Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
13-05-2024 19:55
General
-
Target
0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe
-
Size
232KB
-
MD5
0c85ea076dcc9296f4fa953ba6674e50
-
SHA1
f260eeee25c8ee1ba8824bea39aa5e934ba96f4d
-
SHA256
73520ba9871e7eb4d409d7e98a28019a12ff12b2a38b08f5608de875c040e5cc
-
SHA512
d593f587be0ef23d7e1a7477a427f1d8bbe75420b61c56cc59280d0a8c5018eac398a6d7f0de0e0136dabadce04fa60e078ba2640fa24a7bae5f41134f1e211c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+4:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrxlx.exec:\7lrrxlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpvj.exec:\3jpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfrl.exec:\llflfrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnt.exec:\tnntnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ddpp.exec:\9ddpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxrxxl.exec:\1xxrxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfffxx.exec:\rlfffxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtthh.exec:\nhtthh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppp.exec:\ddppp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpv.exec:\ppjpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxffrx.exec:\5lxffrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnnt.exec:\bbtnnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpvv.exec:\7jpvv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxlr.exec:\xrfrxlr.exe17⤵
- Executes dropped EXE
-
\??\c:\llfllfr.exec:\llfllfr.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbbbn.exec:\nhbbbn.exe19⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe21⤵
- Executes dropped EXE
-
\??\c:\rlxlfff.exec:\rlxlfff.exe22⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnnht.exec:\tnnnht.exe24⤵
- Executes dropped EXE
-
\??\c:\pvpdp.exec:\pvpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\3fxlrfx.exec:\3fxlrfx.exe26⤵
- Executes dropped EXE
-
\??\c:\9rlxrlr.exec:\9rlxrlr.exe27⤵
- Executes dropped EXE
-
\??\c:\bbhhtb.exec:\bbhhtb.exe28⤵
- Executes dropped EXE
-
\??\c:\rrfrxfr.exec:\rrfrxfr.exe29⤵
- Executes dropped EXE
-
\??\c:\xrrlrxr.exec:\xrrlrxr.exe30⤵
- Executes dropped EXE
-
\??\c:\7thbnt.exec:\7thbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrrllr.exec:\xrrrllr.exe34⤵
- Executes dropped EXE
-
\??\c:\llxlfrx.exec:\llxlfrx.exe35⤵
- Executes dropped EXE
-
\??\c:\hhttbb.exec:\hhttbb.exe36⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\9pppd.exec:\9pppd.exe38⤵
- Executes dropped EXE
-
\??\c:\rrxlxlr.exec:\rrxlxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\frffrrx.exec:\frffrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\tbtbtb.exec:\tbtbtb.exe41⤵
- Executes dropped EXE
-
\??\c:\btbbbh.exec:\btbbbh.exe42⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\jjpvp.exec:\jjpvp.exe45⤵
- Executes dropped EXE
-
\??\c:\ffflflf.exec:\ffflflf.exe46⤵
- Executes dropped EXE
-
\??\c:\llfrlrr.exec:\llfrlrr.exe47⤵
- Executes dropped EXE
-
\??\c:\nhttnn.exec:\nhttnn.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlrxrf.exec:\xxlrxrf.exe49⤵
- Executes dropped EXE
-
\??\c:\7lflxfr.exec:\7lflxfr.exe50⤵
- Executes dropped EXE
-
\??\c:\bbnhnt.exec:\bbnhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\3vpvj.exec:\3vpvj.exe52⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe53⤵
- Executes dropped EXE
-
\??\c:\bthnbt.exec:\bthnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\3jvdp.exec:\3jvdp.exe55⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\rlfrrxf.exec:\rlfrrxf.exe57⤵
- Executes dropped EXE
-
\??\c:\7nhnbh.exec:\7nhnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\dpdjp.exec:\dpdjp.exe59⤵
- Executes dropped EXE
-
\??\c:\rrffllr.exec:\rrffllr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\5httbh.exec:\5httbh.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\1dppj.exec:\1dppj.exe64⤵
- Executes dropped EXE
-
\??\c:\3xxflxl.exec:\3xxflxl.exe65⤵
- Executes dropped EXE
-
\??\c:\9nttth.exec:\9nttth.exe66⤵
-
\??\c:\5bhntn.exec:\5bhntn.exe67⤵
-
\??\c:\ddjjj.exec:\ddjjj.exe68⤵
-
\??\c:\3ppjv.exec:\3ppjv.exe69⤵
-
\??\c:\rxfrxrr.exec:\rxfrxrr.exe70⤵
-
\??\c:\bntthn.exec:\bntthn.exe71⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe72⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe73⤵
-
\??\c:\jdvpj.exec:\jdvpj.exe74⤵
-
\??\c:\5xxxlrf.exec:\5xxxlrf.exe75⤵
-
\??\c:\llfrflx.exec:\llfrflx.exe76⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe77⤵
-
\??\c:\9dvpd.exec:\9dvpd.exe78⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe79⤵
-
\??\c:\fxlfrrx.exec:\fxlfrrx.exe80⤵
-
\??\c:\7lxfflx.exec:\7lxfflx.exe81⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe82⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe83⤵
-
\??\c:\dpdpv.exec:\dpdpv.exe84⤵
-
\??\c:\rrlrflr.exec:\rrlrflr.exe85⤵
-
\??\c:\bbtbth.exec:\bbtbth.exe86⤵
-
\??\c:\1tnnbn.exec:\1tnnbn.exe87⤵
-
\??\c:\nnthnn.exec:\nnthnn.exe88⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe89⤵
-
\??\c:\3frlllx.exec:\3frlllx.exe90⤵
-
\??\c:\fxxflxf.exec:\fxxflxf.exe91⤵
-
\??\c:\rlffrxr.exec:\rlffrxr.exe92⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe93⤵
-
\??\c:\pjddp.exec:\pjddp.exe94⤵
-
\??\c:\5pdvv.exec:\5pdvv.exe95⤵
-
\??\c:\7lxxflr.exec:\7lxxflr.exe96⤵
-
\??\c:\lffflll.exec:\lffflll.exe97⤵
-
\??\c:\hbhthn.exec:\hbhthn.exe98⤵
-
\??\c:\hhbhnn.exec:\hhbhnn.exe99⤵
-
\??\c:\jjppj.exec:\jjppj.exe100⤵
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe101⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe102⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe103⤵
-
\??\c:\ttnnbn.exec:\ttnnbn.exe104⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe105⤵
-
\??\c:\rllrllx.exec:\rllrllx.exe106⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe107⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe108⤵
-
\??\c:\hhtbtb.exec:\hhtbtb.exe109⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe110⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe111⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe112⤵
-
\??\c:\9frrxfr.exec:\9frrxfr.exe113⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe114⤵
-
\??\c:\btntht.exec:\btntht.exe115⤵
-
\??\c:\vvppd.exec:\vvppd.exe116⤵
-
\??\c:\lxlrxfl.exec:\lxlrxfl.exe117⤵
-
\??\c:\fxffxxl.exec:\fxffxxl.exe118⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe119⤵
-
\??\c:\7tnntt.exec:\7tnntt.exe120⤵
-
\??\c:\5jdpd.exec:\5jdpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-