Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
15-05-2024 14:09
General
-
Target
d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe
-
Size
56KB
-
MD5
d5afc026b48989055c3f50b560cfd590
-
SHA1
5b2001b50e115b9041029c0af803c0473ceb608c
-
SHA256
ac7caee2cc7011864bcdda6102cbe3a8274eb671788e0de5c1a70542ddbe8673
-
SHA512
9bdef22fbad5cbd8a80a5cdb4c67790c6bcc564126f22d3f1b8862f087ae94ef14ca886622874f6f213094eb72722d485720bf725d8507a5f53f4b9fb7911740
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb6tZ9bO:ymb3NkkiQ3mdBjFIb6tZNO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d5afc026b48989055c3f50b560cfd590_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfrxl.exec:\xrxfrxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnttb.exec:\nhnttb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxrrr.exec:\xrxxrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhn.exec:\btbbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhnnn.exec:\hbhnnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jpdv.exec:\5jpdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrflr.exec:\fxrrflr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtb.exec:\nhbhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttb.exec:\nhtttb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvp.exec:\dvjvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rflrlr.exec:\1rflrlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfff.exec:\rlflfff.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbbtt.exec:\9hbbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpv.exec:\vvjpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jdjv.exec:\1jdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\fflrllx.exec:\fflrllx.exe18⤵
- Executes dropped EXE
-
\??\c:\tntnbh.exec:\tntnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\5nbnhh.exec:\5nbnhh.exe20⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\9vpjp.exec:\9vpjp.exe22⤵
- Executes dropped EXE
-
\??\c:\xrffxrx.exec:\xrffxrx.exe23⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\1ntbht.exec:\1ntbht.exe25⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\7pvvj.exec:\7pvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\llxflrf.exec:\llxflrf.exe28⤵
- Executes dropped EXE
-
\??\c:\3nbhbb.exec:\3nbhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe30⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe31⤵
- Executes dropped EXE
-
\??\c:\9xrlrxl.exec:\9xrlrxl.exe32⤵
- Executes dropped EXE
-
\??\c:\5rxxlrl.exec:\5rxxlrl.exe33⤵
- Executes dropped EXE
-
\??\c:\hhbbhh.exec:\hhbbhh.exe34⤵
- Executes dropped EXE
-
\??\c:\7jvdd.exec:\7jvdd.exe35⤵
- Executes dropped EXE
-
\??\c:\7vpjj.exec:\7vpjj.exe36⤵
- Executes dropped EXE
-
\??\c:\9xxfrrf.exec:\9xxfrrf.exe37⤵
- Executes dropped EXE
-
\??\c:\xrllxfl.exec:\xrllxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe39⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe40⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe41⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\1lxlxfl.exec:\1lxlxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\bthnhh.exec:\bthnhh.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnnnt.exec:\nhnnnt.exe46⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe47⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe48⤵
- Executes dropped EXE
-
\??\c:\fffxflf.exec:\fffxflf.exe49⤵
- Executes dropped EXE
-
\??\c:\5lxlxrx.exec:\5lxlxrx.exe50⤵
- Executes dropped EXE
-
\??\c:\hbbbbh.exec:\hbbbbh.exe51⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe53⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\frfxfll.exec:\frfxfll.exe55⤵
- Executes dropped EXE
-
\??\c:\9lflrxf.exec:\9lflrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\3htbnn.exec:\3htbnn.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbtbt.exec:\bnbtbt.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe59⤵
- Executes dropped EXE
-
\??\c:\dddjd.exec:\dddjd.exe60⤵
- Executes dropped EXE
-
\??\c:\xllxfll.exec:\xllxfll.exe61⤵
- Executes dropped EXE
-
\??\c:\lflrfxl.exec:\lflrfxl.exe62⤵
- Executes dropped EXE
-
\??\c:\hbhnhn.exec:\hbhnhn.exe63⤵
- Executes dropped EXE
-
\??\c:\9bnbhh.exec:\9bnbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe65⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe66⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe67⤵
-
\??\c:\hbntnh.exec:\hbntnh.exe68⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe69⤵
-
\??\c:\5dvdj.exec:\5dvdj.exe70⤵
-
\??\c:\1dppp.exec:\1dppp.exe71⤵
-
\??\c:\fxlxlrr.exec:\fxlxlrr.exe72⤵
-
\??\c:\fxlfflr.exec:\fxlfflr.exe73⤵
-
\??\c:\7bnnhn.exec:\7bnnhn.exe74⤵
-
\??\c:\5nnbhh.exec:\5nnbhh.exe75⤵
-
\??\c:\1jdpd.exec:\1jdpd.exe76⤵
-
\??\c:\jdppd.exec:\jdppd.exe77⤵
-
\??\c:\fxfrflx.exec:\fxfrflx.exe78⤵
-
\??\c:\lxllrxl.exec:\lxllrxl.exe79⤵
-
\??\c:\btntht.exec:\btntht.exe80⤵
-
\??\c:\tnbnnn.exec:\tnbnnn.exe81⤵
-
\??\c:\pdjvd.exec:\pdjvd.exe82⤵
-
\??\c:\ppdvd.exec:\ppdvd.exe83⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe84⤵
-
\??\c:\xxlllfl.exec:\xxlllfl.exe85⤵
-
\??\c:\9flflll.exec:\9flflll.exe86⤵
-
\??\c:\nhhnth.exec:\nhhnth.exe87⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe88⤵
-
\??\c:\9jjpp.exec:\9jjpp.exe89⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe90⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe91⤵
-
\??\c:\rfrrllx.exec:\rfrrllx.exe92⤵
-
\??\c:\btbnbt.exec:\btbnbt.exe93⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe94⤵
-
\??\c:\jdddp.exec:\jdddp.exe95⤵
-
\??\c:\pdppd.exec:\pdppd.exe96⤵
-
\??\c:\xlflxfl.exec:\xlflxfl.exe97⤵
-
\??\c:\xrxxllr.exec:\xrxxllr.exe98⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe99⤵
-
\??\c:\3btthn.exec:\3btthn.exe100⤵
-
\??\c:\9pdjv.exec:\9pdjv.exe101⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe102⤵
-
\??\c:\lfllllr.exec:\lfllllr.exe103⤵
-
\??\c:\fxfrxfr.exec:\fxfrxfr.exe104⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe105⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe106⤵
-
\??\c:\dpvdd.exec:\dpvdd.exe107⤵
-
\??\c:\7pppv.exec:\7pppv.exe108⤵
-
\??\c:\frllllr.exec:\frllllr.exe109⤵
-
\??\c:\rlxfrxr.exec:\rlxfrxr.exe110⤵
-
\??\c:\tttbhb.exec:\tttbhb.exe111⤵
-
\??\c:\tnbnbn.exec:\tnbnbn.exe112⤵
-
\??\c:\hnbhtb.exec:\hnbhtb.exe113⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe114⤵
-
\??\c:\pdppp.exec:\pdppp.exe115⤵
-
\??\c:\frxfrrf.exec:\frxfrrf.exe116⤵
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe117⤵
-
\??\c:\tnbhtt.exec:\tnbhtt.exe118⤵
-
\??\c:\hthhbb.exec:\hthhbb.exe119⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe120⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-