Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 07:24
General
-
Target
9e20ed3a49116236f9082d348b665060_NeikiAnalytics.exe
-
Size
193KB
-
MD5
9e20ed3a49116236f9082d348b665060
-
SHA1
80f8af9a3529c40b32e11b21f6799f5d6e356894
-
SHA256
9abb3779f02827fd1b363a7e84d5f3b29ed152991bcdebf913037e8cb5d0355a
-
SHA512
a52a03af5fa775fc0b5cbefeb990ed404638c38a3e4da1edd046a09c86046a7585acedfe866d89da0872e61e1dce435cdc7b66221d643ec37b7e9cac3b15ded2
-
SSDEEP
1536:VvQBeOGtrYSSsrc93UBIfdC67m6AJiqHlHdmAWI:VhOm2sI93UufdC67ciVAWI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9e20ed3a49116236f9082d348b665060_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9e20ed3a49116236f9082d348b665060_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbtnt.exec:\3nbtnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddp.exec:\7pddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxllfl.exec:\rrxllfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60840.exec:\60840.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0428442.exec:\0428442.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3btbtt.exec:\3btbtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\864004.exec:\864004.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\080024.exec:\080024.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\866244.exec:\866244.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u228006.exec:\u228006.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdd.exec:\dpvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfffrfr.exec:\lfffrfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22028.exec:\22028.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6042008.exec:\6042008.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82442.exec:\82442.exe17⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe18⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe19⤵
- Executes dropped EXE
-
\??\c:\04268.exec:\04268.exe20⤵
- Executes dropped EXE
-
\??\c:\a2002.exec:\a2002.exe21⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\ntnhth.exec:\ntnhth.exe23⤵
- Executes dropped EXE
-
\??\c:\486428.exec:\486428.exe24⤵
- Executes dropped EXE
-
\??\c:\60228.exec:\60228.exe25⤵
- Executes dropped EXE
-
\??\c:\486284.exec:\486284.exe26⤵
- Executes dropped EXE
-
\??\c:\a2086.exec:\a2086.exe27⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe28⤵
- Executes dropped EXE
-
\??\c:\g6888.exec:\g6888.exe29⤵
- Executes dropped EXE
-
\??\c:\s6624.exec:\s6624.exe30⤵
- Executes dropped EXE
-
\??\c:\26062.exec:\26062.exe31⤵
- Executes dropped EXE
-
\??\c:\6608220.exec:\6608220.exe32⤵
- Executes dropped EXE
-
\??\c:\260206.exec:\260206.exe33⤵
- Executes dropped EXE
-
\??\c:\e22844.exec:\e22844.exe34⤵
- Executes dropped EXE
-
\??\c:\hhtttt.exec:\hhtttt.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\nnhbnn.exec:\nnhbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\44462.exec:\44462.exe39⤵
- Executes dropped EXE
-
\??\c:\0466884.exec:\0466884.exe40⤵
- Executes dropped EXE
-
\??\c:\64860.exec:\64860.exe41⤵
- Executes dropped EXE
-
\??\c:\a8040.exec:\a8040.exe42⤵
- Executes dropped EXE
-
\??\c:\1hbthb.exec:\1hbthb.exe43⤵
- Executes dropped EXE
-
\??\c:\k48804.exec:\k48804.exe44⤵
- Executes dropped EXE
-
\??\c:\602468.exec:\602468.exe45⤵
- Executes dropped EXE
-
\??\c:\btttbh.exec:\btttbh.exe46⤵
- Executes dropped EXE
-
\??\c:\9bhtht.exec:\9bhtht.exe47⤵
- Executes dropped EXE
-
\??\c:\xfxflfr.exec:\xfxflfr.exe48⤵
- Executes dropped EXE
-
\??\c:\08024.exec:\08024.exe49⤵
- Executes dropped EXE
-
\??\c:\486022.exec:\486022.exe50⤵
- Executes dropped EXE
-
\??\c:\5lfflxx.exec:\5lfflxx.exe51⤵
- Executes dropped EXE
-
\??\c:\260246.exec:\260246.exe52⤵
- Executes dropped EXE
-
\??\c:\k48686.exec:\k48686.exe53⤵
- Executes dropped EXE
-
\??\c:\m6062.exec:\m6062.exe54⤵
- Executes dropped EXE
-
\??\c:\fffrrfr.exec:\fffrrfr.exe55⤵
- Executes dropped EXE
-
\??\c:\0862884.exec:\0862884.exe56⤵
- Executes dropped EXE
-
\??\c:\s0802.exec:\s0802.exe57⤵
- Executes dropped EXE
-
\??\c:\m6006.exec:\m6006.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxlxrr.exec:\lrxlxrr.exe59⤵
- Executes dropped EXE
-
\??\c:\486800.exec:\486800.exe60⤵
- Executes dropped EXE
-
\??\c:\484466.exec:\484466.exe61⤵
- Executes dropped EXE
-
\??\c:\080884.exec:\080884.exe62⤵
- Executes dropped EXE
-
\??\c:\1djdp.exec:\1djdp.exe63⤵
- Executes dropped EXE
-
\??\c:\4422842.exec:\4422842.exe64⤵
- Executes dropped EXE
-
\??\c:\k02244.exec:\k02244.exe65⤵
- Executes dropped EXE
-
\??\c:\5ffflrx.exec:\5ffflrx.exe66⤵
-
\??\c:\602022.exec:\602022.exe67⤵
-
\??\c:\4800840.exec:\4800840.exe68⤵
-
\??\c:\ddppj.exec:\ddppj.exe69⤵
-
\??\c:\xxflfrl.exec:\xxflfrl.exe70⤵
-
\??\c:\6022002.exec:\6022002.exe71⤵
-
\??\c:\66068.exec:\66068.exe72⤵
-
\??\c:\tntttt.exec:\tntttt.exe73⤵
-
\??\c:\886802.exec:\886802.exe74⤵
-
\??\c:\vpddp.exec:\vpddp.exe75⤵
-
\??\c:\e82424.exec:\e82424.exe76⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe77⤵
-
\??\c:\ffxlffr.exec:\ffxlffr.exe78⤵
-
\??\c:\4802806.exec:\4802806.exe79⤵
-
\??\c:\264062.exec:\264062.exe80⤵
-
\??\c:\s4668.exec:\s4668.exe81⤵
-
\??\c:\vpddp.exec:\vpddp.exe82⤵
-
\??\c:\4262440.exec:\4262440.exe83⤵
-
\??\c:\08020.exec:\08020.exe84⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe85⤵
-
\??\c:\u806880.exec:\u806880.exe86⤵
-
\??\c:\rlxxllf.exec:\rlxxllf.exe87⤵
-
\??\c:\80846.exec:\80846.exe88⤵
-
\??\c:\860088.exec:\860088.exe89⤵
-
\??\c:\g4266.exec:\g4266.exe90⤵
-
\??\c:\c828480.exec:\c828480.exe91⤵
-
\??\c:\o206286.exec:\o206286.exe92⤵
-
\??\c:\04028.exec:\04028.exe93⤵
-
\??\c:\bnbnnt.exec:\bnbnnt.exe94⤵
-
\??\c:\5btnbn.exec:\5btnbn.exe95⤵
-
\??\c:\rflfllx.exec:\rflfllx.exe96⤵
-
\??\c:\606684.exec:\606684.exe97⤵
-
\??\c:\q02222.exec:\q02222.exe98⤵
-
\??\c:\4480462.exec:\4480462.exe99⤵
-
\??\c:\u462884.exec:\u462884.exe100⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe101⤵
-
\??\c:\424000.exec:\424000.exe102⤵
-
\??\c:\4660482.exec:\4660482.exe103⤵
-
\??\c:\lxrxxfl.exec:\lxrxxfl.exe104⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe105⤵
-
\??\c:\284842.exec:\284842.exe106⤵
-
\??\c:\xlxxfxl.exec:\xlxxfxl.exe107⤵
-
\??\c:\pvjpj.exec:\pvjpj.exe108⤵
-
\??\c:\9nntnn.exec:\9nntnn.exe109⤵
-
\??\c:\268460.exec:\268460.exe110⤵
-
\??\c:\88662.exec:\88662.exe111⤵
-
\??\c:\6044220.exec:\6044220.exe112⤵
-
\??\c:\2226442.exec:\2226442.exe113⤵
-
\??\c:\9ttbhn.exec:\9ttbhn.exe114⤵
-
\??\c:\48280.exec:\48280.exe115⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe116⤵
-
\??\c:\rlffxxf.exec:\rlffxxf.exe117⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe118⤵
-
\??\c:\068020.exec:\068020.exe119⤵
-
\??\c:\08466.exec:\08466.exe120⤵
-
\??\c:\rfrxxxf.exec:\rfrxxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-