Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
17-05-2024 01:15
General
-
Target
7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe
-
Size
460KB
-
MD5
7559552f1f2536e6f8bbf7acedbcdfe0
-
SHA1
2bb40a79f2ed2139b3ec539b1519a76f6c11a914
-
SHA256
92102c167e79ba491b34894303a0668f3088c38cbeb307559e5a4d2cdfc4b79a
-
SHA512
23568b74319e6874a5f8b86fa3a9aa7ca645ebb52f2b1712f1380f7046fbe773598bf839ec41e9a26fb45defee7eefa435925ac3734564bf776a6b0950890d55
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/TkuX:n3C9ytvn8whkbJTaFmr3C9ytvn8whkb3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7559552f1f2536e6f8bbf7acedbcdfe0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7frxflr.exec:\7frxflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnt.exec:\bbtbnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddj.exec:\5jddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrllrlr.exec:\lrllrlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnbnt.exec:\tbnbnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjp.exec:\jvjjp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrllxx.exec:\rxrllxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnt.exec:\bthtnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxflx.exec:\xrfxflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbtt.exec:\nhbbtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjv.exec:\jjvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrxlrl.exec:\9rrxlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe17⤵
- Executes dropped EXE
-
\??\c:\tnhnhn.exec:\tnhnhn.exe18⤵
- Executes dropped EXE
-
\??\c:\5dpvd.exec:\5dpvd.exe19⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe20⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe21⤵
- Executes dropped EXE
-
\??\c:\ffflflf.exec:\ffflflf.exe22⤵
- Executes dropped EXE
-
\??\c:\fllrfxx.exec:\fllrfxx.exe23⤵
- Executes dropped EXE
-
\??\c:\7bbbhh.exec:\7bbbhh.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\7lrfxfl.exec:\7lrfxfl.exe26⤵
- Executes dropped EXE
-
\??\c:\bbbbtt.exec:\bbbbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe29⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxfllf.exec:\rlxfllf.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhntb.exec:\hhhntb.exe32⤵
- Executes dropped EXE
-
\??\c:\jdddj.exec:\jdddj.exe33⤵
- Executes dropped EXE
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe34⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe35⤵
- Executes dropped EXE
-
\??\c:\9jvpd.exec:\9jvpd.exe36⤵
- Executes dropped EXE
-
\??\c:\5fxlxfr.exec:\5fxlxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\3fxfrxl.exec:\3fxfrxl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe39⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe40⤵
- Executes dropped EXE
-
\??\c:\rrlxflr.exec:\rrlxflr.exe41⤵
- Executes dropped EXE
-
\??\c:\tbhtbb.exec:\tbhtbb.exe42⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe43⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe44⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbhtn.exec:\tnbhtn.exe46⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe47⤵
- Executes dropped EXE
-
\??\c:\7pdpj.exec:\7pdpj.exe48⤵
- Executes dropped EXE
-
\??\c:\rrfxfxf.exec:\rrfxfxf.exe49⤵
- Executes dropped EXE
-
\??\c:\tbtntn.exec:\tbtntn.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe51⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrxlrl.exec:\xxrxlrl.exe53⤵
- Executes dropped EXE
-
\??\c:\llxfrxl.exec:\llxfrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe55⤵
- Executes dropped EXE
-
\??\c:\vvdjv.exec:\vvdjv.exe56⤵
- Executes dropped EXE
-
\??\c:\xxfflfr.exec:\xxfflfr.exe57⤵
- Executes dropped EXE
-
\??\c:\ffxxllf.exec:\ffxxllf.exe58⤵
- Executes dropped EXE
-
\??\c:\ttntth.exec:\ttntth.exe59⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe60⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe61⤵
- Executes dropped EXE
-
\??\c:\rfxxffx.exec:\rfxxffx.exe62⤵
- Executes dropped EXE
-
\??\c:\1lxrrlf.exec:\1lxrrlf.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbbbh.exec:\ttbbbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe65⤵
- Executes dropped EXE
-
\??\c:\7jjjp.exec:\7jjjp.exe66⤵
-
\??\c:\5frxxfr.exec:\5frxxfr.exe67⤵
-
\??\c:\5nnthn.exec:\5nnthn.exe68⤵
-
\??\c:\dddjj.exec:\dddjj.exe69⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe70⤵
-
\??\c:\7xllxxf.exec:\7xllxxf.exe71⤵
-
\??\c:\thtnnt.exec:\thtnnt.exe72⤵
-
\??\c:\5dvpp.exec:\5dvpp.exe73⤵
-
\??\c:\dpjjv.exec:\dpjjv.exe74⤵
-
\??\c:\7xlflrx.exec:\7xlflrx.exe75⤵
-
\??\c:\lfrrllx.exec:\lfrrllx.exe76⤵
-
\??\c:\hbntbh.exec:\hbntbh.exe77⤵
-
\??\c:\7dpvv.exec:\7dpvv.exe78⤵
-
\??\c:\7rxflxl.exec:\7rxflxl.exe79⤵
-
\??\c:\9fffffl.exec:\9fffffl.exe80⤵
-
\??\c:\bnntbh.exec:\bnntbh.exe81⤵
-
\??\c:\nhbnbb.exec:\nhbnbb.exe82⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe83⤵
-
\??\c:\rxxrrff.exec:\rxxrrff.exe84⤵
-
\??\c:\xxrlflr.exec:\xxrlflr.exe85⤵
-
\??\c:\5hhnnn.exec:\5hhnnn.exe86⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe87⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe88⤵
-
\??\c:\rrflxfr.exec:\rrflxfr.exe89⤵
-
\??\c:\hbnhbh.exec:\hbnhbh.exe90⤵
-
\??\c:\7tthnn.exec:\7tthnn.exe91⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe92⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe93⤵
-
\??\c:\lxxfrrl.exec:\lxxfrrl.exe94⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe95⤵
-
\??\c:\vvdpp.exec:\vvdpp.exe96⤵
-
\??\c:\ppdjp.exec:\ppdjp.exe97⤵
-
\??\c:\1fflrxf.exec:\1fflrxf.exe98⤵
-
\??\c:\tthntt.exec:\tthntt.exe99⤵
-
\??\c:\btnnnh.exec:\btnnnh.exe100⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe101⤵
-
\??\c:\rrlxxll.exec:\rrlxxll.exe102⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe103⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe104⤵
-
\??\c:\9pddp.exec:\9pddp.exe105⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe106⤵
-
\??\c:\rlflxxf.exec:\rlflxxf.exe107⤵
-
\??\c:\btntnb.exec:\btntnb.exe108⤵
-
\??\c:\3jvjp.exec:\3jvjp.exe109⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe110⤵
-
\??\c:\fxxxrxl.exec:\fxxxrxl.exe111⤵
-
\??\c:\bththn.exec:\bththn.exe112⤵
-
\??\c:\vjvvj.exec:\vjvvj.exe113⤵
-
\??\c:\pjppv.exec:\pjppv.exe114⤵
-
\??\c:\9rfflrx.exec:\9rfflrx.exe115⤵
-
\??\c:\3htbhh.exec:\3htbhh.exe116⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe117⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe118⤵
-
\??\c:\llxxllr.exec:\llxxllr.exe119⤵
-
\??\c:\rlffllx.exec:\rlffllx.exe120⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-