Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
16/05/2024, 10:07
General
-
Target
d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe
-
Size
93KB
-
MD5
d9ecfe6c5330d772e5b5ddb790eb6830
-
SHA1
a46b6d954c69697faa3c962d56f4561e0396e716
-
SHA256
2b67942fe655460dd0779bcac6129e9d8b03e81bdba023eb3f9bad6a67c6e3a4
-
SHA512
29daa5b25b330b08b5ae1a04fa25034e922d6b54d80c1a68689f45c50f8995ffd1e4e88669894a1fb31b2303edaa7d1f718a96ee13ba22a11ecb4f0c71ed845a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtW:ymb3NkkiQ3mdBjFIWeFGyAsJAg2W
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d9ecfe6c5330d772e5b5ddb790eb6830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhnn.exec:\thbhnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjj.exec:\dvpjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrrrfr.exec:\7lrrrfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntt.exec:\nhnntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhntb.exec:\hbhntb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvd.exec:\jdjvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrrfx.exec:\rrlrrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntb.exec:\btnntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhnt.exec:\tnhhnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvp.exec:\pdpvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrrxf.exec:\3fxrrxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfrxr.exec:\flxfrxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ththht.exec:\ththht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjv.exec:\dvpjv.exe17⤵
- Executes dropped EXE
-
\??\c:\1lfflfr.exec:\1lfflfr.exe18⤵
- Executes dropped EXE
-
\??\c:\lrlrfrf.exec:\lrlrfrf.exe19⤵
- Executes dropped EXE
-
\??\c:\tnnttn.exec:\tnnttn.exe20⤵
- Executes dropped EXE
-
\??\c:\hhnbbh.exec:\hhnbbh.exe21⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe22⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrxxrx.exec:\rrrxxrx.exe24⤵
- Executes dropped EXE
-
\??\c:\xlfxrrx.exec:\xlfxrrx.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnbht.exec:\ttnbht.exe26⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe27⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe28⤵
- Executes dropped EXE
-
\??\c:\xlxrxrx.exec:\xlxrxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\5bnnbb.exec:\5bnnbb.exe30⤵
- Executes dropped EXE
-
\??\c:\bhttbb.exec:\bhttbb.exe31⤵
- Executes dropped EXE
-
\??\c:\7dvvv.exec:\7dvvv.exe32⤵
- Executes dropped EXE
-
\??\c:\3jvdj.exec:\3jvdj.exe33⤵
- Executes dropped EXE
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe34⤵
- Executes dropped EXE
-
\??\c:\5nbhnb.exec:\5nbhnb.exe35⤵
- Executes dropped EXE
-
\??\c:\bbhnbn.exec:\bbhnbn.exe36⤵
- Executes dropped EXE
-
\??\c:\5nntbh.exec:\5nntbh.exe37⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe38⤵
- Executes dropped EXE
-
\??\c:\lfxfflr.exec:\lfxfflr.exe39⤵
- Executes dropped EXE
-
\??\c:\3tnbth.exec:\3tnbth.exe40⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrfflf.exec:\xxrfflf.exe42⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\3jvdp.exec:\3jvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\fllxxrl.exec:\fllxxrl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe46⤵
- Executes dropped EXE
-
\??\c:\9jvjp.exec:\9jvjp.exe47⤵
- Executes dropped EXE
-
\??\c:\bthnth.exec:\bthnth.exe48⤵
- Executes dropped EXE
-
\??\c:\3jvjp.exec:\3jvjp.exe49⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe50⤵
- Executes dropped EXE
-
\??\c:\flfxffx.exec:\flfxffx.exe51⤵
- Executes dropped EXE
-
\??\c:\frxlrxl.exec:\frxlrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\nnbhtt.exec:\nnbhtt.exe53⤵
- Executes dropped EXE
-
\??\c:\7htthn.exec:\7htthn.exe54⤵
- Executes dropped EXE
-
\??\c:\3pdpd.exec:\3pdpd.exe55⤵
- Executes dropped EXE
-
\??\c:\jdpvv.exec:\jdpvv.exe56⤵
- Executes dropped EXE
-
\??\c:\fxflxfr.exec:\fxflxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhttnt.exec:\nhttnt.exe59⤵
- Executes dropped EXE
-
\??\c:\ntthtn.exec:\ntthtn.exe60⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\rrrrxlx.exec:\rrrrxlx.exe62⤵
- Executes dropped EXE
-
\??\c:\llflxxr.exec:\llflxxr.exe63⤵
- Executes dropped EXE
-
\??\c:\thhbhh.exec:\thhbhh.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnnbh.exec:\ntnnbh.exe65⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe66⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe67⤵
-
\??\c:\3djjv.exec:\3djjv.exe68⤵
-
\??\c:\frlrflr.exec:\frlrflr.exe69⤵
-
\??\c:\rlxrxfr.exec:\rlxrxfr.exe70⤵
-
\??\c:\nhtnbb.exec:\nhtnbb.exe71⤵
-
\??\c:\nhthnb.exec:\nhthnb.exe72⤵
-
\??\c:\ttnhbn.exec:\ttnhbn.exe73⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe74⤵
-
\??\c:\9jdpp.exec:\9jdpp.exe75⤵
-
\??\c:\fxflrff.exec:\fxflrff.exe76⤵
-
\??\c:\xfrrffl.exec:\xfrrffl.exe77⤵
-
\??\c:\tnbhbn.exec:\tnbhbn.exe78⤵
-
\??\c:\hhhttb.exec:\hhhttb.exe79⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe80⤵
-
\??\c:\9pddj.exec:\9pddj.exe81⤵
-
\??\c:\xxxlrrx.exec:\xxxlrrx.exe82⤵
-
\??\c:\flfxfrl.exec:\flfxfrl.exe83⤵
-
\??\c:\fxxrrxx.exec:\fxxrrxx.exe84⤵
-
\??\c:\nbbntt.exec:\nbbntt.exe85⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe86⤵
-
\??\c:\pppjj.exec:\pppjj.exe87⤵
-
\??\c:\ppdjd.exec:\ppdjd.exe88⤵
-
\??\c:\lrlrlrx.exec:\lrlrlrx.exe89⤵
-
\??\c:\frlrlfl.exec:\frlrlfl.exe90⤵
-
\??\c:\9nbbhn.exec:\9nbbhn.exe91⤵
-
\??\c:\bbnbtt.exec:\bbnbtt.exe92⤵
-
\??\c:\pppvj.exec:\pppvj.exe93⤵
-
\??\c:\lfxxxrl.exec:\lfxxxrl.exe94⤵
-
\??\c:\flxfffr.exec:\flxfffr.exe95⤵
-
\??\c:\xrrxrfr.exec:\xrrxrfr.exe96⤵
-
\??\c:\3hbhtb.exec:\3hbhtb.exe97⤵
-
\??\c:\btnbtn.exec:\btnbtn.exe98⤵
-
\??\c:\jjjjv.exec:\jjjjv.exe99⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe100⤵
-
\??\c:\xfffrrf.exec:\xfffrrf.exe101⤵
-
\??\c:\rxrfxfx.exec:\rxrfxfx.exe102⤵
-
\??\c:\5tntbn.exec:\5tntbn.exe103⤵
-
\??\c:\htnntb.exec:\htnntb.exe104⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe105⤵
-
\??\c:\pvpvp.exec:\pvpvp.exe106⤵
-
\??\c:\xxffxlx.exec:\xxffxlx.exe107⤵
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe108⤵
-
\??\c:\bbhbtb.exec:\bbhbtb.exe109⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe110⤵
-
\??\c:\jpvjp.exec:\jpvjp.exe111⤵
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe112⤵
-
\??\c:\ffxllrx.exec:\ffxllrx.exe113⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe114⤵
-
\??\c:\tbbbnh.exec:\tbbbnh.exe115⤵
-
\??\c:\1ddpd.exec:\1ddpd.exe116⤵
-
\??\c:\dddjd.exec:\dddjd.exe117⤵
-
\??\c:\rxrlxff.exec:\rxrlxff.exe118⤵
-
\??\c:\rllffrl.exec:\rllffrl.exe119⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe120⤵
-
\??\c:\7dpdp.exec:\7dpdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-