Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
16-05-2024 20:17
General
-
Target
28dda816ee26542b738699f8fdeda1f0_NeikiAnalytics.exe
-
Size
62KB
-
MD5
28dda816ee26542b738699f8fdeda1f0
-
SHA1
284f16d914964d195295d9261d0387115680678c
-
SHA256
2d9d3c45bbc5c50c88ca9d3d94b14eab5f73d7c4009b61ca5516f5203cadd92f
-
SHA512
87f5426e0464a3da5adf862ba3bbbdd8b2e18781d80e571297e272aa16cce0e32c346ea2b6ece5aeab021049cf2fc4a744a7c1b1a392a7f7d6dfaf86c8b6d9c9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8mbUhz:ymb3NkkiQ3mdBjF0yMjE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28dda816ee26542b738699f8fdeda1f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\28dda816ee26542b738699f8fdeda1f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpv.exec:\vpjpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffrxx.exec:\xrffrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjdd.exec:\pdjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrxfl.exec:\lfxrxfl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffl.exec:\xrfxffl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvjp.exec:\vpvjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvjv.exec:\dvvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfflfl.exec:\lrfflfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnnbt.exec:\7tnnbt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhnht.exec:\1hhnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vjjj.exec:\5vjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dvpj.exec:\1dvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflrxf.exec:\rlflrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhtbt.exec:\bbhtbt.exe17⤵
- Executes dropped EXE
-
\??\c:\nbttbh.exec:\nbttbh.exe18⤵
- Executes dropped EXE
-
\??\c:\1vddp.exec:\1vddp.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\fxllrxf.exec:\fxllrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\7nhbtn.exec:\7nhbtn.exe23⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe24⤵
- Executes dropped EXE
-
\??\c:\vdpdp.exec:\vdpdp.exe25⤵
- Executes dropped EXE
-
\??\c:\flrxxrl.exec:\flrxxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnnnn.exec:\hbnnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\3hnttt.exec:\3hnttt.exe28⤵
- Executes dropped EXE
-
\??\c:\pdpvj.exec:\pdpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\xrxlrrr.exec:\xrxlrrr.exe30⤵
- Executes dropped EXE
-
\??\c:\7ntntb.exec:\7ntntb.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbhnt.exec:\hhbhnt.exe32⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\3rfrlrl.exec:\3rfrlrl.exe35⤵
- Executes dropped EXE
-
\??\c:\1bnbbn.exec:\1bnbbn.exe36⤵
- Executes dropped EXE
-
\??\c:\hthnbt.exec:\hthnbt.exe37⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\flxlllr.exec:\flxlllr.exe39⤵
- Executes dropped EXE
-
\??\c:\1frffll.exec:\1frffll.exe40⤵
- Executes dropped EXE
-
\??\c:\ntnhbh.exec:\ntnhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\tnbtht.exec:\tnbtht.exe42⤵
- Executes dropped EXE
-
\??\c:\1pppp.exec:\1pppp.exe43⤵
- Executes dropped EXE
-
\??\c:\3dpvd.exec:\3dpvd.exe44⤵
- Executes dropped EXE
-
\??\c:\xrffrxf.exec:\xrffrxf.exe45⤵
- Executes dropped EXE
-
\??\c:\lfrxflf.exec:\lfrxflf.exe46⤵
- Executes dropped EXE
-
\??\c:\hhnbnt.exec:\hhnbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\1hbhtt.exec:\1hbhtt.exe48⤵
- Executes dropped EXE
-
\??\c:\jppjj.exec:\jppjj.exe49⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe50⤵
- Executes dropped EXE
-
\??\c:\lxlxxlr.exec:\lxlxxlr.exe51⤵
- Executes dropped EXE
-
\??\c:\lllxxfr.exec:\lllxxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\bbthht.exec:\bbthht.exe53⤵
- Executes dropped EXE
-
\??\c:\ttnhtb.exec:\ttnhtb.exe54⤵
- Executes dropped EXE
-
\??\c:\jpddj.exec:\jpddj.exe55⤵
- Executes dropped EXE
-
\??\c:\3djdj.exec:\3djdj.exe56⤵
- Executes dropped EXE
-
\??\c:\frlrflx.exec:\frlrflx.exe57⤵
- Executes dropped EXE
-
\??\c:\tnhtbt.exec:\tnhtbt.exe58⤵
- Executes dropped EXE
-
\??\c:\5nbhnb.exec:\5nbhnb.exe59⤵
- Executes dropped EXE
-
\??\c:\9dvdj.exec:\9dvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\7pjvj.exec:\7pjvj.exe61⤵
- Executes dropped EXE
-
\??\c:\fxfxrfx.exec:\fxfxrfx.exe62⤵
- Executes dropped EXE
-
\??\c:\xrlrfff.exec:\xrlrfff.exe63⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe64⤵
- Executes dropped EXE
-
\??\c:\5jpdj.exec:\5jpdj.exe65⤵
- Executes dropped EXE
-
\??\c:\pvjjd.exec:\pvjjd.exe66⤵
-
\??\c:\3xrfflr.exec:\3xrfflr.exe67⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe68⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe69⤵
-
\??\c:\7bntbh.exec:\7bntbh.exe70⤵
-
\??\c:\vpddv.exec:\vpddv.exe71⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe72⤵
-
\??\c:\xxrrrfl.exec:\xxrrrfl.exe73⤵
-
\??\c:\rlfrlrr.exec:\rlfrlrr.exe74⤵
-
\??\c:\3bhnbn.exec:\3bhnbn.exe75⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe76⤵
-
\??\c:\vppdp.exec:\vppdp.exe77⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe78⤵
-
\??\c:\fxxflrl.exec:\fxxflrl.exe79⤵
-
\??\c:\rxxxxlf.exec:\rxxxxlf.exe80⤵
-
\??\c:\nbhbbt.exec:\nbhbbt.exe81⤵
-
\??\c:\nththn.exec:\nththn.exe82⤵
-
\??\c:\pppdv.exec:\pppdv.exe83⤵
-
\??\c:\jvppv.exec:\jvppv.exe84⤵
-
\??\c:\llflrxf.exec:\llflrxf.exe85⤵
-
\??\c:\rrrxxxl.exec:\rrrxxxl.exe86⤵
-
\??\c:\bbnhtb.exec:\bbnhtb.exe87⤵
-
\??\c:\hbttbh.exec:\hbttbh.exe88⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe89⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe90⤵
-
\??\c:\9rllxfr.exec:\9rllxfr.exe91⤵
-
\??\c:\lrrrxfl.exec:\lrrrxfl.exe92⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe93⤵
-
\??\c:\7ttbtb.exec:\7ttbtb.exe94⤵
-
\??\c:\pjppj.exec:\pjppj.exe95⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe96⤵
-
\??\c:\rrrrrxl.exec:\rrrrrxl.exe97⤵
-
\??\c:\ffxxflr.exec:\ffxxflr.exe98⤵
-
\??\c:\1hhtbn.exec:\1hhtbn.exe99⤵
-
\??\c:\3tnhth.exec:\3tnhth.exe100⤵
-
\??\c:\nhtnnb.exec:\nhtnnb.exe101⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe102⤵
-
\??\c:\9vdjj.exec:\9vdjj.exe103⤵
-
\??\c:\llxflrl.exec:\llxflrl.exe104⤵
-
\??\c:\rlfxrfx.exec:\rlfxrfx.exe105⤵
-
\??\c:\hhhnhn.exec:\hhhnhn.exe106⤵
-
\??\c:\tnthht.exec:\tnthht.exe107⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe108⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe109⤵
-
\??\c:\lllrlxl.exec:\lllrlxl.exe110⤵
-
\??\c:\3rlxrxl.exec:\3rlxrxl.exe111⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe112⤵
-
\??\c:\nnbnbb.exec:\nnbnbb.exe113⤵
-
\??\c:\vddjv.exec:\vddjv.exe114⤵
-
\??\c:\dddpd.exec:\dddpd.exe115⤵
-
\??\c:\xxflffr.exec:\xxflffr.exe116⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe117⤵
-
\??\c:\bhnbtn.exec:\bhnbtn.exe118⤵
-
\??\c:\9ttntb.exec:\9ttntb.exe119⤵
-
\??\c:\dvvjj.exec:\dvvjj.exe120⤵
-
\??\c:\vppvj.exec:\vppvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-