Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16/05/2024, 23:42
General
-
Target
5abf03ab66548363ebf3f3710993a740_NeikiAnalytics.exe
-
Size
201KB
-
MD5
5abf03ab66548363ebf3f3710993a740
-
SHA1
4097961fd8ad226ef7983979adec252bd75dec06
-
SHA256
5cd0305839d51de9bbef9562baaff2e4536057dc1b836a2bb5f62ae2611853af
-
SHA512
b1465108dc388304ee330c1cb494c31301b8061b4e2d3b2f1e4561f6f573c8a73ed45ea92165379d2de2f22ce63f1d5c3e17aad020771a51527636451a15e252
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVM1p6T79:PhOm2sI93UufdC67ciJTU2HVS639
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5abf03ab66548363ebf3f3710993a740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5abf03ab66548363ebf3f3710993a740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlxxf.exec:\xlxlxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvv.exec:\vpvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrffxr.exec:\llrffxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tnhnn.exec:\9tnhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpj.exec:\jvvpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlfrrf.exec:\rrlfrrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnbnh.exec:\htnbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlfllf.exec:\9xlfllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nnbhh.exec:\1nnbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjp.exec:\9djjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lffflx.exec:\9lffflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnhh.exec:\nhnnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pddj.exec:\7pddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrflr.exec:\rlfrflr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhntbn.exec:\hhntbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjp.exec:\ppjjp.exe17⤵
- Executes dropped EXE
-
\??\c:\fflfffx.exec:\fflfffx.exe18⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe20⤵
- Executes dropped EXE
-
\??\c:\llrxlxf.exec:\llrxlxf.exe21⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe22⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe23⤵
- Executes dropped EXE
-
\??\c:\3lxlllr.exec:\3lxlllr.exe24⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\lllrxrr.exec:\lllrxrr.exe26⤵
- Executes dropped EXE
-
\??\c:\llxflxr.exec:\llxflxr.exe27⤵
- Executes dropped EXE
-
\??\c:\3bhnbb.exec:\3bhnbb.exe28⤵
- Executes dropped EXE
-
\??\c:\5rlxllr.exec:\5rlxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\5htnhn.exec:\5htnhn.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\xrfrflx.exec:\xrfrflx.exe32⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe34⤵
- Executes dropped EXE
-
\??\c:\llxrflr.exec:\llxrflr.exe35⤵
- Executes dropped EXE
-
\??\c:\3hhnbh.exec:\3hhnbh.exe36⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe37⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\3lrxrxr.exec:\3lrxrxr.exe39⤵
- Executes dropped EXE
-
\??\c:\ffxfxfr.exec:\ffxfxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\ttntbh.exec:\ttntbh.exe41⤵
- Executes dropped EXE
-
\??\c:\1jdpd.exec:\1jdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\fffrxxx.exec:\fffrxxx.exe43⤵
- Executes dropped EXE
-
\??\c:\rrxllxf.exec:\rrxllxf.exe44⤵
- Executes dropped EXE
-
\??\c:\7thbhn.exec:\7thbhn.exe45⤵
- Executes dropped EXE
-
\??\c:\tttnbn.exec:\tttnbn.exe46⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\7pdpd.exec:\7pdpd.exe48⤵
- Executes dropped EXE
-
\??\c:\1bbnbn.exec:\1bbnbn.exe49⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe50⤵
- Executes dropped EXE
-
\??\c:\vdvvv.exec:\vdvvv.exe51⤵
- Executes dropped EXE
-
\??\c:\flxxlff.exec:\flxxlff.exe52⤵
- Executes dropped EXE
-
\??\c:\3tnntt.exec:\3tnntt.exe53⤵
- Executes dropped EXE
-
\??\c:\tbbtth.exec:\tbbtth.exe54⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe55⤵
- Executes dropped EXE
-
\??\c:\xrfrxff.exec:\xrfrxff.exe56⤵
- Executes dropped EXE
-
\??\c:\9frxffr.exec:\9frxffr.exe57⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe58⤵
- Executes dropped EXE
-
\??\c:\9pvvv.exec:\9pvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\xflxxxl.exec:\xflxxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\ffflflr.exec:\ffflflr.exe61⤵
- Executes dropped EXE
-
\??\c:\bbthnn.exec:\bbthnn.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjdj.exec:\pjjdj.exe63⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe64⤵
- Executes dropped EXE
-
\??\c:\llflllr.exec:\llflllr.exe65⤵
- Executes dropped EXE
-
\??\c:\bbbnhn.exec:\bbbnhn.exe66⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe67⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe68⤵
-
\??\c:\lrlrflr.exec:\lrlrflr.exe69⤵
-
\??\c:\frlllfr.exec:\frlllfr.exe70⤵
-
\??\c:\9thbhh.exec:\9thbhh.exe71⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe72⤵
-
\??\c:\xxflffl.exec:\xxflffl.exe73⤵
-
\??\c:\rlxrxxf.exec:\rlxrxxf.exe74⤵
-
\??\c:\3bbhhh.exec:\3bbhhh.exe75⤵
-
\??\c:\ppddp.exec:\ppddp.exe76⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe77⤵
-
\??\c:\3xxxffr.exec:\3xxxffr.exe78⤵
-
\??\c:\rlflrrf.exec:\rlflrrf.exe79⤵
-
\??\c:\5bbbnb.exec:\5bbbnb.exe80⤵
-
\??\c:\dddjd.exec:\dddjd.exe81⤵
-
\??\c:\lfrllrf.exec:\lfrllrf.exe82⤵
-
\??\c:\1llrflf.exec:\1llrflf.exe83⤵
-
\??\c:\bbbnht.exec:\bbbnht.exe84⤵
-
\??\c:\pjjvp.exec:\pjjvp.exe85⤵
-
\??\c:\ffrflrf.exec:\ffrflrf.exe86⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe87⤵
-
\??\c:\3nhbtn.exec:\3nhbtn.exe88⤵
-
\??\c:\dppvd.exec:\dppvd.exe89⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe90⤵
-
\??\c:\3lffllr.exec:\3lffllr.exe91⤵
-
\??\c:\tnhhtb.exec:\tnhhtb.exe92⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe93⤵
-
\??\c:\djvjp.exec:\djvjp.exe94⤵
-
\??\c:\xxxrfll.exec:\xxxrfll.exe95⤵
-
\??\c:\thbtnb.exec:\thbtnb.exe96⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe97⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe98⤵
-
\??\c:\ddjpp.exec:\ddjpp.exe99⤵
-
\??\c:\xrxxfxr.exec:\xrxxfxr.exe100⤵
-
\??\c:\7bhtnb.exec:\7bhtnb.exe101⤵
-
\??\c:\ddpdv.exec:\ddpdv.exe102⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe103⤵
-
\??\c:\lfrflrl.exec:\lfrflrl.exe104⤵
-
\??\c:\nnntth.exec:\nnntth.exe105⤵
-
\??\c:\1hnbhn.exec:\1hnbhn.exe106⤵
-
\??\c:\vjjvd.exec:\vjjvd.exe107⤵
-
\??\c:\flffllx.exec:\flffllx.exe108⤵
-
\??\c:\llfrxfx.exec:\llfrxfx.exe109⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe110⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe111⤵
-
\??\c:\pjddj.exec:\pjddj.exe112⤵
-
\??\c:\rrrfrxl.exec:\rrrfrxl.exe113⤵
-
\??\c:\9xfxlxf.exec:\9xfxlxf.exe114⤵
-
\??\c:\3btbhn.exec:\3btbhn.exe115⤵
-
\??\c:\dppvd.exec:\dppvd.exe116⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe117⤵
-
\??\c:\llxffrf.exec:\llxffrf.exe118⤵
-
\??\c:\hbtbth.exec:\hbtbth.exe119⤵
-
\??\c:\nthhht.exec:\nthhht.exe120⤵
-
\??\c:\djjjp.exec:\djjjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-