Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
16/06/2024, 06:32
General
-
Target
dd2fe987376375b3a8651e640e6ba120_NeikiAnalytics.exe
-
Size
65KB
-
MD5
dd2fe987376375b3a8651e640e6ba120
-
SHA1
c278d7e463beb0338b304ad2defe9b08de4de80b
-
SHA256
dc8f86ad5882d53d6c8eb3a4d63e8e06af674815cfe675ace2861009e8ab7349
-
SHA512
4064337e688b7e62c33637348b20c8770f86ef0ba6605c1fa13c6501fa61da705572bce2b5f6ca184b9abcb97a3a2adae830113eb3b85223cf0e49d9b85b58d0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh12j:ymb3NkkiQ3mdBjFIFdJma
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd2fe987376375b3a8651e640e6ba120_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\dd2fe987376375b3a8651e640e6ba120_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjd.exec:\7jpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxffx.exec:\rxxxffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxffxl.exec:\rfxffxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhhb.exec:\bnnhhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbn.exec:\thttbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfxlfl.exec:\3xfxlfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbt.exec:\nhnhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1djdj.exec:\1djdj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrrr.exec:\rrffrrr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthbh.exec:\hbthbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbt.exec:\nbtnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvdp.exec:\jvvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxlfr.exec:\lrlxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttnhb.exec:\tttnhb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjd.exec:\pjjjd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrlffx.exec:\frrlffx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlflf.exec:\xxrlflf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htnhh.exec:\7htnhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrlr.exec:\xrrlrlr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhbnt.exec:\hhhbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe24⤵
- Executes dropped EXE
-
\??\c:\jdjdp.exec:\jdjdp.exe25⤵
- Executes dropped EXE
-
\??\c:\5rrrlrr.exec:\5rrrlrr.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhhhn.exec:\hbhhhn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rflffll.exec:\rflffll.exe29⤵
- Executes dropped EXE
-
\??\c:\tthhnt.exec:\tthhnt.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhbhb.exec:\hhhbhb.exe31⤵
- Executes dropped EXE
-
\??\c:\5pppp.exec:\5pppp.exe32⤵
- Executes dropped EXE
-
\??\c:\9frrfll.exec:\9frrfll.exe33⤵
- Executes dropped EXE
-
\??\c:\7ttnnn.exec:\7ttnnn.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnhbb.exec:\hnnhbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe37⤵
- Executes dropped EXE
-
\??\c:\rfxrffr.exec:\rfxrffr.exe38⤵
- Executes dropped EXE
-
\??\c:\lllffff.exec:\lllffff.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnbnb.exec:\nhnbnb.exe40⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe41⤵
- Executes dropped EXE
-
\??\c:\9pjdp.exec:\9pjdp.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\9bhhtt.exec:\9bhhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbnhb.exec:\tnbnhb.exe46⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe47⤵
- Executes dropped EXE
-
\??\c:\lrrfrlx.exec:\lrrfrlx.exe48⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe49⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe52⤵
- Executes dropped EXE
-
\??\c:\3xrxlfx.exec:\3xrxlfx.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxfrfl.exec:\ffxfrfl.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhthn.exec:\nhhthn.exe55⤵
- Executes dropped EXE
-
\??\c:\pvppp.exec:\pvppp.exe56⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe57⤵
- Executes dropped EXE
-
\??\c:\3xrlxxx.exec:\3xrlxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\rlllffx.exec:\rlllffx.exe59⤵
- Executes dropped EXE
-
\??\c:\3nhnhn.exec:\3nhnhn.exe60⤵
- Executes dropped EXE
-
\??\c:\thttht.exec:\thttht.exe61⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe62⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\rrxrrxx.exec:\rrxrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\5lllfxl.exec:\5lllfxl.exe65⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe66⤵
-
\??\c:\dppjd.exec:\dppjd.exe67⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe68⤵
-
\??\c:\xllllrx.exec:\xllllrx.exe69⤵
-
\??\c:\nnhbtt.exec:\nnhbtt.exe70⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe71⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe72⤵
-
\??\c:\3jvjd.exec:\3jvjd.exe73⤵
-
\??\c:\rfxffxr.exec:\rfxffxr.exe74⤵
-
\??\c:\frxrllf.exec:\frxrllf.exe75⤵
-
\??\c:\hntnnt.exec:\hntnnt.exe76⤵
-
\??\c:\hnbthn.exec:\hnbthn.exe77⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe78⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe79⤵
-
\??\c:\rlllxxx.exec:\rlllxxx.exe80⤵
-
\??\c:\rlfxllf.exec:\rlfxllf.exe81⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe82⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe83⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe84⤵
-
\??\c:\lxllrfr.exec:\lxllrfr.exe85⤵
-
\??\c:\frrllfr.exec:\frrllfr.exe86⤵
-
\??\c:\nhbtbh.exec:\nhbtbh.exe87⤵
-
\??\c:\hbthbt.exec:\hbthbt.exe88⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe89⤵
-
\??\c:\xrxrffl.exec:\xrxrffl.exe90⤵
-
\??\c:\9hhtnb.exec:\9hhtnb.exe91⤵
-
\??\c:\bbbtbb.exec:\bbbtbb.exe92⤵
-
\??\c:\3dvpd.exec:\3dvpd.exe93⤵
-
\??\c:\frrlrrf.exec:\frrlrrf.exe94⤵
-
\??\c:\rxrflrf.exec:\rxrflrf.exe95⤵
-
\??\c:\nhbtnt.exec:\nhbtnt.exe96⤵
-
\??\c:\7tthtn.exec:\7tthtn.exe97⤵
-
\??\c:\jvpdd.exec:\jvpdd.exe98⤵
-
\??\c:\lffxrlx.exec:\lffxrlx.exe99⤵
-
\??\c:\tthhbt.exec:\tthhbt.exe100⤵
-
\??\c:\nnhthh.exec:\nnhthh.exe101⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe102⤵
-
\??\c:\xfxrxxl.exec:\xfxrxxl.exe103⤵
-
\??\c:\rfrlxrl.exec:\rfrlxrl.exe104⤵
-
\??\c:\htbtnb.exec:\htbtnb.exe105⤵
-
\??\c:\hbhnhb.exec:\hbhnhb.exe106⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe107⤵
-
\??\c:\3ppdp.exec:\3ppdp.exe108⤵
-
\??\c:\lflxrrl.exec:\lflxrrl.exe109⤵
-
\??\c:\pvddv.exec:\pvddv.exe110⤵
-
\??\c:\dpjvv.exec:\dpjvv.exe111⤵
-
\??\c:\1rffxxx.exec:\1rffxxx.exe112⤵
-
\??\c:\7btttt.exec:\7btttt.exe113⤵
-
\??\c:\bhtnhh.exec:\bhtnhh.exe114⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe115⤵
-
\??\c:\dvddj.exec:\dvddj.exe116⤵
-
\??\c:\xrxrlll.exec:\xrxrlll.exe117⤵
-
\??\c:\bthbbn.exec:\bthbbn.exe118⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe119⤵
-
\??\c:\xflfrrl.exec:\xflfrrl.exe120⤵
-
\??\c:\7rrrlrl.exec:\7rrrlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-