Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
12/05/2024, 18:58
General
-
Target
434fb356b44099233f93bad587424d90_NeikiAnalytics.exe
-
Size
114KB
-
MD5
434fb356b44099233f93bad587424d90
-
SHA1
cd1c644873299f56590d456c1e96e61a692b2be8
-
SHA256
66d80073c3288cea285f33a2cec63f31442d6561e6202d049779e487c1e90364
-
SHA512
544d841bf7f6a684a5d61d79f127dec3fc0d1c5656285be00493b2bd44a3051461a8b418f3515e4ca7a7d0b3df3e845f056b7cab601e12324c6155dcb99e54e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NN:ymb3NkkiQ3mdBjFo73HUoMsAbrK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\434fb356b44099233f93bad587424d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\434fb356b44099233f93bad587424d90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlrrxf.exec:\3rlrrxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhnn.exec:\htbhnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vppv.exec:\5vppv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxrx.exec:\rflrxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllrfr.exec:\rrllrfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhht.exec:\bthhht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhtb.exec:\hhbhtb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpjd.exec:\7vpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxfxf.exec:\rlrxfxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hntht.exec:\9hntht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxffr.exec:\rrrxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhh.exec:\nnbbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe17⤵
- Executes dropped EXE
-
\??\c:\3rrrxfr.exec:\3rrrxfr.exe18⤵
- Executes dropped EXE
-
\??\c:\xxfxxrx.exec:\xxfxxrx.exe19⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\7xrflxl.exec:\7xrflxl.exe22⤵
- Executes dropped EXE
-
\??\c:\ffffxrf.exec:\ffffxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe25⤵
- Executes dropped EXE
-
\??\c:\fxrxflx.exec:\fxrxflx.exe26⤵
- Executes dropped EXE
-
\??\c:\7xxxffl.exec:\7xxxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe28⤵
- Executes dropped EXE
-
\??\c:\5lfxxfl.exec:\5lfxxfl.exe29⤵
- Executes dropped EXE
-
\??\c:\tbhhnb.exec:\tbhhnb.exe30⤵
- Executes dropped EXE
-
\??\c:\hntbtb.exec:\hntbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\ppvjj.exec:\ppvjj.exe32⤵
- Executes dropped EXE
-
\??\c:\xxrrffr.exec:\xxrrffr.exe33⤵
- Executes dropped EXE
-
\??\c:\rlrrllx.exec:\rlrrllx.exe34⤵
- Executes dropped EXE
-
\??\c:\hbtbbn.exec:\hbtbbn.exe35⤵
- Executes dropped EXE
-
\??\c:\nntbbh.exec:\nntbbh.exe36⤵
- Executes dropped EXE
-
\??\c:\vvddj.exec:\vvddj.exe37⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe38⤵
- Executes dropped EXE
-
\??\c:\frxflxx.exec:\frxflxx.exe39⤵
- Executes dropped EXE
-
\??\c:\bnbbbh.exec:\bnbbbh.exe40⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe41⤵
- Executes dropped EXE
-
\??\c:\1fxlrrx.exec:\1fxlrrx.exe42⤵
- Executes dropped EXE
-
\??\c:\rfffflf.exec:\rfffflf.exe43⤵
- Executes dropped EXE
-
\??\c:\httnnn.exec:\httnnn.exe44⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe45⤵
- Executes dropped EXE
-
\??\c:\5xlfffl.exec:\5xlfffl.exe46⤵
- Executes dropped EXE
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\7tthbn.exec:\7tthbn.exe48⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe49⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe50⤵
- Executes dropped EXE
-
\??\c:\frfflrx.exec:\frfflrx.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxlrfx.exec:\lrxlrfx.exe53⤵
- Executes dropped EXE
-
\??\c:\ffxrfxx.exec:\ffxrfxx.exe54⤵
- Executes dropped EXE
-
\??\c:\1htbhh.exec:\1htbhh.exe55⤵
- Executes dropped EXE
-
\??\c:\nhbhtb.exec:\nhbhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe57⤵
- Executes dropped EXE
-
\??\c:\5lflrrl.exec:\5lflrrl.exe58⤵
- Executes dropped EXE
-
\??\c:\ttbhnn.exec:\ttbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\7jjpd.exec:\7jjpd.exe60⤵
- Executes dropped EXE
-
\??\c:\jppdv.exec:\jppdv.exe61⤵
- Executes dropped EXE
-
\??\c:\1rlfllf.exec:\1rlfllf.exe62⤵
- Executes dropped EXE
-
\??\c:\frflllr.exec:\frflllr.exe63⤵
- Executes dropped EXE
-
\??\c:\thnnnn.exec:\thnnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe66⤵
-
\??\c:\xxrxxxr.exec:\xxrxxxr.exe67⤵
-
\??\c:\btnbbh.exec:\btnbbh.exe68⤵
-
\??\c:\nnntbh.exec:\nnntbh.exe69⤵
-
\??\c:\9dpjp.exec:\9dpjp.exe70⤵
-
\??\c:\xfxrfrr.exec:\xfxrfrr.exe71⤵
-
\??\c:\xrlrllr.exec:\xrlrllr.exe72⤵
-
\??\c:\9hbhhn.exec:\9hbhhn.exe73⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe74⤵
-
\??\c:\ddvvp.exec:\ddvvp.exe75⤵
-
\??\c:\pdppv.exec:\pdppv.exe76⤵
-
\??\c:\1rlrrxl.exec:\1rlrrxl.exe77⤵
-
\??\c:\fllxfff.exec:\fllxfff.exe78⤵
-
\??\c:\1nbhtb.exec:\1nbhtb.exe79⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe80⤵
-
\??\c:\1jvvv.exec:\1jvvv.exe81⤵
-
\??\c:\9lrrxff.exec:\9lrrxff.exe82⤵
-
\??\c:\xlrfllx.exec:\xlrfllx.exe83⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe84⤵
-
\??\c:\ppvpp.exec:\ppvpp.exe85⤵
-
\??\c:\dpppp.exec:\dpppp.exe86⤵
-
\??\c:\xxrfrrr.exec:\xxrfrrr.exe87⤵
-
\??\c:\lxllrlr.exec:\lxllrlr.exe88⤵
-
\??\c:\nbbhnn.exec:\nbbhnn.exe89⤵
-
\??\c:\hnbhhn.exec:\hnbhhn.exe90⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe91⤵
-
\??\c:\7jdjj.exec:\7jdjj.exe92⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe93⤵
-
\??\c:\1ttnnn.exec:\1ttnnn.exe94⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe95⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe96⤵
-
\??\c:\7rffffl.exec:\7rffffl.exe97⤵
-
\??\c:\9tbbbt.exec:\9tbbbt.exe98⤵
-
\??\c:\5hhnbh.exec:\5hhnbh.exe99⤵
-
\??\c:\vjvpd.exec:\vjvpd.exe100⤵
-
\??\c:\xfrffxx.exec:\xfrffxx.exe101⤵
-
\??\c:\xlflllr.exec:\xlflllr.exe102⤵
-
\??\c:\bhbnbt.exec:\bhbnbt.exe103⤵
-
\??\c:\1ntnth.exec:\1ntnth.exe104⤵
-
\??\c:\jvppv.exec:\jvppv.exe105⤵
-
\??\c:\3fllflr.exec:\3fllflr.exe106⤵
-
\??\c:\nnbbhh.exec:\nnbbhh.exe107⤵
-
\??\c:\3nbbtt.exec:\3nbbtt.exe108⤵
-
\??\c:\pvppj.exec:\pvppj.exe109⤵
-
\??\c:\rxxrrxf.exec:\rxxrrxf.exe110⤵
-
\??\c:\xrxfxrx.exec:\xrxfxrx.exe111⤵
-
\??\c:\3nnnnt.exec:\3nnnnt.exe112⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe113⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe114⤵
-
\??\c:\flfllxx.exec:\flfllxx.exe115⤵
-
\??\c:\3lffrlr.exec:\3lffrlr.exe116⤵
-
\??\c:\thnhnn.exec:\thnhnn.exe117⤵
-
\??\c:\3tnbbb.exec:\3tnbbb.exe118⤵
-
\??\c:\7dppj.exec:\7dppj.exe119⤵
-
\??\c:\xxlfrxl.exec:\xxlfrxl.exe120⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-