Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
15/05/2024, 02:52
General
-
Target
6a05a2ce027efc00c6481e718628dde0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
6a05a2ce027efc00c6481e718628dde0
-
SHA1
99c483e65b72eea9928668e63a15e70b9cff2c8e
-
SHA256
bd4a51c2f2aca70a9ab95a8d93f4f4feedbcb6a8f98e9fd0644286a3ace3b999
-
SHA512
02c38aab8431758a55de0a97c158d2a83adbe8dca8a9760ee712245ded5dd74bfbd1474e2fbd6e790ada1bfb924378445fd9f20653b9c91fec9c238f1726732b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo7xCkTsIwtOa2dYS8nj/R:ymb3NkkiQ3mdBjFo7LAIbT6jJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a05a2ce027efc00c6481e718628dde0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a05a2ce027efc00c6481e718628dde0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnhn.exec:\hbtnhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdp.exec:\ddvdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfllr.exec:\rlxfllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthbhb.exec:\nthbhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppv.exec:\pvppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrlxfr.exec:\ffrlxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxrfrx.exec:\rrxrfrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thnbh.exec:\5thnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjv.exec:\jjdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddj.exec:\5pddj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxxxfx.exec:\rxxxxfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnhn.exec:\nnhnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbhn.exec:\5nbbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrlf.exec:\rlxxrlf.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrrflx.exec:\lfrrflx.exe18⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe20⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrxxfx.exec:\fxrxxfx.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\hbhntn.exec:\hbhntn.exe24⤵
- Executes dropped EXE
-
\??\c:\7hbhhh.exec:\7hbhhh.exe25⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\9xflllr.exec:\9xflllr.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\3thntb.exec:\3thntb.exe29⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\1pjpd.exec:\1pjpd.exe31⤵
- Executes dropped EXE
-
\??\c:\1ffflrf.exec:\1ffflrf.exe32⤵
- Executes dropped EXE
-
\??\c:\5tnhtb.exec:\5tnhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe35⤵
- Executes dropped EXE
-
\??\c:\1dvjp.exec:\1dvjp.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe37⤵
- Executes dropped EXE
-
\??\c:\rlfflrf.exec:\rlfflrf.exe38⤵
- Executes dropped EXE
-
\??\c:\3hbbbb.exec:\3hbbbb.exe39⤵
- Executes dropped EXE
-
\??\c:\hbhtnt.exec:\hbhtnt.exe40⤵
- Executes dropped EXE
-
\??\c:\5htnbt.exec:\5htnbt.exe41⤵
- Executes dropped EXE
-
\??\c:\3dppp.exec:\3dppp.exe42⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\9xfxfxr.exec:\9xfxfxr.exe44⤵
- Executes dropped EXE
-
\??\c:\lffflrr.exec:\lffflrr.exe45⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe46⤵
- Executes dropped EXE
-
\??\c:\tbnhbb.exec:\tbnhbb.exe47⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\5xxlrrx.exec:\5xxlrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9xlxxfl.exec:\9xlxxfl.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe52⤵
- Executes dropped EXE
-
\??\c:\bnbhbb.exec:\bnbhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\pjvpp.exec:\pjvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe55⤵
- Executes dropped EXE
-
\??\c:\9xrxlfr.exec:\9xrxlfr.exe56⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe58⤵
- Executes dropped EXE
-
\??\c:\ppdvv.exec:\ppdvv.exe59⤵
- Executes dropped EXE
-
\??\c:\rfxfffl.exec:\rfxfffl.exe60⤵
- Executes dropped EXE
-
\??\c:\frlxlfl.exec:\frlxlfl.exe61⤵
- Executes dropped EXE
-
\??\c:\thhbbt.exec:\thhbbt.exe62⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\7vjdj.exec:\7vjdj.exe64⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxrxlf.exec:\rxxrxlf.exe66⤵
-
\??\c:\rrlxflr.exec:\rrlxflr.exe67⤵
-
\??\c:\nhbnnb.exec:\nhbnnb.exe68⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe69⤵
-
\??\c:\vjdjj.exec:\vjdjj.exe70⤵
-
\??\c:\lxrxxxf.exec:\lxrxxxf.exe71⤵
-
\??\c:\9xllrlr.exec:\9xllrlr.exe72⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe73⤵
-
\??\c:\9tbbnh.exec:\9tbbnh.exe74⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe75⤵
-
\??\c:\7pddd.exec:\7pddd.exe76⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe77⤵
-
\??\c:\rlxflrf.exec:\rlxflrf.exe78⤵
-
\??\c:\rlfflfl.exec:\rlfflfl.exe79⤵
-
\??\c:\hnnhtn.exec:\hnnhtn.exe80⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe81⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe82⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe83⤵
-
\??\c:\vdvjj.exec:\vdvjj.exe84⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe85⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe86⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe87⤵
-
\??\c:\dpppd.exec:\dpppd.exe88⤵
-
\??\c:\jvpdv.exec:\jvpdv.exe89⤵
-
\??\c:\5vjvv.exec:\5vjvv.exe90⤵
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe91⤵
-
\??\c:\xlrxxxf.exec:\xlrxxxf.exe92⤵
-
\??\c:\btnntb.exec:\btnntb.exe93⤵
-
\??\c:\5nbnhb.exec:\5nbnhb.exe94⤵
-
\??\c:\5jddj.exec:\5jddj.exe95⤵
-
\??\c:\9vppv.exec:\9vppv.exe96⤵
-
\??\c:\rlxlxfx.exec:\rlxlxfx.exe97⤵
-
\??\c:\lrrllll.exec:\lrrllll.exe98⤵
-
\??\c:\nhnhnh.exec:\nhnhnh.exe99⤵
-
\??\c:\nhntbt.exec:\nhntbt.exe100⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe101⤵
-
\??\c:\vpddj.exec:\vpddj.exe102⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe103⤵
-
\??\c:\rfxxffr.exec:\rfxxffr.exe104⤵
-
\??\c:\xrlfxlx.exec:\xrlfxlx.exe105⤵
-
\??\c:\7bhnbn.exec:\7bhnbn.exe106⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe107⤵
-
\??\c:\1vppp.exec:\1vppp.exe108⤵
-
\??\c:\jdddd.exec:\jdddd.exe109⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe110⤵
-
\??\c:\frlflff.exec:\frlflff.exe111⤵
-
\??\c:\xrffxff.exec:\xrffxff.exe112⤵
-
\??\c:\7htbhh.exec:\7htbhh.exe113⤵
-
\??\c:\nhhntn.exec:\nhhntn.exe114⤵
-
\??\c:\jdppv.exec:\jdppv.exe115⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe116⤵
-
\??\c:\9dpvd.exec:\9dpvd.exe117⤵
-
\??\c:\3rfxxfl.exec:\3rfxxfl.exe118⤵
-
\??\c:\xlxfffx.exec:\xlxfffx.exe119⤵
-
\??\c:\bthhhh.exec:\bthhhh.exe120⤵
-
\??\c:\bnthbb.exec:\bnthbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-