Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
25/06/2024, 02:31
General
-
Target
232f8fa5c726aec4d18f29637d68b37aa44785c447ccf20521f7ca4e430b7af4_NeikiAnalytics.exe
-
Size
488KB
-
MD5
0b572bc2e5f9f415f5af633466fe2190
-
SHA1
17232d031da47854e5c5762b4566f60c740c14a7
-
SHA256
232f8fa5c726aec4d18f29637d68b37aa44785c447ccf20521f7ca4e430b7af4
-
SHA512
d5efbffa60ebc2118c4e4cb39bd0ac04282e0f5ae4ca20572c5b0aeb161b3c8f8839bc9f542c434f2be785ef2a1dd8d4482b41e1c1ea732da4eda08f2e60b1d1
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjdgyPPB0:q7Tc2NYHUrAwqzQ7PP2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\232f8fa5c726aec4d18f29637d68b37aa44785c447ccf20521f7ca4e430b7af4_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\232f8fa5c726aec4d18f29637d68b37aa44785c447ccf20521f7ca4e430b7af4_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlxl.exec:\lfxxlxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnbnb.exec:\hnnbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbh.exec:\btntbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrfxr.exec:\rfxrfxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppppd.exec:\ppppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbt.exec:\hnntbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvj.exec:\jpjvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrl.exec:\fxfxxrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpdp.exec:\vjpdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrrll.exec:\fxfrrll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtht.exec:\thhtht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rlxlfx.exec:\9rlxlfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthb.exec:\bbbthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpd.exec:\dddpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lfrrlx.exec:\1lfrrlx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddpj.exec:\pddpj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxlxrf.exec:\1rxlxrf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhthb.exec:\bnhthb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdj.exec:\vdjdj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lxlfrf.exec:\3lxlfrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe25⤵
- Executes dropped EXE
-
\??\c:\9nhtnn.exec:\9nhtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\3ppjd.exec:\3ppjd.exe28⤵
- Executes dropped EXE
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe29⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe31⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe32⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe33⤵
- Executes dropped EXE
-
\??\c:\bnnbtn.exec:\bnnbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe35⤵
- Executes dropped EXE
-
\??\c:\3rlxlfx.exec:\3rlxlfx.exe36⤵
- Executes dropped EXE
-
\??\c:\tbhtht.exec:\tbhtht.exe37⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe38⤵
- Executes dropped EXE
-
\??\c:\xfxlfxr.exec:\xfxlfxr.exe39⤵
- Executes dropped EXE
-
\??\c:\1bbnnh.exec:\1bbnnh.exe40⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe41⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe42⤵
- Executes dropped EXE
-
\??\c:\9lfrffr.exec:\9lfrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\1hbnbh.exec:\1hbnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe46⤵
- Executes dropped EXE
-
\??\c:\5fxlxrf.exec:\5fxlxrf.exe47⤵
- Executes dropped EXE
-
\??\c:\5vdjv.exec:\5vdjv.exe48⤵
- Executes dropped EXE
-
\??\c:\rxfxlfr.exec:\rxfxlfr.exe49⤵
- Executes dropped EXE
-
\??\c:\1xfrfxl.exec:\1xfrfxl.exe50⤵
- Executes dropped EXE
-
\??\c:\bhbtnh.exec:\bhbtnh.exe51⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\lxrfxrl.exec:\lxrfxrl.exe53⤵
- Executes dropped EXE
-
\??\c:\lrlxlfl.exec:\lrlxlfl.exe54⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxlxrx.exec:\fxxlxrx.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrrffr.exec:\rfrrffr.exe57⤵
- Executes dropped EXE
-
\??\c:\1nnbtn.exec:\1nnbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\3jjjv.exec:\3jjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\3vpjv.exec:\3vpjv.exe60⤵
- Executes dropped EXE
-
\??\c:\7rrfrlx.exec:\7rrfrlx.exe61⤵
- Executes dropped EXE
-
\??\c:\htnbnb.exec:\htnbnb.exe62⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe63⤵
- Executes dropped EXE
-
\??\c:\3llxfxx.exec:\3llxfxx.exe64⤵
- Executes dropped EXE
-
\??\c:\bnhthb.exec:\bnhthb.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe66⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe67⤵
-
\??\c:\rrrrfrf.exec:\rrrrfrf.exe68⤵
-
\??\c:\btttnn.exec:\btttnn.exe69⤵
-
\??\c:\9tnbnh.exec:\9tnbnh.exe70⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe71⤵
-
\??\c:\fxrlrrr.exec:\fxrlrrr.exe72⤵
-
\??\c:\ddjdd.exec:\ddjdd.exe73⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe74⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe75⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe76⤵
-
\??\c:\9jpjp.exec:\9jpjp.exe77⤵
-
\??\c:\rllxlrr.exec:\rllxlrr.exe78⤵
-
\??\c:\nbtthn.exec:\nbtthn.exe79⤵
-
\??\c:\hhnhtt.exec:\hhnhtt.exe80⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe81⤵
-
\??\c:\lffxrll.exec:\lffxrll.exe82⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe83⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe84⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe85⤵
-
\??\c:\xrxrrlx.exec:\xrxrrlx.exe86⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe87⤵
-
\??\c:\1ppjd.exec:\1ppjd.exe88⤵
-
\??\c:\jddpd.exec:\jddpd.exe89⤵
-
\??\c:\rllfffx.exec:\rllfffx.exe90⤵
-
\??\c:\hnttnn.exec:\hnttnn.exe91⤵
-
\??\c:\djddv.exec:\djddv.exe92⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe93⤵
-
\??\c:\btnhbb.exec:\btnhbb.exe94⤵
-
\??\c:\nbbbtb.exec:\nbbbtb.exe95⤵
-
\??\c:\jddvp.exec:\jddvp.exe96⤵
-
\??\c:\xfllfff.exec:\xfllfff.exe97⤵
-
\??\c:\rrlfflf.exec:\rrlfflf.exe98⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe99⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe100⤵
-
\??\c:\xrrfxxr.exec:\xrrfxxr.exe101⤵
-
\??\c:\fxxxrrl.exec:\fxxxrrl.exe102⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe103⤵
-
\??\c:\3pjdd.exec:\3pjdd.exe104⤵
-
\??\c:\9xrfrlx.exec:\9xrfrlx.exe105⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe106⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe107⤵
-
\??\c:\pdvpj.exec:\pdvpj.exe108⤵
-
\??\c:\7xrlfff.exec:\7xrlfff.exe109⤵
-
\??\c:\9fxrlfx.exec:\9fxrlfx.exe110⤵
-
\??\c:\7tnhhh.exec:\7tnhhh.exe111⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe112⤵
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe113⤵
-
\??\c:\7tnhtb.exec:\7tnhtb.exe114⤵
-
\??\c:\jddvp.exec:\jddvp.exe115⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe116⤵
-
\??\c:\btthtn.exec:\btthtn.exe117⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe118⤵
-
\??\c:\rrlfrlx.exec:\rrlfrlx.exe119⤵
-
\??\c:\1hbnbt.exec:\1hbnbt.exe120⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-