Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
09-05-2024 21:58
General
-
Target
0955b034185ede29391a9c4c2e484d70_NeikiAnalytics.exe
-
Size
273KB
-
MD5
0955b034185ede29391a9c4c2e484d70
-
SHA1
cf286377f1e78f0fefa182b014f0ddd4ca2789c0
-
SHA256
3f2647f59132238d4c5644bb2573c597c63569126f6b8b4e874e87b23b1e41aa
-
SHA512
e552c7386360a670af663adc0e6dace9b2a0931bd7557bae7509a33d61e648a67a5bcc007791c4b35374fb733760fc52c918eed3b5673867db8f72b3444d0a27
-
SSDEEP
6144:Ycm4FmowdHoSgWrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bm8:e4wFHoSgWjdpKGATTk/jYIOWN/KnnP3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 37 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0955b034185ede29391a9c4c2e484d70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0955b034185ede29391a9c4c2e484d70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdppv.exec:\pdppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlxl.exec:\llfrlxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bthbt.exec:\7bthbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllrr.exec:\xrlllrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbtnt.exec:\hbbtnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrllx.exec:\fffrllx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthntn.exec:\tthntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvv.exec:\jdjvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfffff.exec:\1xfffff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nnttb.exec:\3nnttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvv.exec:\pddvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rllfff.exec:\5rllfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxfl.exec:\lfxlxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7httth.exec:\7httth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxxrll.exec:\xlxxrll.exe17⤵
- Executes dropped EXE
-
\??\c:\bnhnbh.exec:\bnhnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\rllxrff.exec:\rllxrff.exe20⤵
- Executes dropped EXE
-
\??\c:\5thhtn.exec:\5thhtn.exe21⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe22⤵
- Executes dropped EXE
-
\??\c:\9vjpd.exec:\9vjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\xflrlrl.exec:\xflrlrl.exe24⤵
- Executes dropped EXE
-
\??\c:\vjvjp.exec:\vjvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\frlfxxx.exec:\frlfxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\bbnbnn.exec:\bbnbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\dpvdd.exec:\dpvdd.exe28⤵
- Executes dropped EXE
-
\??\c:\5lxlxxl.exec:\5lxlxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\thntbb.exec:\thntbb.exe31⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\rfrxfll.exec:\rfrxfll.exe33⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\3lfffll.exec:\3lfffll.exe35⤵
- Executes dropped EXE
-
\??\c:\bbthbb.exec:\bbthbb.exe36⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe37⤵
- Executes dropped EXE
-
\??\c:\3pjpv.exec:\3pjpv.exe38⤵
- Executes dropped EXE
-
\??\c:\5lrxlrf.exec:\5lrxlrf.exe39⤵
- Executes dropped EXE
-
\??\c:\5rxrrll.exec:\5rxrrll.exe40⤵
- Executes dropped EXE
-
\??\c:\5thhnh.exec:\5thhnh.exe41⤵
- Executes dropped EXE
-
\??\c:\5ppjd.exec:\5ppjd.exe42⤵
- Executes dropped EXE
-
\??\c:\7fllfxx.exec:\7fllfxx.exe43⤵
- Executes dropped EXE
-
\??\c:\9lxrxxf.exec:\9lxrxxf.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbhtt.exec:\ttbhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\vpdvp.exec:\vpdvp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrrfrf.exec:\fxrrfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\3rrxrxl.exec:\3rrxrxl.exe48⤵
- Executes dropped EXE
-
\??\c:\9tbbhh.exec:\9tbbhh.exe49⤵
- Executes dropped EXE
-
\??\c:\btnhtt.exec:\btnhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\vjjjd.exec:\vjjjd.exe51⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe52⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnnbt.exec:\bbnnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\3nbhtn.exec:\3nbhtn.exe55⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\xrfrlrf.exec:\xrfrlrf.exe58⤵
- Executes dropped EXE
-
\??\c:\1nbbnt.exec:\1nbbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe60⤵
- Executes dropped EXE
-
\??\c:\9fxxxxl.exec:\9fxxxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\xllrxrf.exec:\xllrxrf.exe62⤵
- Executes dropped EXE
-
\??\c:\7tbtnn.exec:\7tbtnn.exe63⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\xrffxff.exec:\xrffxff.exe66⤵
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe67⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe68⤵
-
\??\c:\dpddv.exec:\dpddv.exe69⤵
-
\??\c:\jvddd.exec:\jvddd.exe70⤵
-
\??\c:\fxllrff.exec:\fxllrff.exe71⤵
-
\??\c:\7rlrxxr.exec:\7rlrxxr.exe72⤵
-
\??\c:\3hnbbb.exec:\3hnbbb.exe73⤵
-
\??\c:\7nbthb.exec:\7nbthb.exe74⤵
-
\??\c:\jvddd.exec:\jvddd.exe75⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe76⤵
-
\??\c:\rlxrxfx.exec:\rlxrxfx.exe77⤵
-
\??\c:\hhnntb.exec:\hhnntb.exe78⤵
-
\??\c:\5dpvp.exec:\5dpvp.exe79⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe80⤵
-
\??\c:\xrxxlff.exec:\xrxxlff.exe81⤵
-
\??\c:\rlrfrfx.exec:\rlrfrfx.exe82⤵
-
\??\c:\bnnnnh.exec:\bnnnnh.exe83⤵
-
\??\c:\1ntttt.exec:\1ntttt.exe84⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe85⤵
-
\??\c:\ffxxllr.exec:\ffxxllr.exe86⤵
-
\??\c:\3frxffr.exec:\3frxffr.exe87⤵
-
\??\c:\bbtntt.exec:\bbtntt.exe88⤵
-
\??\c:\pdddd.exec:\pdddd.exe89⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe90⤵
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe91⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe92⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe93⤵
-
\??\c:\dddvv.exec:\dddvv.exe94⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe95⤵
-
\??\c:\rrfxxlf.exec:\rrfxxlf.exe96⤵
-
\??\c:\7nbhhn.exec:\7nbhhn.exe97⤵
-
\??\c:\bbthth.exec:\bbthth.exe98⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe99⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe100⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe101⤵
-
\??\c:\9nnttt.exec:\9nnttt.exe102⤵
-
\??\c:\thhntt.exec:\thhntt.exe103⤵
-
\??\c:\dvdpj.exec:\dvdpj.exe104⤵
-
\??\c:\9jvdj.exec:\9jvdj.exe105⤵
-
\??\c:\9lllrfl.exec:\9lllrfl.exe106⤵
-
\??\c:\nhnnbh.exec:\nhnnbh.exe107⤵
-
\??\c:\btntnb.exec:\btntnb.exe108⤵
-
\??\c:\9vjpp.exec:\9vjpp.exe109⤵
-
\??\c:\1pdvd.exec:\1pdvd.exe110⤵
-
\??\c:\lfrrfrr.exec:\lfrrfrr.exe111⤵
-
\??\c:\tthtbn.exec:\tthtbn.exe112⤵
-
\??\c:\tththh.exec:\tththh.exe113⤵
-
\??\c:\vpddd.exec:\vpddd.exe114⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe115⤵
-
\??\c:\ffxrxrf.exec:\ffxrxrf.exe116⤵
-
\??\c:\xfffrxr.exec:\xfffrxr.exe117⤵
-
\??\c:\7tnhnb.exec:\7tnhnb.exe118⤵
-
\??\c:\btnhtn.exec:\btnhtn.exe119⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe120⤵
-
\??\c:\3rlrxff.exec:\3rlrxff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-