Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
10/05/2024, 21:05
General
-
Target
044fa1992658ec6bacb6b1f960312550_NeikiAnalytics.exe
-
Size
73KB
-
MD5
044fa1992658ec6bacb6b1f960312550
-
SHA1
0ab1805d5e1fd7976fc7062dcacca45d919a02d3
-
SHA256
2fb4aa62ccbdb6501a1b2c54e512a16fc6ca7873871f1df75ac25061d247f2a4
-
SHA512
d831f29671b12c1a72b14035a14a45868b1f124579ddafb7e70e23618b8ef4b05e4e1cfcf4da60f664e9a91fdc8007a7b1925c9f5be1644984b748cca372306d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJSsD+cGUFzJ8ng:ymb3NkkiQ3mdBjFIwsDhbNf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\044fa1992658ec6bacb6b1f960312550_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\044fa1992658ec6bacb6b1f960312550_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbh.exec:\bthtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthh.exec:\nhnthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlffl.exec:\xxrlffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntn.exec:\tnhntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfffl.exec:\lfxfffl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbhh.exec:\bnbbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhhh.exec:\1bnhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjvv.exec:\3pjvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlxxxf.exec:\xrlxxxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnttt.exec:\5tnttt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnttb.exec:\9nnttb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\rxfxrlr.exec:\rxfxrlr.exe18⤵
- Executes dropped EXE
-
\??\c:\bbtbnt.exec:\bbtbnt.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe21⤵
- Executes dropped EXE
-
\??\c:\ppvjv.exec:\ppvjv.exe22⤵
- Executes dropped EXE
-
\??\c:\fxxflxl.exec:\fxxflxl.exe23⤵
- Executes dropped EXE
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\hhnntb.exec:\hhnntb.exe25⤵
- Executes dropped EXE
-
\??\c:\1pdpv.exec:\1pdpv.exe26⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe27⤵
- Executes dropped EXE
-
\??\c:\5rllxxl.exec:\5rllxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\7bbtbb.exec:\7bbtbb.exe29⤵
- Executes dropped EXE
-
\??\c:\1bbhtn.exec:\1bbhtn.exe30⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxxflx.exec:\rlxxflx.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe34⤵
- Executes dropped EXE
-
\??\c:\3bnnbb.exec:\3bnnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe36⤵
- Executes dropped EXE
-
\??\c:\pdppj.exec:\pdppj.exe37⤵
- Executes dropped EXE
-
\??\c:\lfflxfl.exec:\lfflxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\1ffrfxl.exec:\1ffrfxl.exe39⤵
- Executes dropped EXE
-
\??\c:\ttbnbh.exec:\ttbnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\7nhhnn.exec:\7nhhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\1pjpv.exec:\1pjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjvjd.exec:\pjvjd.exe43⤵
- Executes dropped EXE
-
\??\c:\lflrflf.exec:\lflrflf.exe44⤵
- Executes dropped EXE
-
\??\c:\xrllrrx.exec:\xrllrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\tthnnt.exec:\tthnnt.exe46⤵
- Executes dropped EXE
-
\??\c:\tthhtt.exec:\tthhtt.exe47⤵
- Executes dropped EXE
-
\??\c:\3jvdj.exec:\3jvdj.exe48⤵
- Executes dropped EXE
-
\??\c:\7pjdp.exec:\7pjdp.exe49⤵
- Executes dropped EXE
-
\??\c:\xflffll.exec:\xflffll.exe50⤵
- Executes dropped EXE
-
\??\c:\llxflrx.exec:\llxflrx.exe51⤵
- Executes dropped EXE
-
\??\c:\9bnttt.exec:\9bnttt.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhbnh.exec:\bhhbnh.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxxrxf.exec:\xrxxrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\rlffllf.exec:\rlffllf.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbthh.exec:\tnbthh.exe58⤵
- Executes dropped EXE
-
\??\c:\7hhttb.exec:\7hhttb.exe59⤵
- Executes dropped EXE
-
\??\c:\jjvpv.exec:\jjvpv.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjpv.exec:\jjjpv.exe61⤵
- Executes dropped EXE
-
\??\c:\rlxflrx.exec:\rlxflrx.exe62⤵
- Executes dropped EXE
-
\??\c:\9rlrfll.exec:\9rlrfll.exe63⤵
- Executes dropped EXE
-
\??\c:\hhttnn.exec:\hhttnn.exe64⤵
- Executes dropped EXE
-
\??\c:\9btbhh.exec:\9btbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\jdjvd.exec:\jdjvd.exe66⤵
-
\??\c:\3jddd.exec:\3jddd.exe67⤵
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe68⤵
-
\??\c:\9lxfflx.exec:\9lxfflx.exe69⤵
-
\??\c:\ffxrxfr.exec:\ffxrxfr.exe70⤵
-
\??\c:\btnhhb.exec:\btnhhb.exe71⤵
-
\??\c:\btnnbb.exec:\btnnbb.exe72⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe73⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe74⤵
-
\??\c:\xxxxxlr.exec:\xxxxxlr.exe75⤵
-
\??\c:\xrflxfl.exec:\xrflxfl.exe76⤵
-
\??\c:\tnthhn.exec:\tnthhn.exe77⤵
-
\??\c:\7nhnth.exec:\7nhnth.exe78⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe79⤵
-
\??\c:\3pjpv.exec:\3pjpv.exe80⤵
-
\??\c:\1xxfllx.exec:\1xxfllx.exe81⤵
-
\??\c:\1fffllx.exec:\1fffllx.exe82⤵
-
\??\c:\1thhtt.exec:\1thhtt.exe83⤵
-
\??\c:\tnbbnh.exec:\tnbbnh.exe84⤵
-
\??\c:\9hbbtt.exec:\9hbbtt.exe85⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe86⤵
-
\??\c:\pvjpp.exec:\pvjpp.exe87⤵
-
\??\c:\xrfxrxf.exec:\xrfxrxf.exe88⤵
-
\??\c:\3frxxfl.exec:\3frxxfl.exe89⤵
-
\??\c:\1btbtb.exec:\1btbtb.exe90⤵
-
\??\c:\bbthht.exec:\bbthht.exe91⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe92⤵
-
\??\c:\9dvvv.exec:\9dvvv.exe93⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe94⤵
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe95⤵
-
\??\c:\xlxxllx.exec:\xlxxllx.exe96⤵
-
\??\c:\7tntbb.exec:\7tntbb.exe97⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe98⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe99⤵
-
\??\c:\jpppj.exec:\jpppj.exe100⤵
-
\??\c:\jdppv.exec:\jdppv.exe101⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe102⤵
-
\??\c:\9rllrxf.exec:\9rllrxf.exe103⤵
-
\??\c:\1lflrrx.exec:\1lflrrx.exe104⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe105⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe106⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe107⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe108⤵
-
\??\c:\9xxrffl.exec:\9xxrffl.exe109⤵
-
\??\c:\xrfrlxf.exec:\xrfrlxf.exe110⤵
-
\??\c:\rrflrrr.exec:\rrflrrr.exe111⤵
-
\??\c:\5htnbn.exec:\5htnbn.exe112⤵
-
\??\c:\5tnntb.exec:\5tnntb.exe113⤵
-
\??\c:\7pjvd.exec:\7pjvd.exe114⤵
-
\??\c:\9vdpj.exec:\9vdpj.exe115⤵
-
\??\c:\llxfrrf.exec:\llxfrrf.exe116⤵
-
\??\c:\fxlxffx.exec:\fxlxffx.exe117⤵
-
\??\c:\tthntb.exec:\tthntb.exe118⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe119⤵
-
\??\c:\nbtbnt.exec:\nbtbnt.exe120⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-