Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
09/05/2024, 13:46
General
-
Target
4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe
-
Size
94KB
-
MD5
4d0b19513986ae2c19b443cb5c889e20
-
SHA1
82b23a64d9eb327c930b2a53c4d911b862ba10ac
-
SHA256
2e62c70fad803ab3ace1d9492d3f6a18d6296ce05273549579e0e2a67fe0ab66
-
SHA512
a61668f02a754f70fa6c9d30098b0f9a65b68ad1f20d64688eadd2f923ef74bacd22fd9ac443f21f6c7e11fb820a72f69801662b7a449f12902c50d9edf98303
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtq:ymb3NkkiQ3mdBjFIWeFGyAsJAg2q
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4d0b19513986ae2c19b443cb5c889e20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3frrxxf.exec:\3frrxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lllllx.exec:\3lllllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhn.exec:\nbhbhn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnntn.exec:\7bnntn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjv.exec:\pjjjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrlrrx.exec:\xrrlrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrflxrx.exec:\lrflxrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btbhh.exec:\7btbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbb.exec:\btttbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhb.exec:\htnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vjpp.exec:\3vjpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjp.exec:\3jpjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlfxf.exec:\rfrlfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrxffx.exec:\9rrxffx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhhh.exec:\3thhhh.exe17⤵
- Executes dropped EXE
-
\??\c:\nnhttb.exec:\nnhttb.exe18⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe19⤵
- Executes dropped EXE
-
\??\c:\jpvdd.exec:\jpvdd.exe20⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe21⤵
- Executes dropped EXE
-
\??\c:\5xlffff.exec:\5xlffff.exe22⤵
- Executes dropped EXE
-
\??\c:\xlrxxxx.exec:\xlrxxxx.exe23⤵
- Executes dropped EXE
-
\??\c:\tnbnhb.exec:\tnbnhb.exe24⤵
- Executes dropped EXE
-
\??\c:\htbttt.exec:\htbttt.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe28⤵
- Executes dropped EXE
-
\??\c:\lxfxfll.exec:\lxfxfll.exe29⤵
- Executes dropped EXE
-
\??\c:\7tbbnh.exec:\7tbbnh.exe30⤵
- Executes dropped EXE
-
\??\c:\1thnnt.exec:\1thnnt.exe31⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe32⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\xfrrxrx.exec:\xfrrxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrrlxr.exec:\xfrrlxr.exe35⤵
- Executes dropped EXE
-
\??\c:\bnttbt.exec:\bnttbt.exe36⤵
- Executes dropped EXE
-
\??\c:\thtbbb.exec:\thtbbb.exe37⤵
- Executes dropped EXE
-
\??\c:\hhnbbt.exec:\hhnbbt.exe38⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe39⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe40⤵
- Executes dropped EXE
-
\??\c:\fxllxxx.exec:\fxllxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\rxflxlx.exec:\rxflxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\9nbbbt.exec:\9nbbbt.exe43⤵
- Executes dropped EXE
-
\??\c:\tbhhnn.exec:\tbhhnn.exe44⤵
- Executes dropped EXE
-
\??\c:\tntntn.exec:\tntntn.exe45⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe46⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe47⤵
- Executes dropped EXE
-
\??\c:\7ntttt.exec:\7ntttt.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe49⤵
- Executes dropped EXE
-
\??\c:\btnbnb.exec:\btnbnb.exe50⤵
- Executes dropped EXE
-
\??\c:\5jvvd.exec:\5jvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrrflx.exec:\fxrrflx.exe53⤵
- Executes dropped EXE
-
\??\c:\nnntth.exec:\nnntth.exe54⤵
- Executes dropped EXE
-
\??\c:\xrrxflf.exec:\xrrxflf.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbntb.exec:\nhbntb.exe56⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe58⤵
- Executes dropped EXE
-
\??\c:\bhnntt.exec:\bhnntt.exe59⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe61⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe62⤵
- Executes dropped EXE
-
\??\c:\llxxrfl.exec:\llxxrfl.exe63⤵
- Executes dropped EXE
-
\??\c:\5rrlffx.exec:\5rrlffx.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnbtb.exec:\nhnbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\nhnthh.exec:\nhnthh.exe66⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe67⤵
-
\??\c:\jvdjp.exec:\jvdjp.exe68⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe69⤵
-
\??\c:\fxrlfrl.exec:\fxrlfrl.exe70⤵
-
\??\c:\llfrxlf.exec:\llfrxlf.exe71⤵
-
\??\c:\5tthtn.exec:\5tthtn.exe72⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe73⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe74⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe75⤵
-
\??\c:\9xxfrfx.exec:\9xxfrfx.exe76⤵
-
\??\c:\5lxfrxf.exec:\5lxfrxf.exe77⤵
-
\??\c:\rrlrxxf.exec:\rrlrxxf.exe78⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe79⤵
-
\??\c:\7ttbnn.exec:\7ttbnn.exe80⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe81⤵
-
\??\c:\5vjvd.exec:\5vjvd.exe82⤵
-
\??\c:\7dpjj.exec:\7dpjj.exe83⤵
-
\??\c:\xxxlxrf.exec:\xxxlxrf.exe84⤵
-
\??\c:\fxrxflr.exec:\fxrxflr.exe85⤵
-
\??\c:\ttbnht.exec:\ttbnht.exe86⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe87⤵
-
\??\c:\btbhnt.exec:\btbhnt.exe88⤵
-
\??\c:\pvvjv.exec:\pvvjv.exe89⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe90⤵
-
\??\c:\xxlrrxf.exec:\xxlrrxf.exe91⤵
-
\??\c:\1xlrffl.exec:\1xlrffl.exe92⤵
-
\??\c:\nbbntt.exec:\nbbntt.exe93⤵
-
\??\c:\ttnbhb.exec:\ttnbhb.exe94⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe95⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe96⤵
-
\??\c:\lxrxxrx.exec:\lxrxxrx.exe97⤵
-
\??\c:\lxrrflr.exec:\lxrrflr.exe98⤵
-
\??\c:\lxxfflf.exec:\lxxfflf.exe99⤵
-
\??\c:\5thbhn.exec:\5thbhn.exe100⤵
-
\??\c:\nhbbnh.exec:\nhbbnh.exe101⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe102⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe103⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe104⤵
-
\??\c:\1xlrxlr.exec:\1xlrxlr.exe105⤵
-
\??\c:\xrlxrxl.exec:\xrlxrxl.exe106⤵
-
\??\c:\htbtnh.exec:\htbtnh.exe107⤵
-
\??\c:\bnbhtn.exec:\bnbhtn.exe108⤵
-
\??\c:\1vpdv.exec:\1vpdv.exe109⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe110⤵
-
\??\c:\xrlfffr.exec:\xrlfffr.exe111⤵
-
\??\c:\xxlxrlx.exec:\xxlxrlx.exe112⤵
-
\??\c:\hhthhn.exec:\hhthhn.exe113⤵
-
\??\c:\nnhhth.exec:\nnhhth.exe114⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe115⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe116⤵
-
\??\c:\rfllllr.exec:\rfllllr.exe117⤵
-
\??\c:\5rrxllx.exec:\5rrxllx.exe118⤵
-
\??\c:\hthttb.exec:\hthttb.exe119⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe120⤵
-
\??\c:\3jvdj.exec:\3jvdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-