Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
11-05-2024 00:57
General
-
Target
438c2c204bd3f478410246581267f670_NeikiAnalytics.exe
-
Size
392KB
-
MD5
438c2c204bd3f478410246581267f670
-
SHA1
e2b3127f3943ce753ca784376a528a7b254e2ae7
-
SHA256
2f3d907b14c46a0531a6f82dd56768aeb78fc86e8960a451981be95d0d9b7c82
-
SHA512
75eefc596cbd27a84e5e376d37fdaf40e6c21d69cb2bf838260327f9ed117e5d367e4086d3d5da61a391745b88ae61e80ac9289315cd058aa1d6c3126ffd2a44
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwOV:n3C9uYA7okVqdKwaO5CV3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\438c2c204bd3f478410246581267f670_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\438c2c204bd3f478410246581267f670_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtb.exec:\bthhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflflx.exec:\rlflflx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbtnb.exec:\tbbtnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlfxlf.exec:\lrlfxlf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hbttb.exec:\3hbttb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhhn.exec:\nnhhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvvv.exec:\9pvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthn.exec:\nhbthn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llrxfr.exec:\9llrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrllrr.exec:\xfrllrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhnt.exec:\hthhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvv.exec:\vvpvv.exe17⤵
- Executes dropped EXE
-
\??\c:\xrlfrfx.exec:\xrlfrfx.exe18⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe19⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe20⤵
- Executes dropped EXE
-
\??\c:\fffrxfl.exec:\fffrxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\htttnt.exec:\htttnt.exe22⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe23⤵
- Executes dropped EXE
-
\??\c:\xxlxflx.exec:\xxlxflx.exe24⤵
- Executes dropped EXE
-
\??\c:\9vvpj.exec:\9vvpj.exe25⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe26⤵
- Executes dropped EXE
-
\??\c:\xfxlrrf.exec:\xfxlrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\9ppdp.exec:\9ppdp.exe28⤵
- Executes dropped EXE
-
\??\c:\5dddp.exec:\5dddp.exe29⤵
- Executes dropped EXE
-
\??\c:\lrlxxxr.exec:\lrlxxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\tnhbnn.exec:\tnhbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\1vpvj.exec:\1vpvj.exe32⤵
- Executes dropped EXE
-
\??\c:\9llrffr.exec:\9llrffr.exe33⤵
- Executes dropped EXE
-
\??\c:\bntnbn.exec:\bntnbn.exe34⤵
- Executes dropped EXE
-
\??\c:\tnnbth.exec:\tnnbth.exe35⤵
- Executes dropped EXE
-
\??\c:\dddjv.exec:\dddjv.exe36⤵
- Executes dropped EXE
-
\??\c:\1fxxlrx.exec:\1fxxlrx.exe37⤵
- Executes dropped EXE
-
\??\c:\rrrflrf.exec:\rrrflrf.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhthn.exec:\nhhthn.exe39⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\tbntth.exec:\tbntth.exe42⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe44⤵
- Executes dropped EXE
-
\??\c:\frrlxll.exec:\frrlxll.exe45⤵
- Executes dropped EXE
-
\??\c:\xfrlxxx.exec:\xfrlxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbhtb.exec:\tnbhtb.exe48⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe49⤵
- Executes dropped EXE
-
\??\c:\rrrxlrf.exec:\rrrxlrf.exe50⤵
- Executes dropped EXE
-
\??\c:\rrlfrff.exec:\rrlfrff.exe51⤵
- Executes dropped EXE
-
\??\c:\7btbbb.exec:\7btbbb.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe53⤵
- Executes dropped EXE
-
\??\c:\fllxlrl.exec:\fllxlrl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbthbh.exec:\hbthbh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe56⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe57⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe58⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe60⤵
- Executes dropped EXE
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\3tntht.exec:\3tntht.exe62⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe64⤵
- Executes dropped EXE
-
\??\c:\xllrffr.exec:\xllrffr.exe65⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe66⤵
-
\??\c:\djvdv.exec:\djvdv.exe67⤵
-
\??\c:\frxxrlr.exec:\frxxrlr.exe68⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe69⤵
-
\??\c:\5hhhnn.exec:\5hhhnn.exe70⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe71⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe72⤵
-
\??\c:\rxllrfx.exec:\rxllrfx.exe73⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe74⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe75⤵
-
\??\c:\ddjvv.exec:\ddjvv.exe76⤵
-
\??\c:\lrrflrf.exec:\lrrflrf.exe77⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe78⤵
-
\??\c:\tntbtb.exec:\tntbtb.exe79⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe80⤵
-
\??\c:\rxfxrfr.exec:\rxfxrfr.exe81⤵
-
\??\c:\3tnnbh.exec:\3tnnbh.exe82⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe83⤵
-
\??\c:\7rfxrlr.exec:\7rfxrlr.exe84⤵
-
\??\c:\vdvvj.exec:\vdvvj.exe85⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe86⤵
-
\??\c:\tttbth.exec:\tttbth.exe87⤵
-
\??\c:\pjdvj.exec:\pjdvj.exe88⤵
-
\??\c:\fxrrffr.exec:\fxrrffr.exe89⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe90⤵
-
\??\c:\pvvpp.exec:\pvvpp.exe91⤵
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe92⤵
-
\??\c:\nhnhnb.exec:\nhnhnb.exe93⤵
-
\??\c:\rxflfrl.exec:\rxflfrl.exe94⤵
-
\??\c:\thbbtb.exec:\thbbtb.exe95⤵
-
\??\c:\djvjd.exec:\djvjd.exe96⤵
-
\??\c:\fllrflf.exec:\fllrflf.exe97⤵
-
\??\c:\5hbhnt.exec:\5hbhnt.exe98⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe99⤵
-
\??\c:\xfrlrxl.exec:\xfrlrxl.exe100⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe101⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe102⤵
-
\??\c:\jpjjj.exec:\jpjjj.exe103⤵
-
\??\c:\xflllrl.exec:\xflllrl.exe104⤵
-
\??\c:\5htbhh.exec:\5htbhh.exe105⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe106⤵
-
\??\c:\flfxrll.exec:\flfxrll.exe107⤵
-
\??\c:\rxxfxrx.exec:\rxxfxrx.exe108⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe109⤵
-
\??\c:\ppdjv.exec:\ppdjv.exe110⤵
-
\??\c:\vvvdj.exec:\vvvdj.exe111⤵
-
\??\c:\7hhbnb.exec:\7hhbnb.exe112⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe113⤵
-
\??\c:\lxxxfxr.exec:\lxxxfxr.exe114⤵
-
\??\c:\rxrxlll.exec:\rxrxlll.exe115⤵
-
\??\c:\hnnbnn.exec:\hnnbnn.exe116⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe117⤵
-
\??\c:\ffxlxfr.exec:\ffxlxfr.exe118⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe119⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe120⤵
-
\??\c:\xlrlffl.exec:\xlrlffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-