Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14-05-2024 21:15
General
-
Target
29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
29557fc4e2a787e47b1b273b6c1e6cd0
-
SHA1
a31348ffac3f127ad62bb8e3727a974c208297d8
-
SHA256
9019160c4635e3bfa014dc6c28d633ad02bd60db21ffa275e5c17a5123a2b625
-
SHA512
1a5fcc8219745646e264e038fc9280767da40d7195dbce988542479d3afa46f152423ff6043fe05b20d5baa76693b9133e12cf1bb0588c4d6a494b269082bc8c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5rINQ:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCuS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\29557fc4e2a787e47b1b273b6c1e6cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjd.exec:\5ppjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxllr.exec:\rlrxllr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbnhh.exec:\9tbnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdj.exec:\ddpdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnhn.exec:\tnbnhn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvj.exec:\pvjvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpp.exec:\jdjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflllx.exec:\rfflllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxfl.exec:\lfrrxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthbn.exec:\htthbn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxxfrf.exec:\9rxxfrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtthb.exec:\hhtthb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbhb.exec:\ttbbhb.exe17⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe18⤵
- Executes dropped EXE
-
\??\c:\5rfrxfl.exec:\5rfrxfl.exe19⤵
- Executes dropped EXE
-
\??\c:\lxllxxl.exec:\lxllxxl.exe20⤵
- Executes dropped EXE
-
\??\c:\bbnbth.exec:\bbnbth.exe21⤵
- Executes dropped EXE
-
\??\c:\btnbht.exec:\btnbht.exe22⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe23⤵
- Executes dropped EXE
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrxlrl.exec:\rlrxlrl.exe25⤵
- Executes dropped EXE
-
\??\c:\7nbtbn.exec:\7nbtbn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\7tnhth.exec:\7tnhth.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe30⤵
- Executes dropped EXE
-
\??\c:\lxrxflx.exec:\lxrxflx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbntb.exec:\hhbntb.exe32⤵
- Executes dropped EXE
-
\??\c:\hbbbnt.exec:\hbbbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe34⤵
-
\??\c:\rrxrxlx.exec:\rrxrxlx.exe35⤵
- Executes dropped EXE
-
\??\c:\llxllff.exec:\llxllff.exe36⤵
- Executes dropped EXE
-
\??\c:\lrxrfrr.exec:\lrxrfrr.exe37⤵
- Executes dropped EXE
-
\??\c:\ttthtb.exec:\ttthtb.exe38⤵
- Executes dropped EXE
-
\??\c:\3hthnt.exec:\3hthnt.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\7vjvj.exec:\7vjvj.exe41⤵
- Executes dropped EXE
-
\??\c:\xlrllfl.exec:\xlrllfl.exe42⤵
- Executes dropped EXE
-
\??\c:\1frlxlx.exec:\1frlxlx.exe43⤵
- Executes dropped EXE
-
\??\c:\fxxfrlx.exec:\fxxfrlx.exe44⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe45⤵
- Executes dropped EXE
-
\??\c:\bnhnnh.exec:\bnhnnh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe47⤵
- Executes dropped EXE
-
\??\c:\7dvpv.exec:\7dvpv.exe48⤵
- Executes dropped EXE
-
\??\c:\flrfxlr.exec:\flrfxlr.exe49⤵
- Executes dropped EXE
-
\??\c:\xrxllfr.exec:\xrxllfr.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbbnb.exec:\tnbbnb.exe51⤵
- Executes dropped EXE
-
\??\c:\htnnhn.exec:\htnnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\7ntbhh.exec:\7ntbhh.exe53⤵
- Executes dropped EXE
-
\??\c:\5pvdd.exec:\5pvdd.exe54⤵
- Executes dropped EXE
-
\??\c:\9llrxfr.exec:\9llrxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\7xlxfxf.exec:\7xlxfxf.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe57⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\9dvjj.exec:\9dvjj.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlxrlr.exec:\rrlxrlr.exe61⤵
- Executes dropped EXE
-
\??\c:\xlxfllr.exec:\xlxfllr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhthbb.exec:\nhthbb.exe63⤵
- Executes dropped EXE
-
\??\c:\nhtbbb.exec:\nhtbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\3vvdv.exec:\3vvdv.exe66⤵
- Executes dropped EXE
-
\??\c:\9lrrffr.exec:\9lrrffr.exe67⤵
-
\??\c:\bnhntn.exec:\bnhntn.exe68⤵
-
\??\c:\9hbhbb.exec:\9hbhbb.exe69⤵
-
\??\c:\7htbnt.exec:\7htbnt.exe70⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe71⤵
-
\??\c:\jvdvd.exec:\jvdvd.exe72⤵
-
\??\c:\5ddjd.exec:\5ddjd.exe73⤵
-
\??\c:\xrflffr.exec:\xrflffr.exe74⤵
-
\??\c:\llflfrl.exec:\llflfrl.exe75⤵
-
\??\c:\lfxxrfr.exec:\lfxxrfr.exe76⤵
-
\??\c:\htbnbt.exec:\htbnbt.exe77⤵
-
\??\c:\5bbtht.exec:\5bbtht.exe78⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe79⤵
-
\??\c:\dvdvj.exec:\dvdvj.exe80⤵
-
\??\c:\5djjj.exec:\5djjj.exe81⤵
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe82⤵
-
\??\c:\rfffrrx.exec:\rfffrrx.exe83⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe84⤵
-
\??\c:\nnnbhn.exec:\nnnbhn.exe85⤵
-
\??\c:\htnnbn.exec:\htnnbn.exe86⤵
-
\??\c:\jdddj.exec:\jdddj.exe87⤵
-
\??\c:\jpvdd.exec:\jpvdd.exe88⤵
-
\??\c:\fxlxllx.exec:\fxlxllx.exe89⤵
-
\??\c:\flfrxxf.exec:\flfrxxf.exe90⤵
-
\??\c:\fxfxrrr.exec:\fxfxrrr.exe91⤵
-
\??\c:\nnnntb.exec:\nnnntb.exe92⤵
-
\??\c:\lrxlxll.exec:\lrxlxll.exe93⤵
-
\??\c:\llfrxxx.exec:\llfrxxx.exe94⤵
-
\??\c:\nbtbnn.exec:\nbtbnn.exe95⤵
-
\??\c:\rlxflrx.exec:\rlxflrx.exe96⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe97⤵
-
\??\c:\jvpvd.exec:\jvpvd.exe98⤵
-
\??\c:\9xxxrrl.exec:\9xxxrrl.exe99⤵
-
\??\c:\llxlrfr.exec:\llxlrfr.exe100⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe101⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe102⤵
-
\??\c:\fxxxllx.exec:\fxxxllx.exe103⤵
-
\??\c:\1ttnbt.exec:\1ttnbt.exe104⤵
-
\??\c:\1djjp.exec:\1djjp.exe105⤵
-
\??\c:\xfrlrrr.exec:\xfrlrrr.exe106⤵
-
\??\c:\1rrlxlf.exec:\1rrlxlf.exe107⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe108⤵
-
\??\c:\pvjdv.exec:\pvjdv.exe109⤵
-
\??\c:\7lrfrfr.exec:\7lrfrfr.exe110⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe111⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe112⤵
-
\??\c:\bhbhbt.exec:\bhbhbt.exe113⤵
-
\??\c:\bbttht.exec:\bbttht.exe114⤵
-
\??\c:\jdppd.exec:\jdppd.exe115⤵
-
\??\c:\9vpvp.exec:\9vpvp.exe116⤵
-
\??\c:\3xxllfx.exec:\3xxllfx.exe117⤵
-
\??\c:\3lflxxl.exec:\3lflxxl.exe118⤵
-
\??\c:\nthnnt.exec:\nthnnt.exe119⤵
-
\??\c:\bbnbhn.exec:\bbnbhn.exe120⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-