Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13/05/2024, 13:52
General
-
Target
bb1eb27793a7b9628fcfc6c0afef9940_NeikiAnalytics.exe
-
Size
90KB
-
MD5
bb1eb27793a7b9628fcfc6c0afef9940
-
SHA1
adc65dac3dca281ab21767e399bf11273a9534e4
-
SHA256
dda1c64b39a8a74a473ecec9e64c402c1cee5b10347ac386a8619fb7ea2865c8
-
SHA512
67fb94df65664821042146bd10f1623ad34e0222152015bec4c0a24384e1b5e3cea7bdc868855c699a6d80c033f1b867984ee8bed846230e9a2e54f26ee2ebe9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBm:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb1eb27793a7b9628fcfc6c0afef9940_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bb1eb27793a7b9628fcfc6c0afef9940_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrxlr.exec:\rfrrxlr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbhbb.exec:\bnbhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvj.exec:\1pdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xrrxfl.exec:\3xrrxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxllx.exec:\lxrxllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnhnn.exec:\9hnhnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjp.exec:\jddjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjj.exec:\jjdjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxfxl.exec:\frfxfxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffllx.exec:\3lffllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nbhnb.exec:\9nbhnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntt.exec:\bthntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpjj.exec:\3dpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxllr.exec:\rlxxllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfflf.exec:\rlxfflf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnntbn.exec:\bnntbn.exe17⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe18⤵
- Executes dropped EXE
-
\??\c:\9frlrff.exec:\9frlrff.exe19⤵
- Executes dropped EXE
-
\??\c:\xrflrfl.exec:\xrflrfl.exe20⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\3hnnnt.exec:\3hnnnt.exe22⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe23⤵
- Executes dropped EXE
-
\??\c:\frlxlll.exec:\frlxlll.exe24⤵
- Executes dropped EXE
-
\??\c:\5xrxxxf.exec:\5xrxxxf.exe25⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe26⤵
- Executes dropped EXE
-
\??\c:\tntbhn.exec:\tntbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe28⤵
- Executes dropped EXE
-
\??\c:\9rxrrrr.exec:\9rxrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\rrlfxlr.exec:\rrlfxlr.exe30⤵
- Executes dropped EXE
-
\??\c:\9tnbnb.exec:\9tnbnb.exe31⤵
- Executes dropped EXE
-
\??\c:\3pddp.exec:\3pddp.exe32⤵
- Executes dropped EXE
-
\??\c:\1xllrll.exec:\1xllrll.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrlxfx.exec:\rfrlxfx.exe34⤵
- Executes dropped EXE
-
\??\c:\1nbbnn.exec:\1nbbnn.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnhhb.exec:\bnnhhb.exe36⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvvj.exec:\jdvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\fflrrff.exec:\fflrrff.exe39⤵
- Executes dropped EXE
-
\??\c:\xxlxxxx.exec:\xxlxxxx.exe40⤵
- Executes dropped EXE
-
\??\c:\thnnbt.exec:\thnnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\btnnhb.exec:\btnnhb.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe43⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe44⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe45⤵
- Executes dropped EXE
-
\??\c:\rfflllr.exec:\rfflllr.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe47⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe48⤵
- Executes dropped EXE
-
\??\c:\9bnthh.exec:\9bnthh.exe49⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\rllffrf.exec:\rllffrf.exe53⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe54⤵
- Executes dropped EXE
-
\??\c:\bbttbh.exec:\bbttbh.exe55⤵
- Executes dropped EXE
-
\??\c:\7jjvj.exec:\7jjvj.exe56⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe57⤵
- Executes dropped EXE
-
\??\c:\frrxlfr.exec:\frrxlfr.exe58⤵
- Executes dropped EXE
-
\??\c:\xrrrfxl.exec:\xrrrfxl.exe59⤵
- Executes dropped EXE
-
\??\c:\1nbnnh.exec:\1nbnnh.exe60⤵
- Executes dropped EXE
-
\??\c:\vpvjp.exec:\vpvjp.exe61⤵
- Executes dropped EXE
-
\??\c:\lxlrfrr.exec:\lxlrfrr.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrxxfl.exec:\lfrxxfl.exe63⤵
- Executes dropped EXE
-
\??\c:\nhnbhh.exec:\nhnbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\bhhnhb.exec:\bhhnhb.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe66⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe67⤵
-
\??\c:\rlxxfxl.exec:\rlxxfxl.exe68⤵
-
\??\c:\lfllrll.exec:\lfllrll.exe69⤵
-
\??\c:\nbttbt.exec:\nbttbt.exe70⤵
-
\??\c:\nbhhbb.exec:\nbhhbb.exe71⤵
-
\??\c:\1pvpd.exec:\1pvpd.exe72⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe73⤵
-
\??\c:\3lrxlrx.exec:\3lrxlrx.exe74⤵
-
\??\c:\rfrxxrl.exec:\rfrxxrl.exe75⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe76⤵
-
\??\c:\5tbnhn.exec:\5tbnhn.exe77⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe78⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe79⤵
-
\??\c:\fflllfl.exec:\fflllfl.exe80⤵
-
\??\c:\llxfrxl.exec:\llxfrxl.exe81⤵
-
\??\c:\hthhnt.exec:\hthhnt.exe82⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe83⤵
-
\??\c:\pjddv.exec:\pjddv.exe84⤵
-
\??\c:\jvvdj.exec:\jvvdj.exe85⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe86⤵
-
\??\c:\3flxxff.exec:\3flxxff.exe87⤵
-
\??\c:\flrfxrr.exec:\flrfxrr.exe88⤵
-
\??\c:\nnhntt.exec:\nnhntt.exe89⤵
-
\??\c:\btnbhn.exec:\btnbhn.exe90⤵
-
\??\c:\9vppv.exec:\9vppv.exe91⤵
-
\??\c:\ppjdd.exec:\ppjdd.exe92⤵
-
\??\c:\rflrrrf.exec:\rflrrrf.exe93⤵
-
\??\c:\7fllxrf.exec:\7fllxrf.exe94⤵
-
\??\c:\9xrlxrx.exec:\9xrlxrx.exe95⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe96⤵
-
\??\c:\1htbhh.exec:\1htbhh.exe97⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe98⤵
-
\??\c:\dpvdv.exec:\dpvdv.exe99⤵
-
\??\c:\frfxflf.exec:\frfxflf.exe100⤵
-
\??\c:\rrxfrrx.exec:\rrxfrrx.exe101⤵
-
\??\c:\thtthn.exec:\thtthn.exe102⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe103⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe104⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe105⤵
-
\??\c:\frfxxrf.exec:\frfxxrf.exe106⤵
-
\??\c:\xlxffxx.exec:\xlxffxx.exe107⤵
-
\??\c:\1bhttb.exec:\1bhttb.exe108⤵
-
\??\c:\1hnnbb.exec:\1hnnbb.exe109⤵
-
\??\c:\nbnnth.exec:\nbnnth.exe110⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe111⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe112⤵
-
\??\c:\lrxxfxx.exec:\lrxxfxx.exe113⤵
-
\??\c:\lxxfffr.exec:\lxxfffr.exe114⤵
-
\??\c:\btntbt.exec:\btntbt.exe115⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe116⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe117⤵
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe118⤵
-
\??\c:\xrrffrf.exec:\xrrffrf.exe119⤵
-
\??\c:\1rxlrrx.exec:\1rxlrrx.exe120⤵
-
\??\c:\5tbhnn.exec:\5tbhnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-