Analysis
-
max time kernel
150s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
14/06/2024, 10:12
General
-
Target
b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe
-
Size
966KB
-
MD5
b716963946e2f99989a6f17de94f25e0
-
SHA1
0426d4d8bb38f8b4196f82c7b9cf433470153007
-
SHA256
22f3dcfa88dd3d383c587f562a1cadc08a00fac24d794f51cf4f1921fdba9e5d
-
SHA512
6f4cf78cc82e8a5a98222b3f9e5b546d36133c728963c7067e1335af04ba5b1d54228ca3fa68a543a93db0ef9e41bb09e8db07f34cbb158783a0c3ee66fb94c9
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWpw:SgdnJVwLgdnJq9fu3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhh.exec:\bhtnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnh.exec:\nhhtnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdp.exec:\jjvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbtn.exec:\hnnbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpd.exec:\vddpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppd.exec:\jpppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhn.exec:\tnnnhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnbb.exec:\bntnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffxlfr.exec:\rffxlfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxllfr.exec:\1rxllfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnb.exec:\hbhbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvd.exec:\vddvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xxlxxl.exec:\7xxlxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhbt.exec:\9nnhbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvj.exec:\vjjvj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvddv.exec:\pvddv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvp.exec:\dddvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe23⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe25⤵
- Executes dropped EXE
-
\??\c:\lrlrfrf.exec:\lrlrfrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrrlffr.exec:\xrrlffr.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnbbt.exec:\nbnbbt.exe29⤵
- Executes dropped EXE
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhbnb.exec:\nhhbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\vdpvv.exec:\vdpvv.exe32⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe33⤵
- Executes dropped EXE
-
\??\c:\9ffxrrl.exec:\9ffxrrl.exe34⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe35⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe36⤵
- Executes dropped EXE
-
\??\c:\llrfrfl.exec:\llrfrfl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbntn.exec:\tnbntn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpvpj.exec:\vpvpj.exe39⤵
- Executes dropped EXE
-
\??\c:\7nthtt.exec:\7nthtt.exe40⤵
- Executes dropped EXE
-
\??\c:\3ntnht.exec:\3ntnht.exe41⤵
- Executes dropped EXE
-
\??\c:\llrlfxr.exec:\llrlfxr.exe42⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe43⤵
- Executes dropped EXE
-
\??\c:\ffllxrl.exec:\ffllxrl.exe44⤵
- Executes dropped EXE
-
\??\c:\tntnhh.exec:\tntnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe46⤵
- Executes dropped EXE
-
\??\c:\lrrfxrl.exec:\lrrfxrl.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe48⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe49⤵
- Executes dropped EXE
-
\??\c:\1nnhnb.exec:\1nnhnb.exe50⤵
- Executes dropped EXE
-
\??\c:\pvdjv.exec:\pvdjv.exe51⤵
- Executes dropped EXE
-
\??\c:\xrrllll.exec:\xrrllll.exe52⤵
- Executes dropped EXE
-
\??\c:\btnhbt.exec:\btnhbt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpjj.exec:\pjpjj.exe54⤵
- Executes dropped EXE
-
\??\c:\llrlxxf.exec:\llrlxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\3bbbtt.exec:\3bbbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\1jjdj.exec:\1jjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\rflllll.exec:\rflllll.exe58⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe59⤵
- Executes dropped EXE
-
\??\c:\xlrlfxl.exec:\xlrlfxl.exe60⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe62⤵
- Executes dropped EXE
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\tthbtn.exec:\tthbtn.exe64⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe66⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe67⤵
-
\??\c:\3lrlxrf.exec:\3lrlxrf.exe68⤵
-
\??\c:\thbtnh.exec:\thbtnh.exe69⤵
-
\??\c:\jddpv.exec:\jddpv.exe70⤵
-
\??\c:\lflfxrl.exec:\lflfxrl.exe71⤵
-
\??\c:\ntbnht.exec:\ntbnht.exe72⤵
-
\??\c:\djjvp.exec:\djjvp.exe73⤵
-
\??\c:\3rxrxxx.exec:\3rxrxxx.exe74⤵
-
\??\c:\dddvp.exec:\dddvp.exe75⤵
-
\??\c:\jddpd.exec:\jddpd.exe76⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe77⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe78⤵
-
\??\c:\lfxrlfx.exec:\lfxrlfx.exe79⤵
-
\??\c:\9tnbbt.exec:\9tnbbt.exe80⤵
-
\??\c:\ppvjd.exec:\ppvjd.exe81⤵
-
\??\c:\rfrflff.exec:\rfrflff.exe82⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe83⤵
-
\??\c:\vddvp.exec:\vddvp.exe84⤵
-
\??\c:\lffffxf.exec:\lffffxf.exe85⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe86⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe87⤵
-
\??\c:\1llxrfr.exec:\1llxrfr.exe88⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe89⤵
-
\??\c:\rflxrxl.exec:\rflxrxl.exe90⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe91⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe92⤵
-
\??\c:\xffxllf.exec:\xffxllf.exe93⤵
-
\??\c:\thbthb.exec:\thbthb.exe94⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe95⤵
-
\??\c:\rrfxrlx.exec:\rrfxrlx.exe96⤵
-
\??\c:\thhtnh.exec:\thhtnh.exe97⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe98⤵
-
\??\c:\fxxrfxl.exec:\fxxrfxl.exe99⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe100⤵
-
\??\c:\lllxfff.exec:\lllxfff.exe101⤵
-
\??\c:\ntbtnh.exec:\ntbtnh.exe102⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe103⤵
-
\??\c:\5rlrlff.exec:\5rlrlff.exe104⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe105⤵
-
\??\c:\xffrlfx.exec:\xffrlfx.exe106⤵
-
\??\c:\thnbtn.exec:\thnbtn.exe107⤵
-
\??\c:\dppjd.exec:\dppjd.exe108⤵
-
\??\c:\9rlfrrl.exec:\9rlfrrl.exe109⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe110⤵
-
\??\c:\jdddd.exec:\jdddd.exe111⤵
-
\??\c:\xffxxrr.exec:\xffxxrr.exe112⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe113⤵
-
\??\c:\xrfxlll.exec:\xrfxlll.exe114⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe115⤵
-
\??\c:\jpvpd.exec:\jpvpd.exe116⤵
-
\??\c:\bhtnhb.exec:\bhtnhb.exe117⤵
-
\??\c:\jpddv.exec:\jpddv.exe118⤵
-
\??\c:\9rfxrrl.exec:\9rfxrrl.exe119⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe120⤵
-
\??\c:\7dvjj.exec:\7dvjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-