Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/05/2024, 09:30
General
-
Target
bd7375b54596a1950f33491d803b2d40_NeikiAnalytics.exe
-
Size
90KB
-
MD5
bd7375b54596a1950f33491d803b2d40
-
SHA1
cdedb96014950d6bbfd7fd5f66d5f32ffcb4109a
-
SHA256
e547f5cdd3d2a6144bfb6642eb85678baf8b781eea47863715e72e8694ef219e
-
SHA512
2a9589639a91a25f85e36b6bdd40b913352f52c09dd8044cef5297ac77ff332505f9783815c5888dccb0d870e83d2f0bbbeaa3881a6394df559ba9e9c542a9a9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJV1:ymb3NkkiQ3mdBjFodt27HobvcyLufNfp
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd7375b54596a1950f33491d803b2d40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bd7375b54596a1950f33491d803b2d40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvd.exec:\vjvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhhh.exec:\ttbhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pdjj.exec:\7pdjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrllll.exec:\rrrllll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnnb.exec:\tntnnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvdd.exec:\5pvdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1frrflx.exec:\1frrflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxflx.exec:\5xxxflx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppd.exec:\dpppd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjd.exec:\jjdjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlllr.exec:\fxrlllr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfrflx.exec:\fxfrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hbhtt.exec:\5hbhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jvpj.exec:\7jvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxlr.exec:\fxxlxlr.exe17⤵
- Executes dropped EXE
-
\??\c:\7xrrlrx.exec:\7xrrlrx.exe18⤵
- Executes dropped EXE
-
\??\c:\1tnbtn.exec:\1tnbtn.exe19⤵
- Executes dropped EXE
-
\??\c:\ttbhth.exec:\ttbhth.exe20⤵
- Executes dropped EXE
-
\??\c:\ppddj.exec:\ppddj.exe21⤵
- Executes dropped EXE
-
\??\c:\rrflrfl.exec:\rrflrfl.exe22⤵
- Executes dropped EXE
-
\??\c:\7nnbnt.exec:\7nnbnt.exe23⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe24⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxrlxxl.exec:\xxrlxxl.exe26⤵
- Executes dropped EXE
-
\??\c:\7xxxlxl.exec:\7xxxlxl.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtttt.exec:\nbtttt.exe28⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe29⤵
- Executes dropped EXE
-
\??\c:\1xrrxfl.exec:\1xrrxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\5llllxf.exec:\5llllxf.exe31⤵
- Executes dropped EXE
-
\??\c:\bbbhnt.exec:\bbbhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\nbbbnt.exec:\nbbbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\djppd.exec:\djppd.exe34⤵
- Executes dropped EXE
-
\??\c:\xlllllx.exec:\xlllllx.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlrlrl.exec:\xrlrlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\tthhhh.exec:\tthhhh.exe37⤵
- Executes dropped EXE
-
\??\c:\1nbtbt.exec:\1nbtbt.exe38⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xfxrxff.exec:\xfxrxff.exe40⤵
- Executes dropped EXE
-
\??\c:\ffxfxlx.exec:\ffxfxlx.exe41⤵
- Executes dropped EXE
-
\??\c:\1bhbht.exec:\1bhbht.exe42⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\pppjd.exec:\pppjd.exe44⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe45⤵
- Executes dropped EXE
-
\??\c:\1lflfff.exec:\1lflfff.exe46⤵
- Executes dropped EXE
-
\??\c:\htthtt.exec:\htthtt.exe47⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rflflxl.exec:\rflflxl.exe49⤵
- Executes dropped EXE
-
\??\c:\xxlxrrf.exec:\xxlxrrf.exe50⤵
- Executes dropped EXE
-
\??\c:\3hbtht.exec:\3hbtht.exe51⤵
- Executes dropped EXE
-
\??\c:\pvpvv.exec:\pvpvv.exe52⤵
- Executes dropped EXE
-
\??\c:\pddvp.exec:\pddvp.exe53⤵
- Executes dropped EXE
-
\??\c:\lrlfffr.exec:\lrlfffr.exe54⤵
- Executes dropped EXE
-
\??\c:\lfffffl.exec:\lfffffl.exe55⤵
- Executes dropped EXE
-
\??\c:\1tntbn.exec:\1tntbn.exe56⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe57⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe58⤵
- Executes dropped EXE
-
\??\c:\xlrlfff.exec:\xlrlfff.exe59⤵
- Executes dropped EXE
-
\??\c:\thttbh.exec:\thttbh.exe60⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe61⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjdv.exec:\jjjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\3ffxffl.exec:\3ffxffl.exe64⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe66⤵
-
\??\c:\3djdp.exec:\3djdp.exe67⤵
-
\??\c:\1frxllr.exec:\1frxllr.exe68⤵
-
\??\c:\flrllfl.exec:\flrllfl.exe69⤵
-
\??\c:\bttbnb.exec:\bttbnb.exe70⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe71⤵
-
\??\c:\xxrrxxf.exec:\xxrrxxf.exe72⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe73⤵
-
\??\c:\nttnhn.exec:\nttnhn.exe74⤵
-
\??\c:\3nbbnb.exec:\3nbbnb.exe75⤵
-
\??\c:\9vvvv.exec:\9vvvv.exe76⤵
-
\??\c:\dvppv.exec:\dvppv.exe77⤵
-
\??\c:\rlxrfff.exec:\rlxrfff.exe78⤵
-
\??\c:\ttnbnn.exec:\ttnbnn.exe79⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe80⤵
-
\??\c:\ttbnhh.exec:\ttbnhh.exe81⤵
-
\??\c:\jjvjp.exec:\jjvjp.exe82⤵
-
\??\c:\jdppd.exec:\jdppd.exe83⤵
-
\??\c:\llxfxlx.exec:\llxfxlx.exe84⤵
-
\??\c:\xxxrlxx.exec:\xxxrlxx.exe85⤵
-
\??\c:\5tnnht.exec:\5tnnht.exe86⤵
-
\??\c:\nntnbb.exec:\nntnbb.exe87⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe88⤵
-
\??\c:\3fffrxr.exec:\3fffrxr.exe89⤵
-
\??\c:\1frrlxr.exec:\1frrlxr.exe90⤵
-
\??\c:\bbhhnb.exec:\bbhhnb.exe91⤵
-
\??\c:\hhbhnt.exec:\hhbhnt.exe92⤵
-
\??\c:\ddppd.exec:\ddppd.exe93⤵
-
\??\c:\vdjjv.exec:\vdjjv.exe94⤵
-
\??\c:\rfrlxxr.exec:\rfrlxxr.exe95⤵
-
\??\c:\1flffxx.exec:\1flffxx.exe96⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe97⤵
-
\??\c:\vdpvp.exec:\vdpvp.exe98⤵
-
\??\c:\vvvdd.exec:\vvvdd.exe99⤵
-
\??\c:\3fflflf.exec:\3fflflf.exe100⤵
-
\??\c:\lfrrfrf.exec:\lfrrfrf.exe101⤵
-
\??\c:\hbnbhb.exec:\hbnbhb.exe102⤵
-
\??\c:\nhbtbn.exec:\nhbtbn.exe103⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe104⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe105⤵
-
\??\c:\lfxrffx.exec:\lfxrffx.exe106⤵
-
\??\c:\hnhhnh.exec:\hnhhnh.exe107⤵
-
\??\c:\btnthb.exec:\btnthb.exe108⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe109⤵
-
\??\c:\9bnnhn.exec:\9bnnhn.exe110⤵
-
\??\c:\thnbbt.exec:\thnbbt.exe111⤵
-
\??\c:\pjpdp.exec:\pjpdp.exe112⤵
-
\??\c:\xrrllrl.exec:\xrrllrl.exe113⤵
-
\??\c:\xrlrflx.exec:\xrlrflx.exe114⤵
-
\??\c:\bbthbb.exec:\bbthbb.exe115⤵
-
\??\c:\3bttbb.exec:\3bttbb.exe116⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe117⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe118⤵
-
\??\c:\rxxlrrf.exec:\rxxlrrf.exe119⤵
-
\??\c:\ththnn.exec:\ththnn.exe120⤵
-
\??\c:\3bnnnt.exec:\3bnnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-