Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28/06/2024, 19:40
General
-
Target
a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe
-
Size
78KB
-
MD5
44fdb01ba49c8e6d31607de64921fae0
-
SHA1
c704f0a93f20e11bf368b4ebf370c3f59cebf2ff
-
SHA256
a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed
-
SHA512
67e0e17ed3a09ffef69a52e3b7fe588a723c4d80a3c62337ef5f411124ca43dede52b393bed1ecc407bd1446873a718cd9a988f8457a6f6110ef6e827486a01d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA8v:ymb3NkkiQ3mdBjFIIp9L9QrrA8v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnh.exec:\thhbnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjp.exec:\vdjjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvd.exec:\jjjvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlflfx.exec:\fxlflfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhbt.exec:\btnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhtt.exec:\btnhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdvp.exec:\3pdvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxlfx.exec:\rlfxlfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflflff.exec:\lflflff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhtnh.exec:\bnhtnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhthn.exec:\bhhthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvpj.exec:\vpvpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllxlff.exec:\rllxlff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrllff.exec:\lfrllff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jdvj.exec:\3jdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflfrlf.exec:\fflfrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhbbt.exec:\1bhbbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjd.exec:\jdvjd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvpj.exec:\jpvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnn.exec:\tntnnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppj.exec:\vvppj.exe23⤵
- Executes dropped EXE
-
\??\c:\bhttnh.exec:\bhttnh.exe24⤵
- Executes dropped EXE
-
\??\c:\1tnhnh.exec:\1tnhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe26⤵
- Executes dropped EXE
-
\??\c:\rlxrffx.exec:\rlxrffx.exe27⤵
- Executes dropped EXE
-
\??\c:\9xrlxxr.exec:\9xrlxxr.exe28⤵
- Executes dropped EXE
-
\??\c:\hthbnh.exec:\hthbnh.exe29⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe30⤵
- Executes dropped EXE
-
\??\c:\1lxrffr.exec:\1lxrffr.exe31⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe32⤵
- Executes dropped EXE
-
\??\c:\3nbhtt.exec:\3nbhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\9vpdp.exec:\9vpdp.exe35⤵
- Executes dropped EXE
-
\??\c:\1rrfrrl.exec:\1rrfrrl.exe36⤵
- Executes dropped EXE
-
\??\c:\hbhbbt.exec:\hbhbbt.exe37⤵
- Executes dropped EXE
-
\??\c:\5tnhnn.exec:\5tnhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe39⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe40⤵
- Executes dropped EXE
-
\??\c:\flrrffx.exec:\flrrffx.exe41⤵
- Executes dropped EXE
-
\??\c:\1xrlffr.exec:\1xrlffr.exe42⤵
- Executes dropped EXE
-
\??\c:\9tnbnh.exec:\9tnbnh.exe43⤵
- Executes dropped EXE
-
\??\c:\3tttnh.exec:\3tttnh.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe46⤵
- Executes dropped EXE
-
\??\c:\jpjvj.exec:\jpjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\xrxlfxx.exec:\xrxlfxx.exe48⤵
- Executes dropped EXE
-
\??\c:\rflfxrl.exec:\rflfxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bnnhbt.exec:\bnnhbt.exe50⤵
- Executes dropped EXE
-
\??\c:\3jjpp.exec:\3jjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\9rlrfxl.exec:\9rlrfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\bbtnnn.exec:\bbtnnn.exe54⤵
- Executes dropped EXE
-
\??\c:\tnttnh.exec:\tnttnh.exe55⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe56⤵
- Executes dropped EXE
-
\??\c:\lxlfrfr.exec:\lxlfrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe58⤵
- Executes dropped EXE
-
\??\c:\3dddv.exec:\3dddv.exe59⤵
- Executes dropped EXE
-
\??\c:\9ddpd.exec:\9ddpd.exe60⤵
- Executes dropped EXE
-
\??\c:\rrrlfxr.exec:\rrrlfxr.exe61⤵
- Executes dropped EXE
-
\??\c:\1xrlxxl.exec:\1xrlxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\htnbnb.exec:\htnbnb.exe64⤵
- Executes dropped EXE
-
\??\c:\vdjvj.exec:\vdjvj.exe65⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe66⤵
-
\??\c:\rflfxxx.exec:\rflfxxx.exe67⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe68⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe69⤵
-
\??\c:\5bnhhb.exec:\5bnhhb.exe70⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe71⤵
-
\??\c:\9pjvj.exec:\9pjvj.exe72⤵
-
\??\c:\xllxlxr.exec:\xllxlxr.exe73⤵
-
\??\c:\3hbtbb.exec:\3hbtbb.exe74⤵
-
\??\c:\3ntnbt.exec:\3ntnbt.exe75⤵
-
\??\c:\pvvpj.exec:\pvvpj.exe76⤵
-
\??\c:\pddvj.exec:\pddvj.exe77⤵
-
\??\c:\djjvj.exec:\djjvj.exe78⤵
-
\??\c:\1ffrllr.exec:\1ffrllr.exe79⤵
-
\??\c:\9hhhbb.exec:\9hhhbb.exe80⤵
-
\??\c:\3pjpp.exec:\3pjpp.exe81⤵
-
\??\c:\xrxlfxx.exec:\xrxlfxx.exe82⤵
-
\??\c:\lffxlfx.exec:\lffxlfx.exe83⤵
-
\??\c:\nbhtnt.exec:\nbhtnt.exe84⤵
-
\??\c:\bnnhnt.exec:\bnnhnt.exe85⤵
-
\??\c:\jjvvp.exec:\jjvvp.exe86⤵
-
\??\c:\lxrflrl.exec:\lxrflrl.exe87⤵
-
\??\c:\fllrlfx.exec:\fllrlfx.exe88⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe89⤵
-
\??\c:\nbhtht.exec:\nbhtht.exe90⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe91⤵
-
\??\c:\5ddpv.exec:\5ddpv.exe92⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe93⤵
-
\??\c:\9nnhtn.exec:\9nnhtn.exe94⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe95⤵
-
\??\c:\vvvpj.exec:\vvvpj.exe96⤵
-
\??\c:\5vjdp.exec:\5vjdp.exe97⤵
-
\??\c:\lrlfxxr.exec:\lrlfxxr.exe98⤵
-
\??\c:\7flxrlx.exec:\7flxrlx.exe99⤵
-
\??\c:\tntbhb.exec:\tntbhb.exe100⤵
-
\??\c:\tnnbnh.exec:\tnnbnh.exe101⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe102⤵
-
\??\c:\lxfrfxl.exec:\lxfrfxl.exe103⤵
-
\??\c:\rrrrllf.exec:\rrrrllf.exe104⤵
-
\??\c:\9hbnhb.exec:\9hbnhb.exe105⤵
-
\??\c:\9nbthh.exec:\9nbthh.exe106⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe107⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe108⤵
-
\??\c:\5xrfrlf.exec:\5xrfrlf.exe109⤵
-
\??\c:\llrlxrx.exec:\llrlxrx.exe110⤵
-
\??\c:\nhtnhn.exec:\nhtnhn.exe111⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe112⤵
-
\??\c:\dddvp.exec:\dddvp.exe113⤵
-
\??\c:\lxlxlfr.exec:\lxlxlfr.exe114⤵
-
\??\c:\tnthnh.exec:\tnthnh.exe115⤵
-
\??\c:\1bbtht.exec:\1bbtht.exe116⤵
-
\??\c:\5dvvj.exec:\5dvvj.exe117⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe118⤵
-
\??\c:\lrrlxxl.exec:\lrrlxxl.exe119⤵
-
\??\c:\3btthb.exec:\3btthb.exe120⤵
-
\??\c:\bttthb.exec:\bttthb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-