Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 11:28
General
-
Target
d1f2b8c9619e089fa381d9814276b500_NeikiAnalytics.exe
-
Size
495KB
-
MD5
d1f2b8c9619e089fa381d9814276b500
-
SHA1
d6175e6323ddef12f6b4fec0f2d341dd083f1162
-
SHA256
dafbdb5a5a4bc6459add8098972d18f2a96020088e7c953dfc6270145016cedb
-
SHA512
e7b99866b7b41a7fe14f95481b0046f9c83c635fb2602f6bb1f5c46b3f0711c60384fe14213706e68bda84c5b04b4da6797356826a3a3308314347109d11df1e
-
SSDEEP
12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxP:0KFmFVtrRcFEFmFV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1f2b8c9619e089fa381d9814276b500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d1f2b8c9619e089fa381d9814276b500_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3jddp.exec:\3jddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxllx.exec:\llfxllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrllx.exec:\ffrrllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbntb.exec:\hhbntb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frrflf.exec:\9frrflf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtb.exec:\hhhhtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpd.exec:\pjvpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrffr.exec:\llfrffr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhn.exec:\hhtbhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfxfll.exec:\5rfxfll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdpj.exec:\7jdpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffllr.exec:\fxffllr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxfflx.exec:\1rxfflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnt.exec:\tthnnt.exe17⤵
- Executes dropped EXE
-
\??\c:\1pjpp.exec:\1pjpp.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbbht.exec:\nhbbht.exe19⤵
- Executes dropped EXE
-
\??\c:\xrxflll.exec:\xrxflll.exe20⤵
- Executes dropped EXE
-
\??\c:\btnbhn.exec:\btnbhn.exe21⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\fflxlrf.exec:\fflxlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtnhh.exec:\nhtnhh.exe24⤵
- Executes dropped EXE
-
\??\c:\llxfrfl.exec:\llxfrfl.exe25⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe26⤵
- Executes dropped EXE
-
\??\c:\3djpv.exec:\3djpv.exe27⤵
- Executes dropped EXE
-
\??\c:\bnhtbb.exec:\bnhtbb.exe28⤵
- Executes dropped EXE
-
\??\c:\5dpdv.exec:\5dpdv.exe29⤵
- Executes dropped EXE
-
\??\c:\lxrrffr.exec:\lxrrffr.exe30⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe31⤵
- Executes dropped EXE
-
\??\c:\3lxxxfl.exec:\3lxxxfl.exe32⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\xlffxlx.exec:\xlffxlx.exe34⤵
- Executes dropped EXE
-
\??\c:\nbhnbb.exec:\nbhnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxxxfxl.exec:\lxxxfxl.exe37⤵
- Executes dropped EXE
-
\??\c:\hthttn.exec:\hthttn.exe38⤵
- Executes dropped EXE
-
\??\c:\3jjpv.exec:\3jjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\ttnhnb.exec:\ttnhnb.exe40⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe41⤵
- Executes dropped EXE
-
\??\c:\xrxrrrx.exec:\xrxrrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\9dvvv.exec:\9dvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\1lfrxxl.exec:\1lfrxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\hhtthn.exec:\hhtthn.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllrrx.exec:\xxllrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbhtt.exec:\hbbhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\rfxfllx.exec:\rfxfllx.exe48⤵
- Executes dropped EXE
-
\??\c:\9nnbtb.exec:\9nnbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe51⤵
- Executes dropped EXE
-
\??\c:\5dvjv.exec:\5dvjv.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrxlfr.exec:\lfrxlfr.exe53⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe55⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe56⤵
- Executes dropped EXE
-
\??\c:\7lxxflx.exec:\7lxxflx.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnhtt.exec:\hbnhtt.exe58⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe59⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrfllx.exec:\fxrfllx.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhnbh.exec:\nhhnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\3jdjv.exec:\3jdjv.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrfrxr.exec:\xxrfrxr.exe64⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe66⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe67⤵
-
\??\c:\rllxxlr.exec:\rllxxlr.exe68⤵
-
\??\c:\thhbbb.exec:\thhbbb.exe69⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe70⤵
-
\??\c:\lxllxxl.exec:\lxllxxl.exe71⤵
-
\??\c:\3bthtb.exec:\3bthtb.exe72⤵
-
\??\c:\5pdpp.exec:\5pdpp.exe73⤵
-
\??\c:\fxxfrfx.exec:\fxxfrfx.exe74⤵
-
\??\c:\nnhtbn.exec:\nnhtbn.exe75⤵
-
\??\c:\hhbhbb.exec:\hhbhbb.exe76⤵
-
\??\c:\fxllxlr.exec:\fxllxlr.exe77⤵
-
\??\c:\bnhhhh.exec:\bnhhhh.exe78⤵
-
\??\c:\btntbb.exec:\btntbb.exe79⤵
-
\??\c:\ppjvp.exec:\ppjvp.exe80⤵
-
\??\c:\rrlxllx.exec:\rrlxllx.exe81⤵
-
\??\c:\thtnht.exec:\thtnht.exe82⤵
-
\??\c:\jdppv.exec:\jdppv.exe83⤵
-
\??\c:\xxrlfrf.exec:\xxrlfrf.exe84⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe85⤵
-
\??\c:\vdpvd.exec:\vdpvd.exe86⤵
-
\??\c:\xrlxllf.exec:\xrlxllf.exe87⤵
-
\??\c:\5thhnt.exec:\5thhnt.exe88⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe89⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe90⤵
-
\??\c:\9rrxlxl.exec:\9rrxlxl.exe91⤵
-
\??\c:\jpdpp.exec:\jpdpp.exe92⤵
-
\??\c:\fxrxflx.exec:\fxrxflx.exe93⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe94⤵
-
\??\c:\5xfrrfl.exec:\5xfrrfl.exe95⤵
-
\??\c:\hhbntt.exec:\hhbntt.exe96⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe97⤵
-
\??\c:\1rlxllx.exec:\1rlxllx.exe98⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe99⤵
-
\??\c:\7pdpv.exec:\7pdpv.exe100⤵
-
\??\c:\7thhtn.exec:\7thhtn.exe101⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe102⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe103⤵
-
\??\c:\btnthh.exec:\btnthh.exe104⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe105⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe106⤵
-
\??\c:\xlrxllf.exec:\xlrxllf.exe107⤵
-
\??\c:\tthntt.exec:\tthntt.exe108⤵
-
\??\c:\vpvdv.exec:\vpvdv.exe109⤵
-
\??\c:\lrflrrf.exec:\lrflrrf.exe110⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe111⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe112⤵
-
\??\c:\rrlxrlx.exec:\rrlxrlx.exe113⤵
-
\??\c:\1lfflxl.exec:\1lfflxl.exe114⤵
-
\??\c:\nhhhtb.exec:\nhhhtb.exe115⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe116⤵
-
\??\c:\xrfrffl.exec:\xrfrffl.exe117⤵
-
\??\c:\lxrffxl.exec:\lxrffxl.exe118⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe119⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe120⤵
-
\??\c:\7rfrxfx.exec:\7rfrxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-