Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/05/2024, 08:51
General
-
Target
b310a3112037b2c29616794ef38c7cb0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
b310a3112037b2c29616794ef38c7cb0
-
SHA1
1402c309b452483d85bd45de33059b9c5ffcb6ea
-
SHA256
d29cd5748d7a37dd1a328b05d047f232fbaf4456c3bb0685f0c0f76eb37759cd
-
SHA512
8ce2243dd1d9af736c04e46b5bddd967df979463f6f7d3090b413a4f1eb8d23b56d08377a738d8038258610803e3a75319880c7fb578ec24eb13d47ff1a29e7e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtB:ymb3NkkiQ3mdBjFIWeFGyAsJAg2B
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b310a3112037b2c29616794ef38c7cb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b310a3112037b2c29616794ef38c7cb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9lflxxr.exec:\9lflxxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbhn.exec:\nnbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjdp.exec:\jpjdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjj.exec:\vvjjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfxrr.exec:\lfxfxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnhn.exec:\hbhnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvd.exec:\dvjvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvp.exec:\jdpvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfllr.exec:\ffxfllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflllr.exec:\frflllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbt.exec:\nhntbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntnb.exec:\nhntnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpdp.exec:\1dpdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrrx.exec:\lfrlrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxflrf.exec:\llxflrf.exe17⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe18⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe20⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe21⤵
- Executes dropped EXE
-
\??\c:\7fflxxl.exec:\7fflxxl.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrfrrx.exec:\xxrfrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\9nhhtt.exec:\9nhhtt.exe24⤵
- Executes dropped EXE
-
\??\c:\hbhnhn.exec:\hbhnhn.exe25⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe26⤵
- Executes dropped EXE
-
\??\c:\3jdvd.exec:\3jdvd.exe27⤵
- Executes dropped EXE
-
\??\c:\llflrrr.exec:\llflrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxflx.exec:\lfrxflx.exe29⤵
- Executes dropped EXE
-
\??\c:\5ntbnt.exec:\5ntbnt.exe30⤵
- Executes dropped EXE
-
\??\c:\nttnth.exec:\nttnth.exe31⤵
- Executes dropped EXE
-
\??\c:\1vvdp.exec:\1vvdp.exe32⤵
- Executes dropped EXE
-
\??\c:\5ppvj.exec:\5ppvj.exe33⤵
- Executes dropped EXE
-
\??\c:\xrllrlx.exec:\xrllrlx.exe34⤵
- Executes dropped EXE
-
\??\c:\9ffrflx.exec:\9ffrflx.exe35⤵
- Executes dropped EXE
-
\??\c:\llrfxrx.exec:\llrfxrx.exe36⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhntb.exec:\hbhntb.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe39⤵
- Executes dropped EXE
-
\??\c:\3lflxfl.exec:\3lflxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\5xflxxl.exec:\5xflxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\9nhnbh.exec:\9nhnbh.exe42⤵
- Executes dropped EXE
-
\??\c:\1jdpp.exec:\1jdpp.exe43⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe44⤵
- Executes dropped EXE
-
\??\c:\vpvjv.exec:\vpvjv.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrlxlx.exec:\xxrlxlx.exe46⤵
- Executes dropped EXE
-
\??\c:\lxrfrlx.exec:\lxrfrlx.exe47⤵
- Executes dropped EXE
-
\??\c:\htnthh.exec:\htnthh.exe48⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\jdvpd.exec:\jdvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\3lrlxfx.exec:\3lrlxfx.exe52⤵
- Executes dropped EXE
-
\??\c:\5xxllrf.exec:\5xxllrf.exe53⤵
- Executes dropped EXE
-
\??\c:\1hhnbh.exec:\1hhnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\bhnnbb.exec:\bhnnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe56⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe57⤵
- Executes dropped EXE
-
\??\c:\9lxfllf.exec:\9lxfllf.exe58⤵
- Executes dropped EXE
-
\??\c:\rflllrf.exec:\rflllrf.exe59⤵
- Executes dropped EXE
-
\??\c:\nhbbbh.exec:\nhbbbh.exe60⤵
- Executes dropped EXE
-
\??\c:\3bbhnn.exec:\3bbhnn.exe61⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe62⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe63⤵
- Executes dropped EXE
-
\??\c:\dpvvj.exec:\dpvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\lfflrxl.exec:\lfflrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe66⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe67⤵
-
\??\c:\hthbbn.exec:\hthbbn.exe68⤵
-
\??\c:\dvjvv.exec:\dvjvv.exe69⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe70⤵
-
\??\c:\xxlrxxf.exec:\xxlrxxf.exe71⤵
-
\??\c:\xxlrxrl.exec:\xxlrxrl.exe72⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe73⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe74⤵
-
\??\c:\vjppj.exec:\vjppj.exe75⤵
-
\??\c:\7pddj.exec:\7pddj.exe76⤵
-
\??\c:\frflrxf.exec:\frflrxf.exe77⤵
-
\??\c:\9rrfrrf.exec:\9rrfrrf.exe78⤵
-
\??\c:\tnthht.exec:\tnthht.exe79⤵
-
\??\c:\rfrxrrf.exec:\rfrxrrf.exe80⤵
-
\??\c:\rlllflx.exec:\rlllflx.exe81⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe82⤵
-
\??\c:\btthnt.exec:\btthnt.exe83⤵
-
\??\c:\tnttbb.exec:\tnttbb.exe84⤵
-
\??\c:\ddjjv.exec:\ddjjv.exe85⤵
-
\??\c:\pdddd.exec:\pdddd.exe86⤵
-
\??\c:\lxfflxl.exec:\lxfflxl.exe87⤵
-
\??\c:\lxrrrlf.exec:\lxrrrlf.exe88⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe89⤵
-
\??\c:\dddvp.exec:\dddvp.exe90⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe91⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe92⤵
-
\??\c:\9jjdv.exec:\9jjdv.exe93⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe94⤵
-
\??\c:\xxrxffl.exec:\xxrxffl.exe95⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe96⤵
-
\??\c:\9jjvd.exec:\9jjvd.exe97⤵
-
\??\c:\xrllrxf.exec:\xrllrxf.exe98⤵
-
\??\c:\7xxflrf.exec:\7xxflrf.exe99⤵
-
\??\c:\nnhnhn.exec:\nnhnhn.exe100⤵
-
\??\c:\tnntbn.exec:\tnntbn.exe101⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe102⤵
-
\??\c:\3jddj.exec:\3jddj.exe103⤵
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe104⤵
-
\??\c:\xxxlrfl.exec:\xxxlrfl.exe105⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe106⤵
-
\??\c:\bthnnb.exec:\bthnnb.exe107⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe108⤵
-
\??\c:\ppddj.exec:\ppddj.exe109⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe110⤵
-
\??\c:\ffrflxf.exec:\ffrflxf.exe111⤵
-
\??\c:\9lrrlrr.exec:\9lrrlrr.exe112⤵
-
\??\c:\tnbnbb.exec:\tnbnbb.exe113⤵
-
\??\c:\9ttbnt.exec:\9ttbnt.exe114⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe115⤵
-
\??\c:\vdjdj.exec:\vdjdj.exe116⤵
-
\??\c:\9lrrrxf.exec:\9lrrrxf.exe117⤵
-
\??\c:\rlfrrxl.exec:\rlfrrxl.exe118⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe119⤵
-
\??\c:\1bbhnn.exec:\1bbhnn.exe120⤵
-
\??\c:\5ppvv.exec:\5ppvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-