Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
27-06-2024 09:34
General
-
Target
759de19fb373dc3534170033d679fe730a327e290f199120e893660b791f1092_NeikiAnalytics.exe
-
Size
176KB
-
MD5
f1f434b436f067345da5a874e6638d50
-
SHA1
7a4718e9bcfe07b663a1e3288a8f8cbc7c9a5686
-
SHA256
759de19fb373dc3534170033d679fe730a327e290f199120e893660b791f1092
-
SHA512
50edb45fd52c39a922641604119ebc7e46ff08640fa56d6a5505891643e49ba78509bc801cbc8b23f6baca79366b12a787877ad5f2457ff8f00e9cedc1ecb92b
-
SSDEEP
3072:6hOmTsF93UYfwC6GIoutQ0tSe5yLpcka62c+8+dRNN7Yk+6C2Wb:6cm4FmowdHoSQ0tH6lCXb7Ybb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\759de19fb373dc3534170033d679fe730a327e290f199120e893660b791f1092_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\759de19fb373dc3534170033d679fe730a327e290f199120e893660b791f1092_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttbb.exec:\ttttbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbtt.exec:\1thbtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdd.exec:\jvpdd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxrxf.exec:\xfxxrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffllff.exec:\fffllff.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbtb.exec:\hhtbtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddd.exec:\vdddd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnntb.exec:\ttnntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnnt.exec:\nnhnnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llllfxf.exec:\llllfxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtnnh.exec:\nhtnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpp.exec:\jdjpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfllrr.exec:\lxfllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhhh.exec:\nnbhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvvd.exec:\vdvvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffllr.exec:\rlffllr.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhhh.exec:\hbbhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvv.exec:\jddvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrllx.exec:\1rrrllx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rffrxl.exec:\5rffrxl.exe23⤵
- Executes dropped EXE
-
\??\c:\tbbbbb.exec:\tbbbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhhtt.exec:\tnhhtt.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe26⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xxrrlll.exec:\xxrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\bhnbtb.exec:\bhnbtb.exe29⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe30⤵
- Executes dropped EXE
-
\??\c:\flxflrl.exec:\flxflrl.exe31⤵
- Executes dropped EXE
-
\??\c:\fffxxff.exec:\fffxxff.exe32⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\pvddj.exec:\pvddj.exe34⤵
- Executes dropped EXE
-
\??\c:\lxlrrrr.exec:\lxlrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\flfllrr.exec:\flfllrr.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbttb.exec:\nhbttb.exe37⤵
- Executes dropped EXE
-
\??\c:\lrfxxff.exec:\lrfxxff.exe38⤵
- Executes dropped EXE
-
\??\c:\frrllll.exec:\frrllll.exe39⤵
- Executes dropped EXE
-
\??\c:\hhnntb.exec:\hhnntb.exe40⤵
- Executes dropped EXE
-
\??\c:\ffxxllr.exec:\ffxxllr.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe42⤵
- Executes dropped EXE
-
\??\c:\frrllrr.exec:\frrllrr.exe43⤵
- Executes dropped EXE
-
\??\c:\1tthbb.exec:\1tthbb.exe44⤵
- Executes dropped EXE
-
\??\c:\rrlllrr.exec:\rrlllrr.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbtnh.exec:\nhbtnh.exe46⤵
- Executes dropped EXE
-
\??\c:\bbnttn.exec:\bbnttn.exe47⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe48⤵
- Executes dropped EXE
-
\??\c:\lxflllf.exec:\lxflllf.exe49⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe50⤵
- Executes dropped EXE
-
\??\c:\fxrrffr.exec:\fxrrffr.exe51⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe52⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe53⤵
- Executes dropped EXE
-
\??\c:\fxfxlrl.exec:\fxfxlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\htbbbh.exec:\htbbbh.exe55⤵
- Executes dropped EXE
-
\??\c:\btbbtn.exec:\btbbtn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe57⤵
- Executes dropped EXE
-
\??\c:\xfrrlll.exec:\xfrrlll.exe58⤵
- Executes dropped EXE
-
\??\c:\rfxxxfl.exec:\rfxxxfl.exe59⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe60⤵
- Executes dropped EXE
-
\??\c:\fxxrfff.exec:\fxxrfff.exe61⤵
- Executes dropped EXE
-
\??\c:\rlxlfrl.exec:\rlxlfrl.exe62⤵
- Executes dropped EXE
-
\??\c:\nhnhbb.exec:\nhnhbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpdj.exec:\pdpdj.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrlxxr.exec:\lxrlxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\ffxlrlr.exec:\ffxlrlr.exe66⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe67⤵
-
\??\c:\ddjdv.exec:\ddjdv.exe68⤵
-
\??\c:\rrxrffr.exec:\rrxrffr.exe69⤵
-
\??\c:\1ttbbb.exec:\1ttbbb.exe70⤵
-
\??\c:\5pppj.exec:\5pppj.exe71⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe72⤵
-
\??\c:\fxfxfxx.exec:\fxfxfxx.exe73⤵
-
\??\c:\5bthbb.exec:\5bthbb.exe74⤵
-
\??\c:\nbbntn.exec:\nbbntn.exe75⤵
-
\??\c:\1jppd.exec:\1jppd.exe76⤵
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe77⤵
-
\??\c:\lxxrlff.exec:\lxxrlff.exe78⤵
-
\??\c:\1vddd.exec:\1vddd.exe79⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe80⤵
-
\??\c:\lrfxrll.exec:\lrfxrll.exe81⤵
-
\??\c:\hnhnhn.exec:\hnhnhn.exe82⤵
-
\??\c:\9tttnh.exec:\9tttnh.exe83⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe84⤵
-
\??\c:\dppjv.exec:\dppjv.exe85⤵
-
\??\c:\flrlffx.exec:\flrlffx.exe86⤵
-
\??\c:\3tbhhh.exec:\3tbhhh.exe87⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe88⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe89⤵
-
\??\c:\5ffxllf.exec:\5ffxllf.exe90⤵
-
\??\c:\rxrxlrf.exec:\rxrxlrf.exe91⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe92⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe93⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe94⤵
-
\??\c:\lfrfffl.exec:\lfrfffl.exe95⤵
-
\??\c:\rlrxllf.exec:\rlrxllf.exe96⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe97⤵
-
\??\c:\ppvvp.exec:\ppvvp.exe98⤵
-
\??\c:\jpddd.exec:\jpddd.exe99⤵
-
\??\c:\lffxrxr.exec:\lffxrxr.exe100⤵
-
\??\c:\nbbnnn.exec:\nbbnnn.exe101⤵
-
\??\c:\bbhbtt.exec:\bbhbtt.exe102⤵
-
\??\c:\9jjjd.exec:\9jjjd.exe103⤵
-
\??\c:\ffrrfrl.exec:\ffrrfrl.exe104⤵
-
\??\c:\lfrlfxr.exec:\lfrlfxr.exe105⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe106⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe107⤵
-
\??\c:\3vvvv.exec:\3vvvv.exe108⤵
-
\??\c:\1dpjj.exec:\1dpjj.exe109⤵
-
\??\c:\lfrlfrl.exec:\lfrlfrl.exe110⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe111⤵
-
\??\c:\nnhbtn.exec:\nnhbtn.exe112⤵
-
\??\c:\1tntnb.exec:\1tntnb.exe113⤵
-
\??\c:\vdjjd.exec:\vdjjd.exe114⤵
-
\??\c:\lrxlxrr.exec:\lrxlxrr.exe115⤵
-
\??\c:\9rxxrll.exec:\9rxxrll.exe116⤵
-
\??\c:\nhbbtt.exec:\nhbbtt.exe117⤵
-
\??\c:\3ttnhb.exec:\3ttnhb.exe118⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe119⤵
-
\??\c:\3ddpd.exec:\3ddpd.exe120⤵
-
\??\c:\1xxxllf.exec:\1xxxllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-