Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 02:45
General
-
Target
83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe
-
Size
386KB
-
MD5
83e840db3223e5aa7b0089816fc74480
-
SHA1
edfcb069026a516204028bdc19a914d136ea890c
-
SHA256
9d8e91850acc745386ad1e33f9c341930df95a8102dff1bb93526fc59414c17a
-
SHA512
76e7f44e6b3e7599fb853caca9e2ec129ce94a5184714ff142f0fdfea7a21ad799ca9a06f9e1b5af9b12ce54e8680b5edb55015a8db7fe47a23b9e843b80f76e
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwthmx:n3C9uYA7okVqdKwaO5CVMhmx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\83e840db3223e5aa7b0089816fc74480_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnn.exec:\nhthnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jjvj.exec:\1jjvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjv.exec:\vvdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvp.exec:\jvjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxxf.exec:\ffrrxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htnhn.exec:\1htnhn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvdj.exec:\1dvdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htbnn.exec:\7htbnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppd.exec:\ddppd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxrrf.exec:\lxrxrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhtt.exec:\nhbhtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvp.exec:\jdvvp.exe17⤵
- Executes dropped EXE
-
\??\c:\flfrxxr.exec:\flfrxxr.exe18⤵
- Executes dropped EXE
-
\??\c:\5thnhn.exec:\5thnhn.exe19⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe20⤵
- Executes dropped EXE
-
\??\c:\ffxllrf.exec:\ffxllrf.exe21⤵
- Executes dropped EXE
-
\??\c:\btnhth.exec:\btnhth.exe22⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbtbbh.exec:\hbtbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe26⤵
- Executes dropped EXE
-
\??\c:\tthhbt.exec:\tthhbt.exe27⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\lxrxllr.exec:\lxrxllr.exe29⤵
- Executes dropped EXE
-
\??\c:\hbbhnn.exec:\hbbhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvvjj.exec:\pvvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\9xrllrl.exec:\9xrllrl.exe32⤵
- Executes dropped EXE
-
\??\c:\7tthnb.exec:\7tthnb.exe33⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe34⤵
- Executes dropped EXE
-
\??\c:\9fxlrxf.exec:\9fxlrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\thttbn.exec:\thttbn.exe36⤵
- Executes dropped EXE
-
\??\c:\5htbhn.exec:\5htbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\vjvdd.exec:\vjvdd.exe38⤵
- Executes dropped EXE
-
\??\c:\xxllxxl.exec:\xxllxxl.exe39⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe40⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe42⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe43⤵
- Executes dropped EXE
-
\??\c:\7frxrrx.exec:\7frxrrx.exe44⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe45⤵
- Executes dropped EXE
-
\??\c:\3bntbb.exec:\3bntbb.exe46⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe47⤵
- Executes dropped EXE
-
\??\c:\rflrxxl.exec:\rflrxxl.exe48⤵
- Executes dropped EXE
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\bttbbh.exec:\bttbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\1pvvj.exec:\1pvvj.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\xrflxxr.exec:\xrflxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe55⤵
- Executes dropped EXE
-
\??\c:\1dpdj.exec:\1dpdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrfflf.exec:\xrrfflf.exe57⤵
- Executes dropped EXE
-
\??\c:\xxxfrxr.exec:\xxxfrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnnnbb.exec:\tnnnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\3jppp.exec:\3jppp.exe60⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\5fflfrf.exec:\5fflfrf.exe62⤵
- Executes dropped EXE
-
\??\c:\1xfxflx.exec:\1xfxflx.exe63⤵
- Executes dropped EXE
-
\??\c:\5tnnbh.exec:\5tnnbh.exe64⤵
- Executes dropped EXE
-
\??\c:\vvvjj.exec:\vvvjj.exe65⤵
- Executes dropped EXE
-
\??\c:\5vdjv.exec:\5vdjv.exe66⤵
-
\??\c:\xrflrrf.exec:\xrflrrf.exe67⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe68⤵
-
\??\c:\bttnnb.exec:\bttnnb.exe69⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe70⤵
-
\??\c:\fxrfrrf.exec:\fxrfrrf.exe71⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe72⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe73⤵
-
\??\c:\hbhnth.exec:\hbhnth.exe74⤵
-
\??\c:\jdpvp.exec:\jdpvp.exe75⤵
-
\??\c:\lfxfllx.exec:\lfxfllx.exe76⤵
-
\??\c:\xrlfrrx.exec:\xrlfrrx.exe77⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe78⤵
-
\??\c:\hthbbb.exec:\hthbbb.exe79⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe80⤵
-
\??\c:\fxflxxl.exec:\fxflxxl.exe81⤵
-
\??\c:\fxrflrx.exec:\fxrflrx.exe82⤵
-
\??\c:\3ththb.exec:\3ththb.exe83⤵
-
\??\c:\hbttbt.exec:\hbttbt.exe84⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe85⤵
-
\??\c:\1rflxxl.exec:\1rflxxl.exe86⤵
-
\??\c:\xlflxll.exec:\xlflxll.exe87⤵
-
\??\c:\5nhhnn.exec:\5nhhnn.exe88⤵
-
\??\c:\9nnnbh.exec:\9nnnbh.exe89⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe90⤵
-
\??\c:\1rfxfrl.exec:\1rfxfrl.exe91⤵
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe92⤵
-
\??\c:\bhtnhn.exec:\bhtnhn.exe93⤵
-
\??\c:\ppddd.exec:\ppddd.exe94⤵
-
\??\c:\vvpjp.exec:\vvpjp.exe95⤵
-
\??\c:\frlrfrf.exec:\frlrfrf.exe96⤵
-
\??\c:\3lxxrxl.exec:\3lxxrxl.exe97⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe98⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe99⤵
-
\??\c:\rlflrrx.exec:\rlflrrx.exe100⤵
-
\??\c:\3xrxffl.exec:\3xrxffl.exe101⤵
-
\??\c:\thbntt.exec:\thbntt.exe102⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe103⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe104⤵
-
\??\c:\xlrxllf.exec:\xlrxllf.exe105⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe106⤵
-
\??\c:\htnnhn.exec:\htnnhn.exe107⤵
-
\??\c:\9dvdj.exec:\9dvdj.exe108⤵
-
\??\c:\lxffrlr.exec:\lxffrlr.exe109⤵
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe110⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe111⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe112⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe113⤵
-
\??\c:\xlxxffr.exec:\xlxxffr.exe114⤵
-
\??\c:\bbbhth.exec:\bbbhth.exe115⤵
-
\??\c:\nnhtht.exec:\nnhtht.exe116⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe117⤵
-
\??\c:\xlxrrxf.exec:\xlxrrxf.exe118⤵
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe119⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe120⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-