Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
13/05/2024, 10:10
General
-
Target
b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
b168380e33e36cda7361e54740876ce0
-
SHA1
f0912a4c554ca25f6b26195e2647f0795d2a218d
-
SHA256
c8474e22b4805c873f3eefb3ba8665c668bf76920e04448c6f4ccccd6931a3db
-
SHA512
5e4d6d76abe558b12be4101d1e990008aa87fa2081b727c4b57e14a32ff3466edd5765d09c0f1739c2538db91becbb793c00c9944f36b74750aa5b49afd981f8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVnY:ymb3NkkiQ3mdBjF0crY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b168380e33e36cda7361e54740876ce0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnb.exec:\nhhbnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llrflx.exec:\7llrflx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrlff.exec:\fffrlff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnht.exec:\nntnht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdp.exec:\jjjdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxxfx.exec:\lfxxxfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbbn.exec:\tnnbbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllrl.exec:\lfxllrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppjd.exec:\dppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlrfr.exec:\xxrlrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnthth.exec:\nnthth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbnth.exec:\9hbnth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7flfxrl.exec:\7flfxrl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe17⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe18⤵
- Executes dropped EXE
-
\??\c:\rrffffx.exec:\rrffffx.exe19⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe20⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe21⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\7rrxrlx.exec:\7rrxrlx.exe23⤵
- Executes dropped EXE
-
\??\c:\hhhtbh.exec:\hhhtbh.exe24⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxrxrr.exec:\lrxrxrr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbtntb.exec:\hbtntb.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrfxrxl.exec:\lrfxrxl.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\ppppd.exec:\ppppd.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxxfrr.exec:\lrxxfrr.exe33⤵
- Executes dropped EXE
-
\??\c:\hnnntn.exec:\hnnntn.exe34⤵
- Executes dropped EXE
-
\??\c:\nbhnbt.exec:\nbhnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\9jdvj.exec:\9jdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\5lffrrx.exec:\5lffrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\bbhtnb.exec:\bbhtnb.exe39⤵
- Executes dropped EXE
-
\??\c:\bhhtbh.exec:\bhhtbh.exe40⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe41⤵
- Executes dropped EXE
-
\??\c:\3llxrfl.exec:\3llxrfl.exe42⤵
- Executes dropped EXE
-
\??\c:\xxllfxl.exec:\xxllfxl.exe43⤵
- Executes dropped EXE
-
\??\c:\nnnbtb.exec:\nnnbtb.exe44⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe45⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe46⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe47⤵
- Executes dropped EXE
-
\??\c:\tnhhth.exec:\tnhhth.exe48⤵
- Executes dropped EXE
-
\??\c:\dpppj.exec:\dpppj.exe49⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe50⤵
- Executes dropped EXE
-
\??\c:\fflrfrx.exec:\fflrfrx.exe51⤵
- Executes dropped EXE
-
\??\c:\hhhhth.exec:\hhhhth.exe52⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\xxlfrfr.exec:\xxlfrfr.exe54⤵
- Executes dropped EXE
-
\??\c:\5nnbbt.exec:\5nnbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\bhbnhh.exec:\bhbnhh.exe56⤵
- Executes dropped EXE
-
\??\c:\djdvp.exec:\djdvp.exe57⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\fxfllrf.exec:\fxfllrf.exe59⤵
- Executes dropped EXE
-
\??\c:\5tntnh.exec:\5tntnh.exe60⤵
- Executes dropped EXE
-
\??\c:\ntbbbb.exec:\ntbbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\1dvpd.exec:\1dvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\rxxfxrr.exec:\rxxfxrr.exe63⤵
- Executes dropped EXE
-
\??\c:\rfrllll.exec:\rfrllll.exe64⤵
- Executes dropped EXE
-
\??\c:\nnhtht.exec:\nnhtht.exe65⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe66⤵
-
\??\c:\jddjp.exec:\jddjp.exe67⤵
-
\??\c:\rlxfxxl.exec:\rlxfxxl.exe68⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe69⤵
-
\??\c:\bhbtbb.exec:\bhbtbb.exe70⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe71⤵
-
\??\c:\ffrlxxl.exec:\ffrlxxl.exe72⤵
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe73⤵
-
\??\c:\1hhthh.exec:\1hhthh.exe74⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe75⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe76⤵
-
\??\c:\xlxfxlr.exec:\xlxfxlr.exe77⤵
-
\??\c:\rrllrfx.exec:\rrllrfx.exe78⤵
-
\??\c:\hbtbnb.exec:\hbtbnb.exe79⤵
-
\??\c:\ttthtb.exec:\ttthtb.exe80⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe81⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe82⤵
-
\??\c:\xrlrxfx.exec:\xrlrxfx.exe83⤵
-
\??\c:\bhnnbb.exec:\bhnnbb.exe84⤵
-
\??\c:\tntbbb.exec:\tntbbb.exe85⤵
-
\??\c:\djdjv.exec:\djdjv.exe86⤵
-
\??\c:\llfxlfx.exec:\llfxlfx.exe87⤵
-
\??\c:\xfflxrr.exec:\xfflxrr.exe88⤵
-
\??\c:\tthbbn.exec:\tthbbn.exe89⤵
-
\??\c:\nhthhh.exec:\nhthhh.exe90⤵
-
\??\c:\jdddj.exec:\jdddj.exe91⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe92⤵
-
\??\c:\lllxxff.exec:\lllxxff.exe93⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe94⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe95⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe96⤵
-
\??\c:\rxlflxl.exec:\rxlflxl.exe97⤵
-
\??\c:\lflxlxr.exec:\lflxlxr.exe98⤵
-
\??\c:\3htnbn.exec:\3htnbn.exe99⤵
-
\??\c:\bhnhhn.exec:\bhnhhn.exe100⤵
-
\??\c:\pppdv.exec:\pppdv.exe101⤵
-
\??\c:\rrlllxl.exec:\rrlllxl.exe102⤵
-
\??\c:\frrrfxf.exec:\frrrfxf.exe103⤵
-
\??\c:\bnbbhb.exec:\bnbbhb.exe104⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe105⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe106⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe107⤵
-
\??\c:\rxffxrx.exec:\rxffxrx.exe108⤵
-
\??\c:\7bttnt.exec:\7bttnt.exe109⤵
-
\??\c:\9thntt.exec:\9thntt.exe110⤵
-
\??\c:\3pdpd.exec:\3pdpd.exe111⤵
-
\??\c:\3jjpj.exec:\3jjpj.exe112⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe113⤵
-
\??\c:\rrrfxll.exec:\rrrfxll.exe114⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe115⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe116⤵
-
\??\c:\pddvv.exec:\pddvv.exe117⤵
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe118⤵
-
\??\c:\xlxfllr.exec:\xlxfllr.exe119⤵
-
\??\c:\hbthbh.exec:\hbthbh.exe120⤵
-
\??\c:\bhntbb.exec:\bhntbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-