Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10-05-2024 18:36
General
-
Target
43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe
-
Size
970KB
-
MD5
43f516efa3adfe881d783fd76c0db8c0
-
SHA1
d809ed5ef09b00e4c8ce0bee501a3019cc5576e3
-
SHA256
215bb0a1c292ae3d85a2fbbc6910f231d8ed15b8af74585d3680a0fa78f2ffb2
-
SHA512
0af90f7ab3c8dbacd85db32fff7c889149428e852b60677427040057dc203d38d768a634bf659b6c2e9598f14a1236023a2edbccde2519c854ff49009eaac1d3
-
SSDEEP
12288:n3C9yMo+S0L9xRnoq7H9xqYL04iVypNKvzcMwdBS3b3aoqYveXVadBlHD+CURPO5:SgD4bhoqLDqYLagB6Wj1+Cyv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43f516efa3adfe881d783fd76c0db8c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllffr.exec:\xxllffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhtt.exec:\hhnhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrffrrx.exec:\rrffrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxfffr.exec:\3rxfffr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bntnb.exec:\5bntnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddj.exec:\jjddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrxrr.exec:\lxlrxrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththth.exec:\ththth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvd.exec:\pdvvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflrxf.exec:\rrflrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrflx.exec:\rrrrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbhn.exec:\nbtbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjd.exec:\jjjjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tttnn.exec:\7tttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpvp.exec:\jvpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\btthtt.exec:\btthtt.exe19⤵
- Executes dropped EXE
-
\??\c:\hhtttb.exec:\hhtttb.exe20⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe21⤵
- Executes dropped EXE
-
\??\c:\ffrlxxr.exec:\ffrlxxr.exe22⤵
- Executes dropped EXE
-
\??\c:\bnhhth.exec:\bnhhth.exe23⤵
- Executes dropped EXE
-
\??\c:\ddpdp.exec:\ddpdp.exe24⤵
- Executes dropped EXE
-
\??\c:\7rllrfr.exec:\7rllrfr.exe25⤵
- Executes dropped EXE
-
\??\c:\rlffxfx.exec:\rlffxfx.exe26⤵
- Executes dropped EXE
-
\??\c:\thbnhb.exec:\thbnhb.exe27⤵
- Executes dropped EXE
-
\??\c:\9htthh.exec:\9htthh.exe28⤵
- Executes dropped EXE
-
\??\c:\7rllflx.exec:\7rllflx.exe29⤵
- Executes dropped EXE
-
\??\c:\7vddj.exec:\7vddj.exe30⤵
- Executes dropped EXE
-
\??\c:\1frxlll.exec:\1frxlll.exe31⤵
- Executes dropped EXE
-
\??\c:\ntntbh.exec:\ntntbh.exe32⤵
- Executes dropped EXE
-
\??\c:\3pvvd.exec:\3pvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\7lxflrx.exec:\7lxflrx.exe35⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe36⤵
- Executes dropped EXE
-
\??\c:\ddddp.exec:\ddddp.exe37⤵
- Executes dropped EXE
-
\??\c:\nhbhth.exec:\nhbhth.exe38⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\frllrxx.exec:\frllrxx.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhntt.exec:\nhhntt.exe41⤵
- Executes dropped EXE
-
\??\c:\5vjjp.exec:\5vjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\ffllrrx.exec:\ffllrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\bbbhtb.exec:\bbbhtb.exe44⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlxrxf.exec:\fxlxrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbnt.exec:\hbbbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe48⤵
- Executes dropped EXE
-
\??\c:\5rxflrr.exec:\5rxflrr.exe49⤵
- Executes dropped EXE
-
\??\c:\9tnttn.exec:\9tnttn.exe50⤵
- Executes dropped EXE
-
\??\c:\djpjp.exec:\djpjp.exe51⤵
- Executes dropped EXE
-
\??\c:\fxxrrrf.exec:\fxxrrrf.exe52⤵
- Executes dropped EXE
-
\??\c:\tttbnb.exec:\tttbnb.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\9rrlxxf.exec:\9rrlxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\tnhbhh.exec:\tnhbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe57⤵
- Executes dropped EXE
-
\??\c:\5xlflll.exec:\5xlflll.exe58⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe59⤵
- Executes dropped EXE
-
\??\c:\1vpvv.exec:\1vpvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lfxxrxl.exec:\lfxxrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\7thhtb.exec:\7thhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\xlflllr.exec:\xlflllr.exe64⤵
- Executes dropped EXE
-
\??\c:\5thtbh.exec:\5thtbh.exe65⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe66⤵
-
\??\c:\1xrxrrf.exec:\1xrxrrf.exe67⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe68⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe69⤵
-
\??\c:\flxffll.exec:\flxffll.exe70⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe71⤵
-
\??\c:\lxrxlrr.exec:\lxrxlrr.exe72⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe73⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe74⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe75⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe76⤵
-
\??\c:\9rxfllr.exec:\9rxfllr.exe77⤵
-
\??\c:\tttbnb.exec:\tttbnb.exe78⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe79⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe80⤵
-
\??\c:\7xxfxfl.exec:\7xxfxfl.exe81⤵
-
\??\c:\nhbhhb.exec:\nhbhhb.exe82⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe83⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe84⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe85⤵
-
\??\c:\3jpvj.exec:\3jpvj.exe86⤵
-
\??\c:\frlfrrf.exec:\frlfrrf.exe87⤵
-
\??\c:\btnthn.exec:\btnthn.exe88⤵
-
\??\c:\vvjpp.exec:\vvjpp.exe89⤵
-
\??\c:\ffrlrxx.exec:\ffrlrxx.exe90⤵
-
\??\c:\tbthtb.exec:\tbthtb.exe91⤵
-
\??\c:\7jvpp.exec:\7jvpp.exe92⤵
-
\??\c:\rlrxffl.exec:\rlrxffl.exe93⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe94⤵
-
\??\c:\vvppv.exec:\vvppv.exe95⤵
-
\??\c:\rlrllrf.exec:\rlrllrf.exe96⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe97⤵
-
\??\c:\pdjpj.exec:\pdjpj.exe98⤵
-
\??\c:\pdpdp.exec:\pdpdp.exe99⤵
-
\??\c:\9btnth.exec:\9btnth.exe100⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe101⤵
-
\??\c:\vvvvd.exec:\vvvvd.exe102⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe103⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe104⤵
-
\??\c:\ffllrrx.exec:\ffllrrx.exe105⤵
-
\??\c:\nhbhtn.exec:\nhbhtn.exe106⤵
-
\??\c:\djddd.exec:\djddd.exe107⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe108⤵
-
\??\c:\hthnbb.exec:\hthnbb.exe109⤵
-
\??\c:\dvddj.exec:\dvddj.exe110⤵
-
\??\c:\rxfrxfl.exec:\rxfrxfl.exe111⤵
-
\??\c:\thhtbb.exec:\thhtbb.exe112⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe113⤵
-
\??\c:\lffxlfr.exec:\lffxlfr.exe114⤵
-
\??\c:\btbhth.exec:\btbhth.exe115⤵
-
\??\c:\htntbb.exec:\htntbb.exe116⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe117⤵
-
\??\c:\xllrflx.exec:\xllrflx.exe118⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe119⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe120⤵
-
\??\c:\9rxxxfl.exec:\9rxxxfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-