Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
15-05-2024 04:17
General
-
Target
7a7f48809ec52685607d441572d7d3a0_NeikiAnalytics.exe
-
Size
103KB
-
MD5
7a7f48809ec52685607d441572d7d3a0
-
SHA1
1d459fe86d385434bbe27080c088b9cc889c77b5
-
SHA256
c2a5cbf5883f5c22238d23ed0c6ce02f208cf996247df042a4a67601f1b02523
-
SHA512
eb2628ab15114c0c5c6077c915ac7dc7d463243ade3e74845b77104870e29ab3c4884ce8f3fd3fef1409b3087ff07b8432779848a7e59303bc9b10483d64dc48
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFbUZJjw5Ivov1d3ZdpQm6hx:9hOmTsF93UYfwC6GIoutz5yLpRDN6hx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 48 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a7f48809ec52685607d441572d7d3a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7a7f48809ec52685607d441572d7d3a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllxxl.exec:\fxllxxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbnb.exec:\bhbbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjjp.exec:\pdjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflffxr.exec:\fflffxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbbtn.exec:\nbbbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jvvd.exec:\1jvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxflrrx.exec:\lxflrrx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxflrx.exec:\1fxflrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbbbt.exec:\1tbbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxflx.exec:\lxrxflx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvv.exec:\pdvvv.exe17⤵
- Executes dropped EXE
-
\??\c:\rrfrrxf.exec:\rrfrrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\5nnttt.exec:\5nnttt.exe19⤵
- Executes dropped EXE
-
\??\c:\bhbnht.exec:\bhbnht.exe20⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe21⤵
- Executes dropped EXE
-
\??\c:\fxlrrxf.exec:\fxlrrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\xlxxflr.exec:\xlxxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\9tbbhb.exec:\9tbbhb.exe24⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xfllfxx.exec:\xfllfxx.exe27⤵
- Executes dropped EXE
-
\??\c:\nbhntb.exec:\nbhntb.exe28⤵
- Executes dropped EXE
-
\??\c:\1vdjd.exec:\1vdjd.exe29⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxffll.exec:\rlxffll.exe31⤵
- Executes dropped EXE
-
\??\c:\3httbh.exec:\3httbh.exe32⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe33⤵
- Executes dropped EXE
-
\??\c:\1ddvd.exec:\1ddvd.exe34⤵
- Executes dropped EXE
-
\??\c:\flrrrrr.exec:\flrrrrr.exe35⤵
- Executes dropped EXE
-
\??\c:\frxrrll.exec:\frxrrll.exe36⤵
-
\??\c:\nbtbhh.exec:\nbtbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe39⤵
- Executes dropped EXE
-
\??\c:\rffffxl.exec:\rffffxl.exe40⤵
- Executes dropped EXE
-
\??\c:\frxffff.exec:\frxffff.exe41⤵
- Executes dropped EXE
-
\??\c:\3bttbt.exec:\3bttbt.exe42⤵
- Executes dropped EXE
-
\??\c:\xflffrx.exec:\xflffrx.exe43⤵
- Executes dropped EXE
-
\??\c:\xrflrfx.exec:\xrflrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\htbnhb.exec:\htbnhb.exe45⤵
- Executes dropped EXE
-
\??\c:\tbnttt.exec:\tbnttt.exe46⤵
- Executes dropped EXE
-
\??\c:\5vvdj.exec:\5vvdj.exe47⤵
- Executes dropped EXE
-
\??\c:\3pvpp.exec:\3pvpp.exe48⤵
- Executes dropped EXE
-
\??\c:\frfxfxf.exec:\frfxfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\rllfrxx.exec:\rllfrxx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe51⤵
- Executes dropped EXE
-
\??\c:\1hbnhh.exec:\1hbnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\7jdpj.exec:\7jdpj.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe54⤵
- Executes dropped EXE
-
\??\c:\ffrxlfr.exec:\ffrxlfr.exe55⤵
- Executes dropped EXE
-
\??\c:\lrfxfrr.exec:\lrfxfrr.exe56⤵
- Executes dropped EXE
-
\??\c:\hhbnbn.exec:\hhbnbn.exe57⤵
- Executes dropped EXE
-
\??\c:\tnbhnh.exec:\tnbhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\ttbhnn.exec:\ttbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvdd.exec:\pjvdd.exe60⤵
- Executes dropped EXE
-
\??\c:\xxflxlf.exec:\xxflxlf.exe61⤵
- Executes dropped EXE
-
\??\c:\xrxrrrl.exec:\xrxrrrl.exe62⤵
- Executes dropped EXE
-
\??\c:\bnhnbb.exec:\bnhnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\ttthnb.exec:\ttthnb.exe64⤵
- Executes dropped EXE
-
\??\c:\vjvpj.exec:\vjvpj.exe65⤵
- Executes dropped EXE
-
\??\c:\vjjpv.exec:\vjjpv.exe66⤵
- Executes dropped EXE
-
\??\c:\lrrrfrr.exec:\lrrrfrr.exe67⤵
-
\??\c:\9xrxxxr.exec:\9xrxxxr.exe68⤵
-
\??\c:\bbhttt.exec:\bbhttt.exe69⤵
-
\??\c:\5hthtt.exec:\5hthtt.exe70⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe71⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe72⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe73⤵
-
\??\c:\xxfxfxf.exec:\xxfxfxf.exe74⤵
-
\??\c:\thbntb.exec:\thbntb.exe75⤵
-
\??\c:\bntbhh.exec:\bntbhh.exe76⤵
-
\??\c:\pppvv.exec:\pppvv.exe77⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe78⤵
-
\??\c:\1frlrrx.exec:\1frlrrx.exe79⤵
-
\??\c:\nhtbht.exec:\nhtbht.exe80⤵
-
\??\c:\5bnttb.exec:\5bnttb.exe81⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵
-
\??\c:\pdppp.exec:\pdppp.exe83⤵
-
\??\c:\lfrlfll.exec:\lfrlfll.exe84⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe85⤵
-
\??\c:\tnbthh.exec:\tnbthh.exe86⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe87⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe88⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe89⤵
-
\??\c:\5flrxfx.exec:\5flrxfx.exe90⤵
-
\??\c:\7hbhnt.exec:\7hbhnt.exe91⤵
-
\??\c:\9btthb.exec:\9btthb.exe92⤵
-
\??\c:\hbhnbn.exec:\hbhnbn.exe93⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe94⤵
-
\??\c:\7vjvv.exec:\7vjvv.exe95⤵
-
\??\c:\9rrfrrf.exec:\9rrfrrf.exe96⤵
-
\??\c:\frflxfr.exec:\frflxfr.exe97⤵
-
\??\c:\ttthhh.exec:\ttthhh.exe98⤵
-
\??\c:\nnhttt.exec:\nnhttt.exe99⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe100⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe101⤵
-
\??\c:\xlxffrl.exec:\xlxffrl.exe102⤵
-
\??\c:\fxlxrrf.exec:\fxlxrrf.exe103⤵
-
\??\c:\rffflfl.exec:\rffflfl.exe104⤵
-
\??\c:\thbtnn.exec:\thbtnn.exe105⤵
-
\??\c:\3nbbhb.exec:\3nbbhb.exe106⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe107⤵
-
\??\c:\jvppj.exec:\jvppj.exe108⤵
-
\??\c:\rrrxffl.exec:\rrrxffl.exe109⤵
-
\??\c:\5rxxfxf.exec:\5rxxfxf.exe110⤵
-
\??\c:\3btbnh.exec:\3btbnh.exe111⤵
-
\??\c:\thhnnt.exec:\thhnnt.exe112⤵
-
\??\c:\1vpvj.exec:\1vpvj.exe113⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe114⤵
-
\??\c:\5xlxlrx.exec:\5xlxlrx.exe115⤵
-
\??\c:\frlffxx.exec:\frlffxx.exe116⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe117⤵
-
\??\c:\5bnttt.exec:\5bnttt.exe118⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe119⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe120⤵
-
\??\c:\5xxflrf.exec:\5xxflrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-