Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 22:36
General
-
Target
1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe
-
Size
387KB
-
MD5
1d6fd8a4089a9e08a7b7d16886336cf0
-
SHA1
89f85c831c905b774bbc16b9ad0ba81662c6f213
-
SHA256
8885e8737714d141d4da35e0238d0e4c3ff05e0766af7b39c553ccd7f63fc917
-
SHA512
24ee3df09b2a43209e2c1380c003ad8ed726481be7b616c6fc2ef989cbcc96b2788a2c54f6c953ca5929f2964774f264b4306f096934a4c041266b2b899b940d
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVw0:n3C9uYA7okVqdKwaO5CVt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d6fd8a4089a9e08a7b7d16886336cf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbnnb.exec:\nbbnnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrflf.exec:\lffrflf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhhbn.exec:\hnhhbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpd.exec:\jjdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhn.exec:\hbhbhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjp.exec:\7vjjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpd.exec:\vpdpd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflflr.exec:\fxflflr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddpj.exec:\vddpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjd.exec:\jppjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrflx.exec:\llfrflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhnbt.exec:\1nhnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxfr.exec:\rrrrxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe17⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\pddpd.exec:\pddpd.exe20⤵
- Executes dropped EXE
-
\??\c:\tnthth.exec:\tnthth.exe21⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnhnhh.exec:\tnhnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\3lflrrx.exec:\3lflrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\7bnbtb.exec:\7bnbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe27⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe28⤵
- Executes dropped EXE
-
\??\c:\3lfflrr.exec:\3lfflrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe30⤵
- Executes dropped EXE
-
\??\c:\ttnhbh.exec:\ttnhbh.exe31⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe32⤵
- Executes dropped EXE
-
\??\c:\5llxfxx.exec:\5llxfxx.exe33⤵
- Executes dropped EXE
-
\??\c:\bbnbtb.exec:\bbnbtb.exe34⤵
- Executes dropped EXE
-
\??\c:\5dvdj.exec:\5dvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlflfr.exec:\fxlflfr.exe36⤵
- Executes dropped EXE
-
\??\c:\btttnn.exec:\btttnn.exe37⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrxfxfl.exec:\rrxfxfl.exe39⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe40⤵
- Executes dropped EXE
-
\??\c:\ntbhhb.exec:\ntbhhb.exe41⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe42⤵
- Executes dropped EXE
-
\??\c:\3rrxllx.exec:\3rrxllx.exe43⤵
- Executes dropped EXE
-
\??\c:\tbhbtb.exec:\tbhbtb.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdpj.exec:\ppdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\5ffrxlr.exec:\5ffrxlr.exe46⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe47⤵
- Executes dropped EXE
-
\??\c:\5ppdp.exec:\5ppdp.exe48⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\xxxfrxf.exec:\xxxfrxf.exe50⤵
- Executes dropped EXE
-
\??\c:\5nnbtb.exec:\5nnbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\1vpvj.exec:\1vpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe54⤵
- Executes dropped EXE
-
\??\c:\5pjvp.exec:\5pjvp.exe55⤵
- Executes dropped EXE
-
\??\c:\1ddpj.exec:\1ddpj.exe56⤵
- Executes dropped EXE
-
\??\c:\rxxxlxx.exec:\rxxxlxx.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe59⤵
- Executes dropped EXE
-
\??\c:\rxfxflf.exec:\rxfxflf.exe60⤵
- Executes dropped EXE
-
\??\c:\7htbnb.exec:\7htbnb.exe61⤵
- Executes dropped EXE
-
\??\c:\7nbhtb.exec:\7nbhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\dvjdj.exec:\dvjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\rfflrxl.exec:\rfflrxl.exe64⤵
- Executes dropped EXE
-
\??\c:\nnnbnt.exec:\nnnbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\ppppv.exec:\ppppv.exe66⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe67⤵
-
\??\c:\fxxlxlf.exec:\fxxlxlf.exe68⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe69⤵
-
\??\c:\5vvvd.exec:\5vvvd.exe70⤵
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe71⤵
-
\??\c:\lrflflf.exec:\lrflflf.exe72⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe73⤵
-
\??\c:\pdvjj.exec:\pdvjj.exe74⤵
-
\??\c:\rllfxfr.exec:\rllfxfr.exe75⤵
-
\??\c:\5nnhnb.exec:\5nnhnb.exe76⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe77⤵
-
\??\c:\djpdd.exec:\djpdd.exe78⤵
-
\??\c:\xxrxllx.exec:\xxrxllx.exe79⤵
-
\??\c:\hnhtth.exec:\hnhtth.exe80⤵
-
\??\c:\jjjvp.exec:\jjjvp.exe81⤵
-
\??\c:\5llfxrl.exec:\5llfxrl.exe82⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe83⤵
-
\??\c:\nbttnh.exec:\nbttnh.exe84⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe85⤵
-
\??\c:\5rxlrxx.exec:\5rxlrxx.exe86⤵
-
\??\c:\tbhtth.exec:\tbhtth.exe87⤵
-
\??\c:\9nhtnb.exec:\9nhtnb.exe88⤵
-
\??\c:\vjddd.exec:\vjddd.exe89⤵
-
\??\c:\rlxfrlr.exec:\rlxfrlr.exe90⤵
-
\??\c:\ntntnt.exec:\ntntnt.exe91⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe92⤵
-
\??\c:\llflffx.exec:\llflffx.exe93⤵
-
\??\c:\fffrfff.exec:\fffrfff.exe94⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe95⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe96⤵
-
\??\c:\rrrrrll.exec:\rrrrrll.exe97⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe98⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe99⤵
-
\??\c:\5vvdp.exec:\5vvdp.exe100⤵
-
\??\c:\ffxfxfx.exec:\ffxfxfx.exe101⤵
-
\??\c:\xxxxlfx.exec:\xxxxlfx.exe102⤵
-
\??\c:\7hbbtb.exec:\7hbbtb.exe103⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe104⤵
-
\??\c:\fxrxfrf.exec:\fxrxfrf.exe105⤵
-
\??\c:\xxlrxfx.exec:\xxlrxfx.exe106⤵
-
\??\c:\tbhthn.exec:\tbhthn.exe107⤵
-
\??\c:\pddpp.exec:\pddpp.exe108⤵
-
\??\c:\7ffrfrf.exec:\7ffrfrf.exe109⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe110⤵
-
\??\c:\nnhbnt.exec:\nnhbnt.exe111⤵
-
\??\c:\1pppd.exec:\1pppd.exe112⤵
-
\??\c:\ffrlxll.exec:\ffrlxll.exe113⤵
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe114⤵
-
\??\c:\hhhthn.exec:\hhhthn.exe115⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe116⤵
-
\??\c:\jpppd.exec:\jpppd.exe117⤵
-
\??\c:\7rllxrf.exec:\7rllxrf.exe118⤵
-
\??\c:\ffllxfx.exec:\ffllxfx.exe119⤵
-
\??\c:\ttbnnb.exec:\ttbnnb.exe120⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-