Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
11/06/2024, 04:50
General
-
Target
282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe
-
Size
213KB
-
MD5
282e4aa73ec2168ee75b4a71261b2dd0
-
SHA1
12b5509d7feb5644fa039ac9db93cdd24172db95
-
SHA256
682c6424ab9a6f9e38b1d152a68b687cf1556f0319312c02bb2a7f2604a54999
-
SHA512
97ac75f68e61eef0f10760b85a005adf77f2961af1b61513f4d9104da15aa826e585fed18c9e523fa7cb3652e79e18d7acd59e8108ea9e48d087c279c8c3ed58
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmABvW:n3C9BRIG0asYFm71m8+GdkB9EBe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrfrfr.exec:\ffrfrfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntht.exec:\hhntht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddpj.exec:\9ddpj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxffl.exec:\7ffxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tthbt.exec:\1tthbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpjv.exec:\9vpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ffxffx.exec:\7ffxffx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrllr.exec:\xxfrllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtntt.exec:\nbtntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbb.exec:\hbhbbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfxxr.exec:\fflfxxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrlxr.exec:\xrxrlxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnhn.exec:\btbnhn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbtn.exec:\btnbtn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdp.exec:\dvpdp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdv.exec:\jvjdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrf.exec:\xllfrrf.exe23⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe25⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\frxrxrl.exec:\frxrxrl.exe27⤵
- Executes dropped EXE
-
\??\c:\1llfxrl.exec:\1llfxrl.exe28⤵
- Executes dropped EXE
-
\??\c:\btthtt.exec:\btthtt.exe29⤵
- Executes dropped EXE
-
\??\c:\1bbtbb.exec:\1bbtbb.exe30⤵
- Executes dropped EXE
-
\??\c:\pjjvj.exec:\pjjvj.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvjj.exec:\jdvjj.exe32⤵
- Executes dropped EXE
-
\??\c:\lllxrlf.exec:\lllxrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe34⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe35⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe36⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\rfllffx.exec:\rfllffx.exe39⤵
- Executes dropped EXE
-
\??\c:\5hnbnn.exec:\5hnbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\9ntnbb.exec:\9ntnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\vdjvd.exec:\vdjvd.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlffxx.exec:\xrlffxx.exe43⤵
- Executes dropped EXE
-
\??\c:\5lfxflf.exec:\5lfxflf.exe44⤵
- Executes dropped EXE
-
\??\c:\bthbtt.exec:\bthbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\3fxlffr.exec:\3fxlffr.exe48⤵
- Executes dropped EXE
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe49⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\9pvpv.exec:\9pvpv.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxrrll.exec:\rlxrrll.exe52⤵
- Executes dropped EXE
-
\??\c:\rllfxrl.exec:\rllfxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe54⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe55⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\xfrlfxx.exec:\xfrlfxx.exe57⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe59⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe60⤵
- Executes dropped EXE
-
\??\c:\frrxrlf.exec:\frrxrlf.exe61⤵
- Executes dropped EXE
-
\??\c:\7bhhnt.exec:\7bhhnt.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\fxlffxx.exec:\fxlffxx.exe64⤵
- Executes dropped EXE
-
\??\c:\3llfxrl.exec:\3llfxrl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe66⤵
-
\??\c:\jvdpd.exec:\jvdpd.exe67⤵
-
\??\c:\xfxrrxx.exec:\xfxrrxx.exe68⤵
-
\??\c:\rrrllll.exec:\rrrllll.exe69⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe70⤵
-
\??\c:\9xffrrf.exec:\9xffrrf.exe71⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe72⤵
-
\??\c:\hthhtn.exec:\hthhtn.exe73⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe74⤵
-
\??\c:\xxllflf.exec:\xxllflf.exe75⤵
-
\??\c:\llxflrl.exec:\llxflrl.exe76⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe77⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe78⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe79⤵
-
\??\c:\lrxrlfx.exec:\lrxrlfx.exe80⤵
-
\??\c:\nbhbtb.exec:\nbhbtb.exe81⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe82⤵
-
\??\c:\djdvp.exec:\djdvp.exe83⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe84⤵
-
\??\c:\3rrllrr.exec:\3rrllrr.exe85⤵
-
\??\c:\thhbtn.exec:\thhbtn.exe86⤵
-
\??\c:\vvvvp.exec:\vvvvp.exe87⤵
-
\??\c:\1vdpj.exec:\1vdpj.exe88⤵
-
\??\c:\5lrrrxx.exec:\5lrrrxx.exe89⤵
-
\??\c:\7flfxxr.exec:\7flfxxr.exe90⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe91⤵
-
\??\c:\3bbtnt.exec:\3bbtnt.exe92⤵
-
\??\c:\pppjd.exec:\pppjd.exe93⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe94⤵
-
\??\c:\fflfrrr.exec:\fflfrrr.exe95⤵
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe96⤵
-
\??\c:\nnbbbt.exec:\nnbbbt.exe97⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe98⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe99⤵
-
\??\c:\fxlfxfx.exec:\fxlfxfx.exe100⤵
-
\??\c:\rrxrxxf.exec:\rrxrxxf.exe101⤵
-
\??\c:\bbnnht.exec:\bbnnht.exe102⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe103⤵
-
\??\c:\nhtnhh.exec:\nhtnhh.exe104⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe105⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe106⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe107⤵
-
\??\c:\rlfllll.exec:\rlfllll.exe108⤵
-
\??\c:\nnnhtt.exec:\nnnhtt.exe109⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe110⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe111⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe112⤵
-
\??\c:\lrfffff.exec:\lrfffff.exe113⤵
-
\??\c:\rlllllf.exec:\rlllllf.exe114⤵
-
\??\c:\hhtnnn.exec:\hhtnnn.exe115⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe116⤵
-
\??\c:\vjppp.exec:\vjppp.exe117⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe118⤵
-
\??\c:\rxxfrrr.exec:\rxxfrrr.exe119⤵
-
\??\c:\lxffffx.exec:\lxffffx.exe120⤵
-
\??\c:\1tnnhh.exec:\1tnnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-