Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
11-05-2024 01:41
General
-
Target
4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe
-
Size
211KB
-
MD5
4f1b579425b09dd37ba4e79ff5a72200
-
SHA1
d1c513b2a3f0809e1ccea95e6a11ccdf22e1483c
-
SHA256
cfbcf45797965effe65361b7fb54c5be3745750cbd5d06c09317b0c14a4cf003
-
SHA512
b4eeb6346b6ab7dce15cbdfb04d66e8dabe62809bf74322ea3f8c0cc9f43cb8f128e0839623a9425008b3f3dd3ee99beabd91b39302e1cb7196b81682e68312d
-
SSDEEP
1536:wvQBeOGtrYSSsrc93UBIfdC67m6AJiqQfg3Cip8iXAsG5M0nj:whOm2sI93UufdC67cizfmCiiiXA/
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f1b579425b09dd37ba4e79ff5a72200_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lffflrx.exec:\lffflrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhnnh.exec:\bhhnnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbtth.exec:\9hbtth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdjp.exec:\5jdjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfllr.exec:\rfxfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbhn.exec:\tntbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtttt.exec:\hbtttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdj.exec:\dppdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllrrx.exec:\xrllrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xflrrx.exec:\9xflrrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhnt.exec:\tnhhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppp.exec:\jdppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvv.exec:\vjpvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrflr.exec:\9lxrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntb.exec:\tnbntb.exe17⤵
- Executes dropped EXE
-
\??\c:\7nttnt.exec:\7nttnt.exe18⤵
- Executes dropped EXE
-
\??\c:\pjpjv.exec:\pjpjv.exe19⤵
- Executes dropped EXE
-
\??\c:\rlxxflr.exec:\rlxxflr.exe20⤵
- Executes dropped EXE
-
\??\c:\5nnntb.exec:\5nnntb.exe21⤵
- Executes dropped EXE
-
\??\c:\hnhnbh.exec:\hnhnbh.exe22⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\7fxrxxf.exec:\7fxrxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe26⤵
- Executes dropped EXE
-
\??\c:\pjpdv.exec:\pjpdv.exe27⤵
- Executes dropped EXE
-
\??\c:\frlrxfl.exec:\frlrxfl.exe28⤵
- Executes dropped EXE
-
\??\c:\3hbnth.exec:\3hbnth.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xrfflfr.exec:\xrfflfr.exe31⤵
- Executes dropped EXE
-
\??\c:\nnhbth.exec:\nnhbth.exe32⤵
- Executes dropped EXE
-
\??\c:\3nnhtb.exec:\3nnhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrrrrr.exec:\xfrrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\3rfllrx.exec:\3rfllrx.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbth.exec:\btnbth.exe37⤵
- Executes dropped EXE
-
\??\c:\ttthnt.exec:\ttthnt.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\7lrlllf.exec:\7lrlllf.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrrffl.exec:\lfrrffl.exe41⤵
- Executes dropped EXE
-
\??\c:\thtbnn.exec:\thtbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe43⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe44⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe45⤵
- Executes dropped EXE
-
\??\c:\1xrxrrf.exec:\1xrxrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\rrlrlxf.exec:\rrlrlxf.exe47⤵
- Executes dropped EXE
-
\??\c:\tbtntb.exec:\tbtntb.exe48⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe49⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe50⤵
- Executes dropped EXE
-
\??\c:\9rllfxl.exec:\9rllfxl.exe51⤵
- Executes dropped EXE
-
\??\c:\rfffllx.exec:\rfffllx.exe52⤵
- Executes dropped EXE
-
\??\c:\hbnbbn.exec:\hbnbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\htntht.exec:\htntht.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\lxxfrff.exec:\lxxfrff.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrxllr.exec:\lfrxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe59⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe60⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfrlxl.exec:\fxfrlxl.exe64⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe65⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe66⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe67⤵
-
\??\c:\5jdvd.exec:\5jdvd.exe68⤵
-
\??\c:\1fflxlr.exec:\1fflxlr.exe69⤵
-
\??\c:\rfxrfxl.exec:\rfxrfxl.exe70⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe71⤵
-
\??\c:\hhhbnt.exec:\hhhbnt.exe72⤵
-
\??\c:\dvppd.exec:\dvppd.exe73⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe74⤵
-
\??\c:\lfxllrf.exec:\lfxllrf.exe75⤵
-
\??\c:\rlflxxr.exec:\rlflxxr.exe76⤵
-
\??\c:\lffrffr.exec:\lffrffr.exe77⤵
-
\??\c:\hhbbnh.exec:\hhbbnh.exe78⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe79⤵
-
\??\c:\vppdj.exec:\vppdj.exe80⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe81⤵
-
\??\c:\frrxrfx.exec:\frrxrfx.exe82⤵
-
\??\c:\1rxxxfr.exec:\1rxxxfr.exe83⤵
-
\??\c:\nnhbbt.exec:\nnhbbt.exe84⤵
-
\??\c:\btbnbh.exec:\btbnbh.exe85⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe86⤵
-
\??\c:\dppdv.exec:\dppdv.exe87⤵
-
\??\c:\lflfrxr.exec:\lflfrxr.exe88⤵
-
\??\c:\rlrlxxr.exec:\rlrlxxr.exe89⤵
-
\??\c:\9bbntn.exec:\9bbntn.exe90⤵
-
\??\c:\9bntth.exec:\9bntth.exe91⤵
-
\??\c:\1hhtht.exec:\1hhtht.exe92⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe93⤵
-
\??\c:\1dvdj.exec:\1dvdj.exe94⤵
-
\??\c:\9xfxffr.exec:\9xfxffr.exe95⤵
-
\??\c:\fxrfxlr.exec:\fxrfxlr.exe96⤵
-
\??\c:\hbhhtb.exec:\hbhhtb.exe97⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe98⤵
-
\??\c:\9pvdj.exec:\9pvdj.exe99⤵
-
\??\c:\7ddjj.exec:\7ddjj.exe100⤵
-
\??\c:\lfxlrlf.exec:\lfxlrlf.exe101⤵
-
\??\c:\5nnhtb.exec:\5nnhtb.exe102⤵
-
\??\c:\nnntbt.exec:\nnntbt.exe103⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe104⤵
-
\??\c:\vvvjd.exec:\vvvjd.exe105⤵
-
\??\c:\rrllrrr.exec:\rrllrrr.exe106⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe107⤵
-
\??\c:\bthbnh.exec:\bthbnh.exe108⤵
-
\??\c:\1bbnth.exec:\1bbnth.exe109⤵
-
\??\c:\pppvd.exec:\pppvd.exe110⤵
-
\??\c:\vddpp.exec:\vddpp.exe111⤵
-
\??\c:\5flrflr.exec:\5flrflr.exe112⤵
-
\??\c:\3xlflrx.exec:\3xlflrx.exe113⤵
-
\??\c:\hhtthb.exec:\hhtthb.exe114⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe115⤵
-
\??\c:\hhnbtb.exec:\hhnbtb.exe116⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe117⤵
-
\??\c:\9jjpv.exec:\9jjpv.exe118⤵
-
\??\c:\rllxrxx.exec:\rllxrxx.exe119⤵
-
\??\c:\5rrfrrx.exec:\5rrfrrx.exe120⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-