Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 05:05
General
-
Target
86c86a52c3e11f28b78628f25f8da35ca9b5d02a0ba354aee535d7866f86453b_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a266b7e16e001f11815ffdf744cb06c0
-
SHA1
b4f1a0c2a02cb1280551be71d93739043175f294
-
SHA256
86c86a52c3e11f28b78628f25f8da35ca9b5d02a0ba354aee535d7866f86453b
-
SHA512
c6d987183b6932b4e0871fe860369a4eecf42586d0bec24746bf31a7f28d40af6e9768db390f5d4bd3b036fa151341266c9a579559ea7d01dfcfdfe82fcb1c47
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIgJb31HgxGc+gmvZQCxK:ymb3NkkiQ3mdBjFIUb31HgxL+gmvZjA
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\86c86a52c3e11f28b78628f25f8da35ca9b5d02a0ba354aee535d7866f86453b_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\86c86a52c3e11f28b78628f25f8da35ca9b5d02a0ba354aee535d7866f86453b_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntt.exec:\btnntt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdddj.exec:\vdddj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrlxxr.exec:\llrlxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xfxrrl.exec:\5xfxrrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbthh.exec:\hbbthh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrxr.exec:\xrxxrxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnnhh.exec:\ntnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthth.exec:\bbthth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxrxr.exec:\fxrxrxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrl.exec:\fllfxrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbt.exec:\bthbbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxff.exec:\fxffxff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbbt.exec:\nhhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhbtt.exec:\9bhbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvd.exec:\vvdvd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllfxrl.exec:\fllfxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxxxx.exec:\rlxxxxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthh.exec:\bbnthh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvp.exec:\dvvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxrxr.exec:\xxrxrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\5ttnbb.exec:\5ttnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe25⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe26⤵
- Executes dropped EXE
-
\??\c:\jpjdv.exec:\jpjdv.exe27⤵
- Executes dropped EXE
-
\??\c:\rrrrlll.exec:\rrrrlll.exe28⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe29⤵
- Executes dropped EXE
-
\??\c:\1vvpj.exec:\1vvpj.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrlxlf.exec:\ffrlxlf.exe31⤵
- Executes dropped EXE
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\tnntnb.exec:\tnntnb.exe33⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe34⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe35⤵
- Executes dropped EXE
-
\??\c:\lfrfrrr.exec:\lfrfrrr.exe36⤵
- Executes dropped EXE
-
\??\c:\5hhhhh.exec:\5hhhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvpj.exec:\jdvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\hnhhnb.exec:\hnhhnb.exe39⤵
- Executes dropped EXE
-
\??\c:\1jvvj.exec:\1jvvj.exe40⤵
- Executes dropped EXE
-
\??\c:\1bbtbb.exec:\1bbtbb.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe42⤵
- Executes dropped EXE
-
\??\c:\flrlrll.exec:\flrlrll.exe43⤵
- Executes dropped EXE
-
\??\c:\3lffflf.exec:\3lffflf.exe44⤵
- Executes dropped EXE
-
\??\c:\5nthtn.exec:\5nthtn.exe45⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe46⤵
- Executes dropped EXE
-
\??\c:\lllfflf.exec:\lllfflf.exe47⤵
- Executes dropped EXE
-
\??\c:\xlllrrr.exec:\xlllrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\7nhbbb.exec:\7nhbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe50⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe51⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\3nnnht.exec:\3nnnht.exe53⤵
- Executes dropped EXE
-
\??\c:\nnnnhh.exec:\nnnnhh.exe54⤵
- Executes dropped EXE
-
\??\c:\jdjdd.exec:\jdjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\fllfxxr.exec:\fllfxxr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxlfxxx.exec:\fxlfxxx.exe57⤵
- Executes dropped EXE
-
\??\c:\5hnnnn.exec:\5hnnnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe59⤵
- Executes dropped EXE
-
\??\c:\rlfxrrx.exec:\rlfxrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\lrxrlll.exec:\lrxrlll.exe61⤵
- Executes dropped EXE
-
\??\c:\nhthhb.exec:\nhthhb.exe62⤵
- Executes dropped EXE
-
\??\c:\7djjv.exec:\7djjv.exe63⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe64⤵
- Executes dropped EXE
-
\??\c:\xlxrffx.exec:\xlxrffx.exe65⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe66⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe67⤵
-
\??\c:\lfrrfxx.exec:\lfrrfxx.exe68⤵
-
\??\c:\nhbhbh.exec:\nhbhbh.exe69⤵
-
\??\c:\3hbtnh.exec:\3hbtnh.exe70⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe71⤵
-
\??\c:\llxrfff.exec:\llxrfff.exe72⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe73⤵
-
\??\c:\nbbbtt.exec:\nbbbtt.exe74⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe75⤵
-
\??\c:\vddpj.exec:\vddpj.exe76⤵
-
\??\c:\3lrxrxr.exec:\3lrxrxr.exe77⤵
-
\??\c:\lxffxxr.exec:\lxffxxr.exe78⤵
-
\??\c:\nbtttn.exec:\nbtttn.exe79⤵
-
\??\c:\9hbbhh.exec:\9hbbhh.exe80⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe81⤵
-
\??\c:\rrrrlxr.exec:\rrrrlxr.exe82⤵
-
\??\c:\rfxfrlr.exec:\rfxfrlr.exe83⤵
-
\??\c:\htttnn.exec:\htttnn.exe84⤵
-
\??\c:\3jjpp.exec:\3jjpp.exe85⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe86⤵
-
\??\c:\jjpjd.exec:\jjpjd.exe87⤵
-
\??\c:\xrllxxr.exec:\xrllxxr.exe88⤵
-
\??\c:\tbbtnh.exec:\tbbtnh.exe89⤵
-
\??\c:\bnnbtt.exec:\bnnbtt.exe90⤵
-
\??\c:\5pjdv.exec:\5pjdv.exe91⤵
-
\??\c:\lfxrlll.exec:\lfxrlll.exe92⤵
-
\??\c:\llxxrrl.exec:\llxxrrl.exe93⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe94⤵
-
\??\c:\hhbbtt.exec:\hhbbtt.exe95⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe96⤵
-
\??\c:\pdppv.exec:\pdppv.exe97⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe98⤵
-
\??\c:\fxflrrx.exec:\fxflrrx.exe99⤵
-
\??\c:\5fxrrrl.exec:\5fxrrrl.exe100⤵
-
\??\c:\hhhhhb.exec:\hhhhhb.exe101⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe102⤵
-
\??\c:\7pjpj.exec:\7pjpj.exe103⤵
-
\??\c:\jppjj.exec:\jppjj.exe104⤵
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe105⤵
-
\??\c:\5rlllll.exec:\5rlllll.exe106⤵
-
\??\c:\nnhbbb.exec:\nnhbbb.exe107⤵
-
\??\c:\ttbbtt.exec:\ttbbtt.exe108⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe109⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe110⤵
-
\??\c:\7jdpj.exec:\7jdpj.exe111⤵
-
\??\c:\lrxxrxx.exec:\lrxxrxx.exe112⤵
-
\??\c:\nthhhh.exec:\nthhhh.exe113⤵
-
\??\c:\5jjjv.exec:\5jjjv.exe114⤵
-
\??\c:\thtnnn.exec:\thtnnn.exe115⤵
-
\??\c:\vppjd.exec:\vppjd.exe116⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe117⤵
-
\??\c:\lxllfff.exec:\lxllfff.exe118⤵
-
\??\c:\3bnnbh.exec:\3bnnbh.exe119⤵
-
\??\c:\ntbbhh.exec:\ntbbhh.exe120⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-