Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/05/2024, 20:59
General
-
Target
f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe
-
Size
59KB
-
MD5
f9cab79ffdb3a86775e5a10fdd97f960
-
SHA1
791bb55121a5def4a9787b1dd10f908531272d76
-
SHA256
d1ba04ee89069f4fa51e3eaf318c3a9a4d82b93f4dc478cb984664b7f534c97c
-
SHA512
0d1b4089e4dce1385608962fd757dd7756bc5da431969c67c11ecd2eb130d71ac902e3668bf5bd1f6cf6b51643caf9db685f5d6f93937bbbfaf72ca7ed4d7604
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuzk9UWt:ymb3NkkiQ3mdBjFIvlqm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f9cab79ffdb3a86775e5a10fdd97f960_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllfx.exec:\frxllfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthbnt.exec:\tthbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntnnt.exec:\bntnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdp.exec:\vpvdp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfxffl.exec:\rlfxffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbb.exec:\nhttbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxxlr.exec:\xxrxxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnbb.exec:\tnnnbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpp.exec:\pjvpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxllxfx.exec:\lxllxfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrflx.exec:\ffrrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnhn.exec:\tnhnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhht.exec:\nhhhht.exe17⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe18⤵
- Executes dropped EXE
-
\??\c:\5jdvj.exec:\5jdvj.exe19⤵
- Executes dropped EXE
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe20⤵
- Executes dropped EXE
-
\??\c:\lfxlxxl.exec:\lfxlxxl.exe21⤵
- Executes dropped EXE
-
\??\c:\nnnnbn.exec:\nnnnbn.exe22⤵
- Executes dropped EXE
-
\??\c:\7bnntn.exec:\7bnntn.exe23⤵
- Executes dropped EXE
-
\??\c:\9vpvj.exec:\9vpvj.exe24⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxflllr.exec:\fxflllr.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrlrrr.exec:\fxrlrrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbhnbt.exec:\hbhnbt.exe28⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe29⤵
- Executes dropped EXE
-
\??\c:\7flfllr.exec:\7flfllr.exe30⤵
- Executes dropped EXE
-
\??\c:\ffrfxfr.exec:\ffrfxfr.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhbhh.exec:\hbhbhh.exe32⤵
- Executes dropped EXE
-
\??\c:\ddvvp.exec:\ddvvp.exe33⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe34⤵
-
\??\c:\vppvv.exec:\vppvv.exe35⤵
- Executes dropped EXE
-
\??\c:\1flfllx.exec:\1flfllx.exe36⤵
- Executes dropped EXE
-
\??\c:\5lrxfxr.exec:\5lrxfxr.exe37⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe38⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe39⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe40⤵
- Executes dropped EXE
-
\??\c:\9jdjp.exec:\9jdjp.exe41⤵
- Executes dropped EXE
-
\??\c:\3xrlrrx.exec:\3xrlrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\fxlrxxl.exec:\fxlrxxl.exe43⤵
- Executes dropped EXE
-
\??\c:\5nhtbh.exec:\5nhtbh.exe44⤵
- Executes dropped EXE
-
\??\c:\hthhth.exec:\hthhth.exe45⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe46⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe47⤵
- Executes dropped EXE
-
\??\c:\rxlrrxf.exec:\rxlrrxf.exe48⤵
- Executes dropped EXE
-
\??\c:\rrrlrrl.exec:\rrrlrrl.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbbth.exec:\ntbbth.exe50⤵
- Executes dropped EXE
-
\??\c:\hbtnnn.exec:\hbtnnn.exe51⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe52⤵
- Executes dropped EXE
-
\??\c:\pvppj.exec:\pvppj.exe53⤵
- Executes dropped EXE
-
\??\c:\lxxlxrf.exec:\lxxlxrf.exe54⤵
- Executes dropped EXE
-
\??\c:\9rrfffr.exec:\9rrfffr.exe55⤵
- Executes dropped EXE
-
\??\c:\fxlflfl.exec:\fxlflfl.exe56⤵
- Executes dropped EXE
-
\??\c:\tttbhn.exec:\tttbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\nhnnbn.exec:\nhnnbn.exe58⤵
- Executes dropped EXE
-
\??\c:\5jjvj.exec:\5jjvj.exe59⤵
- Executes dropped EXE
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\ffflxxx.exec:\ffflxxx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\7bnbbt.exec:\7bnbbt.exe63⤵
- Executes dropped EXE
-
\??\c:\9pdvd.exec:\9pdvd.exe64⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe65⤵
- Executes dropped EXE
-
\??\c:\rlllllr.exec:\rlllllr.exe66⤵
- Executes dropped EXE
-
\??\c:\7rflrll.exec:\7rflrll.exe67⤵
-
\??\c:\htnttn.exec:\htnttn.exe68⤵
-
\??\c:\hhttnb.exec:\hhttnb.exe69⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe70⤵
-
\??\c:\vjdpv.exec:\vjdpv.exe71⤵
-
\??\c:\7pdpv.exec:\7pdpv.exe72⤵
-
\??\c:\xfrllrx.exec:\xfrllrx.exe73⤵
-
\??\c:\xrfrxff.exec:\xrfrxff.exe74⤵
-
\??\c:\nbbhbb.exec:\nbbhbb.exe75⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe76⤵
-
\??\c:\lxrlllx.exec:\lxrlllx.exe77⤵
-
\??\c:\7ttbtb.exec:\7ttbtb.exe78⤵
-
\??\c:\tbnnhb.exec:\tbnnhb.exe79⤵
-
\??\c:\ppddj.exec:\ppddj.exe80⤵
-
\??\c:\vdjpp.exec:\vdjpp.exe81⤵
-
\??\c:\1llrxfr.exec:\1llrxfr.exe82⤵
-
\??\c:\5rffffl.exec:\5rffffl.exe83⤵
-
\??\c:\rllfrxl.exec:\rllfrxl.exe84⤵
-
\??\c:\tthhnn.exec:\tthhnn.exe85⤵
-
\??\c:\hhthhn.exec:\hhthhn.exe86⤵
-
\??\c:\pdppd.exec:\pdppd.exe87⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe88⤵
-
\??\c:\rlxxfff.exec:\rlxxfff.exe89⤵
-
\??\c:\bnbbhn.exec:\bnbbhn.exe90⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe91⤵
-
\??\c:\3hhhbh.exec:\3hhhbh.exe92⤵
-
\??\c:\dvppd.exec:\dvppd.exe93⤵
-
\??\c:\7jvvj.exec:\7jvvj.exe94⤵
-
\??\c:\rfrxffl.exec:\rfrxffl.exe95⤵
-
\??\c:\fxrxffr.exec:\fxrxffr.exe96⤵
-
\??\c:\btthbh.exec:\btthbh.exe97⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe98⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe99⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe100⤵
-
\??\c:\frxflfr.exec:\frxflfr.exe101⤵
-
\??\c:\fllllfr.exec:\fllllfr.exe102⤵
-
\??\c:\bttbhn.exec:\bttbhn.exe103⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe104⤵
-
\??\c:\dvjdp.exec:\dvjdp.exe105⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe106⤵
-
\??\c:\lfrrrrf.exec:\lfrrrrf.exe107⤵
-
\??\c:\5xrxflr.exec:\5xrxflr.exe108⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe109⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe110⤵
-
\??\c:\7jddd.exec:\7jddd.exe111⤵
-
\??\c:\vpddd.exec:\vpddd.exe112⤵
-
\??\c:\xrllrxl.exec:\xrllrxl.exe113⤵
-
\??\c:\fxllxxl.exec:\fxllxxl.exe114⤵
-
\??\c:\tnnhht.exec:\tnnhht.exe115⤵
-
\??\c:\5tnthn.exec:\5tnthn.exe116⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe117⤵
-
\??\c:\9jvjp.exec:\9jvjp.exe118⤵
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe119⤵
-
\??\c:\fxffffr.exec:\fxffffr.exe120⤵
-
\??\c:\bhnhbh.exec:\bhnhbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-