Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11-06-2024 21:36
General
-
Target
057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe
-
Size
97KB
-
MD5
057896b0f30d41dffa75ed43f6d705c0
-
SHA1
6112cae62d31a700cb740fd6141024a1f16dcca7
-
SHA256
a5d605a6b1a15743a8e046db4c9686dc60972d130af93c9191ebc7360345140b
-
SHA512
4f3907e8308fc9ab6cc4698b521b24e459c2858a3446ab49fc13f3765cee5f7dfd8fe51ead891e802a458d42936e327e998554099aacd58716184c7c6db3869c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dta:ymb3NkkiQ3mdBjFIWeFGyAsJAg2a
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhbtn.exec:\hnhbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfllf.exec:\xrlfllf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnhh.exec:\tbtnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnbb.exec:\nttnbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxlxx.exec:\xfrxlxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhhtt.exec:\bbhhtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhtn.exec:\tnnhtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpd.exec:\jpvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrxfl.exec:\ffxrxfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfffx.exec:\xflfffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhb.exec:\hhnnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrrrf.exec:\xrxrrrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbttt.exec:\bbbttt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnb.exec:\thnhnb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpdv.exec:\jjpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpj.exec:\vvjpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrrl.exec:\xrlfrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnttnn.exec:\bnttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe23⤵
- Executes dropped EXE
-
\??\c:\rfxfxrl.exec:\rfxfxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\nbhhbn.exec:\nbhhbn.exe25⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe26⤵
- Executes dropped EXE
-
\??\c:\vjdvp.exec:\vjdvp.exe27⤵
- Executes dropped EXE
-
\??\c:\xfrfxrf.exec:\xfrfxrf.exe28⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe29⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\xlrrfxr.exec:\xlrrfxr.exe32⤵
- Executes dropped EXE
-
\??\c:\thhnbt.exec:\thhnbt.exe33⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe35⤵
- Executes dropped EXE
-
\??\c:\lxfrllx.exec:\lxfrllx.exe36⤵
- Executes dropped EXE
-
\??\c:\3lxrllf.exec:\3lxrllf.exe37⤵
- Executes dropped EXE
-
\??\c:\htbbhb.exec:\htbbhb.exe38⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe39⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe41⤵
- Executes dropped EXE
-
\??\c:\frlfrrl.exec:\frlfrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\nntnhn.exec:\nntnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvvp.exec:\vpvvp.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe46⤵
- Executes dropped EXE
-
\??\c:\ffllfxr.exec:\ffllfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\llllfll.exec:\llllfll.exe48⤵
- Executes dropped EXE
-
\??\c:\ttbhhh.exec:\ttbhhh.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\pdjjp.exec:\pdjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\ppddv.exec:\ppddv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxlllff.exec:\lxlllff.exe53⤵
- Executes dropped EXE
-
\??\c:\lffffrr.exec:\lffffrr.exe54⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe56⤵
- Executes dropped EXE
-
\??\c:\9ppjd.exec:\9ppjd.exe57⤵
- Executes dropped EXE
-
\??\c:\1jppj.exec:\1jppj.exe58⤵
- Executes dropped EXE
-
\??\c:\flxrflr.exec:\flxrflr.exe59⤵
- Executes dropped EXE
-
\??\c:\ffllllf.exec:\ffllllf.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhhhh.exec:\hhhhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\9nnhbh.exec:\9nnhbh.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjpp.exec:\pjjpp.exe63⤵
- Executes dropped EXE
-
\??\c:\5vjjv.exec:\5vjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\lrffxrr.exec:\lrffxrr.exe65⤵
- Executes dropped EXE
-
\??\c:\xfrrrxx.exec:\xfrrrxx.exe66⤵
-
\??\c:\hthhhb.exec:\hthhhb.exe67⤵
-
\??\c:\hnnhbb.exec:\hnnhbb.exe68⤵
-
\??\c:\pvdvp.exec:\pvdvp.exe69⤵
-
\??\c:\9jpvv.exec:\9jpvv.exe70⤵
-
\??\c:\rxffxll.exec:\rxffxll.exe71⤵
-
\??\c:\xxxfffr.exec:\xxxfffr.exe72⤵
-
\??\c:\fflllrl.exec:\fflllrl.exe73⤵
-
\??\c:\hhhhbn.exec:\hhhhbn.exe74⤵
-
\??\c:\hhbnnt.exec:\hhbnnt.exe75⤵
-
\??\c:\1vppd.exec:\1vppd.exe76⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe77⤵
-
\??\c:\9frrxxx.exec:\9frrxxx.exe78⤵
-
\??\c:\ffxxlrl.exec:\ffxxlrl.exe79⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe80⤵
-
\??\c:\tntttt.exec:\tntttt.exe81⤵
-
\??\c:\ddddj.exec:\ddddj.exe82⤵
-
\??\c:\ppppp.exec:\ppppp.exe83⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe84⤵
-
\??\c:\rrfxflr.exec:\rrfxflr.exe85⤵
-
\??\c:\rrffxll.exec:\rrffxll.exe86⤵
-
\??\c:\5hhbtt.exec:\5hhbtt.exe87⤵
-
\??\c:\nnnhhh.exec:\nnnhhh.exe88⤵
-
\??\c:\vvddj.exec:\vvddj.exe89⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe90⤵
-
\??\c:\fxrlffr.exec:\fxrlffr.exe91⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe92⤵
-
\??\c:\lxfffll.exec:\lxfffll.exe93⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe94⤵
-
\??\c:\vvddd.exec:\vvddd.exe95⤵
-
\??\c:\jpddd.exec:\jpddd.exe96⤵
-
\??\c:\7pddj.exec:\7pddj.exe97⤵
-
\??\c:\9lllxff.exec:\9lllxff.exe98⤵
-
\??\c:\7xlfllr.exec:\7xlfllr.exe99⤵
-
\??\c:\3nbbtn.exec:\3nbbtn.exe100⤵
-
\??\c:\tbhbtt.exec:\tbhbtt.exe101⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe102⤵
-
\??\c:\pdddv.exec:\pdddv.exe103⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe104⤵
-
\??\c:\rfrxrxx.exec:\rfrxrxx.exe105⤵
-
\??\c:\bthhth.exec:\bthhth.exe106⤵
-
\??\c:\nbhbth.exec:\nbhbth.exe107⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe108⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe109⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe110⤵
-
\??\c:\ffflfff.exec:\ffflfff.exe111⤵
-
\??\c:\xrrllrr.exec:\xrrllrr.exe112⤵
-
\??\c:\bbbttt.exec:\bbbttt.exe113⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe114⤵
-
\??\c:\nbhnnt.exec:\nbhnnt.exe115⤵
-
\??\c:\7vvjp.exec:\7vvjp.exe116⤵
-
\??\c:\vjddd.exec:\vjddd.exe117⤵
-
\??\c:\xrlrrrl.exec:\xrlrrrl.exe118⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe119⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe120⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-