Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 01:38
General
-
Target
73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe
-
Size
56KB
-
MD5
73c91b6ad96ba89d3cec053c74a3eb20
-
SHA1
61223e2901d8f06be29b5afa4aba3b46f2ce2e23
-
SHA256
f5b48a39b32c914af616b0e10bd4c1d8495577c096598257fdca316d157027cb
-
SHA512
8a1c0e43ef114058f9cf017172658ad6d475f402aa1ea7bd1362a211e05cbca7978e6c9afbce3c098b88765e896ffc0ea7f9e33ddab02d644c21312ce0df3db4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVh:ymb3NkkiQ3mdBjF0crh
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\73c91b6ad96ba89d3cec053c74a3eb20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpv.exec:\pvjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264200.exec:\264200.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbnh.exec:\5nbbnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbnn.exec:\hbhbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4240668.exec:\4240668.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnnbb.exec:\5bnnbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvj.exec:\vpvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllflxx.exec:\fllflxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnbnt.exec:\3tnbnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbbbh.exec:\tbbbbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264644.exec:\264644.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjd.exec:\vjdjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthnn.exec:\btthnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64664.exec:\64664.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2062468.exec:\2062468.exe17⤵
- Executes dropped EXE
-
\??\c:\fxxxfxl.exec:\fxxxfxl.exe18⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe19⤵
- Executes dropped EXE
-
\??\c:\4206602.exec:\4206602.exe20⤵
- Executes dropped EXE
-
\??\c:\602806.exec:\602806.exe21⤵
- Executes dropped EXE
-
\??\c:\hbttbb.exec:\hbttbb.exe22⤵
- Executes dropped EXE
-
\??\c:\e46688.exec:\e46688.exe23⤵
- Executes dropped EXE
-
\??\c:\lrrlrrf.exec:\lrrlrrf.exe24⤵
- Executes dropped EXE
-
\??\c:\nhnntb.exec:\nhnntb.exe25⤵
- Executes dropped EXE
-
\??\c:\7hbtnn.exec:\7hbtnn.exe26⤵
- Executes dropped EXE
-
\??\c:\i206284.exec:\i206284.exe27⤵
- Executes dropped EXE
-
\??\c:\lrffllx.exec:\lrffllx.exe28⤵
- Executes dropped EXE
-
\??\c:\rlfflrx.exec:\rlfflrx.exe29⤵
- Executes dropped EXE
-
\??\c:\3bhbth.exec:\3bhbth.exe30⤵
- Executes dropped EXE
-
\??\c:\nbbthh.exec:\nbbthh.exe31⤵
- Executes dropped EXE
-
\??\c:\04840.exec:\04840.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\3jddp.exec:\3jddp.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe35⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe36⤵
- Executes dropped EXE
-
\??\c:\fxflxrl.exec:\fxflxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\9nntbb.exec:\9nntbb.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjdd.exec:\pdjdd.exe39⤵
- Executes dropped EXE
-
\??\c:\bbntbb.exec:\bbntbb.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\fxllxff.exec:\fxllxff.exe42⤵
- Executes dropped EXE
-
\??\c:\6846628.exec:\6846628.exe43⤵
- Executes dropped EXE
-
\??\c:\5fxfrrf.exec:\5fxfrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\bthhnt.exec:\bthhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\7vpvd.exec:\7vpvd.exe46⤵
- Executes dropped EXE
-
\??\c:\fxllxfr.exec:\fxllxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\hthbbb.exec:\hthbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\rflfrrx.exec:\rflfrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxxxr.exec:\rlfxxxr.exe52⤵
- Executes dropped EXE
-
\??\c:\06262.exec:\06262.exe53⤵
- Executes dropped EXE
-
\??\c:\864064.exec:\864064.exe54⤵
- Executes dropped EXE
-
\??\c:\864488.exec:\864488.exe55⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrfrrl.exec:\rfrfrrl.exe57⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe58⤵
- Executes dropped EXE
-
\??\c:\206682.exec:\206682.exe59⤵
- Executes dropped EXE
-
\??\c:\9tbtnt.exec:\9tbtnt.exe60⤵
- Executes dropped EXE
-
\??\c:\o844446.exec:\o844446.exe61⤵
- Executes dropped EXE
-
\??\c:\8240282.exec:\8240282.exe62⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\s0284.exec:\s0284.exe64⤵
- Executes dropped EXE
-
\??\c:\rlffrll.exec:\rlffrll.exe65⤵
- Executes dropped EXE
-
\??\c:\24228.exec:\24228.exe66⤵
-
\??\c:\vjdjp.exec:\vjdjp.exe67⤵
-
\??\c:\200026.exec:\200026.exe68⤵
-
\??\c:\886060.exec:\886060.exe69⤵
-
\??\c:\4806440.exec:\4806440.exe70⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe71⤵
-
\??\c:\i640224.exec:\i640224.exe72⤵
-
\??\c:\4846440.exec:\4846440.exe73⤵
-
\??\c:\lflxlfr.exec:\lflxlfr.exe74⤵
-
\??\c:\5fxxffl.exec:\5fxxffl.exe75⤵
-
\??\c:\8206840.exec:\8206840.exe76⤵
-
\??\c:\xlrffff.exec:\xlrffff.exe77⤵
-
\??\c:\bthnhb.exec:\bthnhb.exe78⤵
-
\??\c:\w48028.exec:\w48028.exe79⤵
-
\??\c:\6022406.exec:\6022406.exe80⤵
-
\??\c:\86446.exec:\86446.exe81⤵
-
\??\c:\c484622.exec:\c484622.exe82⤵
-
\??\c:\q08866.exec:\q08866.exe83⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe84⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe85⤵
-
\??\c:\880088.exec:\880088.exe86⤵
-
\??\c:\o244006.exec:\o244006.exe87⤵
-
\??\c:\c462468.exec:\c462468.exe88⤵
-
\??\c:\rlflllr.exec:\rlflllr.exe89⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe90⤵
-
\??\c:\1nnnhh.exec:\1nnnhh.exe91⤵
-
\??\c:\0800606.exec:\0800606.exe92⤵
-
\??\c:\48020.exec:\48020.exe93⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe94⤵
-
\??\c:\22008.exec:\22008.exe95⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe96⤵
-
\??\c:\xrxxrrx.exec:\xrxxrrx.exe97⤵
-
\??\c:\86406.exec:\86406.exe98⤵
-
\??\c:\62006.exec:\62006.exe99⤵
-
\??\c:\hnnthh.exec:\hnnthh.exe100⤵
-
\??\c:\0804006.exec:\0804006.exe101⤵
-
\??\c:\5pddd.exec:\5pddd.exe102⤵
-
\??\c:\3frllrx.exec:\3frllrx.exe103⤵
-
\??\c:\86846.exec:\86846.exe104⤵
-
\??\c:\420628.exec:\420628.exe105⤵
-
\??\c:\408288.exec:\408288.exe106⤵
-
\??\c:\9bnnhh.exec:\9bnnhh.exe107⤵
-
\??\c:\48644.exec:\48644.exe108⤵
-
\??\c:\a8062.exec:\a8062.exe109⤵
-
\??\c:\5fllxxf.exec:\5fllxxf.exe110⤵
-
\??\c:\60286.exec:\60286.exe111⤵
-
\??\c:\4862062.exec:\4862062.exe112⤵
-
\??\c:\42842.exec:\42842.exe113⤵
-
\??\c:\nhnbnb.exec:\nhnbnb.exe114⤵
-
\??\c:\246644.exec:\246644.exe115⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe116⤵
-
\??\c:\3bhbnn.exec:\3bhbnn.exe117⤵
-
\??\c:\o644228.exec:\o644228.exe118⤵
-
\??\c:\g4068.exec:\g4068.exe119⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe120⤵
-
\??\c:\4046202.exec:\4046202.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-