Analysis
-
max time kernel
150s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
25/06/2024, 10:43
General
-
Target
558a2c54a457a76869adf4225a89da80c35b47698daf81a5243844b587f85d71_NeikiAnalytics.exe
-
Size
92KB
-
MD5
185689da71240b38ffddf08d4f09e430
-
SHA1
c5a8fed2f22e2fbbdd4f4cfe4d561dee22ec9ce2
-
SHA256
558a2c54a457a76869adf4225a89da80c35b47698daf81a5243844b587f85d71
-
SHA512
c180f3467e23df7e1cdfed291db59f87f07ccd0a12fad357d0f33d731734f70122b581d633c9c12e34aa9373884c4a27bf97c02b711e7fe002fd419e8bbdbd79
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJgx:ymb3NkkiQ3mdBjFodt27HobvcyLufNfy
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\558a2c54a457a76869adf4225a89da80c35b47698daf81a5243844b587f85d71_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\558a2c54a457a76869adf4225a89da80c35b47698daf81a5243844b587f85d71_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bhnnnn.exec:\bhnnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnt.exec:\tnbtnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjjj.exec:\dpjjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfxxr.exec:\xllfxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthbt.exec:\bnthbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffxrfx.exec:\lffxrfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnhb.exec:\nhhnhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjj.exec:\jjjjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrll.exec:\fxxrrll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnn.exec:\hbhbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdd.exec:\ppjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxll.exec:\fxflxll.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbtnn.exec:\htbtnn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxrxx.exec:\rlfxrxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxxxxr.exec:\rrxxxxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllff.exec:\lxlllff.exe23⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe24⤵
- Executes dropped EXE
-
\??\c:\frlfffr.exec:\frlfffr.exe25⤵
- Executes dropped EXE
-
\??\c:\ttbtnn.exec:\ttbtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\jjdvd.exec:\jjdvd.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrlxxr.exec:\fxrlxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\ntnbtn.exec:\ntnbtn.exe29⤵
- Executes dropped EXE
-
\??\c:\rlrrllf.exec:\rlrrllf.exe30⤵
- Executes dropped EXE
-
\??\c:\llxrllf.exec:\llxrllf.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe32⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe33⤵
- Executes dropped EXE
-
\??\c:\rlllllx.exec:\rlllllx.exe34⤵
- Executes dropped EXE
-
\??\c:\lxxrllf.exec:\lxxrllf.exe35⤵
- Executes dropped EXE
-
\??\c:\hhbtnn.exec:\hhbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe37⤵
- Executes dropped EXE
-
\??\c:\jvpjv.exec:\jvpjv.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrlllf.exec:\xlrlllf.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe40⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe41⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe42⤵
- Executes dropped EXE
-
\??\c:\lxfxlll.exec:\lxfxlll.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxrllf.exec:\lfxrllf.exe44⤵
- Executes dropped EXE
-
\??\c:\lxfffff.exec:\lxfffff.exe45⤵
- Executes dropped EXE
-
\??\c:\1ttnhn.exec:\1ttnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe47⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe48⤵
- Executes dropped EXE
-
\??\c:\rrffllf.exec:\rrffllf.exe49⤵
- Executes dropped EXE
-
\??\c:\xrllfff.exec:\xrllfff.exe50⤵
- Executes dropped EXE
-
\??\c:\btthhh.exec:\btthhh.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhbbb.exec:\nnhbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe53⤵
- Executes dropped EXE
-
\??\c:\9rfxflr.exec:\9rfxflr.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe55⤵
- Executes dropped EXE
-
\??\c:\5nnnhn.exec:\5nnnhn.exe56⤵
- Executes dropped EXE
-
\??\c:\nttbnt.exec:\nttbnt.exe57⤵
- Executes dropped EXE
-
\??\c:\jjpjv.exec:\jjpjv.exe58⤵
- Executes dropped EXE
-
\??\c:\1vvvp.exec:\1vvvp.exe59⤵
- Executes dropped EXE
-
\??\c:\1fxrffx.exec:\1fxrffx.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrrrrl.exec:\lfrrrrl.exe61⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe62⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe64⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrllfl.exec:\rlrllfl.exe66⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe67⤵
-
\??\c:\hbnnht.exec:\hbnnht.exe68⤵
-
\??\c:\vjjjv.exec:\vjjjv.exe69⤵
-
\??\c:\3xlfxll.exec:\3xlfxll.exe70⤵
-
\??\c:\xxrlfff.exec:\xxrlfff.exe71⤵
-
\??\c:\nnhbbn.exec:\nnhbbn.exe72⤵
-
\??\c:\nnhbtb.exec:\nnhbtb.exe73⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe74⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe75⤵
-
\??\c:\rlrfxrr.exec:\rlrfxrr.exe76⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe77⤵
-
\??\c:\nbhtbb.exec:\nbhtbb.exe78⤵
-
\??\c:\vvddp.exec:\vvddp.exe79⤵
-
\??\c:\3xxrfxr.exec:\3xxrfxr.exe80⤵
-
\??\c:\7lxrlrr.exec:\7lxrlrr.exe81⤵
-
\??\c:\htbtnn.exec:\htbtnn.exe82⤵
-
\??\c:\tnnhtb.exec:\tnnhtb.exe83⤵
-
\??\c:\jpdjp.exec:\jpdjp.exe84⤵
-
\??\c:\pvdjd.exec:\pvdjd.exe85⤵
-
\??\c:\frxrlll.exec:\frxrlll.exe86⤵
-
\??\c:\tbhhbb.exec:\tbhhbb.exe87⤵
-
\??\c:\httthh.exec:\httthh.exe88⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe89⤵
-
\??\c:\vddvp.exec:\vddvp.exe90⤵
-
\??\c:\rrrlxxr.exec:\rrrlxxr.exe91⤵
-
\??\c:\xrlfxrr.exec:\xrlfxrr.exe92⤵
-
\??\c:\bntttb.exec:\bntttb.exe93⤵
-
\??\c:\nhnbtt.exec:\nhnbtt.exe94⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe95⤵
-
\??\c:\xxffrrf.exec:\xxffrrf.exe96⤵
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe97⤵
-
\??\c:\tbnhbb.exec:\tbnhbb.exe98⤵
-
\??\c:\7bbthh.exec:\7bbthh.exe99⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe100⤵
-
\??\c:\jdppd.exec:\jdppd.exe101⤵
-
\??\c:\rxxrrll.exec:\rxxrrll.exe102⤵
-
\??\c:\hhnhnh.exec:\hhnhnh.exe103⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe104⤵
-
\??\c:\jdddd.exec:\jdddd.exe105⤵
-
\??\c:\dppjv.exec:\dppjv.exe106⤵
-
\??\c:\lxxrrll.exec:\lxxrrll.exe107⤵
-
\??\c:\9nnnhh.exec:\9nnnhh.exe108⤵
-
\??\c:\3htnnt.exec:\3htnnt.exe109⤵
-
\??\c:\ppvvv.exec:\ppvvv.exe110⤵
-
\??\c:\pdddv.exec:\pdddv.exe111⤵
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe112⤵
-
\??\c:\btttbt.exec:\btttbt.exe113⤵
-
\??\c:\btbbtt.exec:\btbbtt.exe114⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe115⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe116⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe117⤵
-
\??\c:\nhhtnh.exec:\nhhtnh.exe118⤵
-
\??\c:\jvjpj.exec:\jvjpj.exe119⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe120⤵
-
\??\c:\frfxxff.exec:\frfxxff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-