Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
12-05-2024 13:25
General
-
Target
14ba7ca65a45fbb0f9debfdd0e0c8010_NeikiAnalytics.exe
-
Size
145KB
-
MD5
14ba7ca65a45fbb0f9debfdd0e0c8010
-
SHA1
8c3c03abf076c11372abd0f17f3df5d92dcdcf03
-
SHA256
0a2c1a8883faa63329c8a8efd7920c17c8ce1ea6748e9925cf4209dc1e346c99
-
SHA512
d1f692c3e40db80a2cfcec5d6e6ee40717b5e7963a7d92060e8a9911efa40286031a96eafb8263463ab7897cd57d919b0dc292c88cfa8964e43b24eeca2c91ae
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gFbctg0IyAyhZvjDUOy/nmPmT9seU:n3C9BRo7tvnJ9oH0IRgZvjDhy+PmxseU
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\14ba7ca65a45fbb0f9debfdd0e0c8010_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\14ba7ca65a45fbb0f9debfdd0e0c8010_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrrxl.exec:\rrlrrxl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jppd.exec:\5jppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhht.exec:\btnhht.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdp.exec:\pjjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffllfff.exec:\ffllfff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlrff.exec:\fxxlrff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpj.exec:\vpdpj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrrrf.exec:\xxrrrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbtbh.exec:\nhbtbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbhnn.exec:\9bbhnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdd.exec:\vvpdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrxxfl.exec:\xfrxxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrffr.exec:\ffxrffr.exe17⤵
- Executes dropped EXE
-
\??\c:\5nhntb.exec:\5nhntb.exe18⤵
- Executes dropped EXE
-
\??\c:\bhnhth.exec:\bhnhth.exe19⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe20⤵
- Executes dropped EXE
-
\??\c:\xxffxfx.exec:\xxffxfx.exe21⤵
- Executes dropped EXE
-
\??\c:\htthnh.exec:\htthnh.exe22⤵
- Executes dropped EXE
-
\??\c:\tththt.exec:\tththt.exe23⤵
- Executes dropped EXE
-
\??\c:\5djjv.exec:\5djjv.exe24⤵
- Executes dropped EXE
-
\??\c:\djpvp.exec:\djpvp.exe25⤵
- Executes dropped EXE
-
\??\c:\rxlrxxr.exec:\rxlrxxr.exe26⤵
- Executes dropped EXE
-
\??\c:\thttbt.exec:\thttbt.exe27⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe28⤵
- Executes dropped EXE
-
\??\c:\3xrxrxr.exec:\3xrxrxr.exe29⤵
- Executes dropped EXE
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe30⤵
- Executes dropped EXE
-
\??\c:\nntbnb.exec:\nntbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\jjpvd.exec:\jjpvd.exe32⤵
- Executes dropped EXE
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbnbb.exec:\hhbnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\bnttbn.exec:\bnttbn.exe35⤵
- Executes dropped EXE
-
\??\c:\5vvjv.exec:\5vvjv.exe36⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe38⤵
- Executes dropped EXE
-
\??\c:\9rlxlrx.exec:\9rlxlrx.exe39⤵
- Executes dropped EXE
-
\??\c:\htnbtb.exec:\htnbtb.exe40⤵
- Executes dropped EXE
-
\??\c:\bbhntt.exec:\bbhntt.exe41⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe42⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxlffr.exec:\lfxlffr.exe45⤵
- Executes dropped EXE
-
\??\c:\bnbnnt.exec:\bnbnnt.exe46⤵
- Executes dropped EXE
-
\??\c:\bbnbtb.exec:\bbnbtb.exe47⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe48⤵
- Executes dropped EXE
-
\??\c:\rrfrfrl.exec:\rrfrfrl.exe49⤵
- Executes dropped EXE
-
\??\c:\fxfffxr.exec:\fxfffxr.exe50⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\5vjpv.exec:\5vjpv.exe52⤵
- Executes dropped EXE
-
\??\c:\djjpj.exec:\djjpj.exe53⤵
- Executes dropped EXE
-
\??\c:\fxllrfl.exec:\fxllrfl.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbnnt.exec:\nhbnnt.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe56⤵
- Executes dropped EXE
-
\??\c:\jjdpv.exec:\jjdpv.exe57⤵
- Executes dropped EXE
-
\??\c:\7ddvp.exec:\7ddvp.exe58⤵
- Executes dropped EXE
-
\??\c:\5llllrl.exec:\5llllrl.exe59⤵
- Executes dropped EXE
-
\??\c:\nhtntb.exec:\nhtntb.exe60⤵
- Executes dropped EXE
-
\??\c:\tthbhh.exec:\tthbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe62⤵
- Executes dropped EXE
-
\??\c:\9flrllx.exec:\9flrllx.exe63⤵
- Executes dropped EXE
-
\??\c:\lxrrrlx.exec:\lxrrrlx.exe64⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe66⤵
-
\??\c:\xflrllf.exec:\xflrllf.exe67⤵
-
\??\c:\hbbbtt.exec:\hbbbtt.exe68⤵
-
\??\c:\nbhhnn.exec:\nbhhnn.exe69⤵
-
\??\c:\jjjpp.exec:\jjjpp.exe70⤵
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe71⤵
-
\??\c:\7hnnnn.exec:\7hnnnn.exe72⤵
-
\??\c:\9htthb.exec:\9htthb.exe73⤵
-
\??\c:\1ppvp.exec:\1ppvp.exe74⤵
-
\??\c:\lllrlfl.exec:\lllrlfl.exe75⤵
-
\??\c:\hbtntb.exec:\hbtntb.exe76⤵
-
\??\c:\5bhnbh.exec:\5bhnbh.exe77⤵
-
\??\c:\vppjv.exec:\vppjv.exe78⤵
-
\??\c:\pdddp.exec:\pdddp.exe79⤵
-
\??\c:\rxfxrxf.exec:\rxfxrxf.exe80⤵
-
\??\c:\hbhtbt.exec:\hbhtbt.exe81⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe82⤵
-
\??\c:\rrllxxx.exec:\rrllxxx.exe83⤵
-
\??\c:\5fxllxr.exec:\5fxllxr.exe84⤵
-
\??\c:\1tntbn.exec:\1tntbn.exe85⤵
-
\??\c:\dpppp.exec:\dpppp.exe86⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe87⤵
-
\??\c:\rlllfrf.exec:\rlllfrf.exe88⤵
-
\??\c:\ttnhtt.exec:\ttnhtt.exe89⤵
-
\??\c:\1tnbtn.exec:\1tnbtn.exe90⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe91⤵
-
\??\c:\fxxrlxr.exec:\fxxrlxr.exe92⤵
-
\??\c:\7btbnt.exec:\7btbnt.exe93⤵
-
\??\c:\bhbhtt.exec:\bhbhtt.exe94⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe95⤵
-
\??\c:\llxflrx.exec:\llxflrx.exe96⤵
-
\??\c:\nhnbnt.exec:\nhnbnt.exe97⤵
-
\??\c:\hhhtnb.exec:\hhhtnb.exe98⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe99⤵
-
\??\c:\xxffxrf.exec:\xxffxrf.exe100⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe101⤵
-
\??\c:\bhhbnb.exec:\bhhbnb.exe102⤵
-
\??\c:\3vjjp.exec:\3vjjp.exe103⤵
-
\??\c:\lxxfxff.exec:\lxxfxff.exe104⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe105⤵
-
\??\c:\hhhtbh.exec:\hhhtbh.exe106⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe107⤵
-
\??\c:\9xxrxfl.exec:\9xxrxfl.exe108⤵
-
\??\c:\llxfxrx.exec:\llxfxrx.exe109⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe110⤵
-
\??\c:\hntnhn.exec:\hntnhn.exe111⤵
-
\??\c:\xrxxrxl.exec:\xrxxrxl.exe112⤵
-
\??\c:\3jpdp.exec:\3jpdp.exe113⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe114⤵
-
\??\c:\lrrlflr.exec:\lrrlflr.exe115⤵
-
\??\c:\5rfflrx.exec:\5rfflrx.exe116⤵
-
\??\c:\7hntnt.exec:\7hntnt.exe117⤵
-
\??\c:\pvjdd.exec:\pvjdd.exe118⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe119⤵
-
\??\c:\rlrxxxf.exec:\rlrxxxf.exe120⤵
-
\??\c:\rrlfxfx.exec:\rrlfxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-