Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11-05-2024 19:31
General
-
Target
2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe
-
Size
90KB
-
MD5
2f52f1e2b796c2bae7dfe34789d23aa0
-
SHA1
653bd51311812ba17c1033facc02e97c121e35fd
-
SHA256
f3692658f708f809fc12f0b79a0ed23b69a254417f3dbfc70e273966848567d4
-
SHA512
61a4a75edb257bb8d7739173584d5b9b9baae1d04222431beb62bd43088689931520dab361620d891bae4938a61d6e192496a246cbd6d2e038eef58204fa7b5d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJVM:ymb3NkkiQ3mdBjFodt27HobvcyLufNfo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2f52f1e2b796c2bae7dfe34789d23aa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbntn.exec:\9nbntn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pvvp.exec:\3pvvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xflrrf.exec:\7xflrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllxf.exec:\xrfllxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlffffl.exec:\xlffffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlrrf.exec:\flrlrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlffr.exec:\lrrlffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntth.exec:\hnntth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnntb.exec:\5tnntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdp.exec:\pdvdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxllff.exec:\frxllff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrlxlx.exec:\rrrlxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthtn.exec:\hnthtn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbb.exec:\hbttbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe17⤵
- Executes dropped EXE
-
\??\c:\lxxllxf.exec:\lxxllxf.exe18⤵
- Executes dropped EXE
-
\??\c:\5hntbt.exec:\5hntbt.exe19⤵
- Executes dropped EXE
-
\??\c:\bnnhnn.exec:\bnnhnn.exe20⤵
- Executes dropped EXE
-
\??\c:\1vjpp.exec:\1vjpp.exe21⤵
- Executes dropped EXE
-
\??\c:\xfxrffr.exec:\xfxrffr.exe22⤵
- Executes dropped EXE
-
\??\c:\frrrrll.exec:\frrrrll.exe23⤵
- Executes dropped EXE
-
\??\c:\tbhhhb.exec:\tbhhhb.exe24⤵
- Executes dropped EXE
-
\??\c:\tnntht.exec:\tnntht.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjvd.exec:\7vjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe27⤵
- Executes dropped EXE
-
\??\c:\frlflxr.exec:\frlflxr.exe28⤵
- Executes dropped EXE
-
\??\c:\7tbbhh.exec:\7tbbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\1nhhnn.exec:\1nhhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe31⤵
- Executes dropped EXE
-
\??\c:\9pvdv.exec:\9pvdv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxxxrx.exec:\xrxxxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtbbb.exec:\nbtbbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe35⤵
- Executes dropped EXE
-
\??\c:\7pjdj.exec:\7pjdj.exe36⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe37⤵
- Executes dropped EXE
-
\??\c:\frfrflf.exec:\frfrflf.exe38⤵
- Executes dropped EXE
-
\??\c:\3bhbbt.exec:\3bhbbt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjjd.exec:\dvjjd.exe40⤵
- Executes dropped EXE
-
\??\c:\1jjvv.exec:\1jjvv.exe41⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe42⤵
- Executes dropped EXE
-
\??\c:\rxlrxfl.exec:\rxlrxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\9btbbt.exec:\9btbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\nhbnnn.exec:\nhbnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\hnthtn.exec:\hnthtn.exe46⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlfrxf.exec:\xxlfrxf.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxxxxf.exec:\ffxxxxf.exe50⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe51⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjpvv.exec:\vjpvv.exe53⤵
- Executes dropped EXE
-
\??\c:\9vdvj.exec:\9vdvj.exe54⤵
- Executes dropped EXE
-
\??\c:\lrxxlff.exec:\lrxxlff.exe55⤵
- Executes dropped EXE
-
\??\c:\tbnhtt.exec:\tbnhtt.exe56⤵
- Executes dropped EXE
-
\??\c:\nttbtt.exec:\nttbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe58⤵
- Executes dropped EXE
-
\??\c:\vdppv.exec:\vdppv.exe59⤵
- Executes dropped EXE
-
\??\c:\lfllllx.exec:\lfllllx.exe60⤵
- Executes dropped EXE
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe61⤵
- Executes dropped EXE
-
\??\c:\1httbt.exec:\1httbt.exe62⤵
- Executes dropped EXE
-
\??\c:\tnhnnt.exec:\tnhnnt.exe63⤵
- Executes dropped EXE
-
\??\c:\dvdpp.exec:\dvdpp.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe65⤵
- Executes dropped EXE
-
\??\c:\rlrxflr.exec:\rlrxflr.exe66⤵
-
\??\c:\xrlrllx.exec:\xrlrllx.exe67⤵
-
\??\c:\1bnnnn.exec:\1bnnnn.exe68⤵
-
\??\c:\bhbnth.exec:\bhbnth.exe69⤵
-
\??\c:\jddvd.exec:\jddvd.exe70⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe71⤵
-
\??\c:\frrlxrf.exec:\frrlxrf.exe72⤵
-
\??\c:\ffllfxr.exec:\ffllfxr.exe73⤵
-
\??\c:\3bhttt.exec:\3bhttt.exe74⤵
-
\??\c:\nhbhtt.exec:\nhbhtt.exe75⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe76⤵
-
\??\c:\5jvvd.exec:\5jvvd.exe77⤵
-
\??\c:\5xfffff.exec:\5xfffff.exe78⤵
-
\??\c:\1rlrlll.exec:\1rlrlll.exe79⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe80⤵
-
\??\c:\7htntn.exec:\7htntn.exe81⤵
-
\??\c:\1jddd.exec:\1jddd.exe82⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe83⤵
-
\??\c:\lfffflr.exec:\lfffflr.exe84⤵
-
\??\c:\7lrffxf.exec:\7lrffxf.exe85⤵
-
\??\c:\rfrxxrx.exec:\rfrxxrx.exe86⤵
-
\??\c:\7nnnbb.exec:\7nnnbb.exe87⤵
-
\??\c:\tbnnbb.exec:\tbnnbb.exe88⤵
-
\??\c:\pjddd.exec:\pjddd.exe89⤵
-
\??\c:\jjppp.exec:\jjppp.exe90⤵
-
\??\c:\fxflxrf.exec:\fxflxrf.exe91⤵
-
\??\c:\fxxfllr.exec:\fxxfllr.exe92⤵
-
\??\c:\rfxxfff.exec:\rfxxfff.exe93⤵
-
\??\c:\nnnhnb.exec:\nnnhnb.exe94⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe95⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe96⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe97⤵
-
\??\c:\lrxrrrr.exec:\lrxrrrr.exe98⤵
-
\??\c:\ffxfxff.exec:\ffxfxff.exe99⤵
-
\??\c:\7tbttn.exec:\7tbttn.exe100⤵
-
\??\c:\9nhbhh.exec:\9nhbhh.exe101⤵
-
\??\c:\dvdpp.exec:\dvdpp.exe102⤵
-
\??\c:\jjpdd.exec:\jjpdd.exe103⤵
-
\??\c:\5rlrrxr.exec:\5rlrrxr.exe104⤵
-
\??\c:\frlxrlf.exec:\frlxrlf.exe105⤵
-
\??\c:\nbnhhh.exec:\nbnhhh.exe106⤵
-
\??\c:\hhnbhh.exec:\hhnbhh.exe107⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe108⤵
-
\??\c:\djvvv.exec:\djvvv.exe109⤵
-
\??\c:\rfxfrrr.exec:\rfxfrrr.exe110⤵
-
\??\c:\1rxrlxr.exec:\1rxrlxr.exe111⤵
-
\??\c:\lflllrr.exec:\lflllrr.exe112⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe113⤵
-
\??\c:\bhnhnb.exec:\bhnhnb.exe114⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe115⤵
-
\??\c:\vjddd.exec:\vjddd.exe116⤵
-
\??\c:\rlxlrlx.exec:\rlxlrlx.exe117⤵
-
\??\c:\1llxrrr.exec:\1llxrrr.exe118⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe119⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe120⤵
-
\??\c:\5dvpv.exec:\5dvpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-