Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16/05/2024, 09:02
General
-
Target
cf8d7a6cd07c54dcfeb5994e9b2d83d0_NeikiAnalytics.exe
-
Size
125KB
-
MD5
cf8d7a6cd07c54dcfeb5994e9b2d83d0
-
SHA1
4af74307ce56e4dcb226523c53da1dc18ca1f37c
-
SHA256
6a734f1f61de6c7464c0bf574ea419e6b8d09a63f8c616ebaebedf220118ead7
-
SHA512
14d3b35308fbb32fd2ede5e4f0bc384f0da0a9b5164248eb038b957a59b73173257e3fa08df125b99a0eb5d22ad0a8c60c562528c387d6ddbd43b7df1a3c072b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgVyFsZ2:ymb3NkkiQ3mdBjFo73HUoMsAbrxVBY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf8d7a6cd07c54dcfeb5994e9b2d83d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf8d7a6cd07c54dcfeb5994e9b2d83d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9rllffr.exec:\9rllffr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnh.exec:\nhbhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlfrxl.exec:\fxlfrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnhhb.exec:\hhnhhb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpj.exec:\3pjpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrfrxf.exec:\rfrfrxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnn.exec:\hbntnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxfllx.exec:\llxfllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthh.exec:\hbnthh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppjd.exec:\9ppjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvjd.exec:\ppvjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxlrf.exec:\rlrxlrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthnb.exec:\tnthnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvp.exec:\dvpvp.exe17⤵
- Executes dropped EXE
-
\??\c:\xxrxllx.exec:\xxrxllx.exe18⤵
- Executes dropped EXE
-
\??\c:\7tthth.exec:\7tthth.exe19⤵
- Executes dropped EXE
-
\??\c:\1vppd.exec:\1vppd.exe20⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe21⤵
- Executes dropped EXE
-
\??\c:\llxfllr.exec:\llxfllr.exe22⤵
- Executes dropped EXE
-
\??\c:\3nbnht.exec:\3nbnht.exe23⤵
- Executes dropped EXE
-
\??\c:\ttntnt.exec:\ttntnt.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlrllx.exec:\fxlrllx.exe26⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe27⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxxlf.exec:\lfrxxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\hthbnb.exec:\hthbnb.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\1lfflrl.exec:\1lfflrl.exe32⤵
- Executes dropped EXE
-
\??\c:\3fflffr.exec:\3fflffr.exe33⤵
- Executes dropped EXE
-
\??\c:\7nbhnt.exec:\7nbhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\9ppvj.exec:\9ppvj.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxxlrx.exec:\xlxxlrx.exe36⤵
- Executes dropped EXE
-
\??\c:\1ffllxf.exec:\1ffllxf.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe39⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe40⤵
- Executes dropped EXE
-
\??\c:\fxlrfxf.exec:\fxlrfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\3fxfrrf.exec:\3fxfrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\7bbhtt.exec:\7bbhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe45⤵
- Executes dropped EXE
-
\??\c:\bthnbh.exec:\bthnbh.exe46⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe48⤵
- Executes dropped EXE
-
\??\c:\9jdvd.exec:\9jdvd.exe49⤵
- Executes dropped EXE
-
\??\c:\1llllrf.exec:\1llllrf.exe50⤵
- Executes dropped EXE
-
\??\c:\nnhthn.exec:\nnhthn.exe51⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrxfl.exec:\fxlrxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\xlflxxx.exec:\xlflxxx.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtbnh.exec:\hbtbnh.exe56⤵
- Executes dropped EXE
-
\??\c:\1pjpv.exec:\1pjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe58⤵
- Executes dropped EXE
-
\??\c:\lflrflf.exec:\lflrflf.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe61⤵
- Executes dropped EXE
-
\??\c:\hthnbb.exec:\hthnbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1jddv.exec:\1jddv.exe63⤵
- Executes dropped EXE
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe64⤵
- Executes dropped EXE
-
\??\c:\5rlllll.exec:\5rlllll.exe65⤵
- Executes dropped EXE
-
\??\c:\hhthnh.exec:\hhthnh.exe66⤵
-
\??\c:\3httbh.exec:\3httbh.exe67⤵
-
\??\c:\vdjpd.exec:\vdjpd.exe68⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe69⤵
-
\??\c:\1xlrxfl.exec:\1xlrxfl.exe70⤵
-
\??\c:\rlxlllr.exec:\rlxlllr.exe71⤵
-
\??\c:\hhnbnt.exec:\hhnbnt.exe72⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe73⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe74⤵
-
\??\c:\llfffrf.exec:\llfffrf.exe75⤵
-
\??\c:\xrllxrx.exec:\xrllxrx.exe76⤵
-
\??\c:\btntbb.exec:\btntbb.exe77⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe78⤵
-
\??\c:\jdjjj.exec:\jdjjj.exe79⤵
-
\??\c:\lxfxxxl.exec:\lxfxxxl.exe80⤵
-
\??\c:\flrlfxr.exec:\flrlfxr.exe81⤵
-
\??\c:\nhbbtb.exec:\nhbbtb.exe82⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe83⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe84⤵
-
\??\c:\1ppvd.exec:\1ppvd.exe85⤵
-
\??\c:\5xrrxfl.exec:\5xrrxfl.exe86⤵
-
\??\c:\ttnbtb.exec:\ttnbtb.exe87⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe88⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe89⤵
-
\??\c:\fllfffr.exec:\fllfffr.exe90⤵
-
\??\c:\3fxflxx.exec:\3fxflxx.exe91⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe92⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe93⤵
-
\??\c:\jjdpj.exec:\jjdpj.exe94⤵
-
\??\c:\lxlrxxf.exec:\lxlrxxf.exe95⤵
-
\??\c:\xxrxflx.exec:\xxrxflx.exe96⤵
-
\??\c:\9htbnb.exec:\9htbnb.exe97⤵
-
\??\c:\vppjp.exec:\vppjp.exe98⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe99⤵
-
\??\c:\7rflffr.exec:\7rflffr.exe100⤵
-
\??\c:\3nnntt.exec:\3nnntt.exe101⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe102⤵
-
\??\c:\vpvpd.exec:\vpvpd.exe103⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe104⤵
-
\??\c:\lfxxfxl.exec:\lfxxfxl.exe105⤵
-
\??\c:\bthhbb.exec:\bthhbb.exe106⤵
-
\??\c:\bttttt.exec:\bttttt.exe107⤵
-
\??\c:\pppdv.exec:\pppdv.exe108⤵
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe109⤵
-
\??\c:\rrfrxlx.exec:\rrfrxlx.exe110⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe111⤵
-
\??\c:\1nhnbb.exec:\1nhnbb.exe112⤵
-
\??\c:\1ddjp.exec:\1ddjp.exe113⤵
-
\??\c:\vjddp.exec:\vjddp.exe114⤵
-
\??\c:\5lrrrrl.exec:\5lrrrrl.exe115⤵
-
\??\c:\tbbttb.exec:\tbbttb.exe116⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe117⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe118⤵
-
\??\c:\llrxlfr.exec:\llrxlfr.exe119⤵
-
\??\c:\3tntbh.exec:\3tntbh.exe120⤵
-
\??\c:\hbbtnt.exec:\hbbtnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-