Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14/05/2024, 06:22
General
-
Target
92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe
-
Size
61KB
-
MD5
92a7813d62b1b883fb69e15e3619fe40
-
SHA1
61b081f9184888585ca6d2c458e1112ce4d0a6da
-
SHA256
dd529a92b52bc5717e6ea2dbdc41631c8d676555a4ef5bb95b6a626d3e7f1233
-
SHA512
cb4463b2cfeb2eb1386c21be95913167de3bc9181321d69a4768fb1fac4e4e7a77088d7ac24cc1e1553baa0f15742964a84718f404692c3c8286969bc9bbd412
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKEG:ymb3NkkiQ3mdBjFII9ZvHKEG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxlx.exec:\rrrrxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrxf.exec:\xrxfrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbhn.exec:\tnhbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdp.exec:\5dpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjdp.exec:\vjjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrxxr.exec:\fxrrxxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9thhtt.exec:\9thhtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvv.exec:\dvdvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrllr.exec:\ffrrllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnb.exec:\ttnbnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvjp.exec:\1dvjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvdp.exec:\3dvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntb.exec:\bnhntb.exe17⤵
- Executes dropped EXE
-
\??\c:\nntbhh.exec:\nntbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\jdvpv.exec:\jdvpv.exe19⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe20⤵
- Executes dropped EXE
-
\??\c:\xfrxxfl.exec:\xfrxxfl.exe21⤵
- Executes dropped EXE
-
\??\c:\hhbtth.exec:\hhbtth.exe22⤵
- Executes dropped EXE
-
\??\c:\hbhtbn.exec:\hbhtbn.exe23⤵
- Executes dropped EXE
-
\??\c:\7jjvd.exec:\7jjvd.exe24⤵
- Executes dropped EXE
-
\??\c:\1jjvv.exec:\1jjvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlxflr.exec:\xrlxflr.exe26⤵
- Executes dropped EXE
-
\??\c:\bnhhhh.exec:\bnhhhh.exe27⤵
- Executes dropped EXE
-
\??\c:\bbtbhn.exec:\bbtbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdjd.exec:\ppdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\rrrxffl.exec:\rrrxffl.exe30⤵
- Executes dropped EXE
-
\??\c:\lflxxlx.exec:\lflxxlx.exe31⤵
- Executes dropped EXE
-
\??\c:\ntntbn.exec:\ntntbn.exe32⤵
- Executes dropped EXE
-
\??\c:\vjdvj.exec:\vjdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe34⤵
- Executes dropped EXE
-
\??\c:\rrllxxf.exec:\rrllxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\xfxrrlf.exec:\xfxrrlf.exe36⤵
- Executes dropped EXE
-
\??\c:\btnbhb.exec:\btnbhb.exe37⤵
- Executes dropped EXE
-
\??\c:\3jjdd.exec:\3jjdd.exe38⤵
- Executes dropped EXE
-
\??\c:\1pjjv.exec:\1pjjv.exe39⤵
- Executes dropped EXE
-
\??\c:\9llxlrx.exec:\9llxlrx.exe40⤵
- Executes dropped EXE
-
\??\c:\1rfxxxx.exec:\1rfxxxx.exe41⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe42⤵
- Executes dropped EXE
-
\??\c:\ntbttb.exec:\ntbttb.exe43⤵
- Executes dropped EXE
-
\??\c:\llxflrl.exec:\llxflrl.exe44⤵
- Executes dropped EXE
-
\??\c:\tttbnt.exec:\tttbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe46⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe47⤵
- Executes dropped EXE
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\xxxrxff.exec:\xxxrxff.exe49⤵
- Executes dropped EXE
-
\??\c:\7hbhtt.exec:\7hbhtt.exe50⤵
- Executes dropped EXE
-
\??\c:\3bhnhh.exec:\3bhnhh.exe51⤵
- Executes dropped EXE
-
\??\c:\jpjvp.exec:\jpjvp.exe52⤵
- Executes dropped EXE
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\9rfffxf.exec:\9rfffxf.exe54⤵
- Executes dropped EXE
-
\??\c:\htbbnh.exec:\htbbnh.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtnth.exec:\bbtnth.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe58⤵
- Executes dropped EXE
-
\??\c:\fxrlrll.exec:\fxrlrll.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrfxrr.exec:\rlrfxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe61⤵
- Executes dropped EXE
-
\??\c:\bbntbn.exec:\bbntbn.exe62⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpvv.exec:\pdpvv.exe64⤵
- Executes dropped EXE
-
\??\c:\xrfxffl.exec:\xrfxffl.exe65⤵
- Executes dropped EXE
-
\??\c:\xllrlll.exec:\xllrlll.exe66⤵
-
\??\c:\bnbhth.exec:\bnbhth.exe67⤵
-
\??\c:\hbnnnn.exec:\hbnnnn.exe68⤵
-
\??\c:\dvppv.exec:\dvppv.exe69⤵
-
\??\c:\1vvjd.exec:\1vvjd.exe70⤵
-
\??\c:\fxxxfxf.exec:\fxxxfxf.exe71⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe72⤵
-
\??\c:\7hbthh.exec:\7hbthh.exe73⤵
-
\??\c:\bthntt.exec:\bthntt.exe74⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe75⤵
-
\??\c:\rlrxrxl.exec:\rlrxrxl.exe76⤵
-
\??\c:\5lrxllr.exec:\5lrxllr.exe77⤵
-
\??\c:\hbnthn.exec:\hbnthn.exe78⤵
-
\??\c:\5nhntb.exec:\5nhntb.exe79⤵
-
\??\c:\vpddj.exec:\vpddj.exe80⤵
-
\??\c:\9jppp.exec:\9jppp.exe81⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe82⤵
-
\??\c:\1xrxxfl.exec:\1xrxxfl.exe83⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe84⤵
-
\??\c:\bnnnbt.exec:\bnnnbt.exe85⤵
-
\??\c:\dppdj.exec:\dppdj.exe86⤵
-
\??\c:\vjdjv.exec:\vjdjv.exe87⤵
-
\??\c:\llxxfxf.exec:\llxxfxf.exe88⤵
-
\??\c:\rfxflrf.exec:\rfxflrf.exe89⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe90⤵
-
\??\c:\1btbbh.exec:\1btbbh.exe91⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe92⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe93⤵
-
\??\c:\fffrxlf.exec:\fffrxlf.exe94⤵
-
\??\c:\rlrffff.exec:\rlrffff.exe95⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe96⤵
-
\??\c:\thnttt.exec:\thnttt.exe97⤵
-
\??\c:\7pvvj.exec:\7pvvj.exe98⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe99⤵
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe100⤵
-
\??\c:\lxfrfll.exec:\lxfrfll.exe101⤵
-
\??\c:\httbbb.exec:\httbbb.exe102⤵
-
\??\c:\nnbnbn.exec:\nnbnbn.exe103⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe104⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe105⤵
-
\??\c:\xrllllr.exec:\xrllllr.exe106⤵
-
\??\c:\flxrxll.exec:\flxrxll.exe107⤵
-
\??\c:\lxxxfxx.exec:\lxxxfxx.exe108⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe109⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe110⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe111⤵
-
\??\c:\jjdjj.exec:\jjdjj.exe112⤵
-
\??\c:\jvddd.exec:\jvddd.exe113⤵
-
\??\c:\rrfxflx.exec:\rrfxflx.exe114⤵
-
\??\c:\xrxxrlx.exec:\xrxxrlx.exe115⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe116⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe117⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe118⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe119⤵
-
\??\c:\lllrxxf.exec:\lllrxxf.exe120⤵
-
\??\c:\lflrlll.exec:\lflrlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-