Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
13/05/2024, 13:43
General
-
Target
bad63e165ca675f8be030d2f80421590_NeikiAnalytics.exe
-
Size
140KB
-
MD5
bad63e165ca675f8be030d2f80421590
-
SHA1
a90ca820a0a9fe05ba08fbde89c9a5d31eba965e
-
SHA256
5bb2ac9cfd8feada0578bc6c86c46fe3c7f09693b92b8b1fd840f8d28794307f
-
SHA512
f48bab96b16de7cc85c08e6189c2964860fe9c131b03b10de7fc0e6e74a5178a4e8750280c59055f026b2eb11ed5a4562c818640abbb6276e3a2b9b2a25d3991
-
SSDEEP
3072:ymb3NkkiQ3mdBjFomR7UsyJC+n0Gsgyek1D:n3C9BRomRph+0GsgyeYD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bad63e165ca675f8be030d2f80421590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bad63e165ca675f8be030d2f80421590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rffffr.exec:\5rffffr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnnt.exec:\bnhnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjjd.exec:\9pjjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvdj.exec:\1jvdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllffrr.exec:\lllffrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhb.exec:\nnbbhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhnnn.exec:\nbhnnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdpv.exec:\vpdpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflrlr.exec:\3rflrlr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbnh.exec:\nhhbnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtbhn.exec:\nbtbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppp.exec:\9dppp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvvv.exec:\jpvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfllrf.exec:\3lfllrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnhhn.exec:\htnhhn.exe17⤵
- Executes dropped EXE
-
\??\c:\7hbbhh.exec:\7hbbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe19⤵
- Executes dropped EXE
-
\??\c:\1lrxfxf.exec:\1lrxfxf.exe20⤵
- Executes dropped EXE
-
\??\c:\1frxfrx.exec:\1frxfrx.exe21⤵
- Executes dropped EXE
-
\??\c:\9hbhhb.exec:\9hbhhb.exe22⤵
- Executes dropped EXE
-
\??\c:\5dvvd.exec:\5dvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\xrlfllx.exec:\xrlfllx.exe24⤵
- Executes dropped EXE
-
\??\c:\htttht.exec:\htttht.exe25⤵
- Executes dropped EXE
-
\??\c:\1bbnhh.exec:\1bbnhh.exe26⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\xlxrflf.exec:\xlxrflf.exe28⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvvv.exec:\dvvvv.exe30⤵
- Executes dropped EXE
-
\??\c:\fxllrxx.exec:\fxllrxx.exe31⤵
- Executes dropped EXE
-
\??\c:\xlxrrxr.exec:\xlxrrxr.exe32⤵
- Executes dropped EXE
-
\??\c:\bhbhht.exec:\bhbhht.exe33⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe34⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe35⤵
- Executes dropped EXE
-
\??\c:\frrfflx.exec:\frrfflx.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnnbh.exec:\tnnnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe38⤵
- Executes dropped EXE
-
\??\c:\dpjjd.exec:\dpjjd.exe39⤵
- Executes dropped EXE
-
\??\c:\vdjpp.exec:\vdjpp.exe40⤵
- Executes dropped EXE
-
\??\c:\vvjjd.exec:\vvjjd.exe41⤵
- Executes dropped EXE
-
\??\c:\lfxfffr.exec:\lfxfffr.exe42⤵
- Executes dropped EXE
-
\??\c:\1fffrrf.exec:\1fffrrf.exe43⤵
- Executes dropped EXE
-
\??\c:\ntbntt.exec:\ntbntt.exe44⤵
- Executes dropped EXE
-
\??\c:\bnbhtt.exec:\bnbhtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\lrllfrr.exec:\lrllfrr.exe48⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbnnb.exec:\nnbnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\dppvp.exec:\dppvp.exe51⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\fxrrrrx.exec:\fxrrrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\flxlffr.exec:\flxlffr.exe54⤵
- Executes dropped EXE
-
\??\c:\bbhthh.exec:\bbhthh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\vdvdv.exec:\vdvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\9xxxxlr.exec:\9xxxxlr.exe58⤵
- Executes dropped EXE
-
\??\c:\5fxxxfr.exec:\5fxxxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\7nhtbh.exec:\7nhtbh.exe60⤵
- Executes dropped EXE
-
\??\c:\tbbntn.exec:\tbbntn.exe61⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\3vddj.exec:\3vddj.exe63⤵
- Executes dropped EXE
-
\??\c:\5xxlxlr.exec:\5xxlxlr.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlxfrx.exec:\fxlxfrx.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbnbb.exec:\nhbnbb.exe66⤵
-
\??\c:\httbhh.exec:\httbhh.exe67⤵
-
\??\c:\1vppv.exec:\1vppv.exe68⤵
-
\??\c:\djjdj.exec:\djjdj.exe69⤵
-
\??\c:\3lxxlrl.exec:\3lxxlrl.exe70⤵
-
\??\c:\ttnhnb.exec:\ttnhnb.exe71⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe72⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe73⤵
-
\??\c:\fllxlrl.exec:\fllxlrl.exe74⤵
-
\??\c:\lxflrrr.exec:\lxflrrr.exe75⤵
-
\??\c:\hbtntt.exec:\hbtntt.exe76⤵
-
\??\c:\hbhhhh.exec:\hbhhhh.exe77⤵
-
\??\c:\7jvjv.exec:\7jvjv.exe78⤵
-
\??\c:\3dppp.exec:\3dppp.exe79⤵
-
\??\c:\7lfrflx.exec:\7lfrflx.exe80⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe81⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe82⤵
-
\??\c:\1dpvv.exec:\1dpvv.exe83⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe84⤵
-
\??\c:\lfffffl.exec:\lfffffl.exe85⤵
-
\??\c:\7xfrfxl.exec:\7xfrfxl.exe86⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe87⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe88⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe89⤵
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe90⤵
-
\??\c:\nbhnbb.exec:\nbhnbb.exe91⤵
-
\??\c:\btttth.exec:\btttth.exe92⤵
-
\??\c:\5dpdp.exec:\5dpdp.exe93⤵
-
\??\c:\xxflfrl.exec:\xxflfrl.exe94⤵
-
\??\c:\1rxxffl.exec:\1rxxffl.exe95⤵
-
\??\c:\7hbttb.exec:\7hbttb.exe96⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe97⤵
-
\??\c:\1jppd.exec:\1jppd.exe98⤵
-
\??\c:\lffrfrf.exec:\lffrfrf.exe99⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe100⤵
-
\??\c:\thbhnt.exec:\thbhnt.exe101⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe102⤵
-
\??\c:\xrrxffr.exec:\xrrxffr.exe103⤵
-
\??\c:\lflxllf.exec:\lflxllf.exe104⤵
-
\??\c:\bntbtb.exec:\bntbtb.exe105⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe106⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe107⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe108⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe109⤵
-
\??\c:\nhttnt.exec:\nhttnt.exe110⤵
-
\??\c:\hthnbh.exec:\hthnbh.exe111⤵
-
\??\c:\vddjv.exec:\vddjv.exe112⤵
-
\??\c:\xrlflxf.exec:\xrlflxf.exe113⤵
-
\??\c:\frxrxxl.exec:\frxrxxl.exe114⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe115⤵
-
\??\c:\djvpv.exec:\djvpv.exe116⤵
-
\??\c:\djvjd.exec:\djvjd.exe117⤵
-
\??\c:\5flrrxl.exec:\5flrrxl.exe118⤵
-
\??\c:\hbtthn.exec:\hbtthn.exe119⤵
-
\??\c:\rfxxllr.exec:\rfxxllr.exe120⤵
-
\??\c:\fxfrxfl.exec:\fxfrxfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-