Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
15-05-2024 19:08
General
-
Target
1a6f27fd00e148bc8c10a7d2f73d4bd0_NeikiAnalytics.exe
-
Size
205KB
-
MD5
1a6f27fd00e148bc8c10a7d2f73d4bd0
-
SHA1
c80a8e2aa67203bb70cd055ee47f1935498d4393
-
SHA256
ba0a6549a5260a2c34be5180b4f0d6ecb30d82aea35ada67cfc210bbce78ce81
-
SHA512
19ffc25b232c6da2c8ad15273657833f7990967e956049a3c98f9ef27d5125a593ad086d4974ed25b4808472f27778e0a2f6c1f66399217c70295436a9bf9ba0
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVM1p6TQpCihJ:PhOm2sI93UufdC67ciJTU2HVS64hJ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a6f27fd00e148bc8c10a7d2f73d4bd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1a6f27fd00e148bc8c10a7d2f73d4bd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthhh.exec:\ttthhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhtnt.exec:\bhhtnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllffl.exec:\rrllffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbb.exec:\ttntbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dvvd.exec:\7dvvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjd.exec:\jdpjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxxf.exec:\fxfxxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxxrll.exec:\lrxxrll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bbhtn.exec:\5bbhtn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pjdj.exec:\9pjdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfl.exec:\xrflxfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnb.exec:\tnntnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpv.exec:\ppjpv.exe17⤵
- Executes dropped EXE
-
\??\c:\5rlrxrx.exec:\5rlrxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\3xrxlxr.exec:\3xrxlxr.exe19⤵
- Executes dropped EXE
-
\??\c:\hthhtt.exec:\hthhtt.exe20⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe21⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe22⤵
- Executes dropped EXE
-
\??\c:\rrlrffx.exec:\rrlrffx.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrfxxf.exec:\rfrfxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe25⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe26⤵
- Executes dropped EXE
-
\??\c:\1ppdp.exec:\1ppdp.exe27⤵
- Executes dropped EXE
-
\??\c:\5xrlfrr.exec:\5xrlfrr.exe28⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe29⤵
- Executes dropped EXE
-
\??\c:\5bnthh.exec:\5bnthh.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjdj.exec:\vdjdj.exe31⤵
- Executes dropped EXE
-
\??\c:\ffrfrlr.exec:\ffrfrlr.exe32⤵
- Executes dropped EXE
-
\??\c:\hhhnbh.exec:\hhhnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\7tbthn.exec:\7tbthn.exe34⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe35⤵
- Executes dropped EXE
-
\??\c:\7frfllf.exec:\7frfllf.exe36⤵
- Executes dropped EXE
-
\??\c:\9htbnt.exec:\9htbnt.exe37⤵
- Executes dropped EXE
-
\??\c:\bbhbbt.exec:\bbhbbt.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjpv.exec:\jvjpv.exe39⤵
- Executes dropped EXE
-
\??\c:\7rllxxl.exec:\7rllxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrfxlr.exec:\lfrfxlr.exe41⤵
- Executes dropped EXE
-
\??\c:\9tnbhh.exec:\9tnbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhhhb.exec:\nbhhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\pjvvp.exec:\pjvvp.exe44⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe45⤵
- Executes dropped EXE
-
\??\c:\rxlxlll.exec:\rxlxlll.exe46⤵
- Executes dropped EXE
-
\??\c:\xxlxrrf.exec:\xxlxrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\hhtbhb.exec:\hhtbhb.exe48⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvvd.exec:\jjvvd.exe51⤵
- Executes dropped EXE
-
\??\c:\llrxxrr.exec:\llrxxrr.exe52⤵
- Executes dropped EXE
-
\??\c:\rlrxflr.exec:\rlrxflr.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnhhh.exec:\ttnhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhttbh.exec:\nhttbh.exe55⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe56⤵
- Executes dropped EXE
-
\??\c:\lxrlfxf.exec:\lxrlfxf.exe57⤵
- Executes dropped EXE
-
\??\c:\xrxxllr.exec:\xrxxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\rflrxff.exec:\rflrxff.exe59⤵
- Executes dropped EXE
-
\??\c:\7tnhnh.exec:\7tnhnh.exe60⤵
- Executes dropped EXE
-
\??\c:\bhbttt.exec:\bhbttt.exe61⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe62⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\lxlflxx.exec:\lxlflxx.exe64⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhntt.exec:\tnhntt.exe66⤵
-
\??\c:\dpvdp.exec:\dpvdp.exe67⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe68⤵
-
\??\c:\llfxxxl.exec:\llfxxxl.exe69⤵
-
\??\c:\lfrfrxl.exec:\lfrfrxl.exe70⤵
-
\??\c:\lfrxffl.exec:\lfrxffl.exe71⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe72⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe73⤵
-
\??\c:\vjpvj.exec:\vjpvj.exe74⤵
-
\??\c:\dpjdj.exec:\dpjdj.exe75⤵
-
\??\c:\fxrlrff.exec:\fxrlrff.exe76⤵
-
\??\c:\nthnnb.exec:\nthnnb.exe77⤵
-
\??\c:\bbntbb.exec:\bbntbb.exe78⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe79⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe80⤵
-
\??\c:\xxllrxf.exec:\xxllrxf.exe81⤵
-
\??\c:\lxllxxf.exec:\lxllxxf.exe82⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe83⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe84⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe85⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe86⤵
-
\??\c:\rxrlflf.exec:\rxrlflf.exe87⤵
-
\??\c:\fxrfflf.exec:\fxrfflf.exe88⤵
-
\??\c:\9ttbhh.exec:\9ttbhh.exe89⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe90⤵
-
\??\c:\fxxxxrf.exec:\fxxxxrf.exe91⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe92⤵
-
\??\c:\nhnttb.exec:\nhnttb.exe93⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe94⤵
-
\??\c:\1lllllx.exec:\1lllllx.exe95⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe96⤵
-
\??\c:\ffllfrr.exec:\ffllfrr.exe97⤵
-
\??\c:\btbhnn.exec:\btbhnn.exe98⤵
-
\??\c:\1bhbhh.exec:\1bhbhh.exe99⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe100⤵
-
\??\c:\9xrfrrf.exec:\9xrfrrf.exe101⤵
-
\??\c:\9xflrrx.exec:\9xflrrx.exe102⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe103⤵
-
\??\c:\1xxrxxf.exec:\1xxrxxf.exe104⤵
-
\??\c:\flfrfrr.exec:\flfrfrr.exe105⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe106⤵
-
\??\c:\rrflfrx.exec:\rrflfrx.exe107⤵
-
\??\c:\nbhhhb.exec:\nbhhhb.exe108⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe109⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe110⤵
-
\??\c:\tnbtbn.exec:\tnbtbn.exe111⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe112⤵
-
\??\c:\jjpdv.exec:\jjpdv.exe113⤵
-
\??\c:\rlflffr.exec:\rlflffr.exe114⤵
-
\??\c:\7rxlfxx.exec:\7rxlfxx.exe115⤵
-
\??\c:\pdpdv.exec:\pdpdv.exe116⤵
-
\??\c:\flxrlfx.exec:\flxrlfx.exe117⤵
-
\??\c:\lllrrxx.exec:\lllrrxx.exe118⤵
-
\??\c:\tththn.exec:\tththn.exe119⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe120⤵
-
\??\c:\llfrlrl.exec:\llfrlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-