Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 01:42
General
-
Target
3ff298c595aff6c51b40ff7e0704b620_NeikiAnalytics.exe
-
Size
414KB
-
MD5
3ff298c595aff6c51b40ff7e0704b620
-
SHA1
194d6dd6ac350cb082e6e9d361e65bc12a7ede7f
-
SHA256
e23d1acf650eb13666a4c98c2a7fbd869e718928672f23e2d5c21ba5993befb9
-
SHA512
eecc2e40295caab0bd690b79980a579097c0ec159c7a688ec13f3670f1f231b12115819f4accec8a9a8f4148062d2e3f60887fb44692dcd54d74e9e01d70896d
-
SSDEEP
12288:n3C9ytvngQj4DtvnV9wLn9UTfC8eieJNBNIsYPU:SgdnJUdnV90
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3ff298c595aff6c51b40ff7e0704b620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3ff298c595aff6c51b40ff7e0704b620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtbb.exec:\nthtbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfllrx.exec:\rlfllrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvv.exec:\djpvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtthn.exec:\tbtthn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxllf.exec:\rrrxllf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbh.exec:\hnthbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhnhn.exec:\9hhnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bbbhh.exec:\3bbbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrlxfr.exec:\5lrlxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tntth.exec:\3tntth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfrlx.exec:\1rrfrlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tntbh.exec:\5tntbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrxx.exec:\lllxrxx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhtnb.exec:\hnhtnb.exe17⤵
- Executes dropped EXE
-
\??\c:\frxxfxx.exec:\frxxfxx.exe18⤵
- Executes dropped EXE
-
\??\c:\7bhhbh.exec:\7bhhbh.exe19⤵
- Executes dropped EXE
-
\??\c:\xrfxrxr.exec:\xrfxrxr.exe20⤵
- Executes dropped EXE
-
\??\c:\7nnhth.exec:\7nnhth.exe21⤵
- Executes dropped EXE
-
\??\c:\xfffllx.exec:\xfffllx.exe22⤵
- Executes dropped EXE
-
\??\c:\tnbnbn.exec:\tnbnbn.exe23⤵
- Executes dropped EXE
-
\??\c:\rrfxllx.exec:\rrfxllx.exe24⤵
- Executes dropped EXE
-
\??\c:\nnbhnt.exec:\nnbhnt.exe25⤵
- Executes dropped EXE
-
\??\c:\jjdjj.exec:\jjdjj.exe26⤵
- Executes dropped EXE
-
\??\c:\lllxrxr.exec:\lllxrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\frxrlfl.exec:\frxrlfl.exe29⤵
- Executes dropped EXE
-
\??\c:\7vdjp.exec:\7vdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\7lfrxfl.exec:\7lfrxfl.exe31⤵
- Executes dropped EXE
-
\??\c:\ddvpp.exec:\ddvpp.exe32⤵
- Executes dropped EXE
-
\??\c:\rrfflrf.exec:\rrfflrf.exe33⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlrfrl.exec:\xrlrfrl.exe35⤵
- Executes dropped EXE
-
\??\c:\3tnbht.exec:\3tnbht.exe36⤵
- Executes dropped EXE
-
\??\c:\9djdv.exec:\9djdv.exe37⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe38⤵
- Executes dropped EXE
-
\??\c:\llrxrxx.exec:\llrxrxx.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\jppdp.exec:\jppdp.exe41⤵
- Executes dropped EXE
-
\??\c:\xrfrxrf.exec:\xrfrxrf.exe42⤵
- Executes dropped EXE
-
\??\c:\9lxlrxl.exec:\9lxlrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\tbhnhn.exec:\tbhnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\djdpj.exec:\djdpj.exe45⤵
- Executes dropped EXE
-
\??\c:\3xlfrrx.exec:\3xlfrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\9hhnhb.exec:\9hhnhb.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\vvppv.exec:\vvppv.exe49⤵
- Executes dropped EXE
-
\??\c:\5xrxffr.exec:\5xrxffr.exe50⤵
- Executes dropped EXE
-
\??\c:\ttntht.exec:\ttntht.exe51⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe52⤵
- Executes dropped EXE
-
\??\c:\frxllfl.exec:\frxllfl.exe53⤵
- Executes dropped EXE
-
\??\c:\lllrxfr.exec:\lllrxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe55⤵
- Executes dropped EXE
-
\??\c:\3dvvd.exec:\3dvvd.exe56⤵
- Executes dropped EXE
-
\??\c:\lxfxrff.exec:\lxfxrff.exe57⤵
- Executes dropped EXE
-
\??\c:\tthnnb.exec:\tthnnb.exe58⤵
- Executes dropped EXE
-
\??\c:\3vvvj.exec:\3vvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe60⤵
- Executes dropped EXE
-
\??\c:\fllxlxx.exec:\fllxlxx.exe61⤵
- Executes dropped EXE
-
\??\c:\hnhtht.exec:\hnhtht.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvjj.exec:\jpvjj.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe64⤵
- Executes dropped EXE
-
\??\c:\9tthnt.exec:\9tthnt.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhhbb.exec:\tnhhbb.exe66⤵
-
\??\c:\pjjvd.exec:\pjjvd.exe67⤵
-
\??\c:\llrxlrf.exec:\llrxlrf.exe68⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe69⤵
-
\??\c:\5bttbn.exec:\5bttbn.exe70⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe71⤵
-
\??\c:\rrlrflf.exec:\rrlrflf.exe72⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe73⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe74⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe75⤵
-
\??\c:\lrllxlx.exec:\lrllxlx.exe76⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe77⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe78⤵
-
\??\c:\pddpp.exec:\pddpp.exe79⤵
-
\??\c:\xrfrflf.exec:\xrfrflf.exe80⤵
-
\??\c:\5bttht.exec:\5bttht.exe81⤵
-
\??\c:\3dvdj.exec:\3dvdj.exe82⤵
-
\??\c:\7pjjd.exec:\7pjjd.exe83⤵
-
\??\c:\rrrflxx.exec:\rrrflxx.exe84⤵
-
\??\c:\nnnhbh.exec:\nnnhbh.exe85⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe86⤵
-
\??\c:\rxfrlrl.exec:\rxfrlrl.exe87⤵
-
\??\c:\rrxfxxl.exec:\rrxfxxl.exe88⤵
-
\??\c:\thnhnh.exec:\thnhnh.exe89⤵
-
\??\c:\hhnnht.exec:\hhnnht.exe90⤵
-
\??\c:\bnbtbb.exec:\bnbtbb.exe91⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe92⤵
-
\??\c:\lxflrxl.exec:\lxflrxl.exe93⤵
-
\??\c:\9lrfflf.exec:\9lrfflf.exe94⤵
-
\??\c:\bbtbhn.exec:\bbtbhn.exe95⤵
-
\??\c:\djjdd.exec:\djjdd.exe96⤵
-
\??\c:\rrxfxfr.exec:\rrxfxfr.exe97⤵
-
\??\c:\hntbth.exec:\hntbth.exe98⤵
-
\??\c:\nttbht.exec:\nttbht.exe99⤵
-
\??\c:\7djdj.exec:\7djdj.exe100⤵
-
\??\c:\1ttbtb.exec:\1ttbtb.exe101⤵
-
\??\c:\nhhnhn.exec:\nhhnhn.exe102⤵
-
\??\c:\vvdjj.exec:\vvdjj.exe103⤵
-
\??\c:\xrxlrrl.exec:\xrxlrrl.exe104⤵
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe105⤵
-
\??\c:\bhtntn.exec:\bhtntn.exe106⤵
-
\??\c:\1djvp.exec:\1djvp.exe107⤵
-
\??\c:\ffrrrxf.exec:\ffrrrxf.exe108⤵
-
\??\c:\ttntbn.exec:\ttntbn.exe109⤵
-
\??\c:\tbbnhn.exec:\tbbnhn.exe110⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe111⤵
-
\??\c:\xfxlrfx.exec:\xfxlrfx.exe112⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe113⤵
-
\??\c:\nnhhnt.exec:\nnhhnt.exe114⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe115⤵
-
\??\c:\rrrfxff.exec:\rrrfxff.exe116⤵
-
\??\c:\nbthnt.exec:\nbthnt.exe117⤵
-
\??\c:\3thtnn.exec:\3thtnn.exe118⤵
-
\??\c:\9vpjd.exec:\9vpjd.exe119⤵
-
\??\c:\xllfffr.exec:\xllfffr.exe120⤵
-
\??\c:\btnthn.exec:\btnthn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-