Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14/05/2024, 16:42
General
-
Target
cdc6c67f2a54696c9e6c4b3379bf32a0_NeikiAnalytics.exe
-
Size
74KB
-
MD5
cdc6c67f2a54696c9e6c4b3379bf32a0
-
SHA1
1c245b8ff35ba7543dc060d8f2e3c92bc632520e
-
SHA256
457c9c1cb696ca7bb5667f34c3536a53c1c4989f05e709c083a6d7cffd76f0e7
-
SHA512
cfc748278243343f453747b1fbf802bc373ff7c44b68ca015a240ad572c4e5c5ab466b70507dfcc05d16c5c7e9623ccefea065e0e35047741aa02204eb21650a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSd:ymb3NkkiQ3mdBjFIjek5A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cdc6c67f2a54696c9e6c4b3379bf32a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cdc6c67f2a54696c9e6c4b3379bf32a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbt.exec:\nhntbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrrrx.exec:\rflrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtnh.exec:\hnbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddv.exec:\jvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlfxf.exec:\llxlfxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbttb.exec:\hnbttb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvppv.exec:\vvppv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxffxf.exec:\xlxffxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lxlfxf.exec:\1lxlfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhhtn.exec:\9nhhtn.exe17⤵
- Executes dropped EXE
-
\??\c:\1djdd.exec:\1djdd.exe18⤵
- Executes dropped EXE
-
\??\c:\fxrxffl.exec:\fxrxffl.exe19⤵
- Executes dropped EXE
-
\??\c:\flrlxxx.exec:\flrlxxx.exe20⤵
- Executes dropped EXE
-
\??\c:\tbhnth.exec:\tbhnth.exe21⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe22⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe23⤵
- Executes dropped EXE
-
\??\c:\lrxllll.exec:\lrxllll.exe24⤵
- Executes dropped EXE
-
\??\c:\1xfrxrf.exec:\1xfrxrf.exe25⤵
- Executes dropped EXE
-
\??\c:\nhhbhh.exec:\nhhbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe28⤵
- Executes dropped EXE
-
\??\c:\rlxrrrr.exec:\rlxrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\7ntthb.exec:\7ntthb.exe30⤵
- Executes dropped EXE
-
\??\c:\5bttnh.exec:\5bttnh.exe31⤵
- Executes dropped EXE
-
\??\c:\jddpd.exec:\jddpd.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrrllr.exec:\rfrrllr.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbhtb.exec:\hnbhtb.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe36⤵
- Executes dropped EXE
-
\??\c:\pdpjj.exec:\pdpjj.exe37⤵
- Executes dropped EXE
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\1ffrlff.exec:\1ffrlff.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe40⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe41⤵
- Executes dropped EXE
-
\??\c:\9ddjv.exec:\9ddjv.exe42⤵
- Executes dropped EXE
-
\??\c:\5djjv.exec:\5djjv.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxfllr.exec:\lfxfllr.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhnnn.exec:\tnhnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe46⤵
- Executes dropped EXE
-
\??\c:\3rrrxxx.exec:\3rrrxxx.exe47⤵
- Executes dropped EXE
-
\??\c:\7rfxllx.exec:\7rfxllx.exe48⤵
- Executes dropped EXE
-
\??\c:\rrxxlff.exec:\rrxxlff.exe49⤵
- Executes dropped EXE
-
\??\c:\nbnnbn.exec:\nbnnbn.exe50⤵
- Executes dropped EXE
-
\??\c:\5jjjj.exec:\5jjjj.exe51⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe52⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe53⤵
- Executes dropped EXE
-
\??\c:\3rfxxxf.exec:\3rfxxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\7bhthb.exec:\7bhthb.exe55⤵
- Executes dropped EXE
-
\??\c:\nbbbnt.exec:\nbbbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vpvpp.exec:\vpvpp.exe57⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe58⤵
- Executes dropped EXE
-
\??\c:\lxllrfr.exec:\lxllrfr.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrrlxf.exec:\rlrrlxf.exe60⤵
- Executes dropped EXE
-
\??\c:\thtnnn.exec:\thtnnn.exe61⤵
- Executes dropped EXE
-
\??\c:\tntbhb.exec:\tntbhb.exe62⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe64⤵
- Executes dropped EXE
-
\??\c:\3lrffrx.exec:\3lrffrx.exe65⤵
- Executes dropped EXE
-
\??\c:\xxlxflr.exec:\xxlxflr.exe66⤵
-
\??\c:\nbtbbb.exec:\nbtbbb.exe67⤵
-
\??\c:\3thttn.exec:\3thttn.exe68⤵
-
\??\c:\1hbbbh.exec:\1hbbbh.exe69⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe70⤵
-
\??\c:\9vjdv.exec:\9vjdv.exe71⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe72⤵
-
\??\c:\nbbnht.exec:\nbbnht.exe73⤵
-
\??\c:\tbnnnn.exec:\tbnnnn.exe74⤵
-
\??\c:\ntthtb.exec:\ntthtb.exe75⤵
-
\??\c:\9pdvp.exec:\9pdvp.exe76⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe77⤵
-
\??\c:\3lxxflf.exec:\3lxxflf.exe78⤵
-
\??\c:\xlrxxfl.exec:\xlrxxfl.exe79⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe80⤵
-
\??\c:\3htbnt.exec:\3htbnt.exe81⤵
-
\??\c:\pjvpp.exec:\pjvpp.exe82⤵
-
\??\c:\dddjj.exec:\dddjj.exe83⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe84⤵
-
\??\c:\xxxxfrl.exec:\xxxxfrl.exe85⤵
-
\??\c:\xlxxfff.exec:\xlxxfff.exe86⤵
-
\??\c:\1ntnnh.exec:\1ntnnh.exe87⤵
-
\??\c:\7bnntn.exec:\7bnntn.exe88⤵
-
\??\c:\thnhbt.exec:\thnhbt.exe89⤵
-
\??\c:\5vvvp.exec:\5vvvp.exe90⤵
-
\??\c:\3vjdj.exec:\3vjdj.exe91⤵
-
\??\c:\dvppp.exec:\dvppp.exe92⤵
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe93⤵
-
\??\c:\lfrfxfl.exec:\lfrfxfl.exe94⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe95⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe96⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe97⤵
-
\??\c:\jdpdd.exec:\jdpdd.exe98⤵
-
\??\c:\rlllflx.exec:\rlllflx.exe99⤵
-
\??\c:\fxfffll.exec:\fxfffll.exe100⤵
-
\??\c:\lxfflff.exec:\lxfflff.exe101⤵
-
\??\c:\9hnnhn.exec:\9hnnhn.exe102⤵
-
\??\c:\thbbnn.exec:\thbbnn.exe103⤵
-
\??\c:\3vvdd.exec:\3vvdd.exe104⤵
-
\??\c:\3jdpp.exec:\3jdpp.exe105⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe106⤵
-
\??\c:\frfffff.exec:\frfffff.exe107⤵
-
\??\c:\lxflrrr.exec:\lxflrrr.exe108⤵
-
\??\c:\htbhhh.exec:\htbhhh.exe109⤵
-
\??\c:\bnhntt.exec:\bnhntt.exe110⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe111⤵
-
\??\c:\ppdvv.exec:\ppdvv.exe112⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe113⤵
-
\??\c:\xllllff.exec:\xllllff.exe114⤵
-
\??\c:\xrxlrlx.exec:\xrxlrlx.exe115⤵
-
\??\c:\htnntt.exec:\htnntt.exe116⤵
-
\??\c:\ttthnb.exec:\ttthnb.exe117⤵
-
\??\c:\hthntt.exec:\hthntt.exe118⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe119⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe120⤵
-
\??\c:\fxflxfl.exec:\fxflxfl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-