Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
12/05/2024, 10:04
General
-
Target
8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe
-
Size
278KB
-
MD5
8331c9081a64a1bf2eb8e8187682d670
-
SHA1
30c08c1f26bfcb7e1cddccd95d9d312670ccd534
-
SHA256
47bfa7e4b3a593cb80ac33d3f1e20cde3eba66736193864f79a61ed719ee7a61
-
SHA512
e70afbb25cd8ac0851cbe9b22a15ecef5992d1dce30758375742ef97f954afd35a6d433f8930fc5eee87634370324ceed12ea7a49e998d9a375c8c5cb755e743
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpl:B4wFHoSoXW434wFHoS3eg4aeFaKHpl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpj.exec:\pjjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflfrl.exec:\xxflfrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7frfrfl.exec:\7frfrfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbhn.exec:\9btbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdj.exec:\dvpdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrxrrf.exec:\xrrxrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbhn.exec:\nntbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvvv.exec:\pvvvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvpj.exec:\pvvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppv.exec:\djppv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfxrl.exec:\rfrfxrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlrxlx.exec:\7rlrxlx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjv.exec:\vjdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tntnb.exec:\9tntnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrxf.exec:\xrflrxf.exe17⤵
- Executes dropped EXE
-
\??\c:\hhbbnn.exec:\hhbbnn.exe18⤵
- Executes dropped EXE
-
\??\c:\xlflxfr.exec:\xlflxfr.exe19⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe20⤵
- Executes dropped EXE
-
\??\c:\9vjvp.exec:\9vjvp.exe21⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe22⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe23⤵
- Executes dropped EXE
-
\??\c:\xflxrlf.exec:\xflxrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe25⤵
- Executes dropped EXE
-
\??\c:\pvjjj.exec:\pvjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbbtbt.exec:\hbbtbt.exe28⤵
- Executes dropped EXE
-
\??\c:\5fxfrxl.exec:\5fxfrxl.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\3xrlfrl.exec:\3xrlfrl.exe31⤵
- Executes dropped EXE
-
\??\c:\3pddd.exec:\3pddd.exe32⤵
- Executes dropped EXE
-
\??\c:\rllrxfr.exec:\rllrxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe34⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe35⤵
- Executes dropped EXE
-
\??\c:\1tbbnb.exec:\1tbbnb.exe36⤵
- Executes dropped EXE
-
\??\c:\1vpjv.exec:\1vpjv.exe37⤵
- Executes dropped EXE
-
\??\c:\ntthnt.exec:\ntthnt.exe38⤵
- Executes dropped EXE
-
\??\c:\1vvjj.exec:\1vvjj.exe39⤵
- Executes dropped EXE
-
\??\c:\1btnnt.exec:\1btnnt.exe40⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe41⤵
- Executes dropped EXE
-
\??\c:\fllffxr.exec:\fllffxr.exe42⤵
- Executes dropped EXE
-
\??\c:\9nbtbt.exec:\9nbtbt.exe43⤵
- Executes dropped EXE
-
\??\c:\pjddd.exec:\pjddd.exe44⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe46⤵
- Executes dropped EXE
-
\??\c:\1rxfxfl.exec:\1rxfxfl.exe47⤵
- Executes dropped EXE
-
\??\c:\3ntbnt.exec:\3ntbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\dddpd.exec:\dddpd.exe49⤵
- Executes dropped EXE
-
\??\c:\xfrffxx.exec:\xfrffxx.exe50⤵
- Executes dropped EXE
-
\??\c:\1ttbbn.exec:\1ttbbn.exe51⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe52⤵
- Executes dropped EXE
-
\??\c:\llflxlx.exec:\llflxlx.exe53⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe54⤵
- Executes dropped EXE
-
\??\c:\xrlrffl.exec:\xrlrffl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhthhn.exec:\hhthhn.exe56⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe57⤵
- Executes dropped EXE
-
\??\c:\rlflfxr.exec:\rlflfxr.exe58⤵
- Executes dropped EXE
-
\??\c:\nbbhtt.exec:\nbbhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe60⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe61⤵
- Executes dropped EXE
-
\??\c:\rfflllx.exec:\rfflllx.exe62⤵
- Executes dropped EXE
-
\??\c:\9tnntb.exec:\9tnntb.exe63⤵
- Executes dropped EXE
-
\??\c:\hbthnb.exec:\hbthnb.exe64⤵
- Executes dropped EXE
-
\??\c:\3jvvd.exec:\3jvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrxllx.exec:\ffrxllx.exe66⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe67⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe68⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe69⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe70⤵
-
\??\c:\llfxrfx.exec:\llfxrfx.exe71⤵
-
\??\c:\lfllllx.exec:\lfllllx.exe72⤵
-
\??\c:\7bnhbh.exec:\7bnhbh.exe73⤵
-
\??\c:\1vvjj.exec:\1vvjj.exe74⤵
-
\??\c:\7xrxflx.exec:\7xrxflx.exe75⤵
-
\??\c:\xlxfffr.exec:\xlxfffr.exe76⤵
-
\??\c:\btnbth.exec:\btnbth.exe77⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe78⤵
-
\??\c:\9jpdp.exec:\9jpdp.exe79⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe80⤵
-
\??\c:\rrxfrxx.exec:\rrxfrxx.exe81⤵
-
\??\c:\hbttbb.exec:\hbttbb.exe82⤵
-
\??\c:\nnnbnt.exec:\nnnbnt.exe83⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe84⤵
-
\??\c:\xrrxrxr.exec:\xrrxrxr.exe85⤵
-
\??\c:\9fxrflx.exec:\9fxrflx.exe86⤵
-
\??\c:\nnnnbh.exec:\nnnnbh.exe87⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe88⤵
-
\??\c:\xxxrffr.exec:\xxxrffr.exe89⤵
-
\??\c:\7fxlfxl.exec:\7fxlfxl.exe90⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe91⤵
-
\??\c:\9dpvj.exec:\9dpvj.exe92⤵
-
\??\c:\vpddp.exec:\vpddp.exe93⤵
-
\??\c:\rlffllr.exec:\rlffllr.exe94⤵
-
\??\c:\1bnthh.exec:\1bnthh.exe95⤵
-
\??\c:\5nnbht.exec:\5nnbht.exe96⤵
-
\??\c:\pjppv.exec:\pjppv.exe97⤵
-
\??\c:\5llrxlr.exec:\5llrxlr.exe98⤵
-
\??\c:\bbbntb.exec:\bbbntb.exe99⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe100⤵
-
\??\c:\3jjpd.exec:\3jjpd.exe101⤵
-
\??\c:\1llxffr.exec:\1llxffr.exe102⤵
-
\??\c:\tnthbn.exec:\tnthbn.exe103⤵
-
\??\c:\9jjdj.exec:\9jjdj.exe104⤵
-
\??\c:\fffllrf.exec:\fffllrf.exe105⤵
-
\??\c:\bbnntb.exec:\bbnntb.exe106⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe107⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe108⤵
-
\??\c:\rrrxflf.exec:\rrrxflf.exe109⤵
-
\??\c:\xrxxfrx.exec:\xrxxfrx.exe110⤵
-
\??\c:\bththh.exec:\bththh.exe111⤵
-
\??\c:\vjppp.exec:\vjppp.exe112⤵
-
\??\c:\3vjpd.exec:\3vjpd.exe113⤵
-
\??\c:\5lrxlrf.exec:\5lrxlrf.exe114⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe115⤵
-
\??\c:\9bbntb.exec:\9bbntb.exe116⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe117⤵
-
\??\c:\fxfffff.exec:\fxfffff.exe118⤵
-
\??\c:\fffxrfr.exec:\fffxrfr.exe119⤵
-
\??\c:\hnbnth.exec:\hnbnth.exe120⤵
-
\??\c:\dpddd.exec:\dpddd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-