Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 17:21
General
-
Target
a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe
-
Size
64KB
-
MD5
25b3b471fe7c1d29f0d45f0288e0a830
-
SHA1
d9371469e1b5ef5e7abe739399f0c82c216593c4
-
SHA256
a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9
-
SHA512
e150eb45a0ebeb1ff5aa403599fa36557c64a848d53fdf9027b8e851994ca7b93169e91652a4f2a92c8f8485af4856960fac030d297b1178f2a6ddb93987f035
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bL6Nl1H:ymb3NkkiQ3mdBjFIugptH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 30 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bttttb.exec:\bttttb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjdj.exec:\3pjdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvd.exec:\vpdvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jpjd.exec:\1jpjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfllf.exec:\lflfllf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fflxxx.exec:\5fflxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhttt.exec:\9nhttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvp.exec:\vjpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrlll.exec:\xrrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntttb.exec:\tntttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddvv.exec:\9ddvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxlxf.exec:\xrlxlxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttnn.exec:\nnttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbhh.exec:\bttbhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdv.exec:\pjjdv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrlrx.exec:\5frrlrx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbtb.exec:\hbbbtb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdv.exec:\dvvdv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfrxf.exec:\1rrfrxf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxxfl.exec:\rllxxfl.exe23⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\lfffxxx.exec:\lfffxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe26⤵
- Executes dropped EXE
-
\??\c:\tnnhbb.exec:\tnnhbb.exe27⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\1xxxlrr.exec:\1xxxlrr.exe29⤵
- Executes dropped EXE
-
\??\c:\btbhnh.exec:\btbhnh.exe30⤵
- Executes dropped EXE
-
\??\c:\7rrfxxr.exec:\7rrfxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe32⤵
- Executes dropped EXE
-
\??\c:\ddddv.exec:\ddddv.exe33⤵
- Executes dropped EXE
-
\??\c:\frrrllr.exec:\frrrllr.exe34⤵
- Executes dropped EXE
-
\??\c:\xxxlffx.exec:\xxxlffx.exe35⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe36⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe37⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe38⤵
- Executes dropped EXE
-
\??\c:\3lxrrll.exec:\3lxrrll.exe39⤵
- Executes dropped EXE
-
\??\c:\llfxrrl.exec:\llfxrrl.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe41⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe42⤵
- Executes dropped EXE
-
\??\c:\rrfxffl.exec:\rrfxffl.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbnnn.exec:\ntbnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtthh.exec:\hhtthh.exe45⤵
- Executes dropped EXE
-
\??\c:\5jjdv.exec:\5jjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe47⤵
- Executes dropped EXE
-
\??\c:\frxxxfx.exec:\frxxxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\hhnhnh.exec:\hhnhnh.exe49⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe50⤵
- Executes dropped EXE
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\5bhhbn.exec:\5bhhbn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjppp.exec:\pjppp.exe53⤵
- Executes dropped EXE
-
\??\c:\xlxxlll.exec:\xlxxlll.exe54⤵
- Executes dropped EXE
-
\??\c:\htnhhh.exec:\htnhhh.exe55⤵
- Executes dropped EXE
-
\??\c:\tntttb.exec:\tntttb.exe56⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe58⤵
- Executes dropped EXE
-
\??\c:\flxrrxr.exec:\flxrrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\fffffff.exec:\fffffff.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvpj.exec:\dpvpj.exe61⤵
- Executes dropped EXE
-
\??\c:\vdjjv.exec:\vdjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrllfx.exec:\xrrllfx.exe63⤵
- Executes dropped EXE
-
\??\c:\tbnntt.exec:\tbnntt.exe64⤵
- Executes dropped EXE
-
\??\c:\9htnht.exec:\9htnht.exe65⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe66⤵
-
\??\c:\9vpdd.exec:\9vpdd.exe67⤵
-
\??\c:\xrlrrrr.exec:\xrlrrrr.exe68⤵
-
\??\c:\fxflrrf.exec:\fxflrrf.exe69⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe70⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe71⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe72⤵
-
\??\c:\frrlffx.exec:\frrlffx.exe73⤵
-
\??\c:\7rxfrlf.exec:\7rxfrlf.exe74⤵
-
\??\c:\tnttth.exec:\tnttth.exe75⤵
-
\??\c:\5hthnh.exec:\5hthnh.exe76⤵
-
\??\c:\vddpv.exec:\vddpv.exe77⤵
-
\??\c:\3djvv.exec:\3djvv.exe78⤵
-
\??\c:\frlrlff.exec:\frlrlff.exe79⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe80⤵
-
\??\c:\ttnnhh.exec:\ttnnhh.exe81⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe82⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe83⤵
-
\??\c:\3rllrxl.exec:\3rllrxl.exe84⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe85⤵
-
\??\c:\tnnnnt.exec:\tnnnnt.exe86⤵
-
\??\c:\ppjdv.exec:\ppjdv.exe87⤵
-
\??\c:\jdddp.exec:\jdddp.exe88⤵
-
\??\c:\rflffff.exec:\rflffff.exe89⤵
-
\??\c:\3fllffl.exec:\3fllffl.exe90⤵
-
\??\c:\ntnhbb.exec:\ntnhbb.exe91⤵
-
\??\c:\tbtttt.exec:\tbtttt.exe92⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe93⤵
-
\??\c:\xflfxxf.exec:\xflfxxf.exe94⤵
-
\??\c:\fxxxrxr.exec:\fxxxrxr.exe95⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe96⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe97⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe98⤵
-
\??\c:\lxflfff.exec:\lxflfff.exe99⤵
-
\??\c:\thhbtt.exec:\thhbtt.exe100⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe101⤵
-
\??\c:\ttbtbb.exec:\ttbtbb.exe102⤵
-
\??\c:\5pjvp.exec:\5pjvp.exe103⤵
-
\??\c:\ddppd.exec:\ddppd.exe104⤵
-
\??\c:\xxxrfff.exec:\xxxrfff.exe105⤵
-
\??\c:\nhbnhh.exec:\nhbnhh.exe106⤵
-
\??\c:\nntbnn.exec:\nntbnn.exe107⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe108⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe109⤵
-
\??\c:\rrfxlll.exec:\rrfxlll.exe110⤵
-
\??\c:\flrrllf.exec:\flrrllf.exe111⤵
-
\??\c:\nnnbnb.exec:\nnnbnb.exe112⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe113⤵
-
\??\c:\rlxrxxr.exec:\rlxrxxr.exe114⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe115⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe116⤵
-
\??\c:\lrxrrff.exec:\lrxrrff.exe117⤵
-
\??\c:\3lrlfxr.exec:\3lrlfxr.exe118⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe119⤵
-
\??\c:\3bbbtt.exec:\3bbbtt.exe120⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-