Analysis
-
max time kernel
150s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
17/06/2024, 11:24
General
-
Target
83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe
-
Size
88KB
-
MD5
83f2ab36bda595afc10c03efe3400420
-
SHA1
c3f454876a76344883a5efad875b5c3c520d12c4
-
SHA256
6ea5a337cabc1b7a86eae78b72878ff7be68a3a6d7417d0fdd5f0dbf9fb33966
-
SHA512
b9eb92ca686769bd6c946065bc0bdfadb79ad40cc10758f921e4ec30d871d6b99864b95aac10909cf1ecba767fbc3bf98bdf0daa5c3b51ec041741653700d4e9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkB9:ymb3NkkiQ3mdBjF+3TU2iBRioSumWS1P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlxfl.exec:\rlrlxfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlffff.exec:\3xlffff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtt.exec:\thbbtt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxrr.exec:\llfxxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflffxx.exec:\rflffxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhbt.exec:\tbhhbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrrrl.exec:\lffrrrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlrx.exec:\rfrrlrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhnh.exec:\nnnhnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpd.exec:\5pvpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjj.exec:\ppjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjj.exec:\pjpjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxll.exec:\rllfxll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbth.exec:\thbbth.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxrlrl.exec:\7lxrlrl.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnntb.exec:\tnnntb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrrl.exec:\fflfrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\1bhhhh.exec:\1bhhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe26⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe27⤵
- Executes dropped EXE
-
\??\c:\1rfrrlx.exec:\1rfrrlx.exe28⤵
- Executes dropped EXE
-
\??\c:\nnnbtt.exec:\nnnbtt.exe29⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe31⤵
- Executes dropped EXE
-
\??\c:\5pvpp.exec:\5pvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\pjpjp.exec:\pjpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrxrxr.exec:\xrrxrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\bntnhn.exec:\bntnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhnhh.exec:\nbhnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvpp.exec:\dvvpp.exe37⤵
- Executes dropped EXE
-
\??\c:\fflfxxr.exec:\fflfxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\ffffrll.exec:\ffffrll.exe39⤵
- Executes dropped EXE
-
\??\c:\9httbt.exec:\9httbt.exe40⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe41⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rxllxxf.exec:\rxllxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\rrxfflr.exec:\rrxfflr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe45⤵
- Executes dropped EXE
-
\??\c:\bhhhbh.exec:\bhhhbh.exe46⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe47⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrrfff.exec:\xlrrfff.exe49⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\hthbhb.exec:\hthbhb.exe52⤵
- Executes dropped EXE
-
\??\c:\jpjvd.exec:\jpjvd.exe53⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe54⤵
- Executes dropped EXE
-
\??\c:\rllfxxr.exec:\rllfxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\rfllfrl.exec:\rfllfrl.exe56⤵
- Executes dropped EXE
-
\??\c:\hhnbth.exec:\hhnbth.exe57⤵
- Executes dropped EXE
-
\??\c:\5bbtnn.exec:\5bbtnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pdddv.exec:\pdddv.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe60⤵
- Executes dropped EXE
-
\??\c:\rlrlxxx.exec:\rlrlxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\htnbbt.exec:\htnbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\hnhbbb.exec:\hnhbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\rrrrfff.exec:\rrrrfff.exe66⤵
-
\??\c:\rllffxr.exec:\rllffxr.exe67⤵
-
\??\c:\btbtbb.exec:\btbtbb.exe68⤵
-
\??\c:\bnbthh.exec:\bnbthh.exe69⤵
-
\??\c:\1vdpj.exec:\1vdpj.exe70⤵
-
\??\c:\ffrllxx.exec:\ffrllxx.exe71⤵
-
\??\c:\llllfrl.exec:\llllfrl.exe72⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe73⤵
-
\??\c:\3ddvp.exec:\3ddvp.exe74⤵
-
\??\c:\nhhhbb.exec:\nhhhbb.exe75⤵
-
\??\c:\pddvp.exec:\pddvp.exe76⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe77⤵
-
\??\c:\xxxllrr.exec:\xxxllrr.exe78⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe79⤵
-
\??\c:\ddppd.exec:\ddppd.exe80⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe81⤵
-
\??\c:\3ffxrrl.exec:\3ffxrrl.exe82⤵
-
\??\c:\bbhtbn.exec:\bbhtbn.exe83⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe84⤵
-
\??\c:\xlxxrxr.exec:\xlxxrxr.exe85⤵
-
\??\c:\rlflllf.exec:\rlflllf.exe86⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe87⤵
-
\??\c:\nbhbtt.exec:\nbhbtt.exe88⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe89⤵
-
\??\c:\1fxrffx.exec:\1fxrffx.exe90⤵
-
\??\c:\nhhbtt.exec:\nhhbtt.exe91⤵
-
\??\c:\5jvpj.exec:\5jvpj.exe92⤵
-
\??\c:\rxfxrrf.exec:\rxfxrrf.exe93⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe94⤵
-
\??\c:\9jjjj.exec:\9jjjj.exe95⤵
-
\??\c:\rrxxxrf.exec:\rrxxxrf.exe96⤵
-
\??\c:\3rxrlrl.exec:\3rxrlrl.exe97⤵
-
\??\c:\7hhhhh.exec:\7hhhhh.exe98⤵
-
\??\c:\1hhbbt.exec:\1hhbbt.exe99⤵
-
\??\c:\5vddv.exec:\5vddv.exe100⤵
-
\??\c:\llrlrlr.exec:\llrlrlr.exe101⤵
-
\??\c:\xrfxfxf.exec:\xrfxfxf.exe102⤵
-
\??\c:\1tbbth.exec:\1tbbth.exe103⤵
-
\??\c:\tbnntn.exec:\tbnntn.exe104⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe105⤵
-
\??\c:\5rxrxfl.exec:\5rxrxfl.exe106⤵
-
\??\c:\5ttnhh.exec:\5ttnhh.exe107⤵
-
\??\c:\nnnhbb.exec:\nnnhbb.exe108⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe109⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe110⤵
-
\??\c:\flxxrlr.exec:\flxxrlr.exe111⤵
-
\??\c:\hnbhbb.exec:\hnbhbb.exe112⤵
-
\??\c:\nhnbbt.exec:\nhnbbt.exe113⤵
-
\??\c:\hhhbtb.exec:\hhhbtb.exe114⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe115⤵
-
\??\c:\ddvvv.exec:\ddvvv.exe116⤵
-
\??\c:\frfxrrr.exec:\frfxrrr.exe117⤵
-
\??\c:\bbhbhh.exec:\bbhbhh.exe118⤵
-
\??\c:\tnbnhh.exec:\tnbnhh.exe119⤵
-
\??\c:\djpjp.exec:\djpjp.exe120⤵
-
\??\c:\vvjdd.exec:\vvjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-