Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29/06/2024, 03:51
General
-
Target
5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe
-
Size
465KB
-
MD5
12950b59c16ce652fc5b168008fc81e0
-
SHA1
c115b09ee0ce25a3e0ad86952f78c2c8eb77af65
-
SHA256
5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae
-
SHA512
2156898a66d94bcb9543849d0de78c380d8948cc276ed0e4ab96be125ce8d7b1cf21f40f95d910952c51b1ba39891f7dda985d70fd29fd6a22b6aa8b83dc4777
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1Vj:VeR0oykayRFp3lztP+OKaf1Vj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxffx.exec:\3llxffx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrlx.exec:\xrfxrlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvpd.exec:\9jvpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlfl.exec:\frlxlfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrfxxr.exec:\9rrfxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrllfl.exec:\9rrllfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfxlfx.exec:\xlfxlfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnh.exec:\btthnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhnh.exec:\hhnhnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxlxr.exec:\lllxlxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxlff.exec:\lrlxlff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjv.exec:\9ppjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhbn.exec:\9tnhbn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrfrlf.exec:\5rrfrlf.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrrlf.exec:\rrfrrlf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlfr.exec:\frlxlfr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttbnn.exec:\tttbnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhtnh.exec:\5bhtnh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbthtn.exec:\nbthtn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnbnh.exec:\tnnbnh.exe24⤵
- Executes dropped EXE
-
\??\c:\pppdj.exec:\pppdj.exe25⤵
- Executes dropped EXE
-
\??\c:\9fflxrl.exec:\9fflxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe27⤵
- Executes dropped EXE
-
\??\c:\5ntntn.exec:\5ntntn.exe28⤵
- Executes dropped EXE
-
\??\c:\fxxrxrr.exec:\fxxrxrr.exe29⤵
- Executes dropped EXE
-
\??\c:\5llfrlx.exec:\5llfrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\1vjdv.exec:\1vjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\9hbthb.exec:\9hbthb.exe32⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe33⤵
- Executes dropped EXE
-
\??\c:\1nbtht.exec:\1nbtht.exe34⤵
- Executes dropped EXE
-
\??\c:\fffxlfr.exec:\fffxlfr.exe35⤵
- Executes dropped EXE
-
\??\c:\nbhtth.exec:\nbhtth.exe36⤵
- Executes dropped EXE
-
\??\c:\7pdvd.exec:\7pdvd.exe37⤵
- Executes dropped EXE
-
\??\c:\1llxlfr.exec:\1llxlfr.exe38⤵
- Executes dropped EXE
-
\??\c:\hhnbnt.exec:\hhnbnt.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe40⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe41⤵
- Executes dropped EXE
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhbbb.exec:\hbhbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\5xxrfxl.exec:\5xxrfxl.exe46⤵
- Executes dropped EXE
-
\??\c:\ntnhbt.exec:\ntnhbt.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhtht.exec:\hbhtht.exe48⤵
- Executes dropped EXE
-
\??\c:\9jdpv.exec:\9jdpv.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxlfxr.exec:\lxxlfxr.exe50⤵
- Executes dropped EXE
-
\??\c:\bhbthh.exec:\bhbthh.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe52⤵
- Executes dropped EXE
-
\??\c:\xflfffl.exec:\xflfffl.exe53⤵
- Executes dropped EXE
-
\??\c:\bhnhbt.exec:\bhnhbt.exe54⤵
- Executes dropped EXE
-
\??\c:\vjpjv.exec:\vjpjv.exe55⤵
- Executes dropped EXE
-
\??\c:\7dddj.exec:\7dddj.exe56⤵
- Executes dropped EXE
-
\??\c:\lrxlxxr.exec:\lrxlxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\9tnnbb.exec:\9tnnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjvv.exec:\ppjvv.exe59⤵
- Executes dropped EXE
-
\??\c:\5rxrflx.exec:\5rxrflx.exe60⤵
- Executes dropped EXE
-
\??\c:\hhhbtt.exec:\hhhbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxlfxl.exec:\xxxlfxl.exe63⤵
- Executes dropped EXE
-
\??\c:\rflllfl.exec:\rflllfl.exe64⤵
- Executes dropped EXE
-
\??\c:\7bnhbt.exec:\7bnhbt.exe65⤵
- Executes dropped EXE
-
\??\c:\7dvpd.exec:\7dvpd.exe66⤵
-
\??\c:\3ffxrxr.exec:\3ffxrxr.exe67⤵
-
\??\c:\lxfrlfx.exec:\lxfrlfx.exe68⤵
-
\??\c:\tnnhbb.exec:\tnnhbb.exe69⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe70⤵
-
\??\c:\7xflxxl.exec:\7xflxxl.exe71⤵
-
\??\c:\xlrfrrl.exec:\xlrfrrl.exe72⤵
-
\??\c:\bnthtb.exec:\bnthtb.exe73⤵
-
\??\c:\pdddp.exec:\pdddp.exe74⤵
-
\??\c:\xfxrllf.exec:\xfxrllf.exe75⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe76⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe77⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe78⤵
-
\??\c:\fxfxrlf.exec:\fxfxrlf.exe79⤵
-
\??\c:\7htnhh.exec:\7htnhh.exe80⤵
-
\??\c:\nbbtnn.exec:\nbbtnn.exe81⤵
-
\??\c:\ddddv.exec:\ddddv.exe82⤵
-
\??\c:\rlllffx.exec:\rlllffx.exe83⤵
-
\??\c:\tnhbnb.exec:\tnhbnb.exe84⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe85⤵
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe86⤵
-
\??\c:\7frfxxr.exec:\7frfxxr.exe87⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe88⤵
-
\??\c:\7jdvj.exec:\7jdvj.exe89⤵
-
\??\c:\5lrllff.exec:\5lrllff.exe90⤵
-
\??\c:\5dvjd.exec:\5dvjd.exe91⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe92⤵
-
\??\c:\3llfrrl.exec:\3llfrrl.exe93⤵
-
\??\c:\lfflfxr.exec:\lfflfxr.exe94⤵
-
\??\c:\hbhbtn.exec:\hbhbtn.exe95⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe96⤵
-
\??\c:\1jpjv.exec:\1jpjv.exe97⤵
-
\??\c:\rrffrfx.exec:\rrffrfx.exe98⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe99⤵
-
\??\c:\1jdvd.exec:\1jdvd.exe100⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe101⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe102⤵
-
\??\c:\hnbnnn.exec:\hnbnnn.exe103⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe104⤵
-
\??\c:\llllffx.exec:\llllffx.exe105⤵
-
\??\c:\9htnhb.exec:\9htnhb.exe106⤵
-
\??\c:\7btnhb.exec:\7btnhb.exe107⤵
-
\??\c:\1jjjd.exec:\1jjjd.exe108⤵
-
\??\c:\rfxlxlx.exec:\rfxlxlx.exe109⤵
-
\??\c:\hhnhbt.exec:\hhnhbt.exe110⤵
-
\??\c:\hhhbbt.exec:\hhhbbt.exe111⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe112⤵
-
\??\c:\9xrlfxl.exec:\9xrlfxl.exe113⤵
-
\??\c:\7bthbt.exec:\7bthbt.exe114⤵
-
\??\c:\vppdv.exec:\vppdv.exe115⤵
-
\??\c:\7flxllx.exec:\7flxllx.exe116⤵
-
\??\c:\7nnnbh.exec:\7nnnbh.exe117⤵
-
\??\c:\tnnhbt.exec:\tnnhbt.exe118⤵
-
\??\c:\9jddv.exec:\9jddv.exe119⤵
-
\??\c:\rrxfrll.exec:\rrxfrll.exe120⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-