Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
29/06/2024, 15:43
General
-
Target
b1b7c999f1949ff9be45f94301553bd8e8ffd8f56485d99c97934085b90748c6_NeikiAnalytics.exe
-
Size
229KB
-
MD5
a52eebb1c6d3430458c6366141dc8e80
-
SHA1
00e3791e1aca4d3d7f307243b4c84a6672eea9bf
-
SHA256
b1b7c999f1949ff9be45f94301553bd8e8ffd8f56485d99c97934085b90748c6
-
SHA512
b69cf4b4e588df8de4c18f9591e5fc69a2565fa9a4eef3ceaea7b99e597467c85fa3ae6d48df0181e08a4aef806a9770fdab67209dbe7630d0ed5d94cdd1b6b9
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31x4xLn/c1N4:n3C9BRo7MlrWKo+lxKk16
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b1b7c999f1949ff9be45f94301553bd8e8ffd8f56485d99c97934085b90748c6_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b1b7c999f1949ff9be45f94301553bd8e8ffd8f56485d99c97934085b90748c6_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnhbn.exec:\hnnhbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jpjv.exec:\9jpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lllffx.exec:\7lllffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhh.exec:\tnhnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjdp.exec:\dpjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrlll.exec:\rlfrlll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbtnn.exec:\ttbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpppj.exec:\jpppj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhb.exec:\tnnhhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppdp.exec:\pppdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxlfx.exec:\xrxxlfx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtnbt.exec:\hhtnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ddpj.exec:\1ddpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpjv.exec:\7jpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbtt.exec:\bthbtt.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffxxx.exec:\xlffxxx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnh.exec:\hbtnnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhtnn.exec:\tbhtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrlrff.exec:\rlrlrff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfxllx.exec:\flfxllx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthbt.exec:\htthbt.exe23⤵
- Executes dropped EXE
-
\??\c:\pppjv.exec:\pppjv.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvdd.exec:\jdvdd.exe25⤵
- Executes dropped EXE
-
\??\c:\frrxlfx.exec:\frrxlfx.exe26⤵
- Executes dropped EXE
-
\??\c:\3xrlffx.exec:\3xrlffx.exe27⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe28⤵
- Executes dropped EXE
-
\??\c:\tttnbt.exec:\tttnbt.exe29⤵
- Executes dropped EXE
-
\??\c:\djdvj.exec:\djdvj.exe30⤵
- Executes dropped EXE
-
\??\c:\rffrfxr.exec:\rffrfxr.exe31⤵
- Executes dropped EXE
-
\??\c:\ntnhth.exec:\ntnhth.exe32⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe33⤵
- Executes dropped EXE
-
\??\c:\jpddv.exec:\jpddv.exe34⤵
- Executes dropped EXE
-
\??\c:\9lfxrlf.exec:\9lfxrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\xrxrfff.exec:\xrxrfff.exe36⤵
- Executes dropped EXE
-
\??\c:\nnnhhb.exec:\nnnhhb.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe38⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe39⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\lffxllf.exec:\lffxllf.exe41⤵
- Executes dropped EXE
-
\??\c:\lxxfxfx.exec:\lxxfxfx.exe42⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe43⤵
- Executes dropped EXE
-
\??\c:\btthbt.exec:\btthbt.exe44⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe45⤵
- Executes dropped EXE
-
\??\c:\7vjvp.exec:\7vjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\5xxrlrr.exec:\5xxrlrr.exe48⤵
- Executes dropped EXE
-
\??\c:\ddppj.exec:\ddppj.exe49⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe50⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\9nhbbt.exec:\9nhbbt.exe52⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\fllllrr.exec:\fllllrr.exe55⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe56⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe57⤵
- Executes dropped EXE
-
\??\c:\jpvvp.exec:\jpvvp.exe58⤵
- Executes dropped EXE
-
\??\c:\1ffxrrr.exec:\1ffxrrr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbhbbt.exec:\tbhbbt.exe60⤵
- Executes dropped EXE
-
\??\c:\vvdjd.exec:\vvdjd.exe61⤵
- Executes dropped EXE
-
\??\c:\frfxxfx.exec:\frfxxfx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbhtnh.exec:\nbhtnh.exe63⤵
- Executes dropped EXE
-
\??\c:\bnhbbb.exec:\bnhbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbtnb.exec:\nnbtnb.exe65⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe66⤵
-
\??\c:\rxxrffx.exec:\rxxrffx.exe67⤵
-
\??\c:\7lfxllf.exec:\7lfxllf.exe68⤵
-
\??\c:\hhnnnh.exec:\hhnnnh.exe69⤵
-
\??\c:\vpppv.exec:\vpppv.exe70⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe71⤵
-
\??\c:\xfxrllx.exec:\xfxrllx.exe72⤵
-
\??\c:\xllxlll.exec:\xllxlll.exe73⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe74⤵
-
\??\c:\5bhntn.exec:\5bhntn.exe75⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe76⤵
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe77⤵
-
\??\c:\bntnnh.exec:\bntnnh.exe78⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe79⤵
-
\??\c:\jpvvj.exec:\jpvvj.exe80⤵
-
\??\c:\vddvp.exec:\vddvp.exe81⤵
-
\??\c:\xfxrlfx.exec:\xfxrlfx.exe82⤵
-
\??\c:\fxxrrrf.exec:\fxxrrrf.exe83⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe84⤵
-
\??\c:\vdjdp.exec:\vdjdp.exe85⤵
-
\??\c:\1djdj.exec:\1djdj.exe86⤵
-
\??\c:\xrrrlfx.exec:\xrrrlfx.exe87⤵
-
\??\c:\hhhttt.exec:\hhhttt.exe88⤵
-
\??\c:\hntnhh.exec:\hntnhh.exe89⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe90⤵
-
\??\c:\jddpd.exec:\jddpd.exe91⤵
-
\??\c:\xrxlfff.exec:\xrxlfff.exe92⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe93⤵
-
\??\c:\dvppd.exec:\dvppd.exe94⤵
-
\??\c:\jddvp.exec:\jddvp.exe95⤵
-
\??\c:\rfllfff.exec:\rfllfff.exe96⤵
-
\??\c:\rrfxxxl.exec:\rrfxxxl.exe97⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe98⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe99⤵
-
\??\c:\jvjdv.exec:\jvjdv.exe100⤵
-
\??\c:\1fllxxl.exec:\1fllxxl.exe101⤵
-
\??\c:\rlrrlll.exec:\rlrrlll.exe102⤵
-
\??\c:\thhhbh.exec:\thhhbh.exe103⤵
-
\??\c:\pppjd.exec:\pppjd.exe104⤵
-
\??\c:\lxxxrrl.exec:\lxxxrrl.exe105⤵
-
\??\c:\rxflfxx.exec:\rxflfxx.exe106⤵
-
\??\c:\bttnhh.exec:\bttnhh.exe107⤵
-
\??\c:\ttbtnh.exec:\ttbtnh.exe108⤵
-
\??\c:\pjpdd.exec:\pjpdd.exe109⤵
-
\??\c:\fxfxxlx.exec:\fxfxxlx.exe110⤵
-
\??\c:\rfxrlfx.exec:\rfxrlfx.exe111⤵
-
\??\c:\tnnbtn.exec:\tnnbtn.exe112⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe113⤵
-
\??\c:\vppjv.exec:\vppjv.exe114⤵
-
\??\c:\rlrlffx.exec:\rlrlffx.exe115⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe116⤵
-
\??\c:\httnhb.exec:\httnhb.exe117⤵
-
\??\c:\vvjjd.exec:\vvjjd.exe118⤵
-
\??\c:\rlxlflr.exec:\rlxlflr.exe119⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe120⤵
-
\??\c:\1thbtt.exec:\1thbtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-