Analysis
-
max time kernel
150s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
09-05-2024 15:59
General
-
Target
7ecbb366e744b9c6020991d161917e10_NeikiAnalytics.exe
-
Size
59KB
-
MD5
7ecbb366e744b9c6020991d161917e10
-
SHA1
9be298c7f444665c2dd68872349bdd0994420034
-
SHA256
e545e06055e75102c08633e94e72cd40b3f151622f1bef371921e850abcd5060
-
SHA512
1ee21eb4f8e713609e3d42e3af6d5056cd730b161f7852f7903ba26274cf924cc565817a53b9abc22f41343552686b97951af1d16d379757e6e4f9def9139d11
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9UI:ymb3NkkiQ3mdBjFIvlqI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ecbb366e744b9c6020991d161917e10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7ecbb366e744b9c6020991d161917e10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvv.exec:\dvpvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllffx.exec:\lrllffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjpp.exec:\vjjpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjd.exec:\dvpjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrxfl.exec:\1rrrxfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httbtb.exec:\httbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnthn.exec:\1tnthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjd.exec:\vdpjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrfff.exec:\xrrrfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlfl.exec:\xxrrlfl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhnhh.exec:\9nhnhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjjd.exec:\vdjjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhb.exec:\hhnnhb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvddd.exec:\dvddd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxlflf.exec:\xfxlflf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrlffx.exec:\rfrlffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbth.exec:\tbtbth.exe23⤵
- Executes dropped EXE
-
\??\c:\vvjvp.exec:\vvjvp.exe24⤵
- Executes dropped EXE
-
\??\c:\9xrllll.exec:\9xrllll.exe25⤵
- Executes dropped EXE
-
\??\c:\9bbbtn.exec:\9bbbtn.exe26⤵
- Executes dropped EXE
-
\??\c:\hbbttt.exec:\hbbttt.exe27⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rrlfxxx.exec:\rrlfxxx.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlxfrf.exec:\xrlxfrf.exe30⤵
- Executes dropped EXE
-
\??\c:\tntttn.exec:\tntttn.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpjd.exec:\vvpjd.exe32⤵
- Executes dropped EXE
-
\??\c:\vdppd.exec:\vdppd.exe33⤵
- Executes dropped EXE
-
\??\c:\flxrrrx.exec:\flxrrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\lxfxxrl.exec:\lxfxxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\htnnhh.exec:\htnnhh.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe37⤵
- Executes dropped EXE
-
\??\c:\fxffxff.exec:\fxffxff.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxlrxx.exec:\lrxlrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe40⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\1pppj.exec:\1pppj.exe42⤵
- Executes dropped EXE
-
\??\c:\frrlxxx.exec:\frrlxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\7lxrrlf.exec:\7lxrrlf.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbhnb.exec:\hhbhnb.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbbbn.exec:\nhbbbn.exe46⤵
- Executes dropped EXE
-
\??\c:\1jdpd.exec:\1jdpd.exe47⤵
- Executes dropped EXE
-
\??\c:\3jpjv.exec:\3jpjv.exe48⤵
- Executes dropped EXE
-
\??\c:\3rlffff.exec:\3rlffff.exe49⤵
- Executes dropped EXE
-
\??\c:\bnttnn.exec:\bnttnn.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe51⤵
- Executes dropped EXE
-
\??\c:\1jvpd.exec:\1jvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrllll.exec:\xxrllll.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrlrlr.exec:\rlrlrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\thnnhn.exec:\thnnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\vdjdd.exec:\vdjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe57⤵
- Executes dropped EXE
-
\??\c:\9fffxxx.exec:\9fffxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\9xrrlll.exec:\9xrrlll.exe59⤵
- Executes dropped EXE
-
\??\c:\1bttnn.exec:\1bttnn.exe60⤵
- Executes dropped EXE
-
\??\c:\thbhnh.exec:\thbhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffxxlxr.exec:\ffxxlxr.exe63⤵
- Executes dropped EXE
-
\??\c:\lrrrxfl.exec:\lrrrxfl.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\thnnhn.exec:\thnnhn.exe66⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe67⤵
-
\??\c:\jjjdv.exec:\jjjdv.exe68⤵
-
\??\c:\rffrllf.exec:\rffrllf.exe69⤵
-
\??\c:\5fxxrrl.exec:\5fxxrrl.exe70⤵
-
\??\c:\htbnhh.exec:\htbnhh.exe71⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe72⤵
-
\??\c:\1vpjv.exec:\1vpjv.exe73⤵
-
\??\c:\llxfrrl.exec:\llxfrrl.exe74⤵
-
\??\c:\xflfffx.exec:\xflfffx.exe75⤵
-
\??\c:\hnntth.exec:\hnntth.exe76⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe77⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe78⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe79⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe80⤵
-
\??\c:\xfffxxl.exec:\xfffxxl.exe81⤵
-
\??\c:\ttnhhh.exec:\ttnhhh.exe82⤵
-
\??\c:\3bbnhb.exec:\3bbnhb.exe83⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe84⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe85⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe86⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe87⤵
-
\??\c:\fxxrrrr.exec:\fxxrrrr.exe88⤵
-
\??\c:\7nhhbb.exec:\7nhhbb.exe89⤵
-
\??\c:\7htbtt.exec:\7htbtt.exe90⤵
-
\??\c:\vpvvp.exec:\vpvvp.exe91⤵
-
\??\c:\vppjv.exec:\vppjv.exe92⤵
-
\??\c:\5xllfff.exec:\5xllfff.exe93⤵
-
\??\c:\xlfxrrx.exec:\xlfxrrx.exe94⤵
-
\??\c:\frxxrxr.exec:\frxxrxr.exe95⤵
-
\??\c:\htbhbb.exec:\htbhbb.exe96⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe97⤵
-
\??\c:\vpddv.exec:\vpddv.exe98⤵
-
\??\c:\7ppdp.exec:\7ppdp.exe99⤵
-
\??\c:\lxlfrfx.exec:\lxlfrfx.exe100⤵
-
\??\c:\9xllrxr.exec:\9xllrxr.exe101⤵
-
\??\c:\bbttnn.exec:\bbttnn.exe102⤵
-
\??\c:\nhnhhh.exec:\nhnhhh.exe103⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe104⤵
-
\??\c:\fllxllf.exec:\fllxllf.exe105⤵
-
\??\c:\3xxfrrf.exec:\3xxfrrf.exe106⤵
-
\??\c:\hbbtnh.exec:\hbbtnh.exe107⤵
-
\??\c:\1btnhh.exec:\1btnhh.exe108⤵
-
\??\c:\pvpjv.exec:\pvpjv.exe109⤵
-
\??\c:\7rfrffx.exec:\7rfrffx.exe110⤵
-
\??\c:\1bbbtt.exec:\1bbbtt.exe111⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe112⤵
-
\??\c:\jvpjv.exec:\jvpjv.exe113⤵
-
\??\c:\xrrlxxr.exec:\xrrlxxr.exe114⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe115⤵
-
\??\c:\xlxllfx.exec:\xlxllfx.exe116⤵
-
\??\c:\9fxrlrl.exec:\9fxrlrl.exe117⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe118⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe119⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe120⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-