Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
17/06/2024, 03:27
General
-
Target
3f2d0069a52397b9811c8256fb2f7f30_NeikiAnalytics.exe
-
Size
82KB
-
MD5
3f2d0069a52397b9811c8256fb2f7f30
-
SHA1
1e5f8b90cc753d419488456d3dde51f088dadaa7
-
SHA256
9dcb40c350e8b9fc5822ca635ed8acd294fe2598736613a00c65aa2d367abf83
-
SHA512
b1166a4d31e372f6eabd9b2d8084253c0c770375222e5804d8217e1ac74f9de6d5cf039d045576e1a0dbe1f78fc256cd42d22997fb8155cf279d9f5074dabf6f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vz:ymb3NkkiQ3mdBjFo6Pfgy3dbc/z
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f2d0069a52397b9811c8256fb2f7f30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3f2d0069a52397b9811c8256fb2f7f30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhbb.exec:\tnhhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppdv.exec:\5ppdv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxxxx.exec:\5ffxxxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnnnn.exec:\9tnnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbb.exec:\thnhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpv.exec:\9jvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfrrxx.exec:\xxfrrxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhntt.exec:\nhhntt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvpj.exec:\7dvpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtnb.exec:\ntbtnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfffrr.exec:\frfffrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnbb.exec:\nhnnbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtt.exec:\tnhbtt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlllrr.exec:\rrlllrr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnt.exec:\tnttnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrfrxr.exec:\xlrfrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe26⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\7flflfx.exec:\7flflfx.exe28⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe29⤵
- Executes dropped EXE
-
\??\c:\vvdvp.exec:\vvdvp.exe30⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfffll.exec:\xrfffll.exe32⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\nntbbh.exec:\nntbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe35⤵
- Executes dropped EXE
-
\??\c:\pvdjj.exec:\pvdjj.exe36⤵
- Executes dropped EXE
-
\??\c:\1xxrffx.exec:\1xxrffx.exe37⤵
- Executes dropped EXE
-
\??\c:\hntttt.exec:\hntttt.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhbt.exec:\nhhhbt.exe39⤵
- Executes dropped EXE
-
\??\c:\9jjjd.exec:\9jjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\dpvdv.exec:\dpvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\fflfrxx.exec:\fflfrxx.exe42⤵
- Executes dropped EXE
-
\??\c:\xfllfff.exec:\xfllfff.exe43⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe44⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe45⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe46⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrlllll.exec:\xrlllll.exe48⤵
- Executes dropped EXE
-
\??\c:\flrrllf.exec:\flrrllf.exe49⤵
- Executes dropped EXE
-
\??\c:\tntttt.exec:\tntttt.exe50⤵
- Executes dropped EXE
-
\??\c:\5hnnhn.exec:\5hnnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\9bhhnt.exec:\9bhhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\9ppjj.exec:\9ppjj.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rlxxflf.exec:\rlxxflf.exe55⤵
- Executes dropped EXE
-
\??\c:\9fxrllf.exec:\9fxrllf.exe56⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe57⤵
- Executes dropped EXE
-
\??\c:\tthhnn.exec:\tthhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe59⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\9vvvp.exec:\9vvvp.exe61⤵
- Executes dropped EXE
-
\??\c:\5ffrrrl.exec:\5ffrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\xxfllll.exec:\xxfllll.exe63⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe66⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe67⤵
-
\??\c:\dvddv.exec:\dvddv.exe68⤵
-
\??\c:\fxxxrrx.exec:\fxxxrrx.exe69⤵
-
\??\c:\xffxrlx.exec:\xffxrlx.exe70⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe71⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe72⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe73⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe74⤵
-
\??\c:\frffxxx.exec:\frffxxx.exe75⤵
-
\??\c:\5frlxxf.exec:\5frlxxf.exe76⤵
-
\??\c:\nbhhhn.exec:\nbhhhn.exe77⤵
-
\??\c:\bttnnn.exec:\bttnnn.exe78⤵
-
\??\c:\jppjd.exec:\jppjd.exe79⤵
-
\??\c:\7vddj.exec:\7vddj.exe80⤵
-
\??\c:\rlllfrx.exec:\rlllfrx.exe81⤵
-
\??\c:\lffxrxr.exec:\lffxrxr.exe82⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe83⤵
-
\??\c:\nhnhnt.exec:\nhnhnt.exe84⤵
-
\??\c:\vddvv.exec:\vddvv.exe85⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe86⤵
-
\??\c:\xrrrfff.exec:\xrrrfff.exe87⤵
-
\??\c:\fxxrllr.exec:\fxxrllr.exe88⤵
-
\??\c:\fxlrllx.exec:\fxlrllx.exe89⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe90⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe91⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe92⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe93⤵
-
\??\c:\rffxrxr.exec:\rffxrxr.exe94⤵
-
\??\c:\fxxxrrr.exec:\fxxxrrr.exe95⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe96⤵
-
\??\c:\thhhhh.exec:\thhhhh.exe97⤵
-
\??\c:\jdddv.exec:\jdddv.exe98⤵
-
\??\c:\9pddj.exec:\9pddj.exe99⤵
-
\??\c:\xfffxrr.exec:\xfffxrr.exe100⤵
-
\??\c:\rxllllr.exec:\rxllllr.exe101⤵
-
\??\c:\hhnnnt.exec:\hhnnnt.exe102⤵
-
\??\c:\hbnnhh.exec:\hbnnhh.exe103⤵
-
\??\c:\bthbbh.exec:\bthbbh.exe104⤵
-
\??\c:\dvddd.exec:\dvddd.exe105⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe106⤵
-
\??\c:\rfllflf.exec:\rfllflf.exe107⤵
-
\??\c:\rffllrl.exec:\rffllrl.exe108⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe109⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe110⤵
-
\??\c:\vpddv.exec:\vpddv.exe111⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe112⤵
-
\??\c:\xfrrrrx.exec:\xfrrrrx.exe113⤵
-
\??\c:\ffrxrrr.exec:\ffrxrrr.exe114⤵
-
\??\c:\3nnntt.exec:\3nnntt.exe115⤵
-
\??\c:\bbttnb.exec:\bbttnb.exe116⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe117⤵
-
\??\c:\7dddv.exec:\7dddv.exe118⤵
-
\??\c:\flrlfff.exec:\flrlfff.exe119⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe120⤵
-
\??\c:\tnnnnh.exec:\tnnnnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-