47⤵
- Executes dropped EXE
-
\??\c:\ntbhhh.exec:\ntbhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe50⤵
- Executes dropped EXE
-
\??\c:\frllxlx.exec:\frllxlx.exe51⤵
- Executes dropped EXE
-
\??\c:\lrxxflr.exec:\lrxxflr.exe52⤵
- Executes dropped EXE
-
\??\c:\ttbbnb.exec:\ttbbnb.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe55⤵
- Executes dropped EXE
-
\??\c:\3xxfrll.exec:\3xxfrll.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhhnn.exec:\bbhhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\hhttth.exec:\hhttth.exe58⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe59⤵
- Executes dropped EXE
-
\??\c:\vvdjp.exec:\vvdjp.exe60⤵
- Executes dropped EXE
-
\??\c:\frxxrrr.exec:\frxxrrr.exe61⤵
- Executes dropped EXE
-
\??\c:\9fllxfx.exec:\9fllxfx.exe62⤵
- Executes dropped EXE
-
\??\c:\7tbbtb.exec:\7tbbtb.exe63⤵
- Executes dropped EXE
-
\??\c:\1ppjj.exec:\1ppjj.exe64⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\1fxrrfl.exec:\1fxrrfl.exe66⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe67⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe68⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe69⤵
-
\??\c:\vvppj.exec:\vvppj.exe70⤵
-
\??\c:\rrxfflx.exec:\rrxfflx.exe71⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe72⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe73⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe74⤵
-
\??\c:\5xffxxx.exec:\5xffxxx.exe75⤵
-
\??\c:\1tbttb.exec:\1tbttb.exe76⤵
-
\??\c:\thntnh.exec:\thntnh.exe77⤵
-
\??\c:\9jppj.exec:\9jppj.exe78⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe79⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe80⤵
-
\??\c:\pdpvd.exec:\pdpvd.exe81⤵
-
\??\c:\fxffxxx.exec:\fxffxxx.exe82⤵
-
\??\c:\3lxxfff.exec:\3lxxfff.exe83⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe84⤵
-
\??\c:\djdvv.exec:\djdvv.exe85⤵
-
\??\c:\xlrxxff.exec:\xlrxxff.exe86⤵
-
\??\c:\xllfxfr.exec:\xllfxfr.exe87⤵
-
\??\c:\htnhnn.exec:\htnhnn.exe88⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe89⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe90⤵
-
\??\c:\lllxxxr.exec:\lllxxxr.exe91⤵
-
\??\c:\hthtnb.exec:\hthtnb.exe92⤵
-
\??\c:\htbhnb.exec:\htbhnb.exe93⤵
-
\??\c:\1jpjj.exec:\1jpjj.exe94⤵
-
\??\c:\7dpjv.exec:\7dpjv.exe95⤵
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe96⤵
-
\??\c:\7rffxxx.exec:\7rffxxx.exe97⤵
-
\??\c:\9bbbnn.exec:\9bbbnn.exe98⤵
-
\??\c:\thnnbb.exec:\thnnbb.exe99⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe100⤵
-
\??\c:\xlrlrxx.exec:\xlrlrxx.exe101⤵
-
\??\c:\thhhbb.exec:\thhhbb.exe102⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe103⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe104⤵
-
\??\c:\lrrlfff.exec:\lrrlfff.exe105⤵
-
\??\c:\9rffxxr.exec:\9rffxxr.exe106⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe107⤵
-
\??\c:\1bntnn.exec:\1bntnn.exe108⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe109⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe110⤵
-
\??\c:\xfxrlrl.exec:\xfxrlrl.exe111⤵
-
\??\c:\hntbnn.exec:\hntbnn.exe112⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe113⤵
-
\??\c:\vjddj.exec:\vjddj.exe114⤵
-
\??\c:\djvpj.exec:\djvpj.exe115⤵
-
\??\c:\ffllxxx.exec:\ffllxxx.exe116⤵
-
\??\c:\lfffxxf.exec:\lfffxxf.exe117⤵
-
\??\c:\btbhbt.exec:\btbhbt.exe118⤵
-
\??\c:\7dvvp.exec:\7dvvp.exe119⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe120⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-