Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
16-05-2024 16:00
General
-
Target
e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe
-
Size
471KB
-
MD5
e418f0c6d353387a4f9f5ecbf2b57aa0
-
SHA1
3f902786b3441fe0a49290e53b34fae2b089e371
-
SHA256
0b1baf6b62193648cbfd5345181179bbb7aa5b1715bfef29fd0c820ee0cc7a9d
-
SHA512
d9f720e3fbe008735953c1b62a773c14b12d134ef9e2b1497fa62b9fdf4d7dd059d18b6519d34aa8742fd7a28edccf58254c23e0f5455ead18df3c47402b1cdd
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sY0AJq4mZAx5O:n3C9yMo+S0L9xRnoq7H9pmom
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e418f0c6d353387a4f9f5ecbf2b57aa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjvv.exec:\vdjvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhnbn.exec:\thhnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjv.exec:\3pdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvv.exec:\pdpvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllfrrf.exec:\xllfrrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpp.exec:\pvjpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxxllf.exec:\xfxxllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffxfx.exec:\llffxfx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbhn.exec:\hbnbhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tntnt.exec:\5tntnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrxfr.exec:\ffrrxfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbth.exec:\hbbbth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnthhb.exec:\bnthhb.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjdv.exec:\vpjdv.exe18⤵
- Executes dropped EXE
-
\??\c:\9tntbn.exec:\9tntbn.exe19⤵
- Executes dropped EXE
-
\??\c:\9hbhtb.exec:\9hbhtb.exe20⤵
- Executes dropped EXE
-
\??\c:\3nhthh.exec:\3nhthh.exe21⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe22⤵
- Executes dropped EXE
-
\??\c:\bnbhnn.exec:\bnbhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe24⤵
- Executes dropped EXE
-
\??\c:\5lxxfxl.exec:\5lxxfxl.exe25⤵
- Executes dropped EXE
-
\??\c:\1bhntt.exec:\1bhntt.exe26⤵
- Executes dropped EXE
-
\??\c:\3lflxfx.exec:\3lflxfx.exe27⤵
- Executes dropped EXE
-
\??\c:\thntnh.exec:\thntnh.exe28⤵
- Executes dropped EXE
-
\??\c:\xxlrffl.exec:\xxlrffl.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe30⤵
- Executes dropped EXE
-
\??\c:\flflxxr.exec:\flflxxr.exe31⤵
- Executes dropped EXE
-
\??\c:\jjddv.exec:\jjddv.exe32⤵
- Executes dropped EXE
-
\??\c:\5lxlrrf.exec:\5lxlrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\bbtbht.exec:\bbtbht.exe34⤵
- Executes dropped EXE
-
\??\c:\7lrxxxr.exec:\7lrxxxr.exe35⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe37⤵
- Executes dropped EXE
-
\??\c:\1xrxxxf.exec:\1xrxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\nnbbtn.exec:\nnbbtn.exe39⤵
- Executes dropped EXE
-
\??\c:\1jjpd.exec:\1jjpd.exe40⤵
- Executes dropped EXE
-
\??\c:\7vvpj.exec:\7vvpj.exe41⤵
- Executes dropped EXE
-
\??\c:\7tthnt.exec:\7tthnt.exe42⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\3lxlrfr.exec:\3lxlrfr.exe44⤵
- Executes dropped EXE
-
\??\c:\nttbtb.exec:\nttbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\1djvp.exec:\1djvp.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe47⤵
- Executes dropped EXE
-
\??\c:\7btbhn.exec:\7btbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe51⤵
- Executes dropped EXE
-
\??\c:\5thnhn.exec:\5thnhn.exe52⤵
- Executes dropped EXE
-
\??\c:\djpdd.exec:\djpdd.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrxffx.exec:\lfrxffx.exe54⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe55⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe56⤵
- Executes dropped EXE
-
\??\c:\3lxrxrl.exec:\3lxrxrl.exe57⤵
- Executes dropped EXE
-
\??\c:\9rrxrxr.exec:\9rrxrxr.exe58⤵
- Executes dropped EXE
-
\??\c:\nnnhtt.exec:\nnnhtt.exe59⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrfrxf.exec:\lfrfrxf.exe61⤵
- Executes dropped EXE
-
\??\c:\hbthhn.exec:\hbthhn.exe62⤵
- Executes dropped EXE
-
\??\c:\1vvdp.exec:\1vvdp.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlfxrf.exec:\xrlfxrf.exe64⤵
- Executes dropped EXE
-
\??\c:\ntnbnn.exec:\ntnbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe66⤵
-
\??\c:\rxfrlxf.exec:\rxfrlxf.exe67⤵
-
\??\c:\xrrxrxl.exec:\xrrxrxl.exe68⤵
-
\??\c:\bthbhb.exec:\bthbhb.exe69⤵
-
\??\c:\ppdpj.exec:\ppdpj.exe70⤵
-
\??\c:\lfrlxrx.exec:\lfrlxrx.exe71⤵
-
\??\c:\nnbnbn.exec:\nnbnbn.exe72⤵
-
\??\c:\dpjvd.exec:\dpjvd.exe73⤵
-
\??\c:\rflxlxx.exec:\rflxlxx.exe74⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe75⤵
-
\??\c:\vvddv.exec:\vvddv.exe76⤵
-
\??\c:\5dvvp.exec:\5dvvp.exe77⤵
-
\??\c:\xfxfrrf.exec:\xfxfrrf.exe78⤵
-
\??\c:\7nnntn.exec:\7nnntn.exe79⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe80⤵
-
\??\c:\llxxrrf.exec:\llxxrrf.exe81⤵
-
\??\c:\hnthht.exec:\hnthht.exe82⤵
-
\??\c:\jppvd.exec:\jppvd.exe83⤵
-
\??\c:\vdvdj.exec:\vdvdj.exe84⤵
-
\??\c:\xxxlrrl.exec:\xxxlrrl.exe85⤵
-
\??\c:\7btbnn.exec:\7btbnn.exe86⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe87⤵
-
\??\c:\flfrxfx.exec:\flfrxfx.exe88⤵
-
\??\c:\5nhbhn.exec:\5nhbhn.exe89⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe90⤵
-
\??\c:\xfrrlff.exec:\xfrrlff.exe91⤵
-
\??\c:\7hbhbh.exec:\7hbhbh.exe92⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe93⤵
-
\??\c:\xlfrflx.exec:\xlfrflx.exe94⤵
-
\??\c:\bnbhhh.exec:\bnbhhh.exe95⤵
-
\??\c:\vvdvd.exec:\vvdvd.exe96⤵
-
\??\c:\lfrxrrr.exec:\lfrxrrr.exe97⤵
-
\??\c:\thnbtn.exec:\thnbtn.exe98⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe99⤵
-
\??\c:\3dddp.exec:\3dddp.exe100⤵
-
\??\c:\rfrrlrf.exec:\rfrrlrf.exe101⤵
-
\??\c:\bhbthn.exec:\bhbthn.exe102⤵
-
\??\c:\pjddv.exec:\pjddv.exe103⤵
-
\??\c:\xlflllx.exec:\xlflllx.exe104⤵
-
\??\c:\nnhhbh.exec:\nnhhbh.exe105⤵
-
\??\c:\bhnbbt.exec:\bhnbbt.exe106⤵
-
\??\c:\jvvvv.exec:\jvvvv.exe107⤵
-
\??\c:\rxrllff.exec:\rxrllff.exe108⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe109⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe110⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe111⤵
-
\??\c:\xrrfrfl.exec:\xrrfrfl.exe112⤵
-
\??\c:\nnnhnb.exec:\nnnhnb.exe113⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe114⤵
-
\??\c:\lrlrxxl.exec:\lrlrxxl.exe115⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe116⤵
-
\??\c:\tnhnbn.exec:\tnhnbn.exe117⤵
-
\??\c:\1vddp.exec:\1vddp.exe118⤵
-
\??\c:\rlxxflf.exec:\rlxxflf.exe119⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe120⤵
-
\??\c:\1vdpj.exec:\1vdpj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-