Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17/05/2024, 20:05
General
-
Target
27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe
-
Size
72KB
-
MD5
27b5c4b6a4437f865ee4a03f89142350
-
SHA1
4ca74651d0f15ee7223c6038afc64486cd5c9cb8
-
SHA256
080981783f42abbd3ff4f90bdd429fc2563b6d257807b6ad3a2a64d6ce19260a
-
SHA512
52c7983dc7e22207a3d1609e0a4145a76700b73299c4ac43682458f517fc47d7c100c9afc46a6acd268bdeedb1447e6b5c6bcc3901f26c1ca7061b91a9557a14
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKwo:ymb3NkkiQ3mdBjFIjeKo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\27b5c4b6a4437f865ee4a03f89142350_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7flrxrx.exec:\7flrxrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbhbh.exec:\9bbhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhh.exec:\nhtbhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjdd.exec:\pjjdd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjp.exec:\ddvjp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrxxx.exec:\rlfrxxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnnbn.exec:\btnnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtntb.exec:\nhtntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpp.exec:\djjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllfr.exec:\xrlllfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxfff.exec:\rlxxfff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbhh.exec:\bbnbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bntbh.exec:\5bntbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjj.exec:\dvjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe17⤵
- Executes dropped EXE
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe18⤵
- Executes dropped EXE
-
\??\c:\rlflflr.exec:\rlflflr.exe19⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe20⤵
- Executes dropped EXE
-
\??\c:\nhtthh.exec:\nhtthh.exe21⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe22⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe23⤵
- Executes dropped EXE
-
\??\c:\3rxlxfr.exec:\3rxlxfr.exe24⤵
- Executes dropped EXE
-
\??\c:\1lflflx.exec:\1lflflx.exe25⤵
- Executes dropped EXE
-
\??\c:\1bbthn.exec:\1bbthn.exe26⤵
- Executes dropped EXE
-
\??\c:\nhbbnn.exec:\nhbbnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1pjjp.exec:\1pjjp.exe28⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe29⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\xrxlxxl.exec:\xrxlxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe32⤵
- Executes dropped EXE
-
\??\c:\bthntt.exec:\bthntt.exe33⤵
- Executes dropped EXE
-
\??\c:\1bttbt.exec:\1bttbt.exe34⤵
- Executes dropped EXE
-
\??\c:\vppvp.exec:\vppvp.exe35⤵
- Executes dropped EXE
-
\??\c:\dddvd.exec:\dddvd.exe36⤵
- Executes dropped EXE
-
\??\c:\rrlxffl.exec:\rrlxffl.exe37⤵
- Executes dropped EXE
-
\??\c:\fxlxfll.exec:\fxlxfll.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhhb.exec:\nhhhhb.exe39⤵
- Executes dropped EXE
-
\??\c:\tnntbh.exec:\tnntbh.exe40⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe41⤵
- Executes dropped EXE
-
\??\c:\5ddvp.exec:\5ddvp.exe42⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe43⤵
- Executes dropped EXE
-
\??\c:\rrrrrfx.exec:\rrrrrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxfflx.exec:\lfxfflx.exe45⤵
- Executes dropped EXE
-
\??\c:\nhhtnt.exec:\nhhtnt.exe46⤵
- Executes dropped EXE
-
\??\c:\nbnbhb.exec:\nbnbhb.exe47⤵
- Executes dropped EXE
-
\??\c:\jjvvv.exec:\jjvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\frrxfll.exec:\frrxfll.exe49⤵
- Executes dropped EXE
-
\??\c:\fllxrfx.exec:\fllxrfx.exe50⤵
- Executes dropped EXE
-
\??\c:\1tbntt.exec:\1tbntt.exe51⤵
- Executes dropped EXE
-
\??\c:\htbhbh.exec:\htbhbh.exe52⤵
- Executes dropped EXE
-
\??\c:\7hbtbh.exec:\7hbtbh.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdjd.exec:\dpdjd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxxlflf.exec:\lxxlflf.exe55⤵
- Executes dropped EXE
-
\??\c:\lrxxrlx.exec:\lrxxrlx.exe56⤵
- Executes dropped EXE
-
\??\c:\xlllrrx.exec:\xlllrrx.exe57⤵
- Executes dropped EXE
-
\??\c:\1thhnh.exec:\1thhnh.exe58⤵
- Executes dropped EXE
-
\??\c:\thnttt.exec:\thnttt.exe59⤵
- Executes dropped EXE
-
\??\c:\7vdjj.exec:\7vdjj.exe60⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe62⤵
- Executes dropped EXE
-
\??\c:\lxlrxrl.exec:\lxlrxrl.exe63⤵
- Executes dropped EXE
-
\??\c:\frflllr.exec:\frflllr.exe64⤵
- Executes dropped EXE
-
\??\c:\httbnh.exec:\httbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe66⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe67⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe68⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe69⤵
-
\??\c:\rrrrxff.exec:\rrrrxff.exe70⤵
-
\??\c:\7fxxffx.exec:\7fxxffx.exe71⤵
-
\??\c:\rffrrrx.exec:\rffrrrx.exe72⤵
-
\??\c:\thnhbb.exec:\thnhbb.exe73⤵
-
\??\c:\htbbhh.exec:\htbbhh.exe74⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe75⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe76⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe77⤵
-
\??\c:\xlrlllx.exec:\xlrlllx.exe78⤵
-
\??\c:\7lxllrx.exec:\7lxllrx.exe79⤵
-
\??\c:\3ntttb.exec:\3ntttb.exe80⤵
-
\??\c:\tntbhh.exec:\tntbhh.exe81⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe82⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe83⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe84⤵
-
\??\c:\5rfrfxf.exec:\5rfrfxf.exe85⤵
-
\??\c:\xrrrxrl.exec:\xrrrxrl.exe86⤵
-
\??\c:\bnbhnn.exec:\bnbhnn.exe87⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe88⤵
-
\??\c:\pdddv.exec:\pdddv.exe89⤵
-
\??\c:\xxfrrxx.exec:\xxfrrxx.exe90⤵
-
\??\c:\7lllxrf.exec:\7lllxrf.exe91⤵
-
\??\c:\rlxffrx.exec:\rlxffrx.exe92⤵
-
\??\c:\thbhhh.exec:\thbhhh.exe93⤵
-
\??\c:\3nnthb.exec:\3nnthb.exe94⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe95⤵
-
\??\c:\1pdjd.exec:\1pdjd.exe96⤵
-
\??\c:\rlrfrrx.exec:\rlrfrrx.exe97⤵
-
\??\c:\frxrfll.exec:\frxrfll.exe98⤵
-
\??\c:\fxflxxf.exec:\fxflxxf.exe99⤵
-
\??\c:\5hbhnh.exec:\5hbhnh.exe100⤵
-
\??\c:\nbtnhn.exec:\nbtnhn.exe101⤵
-
\??\c:\7jppd.exec:\7jppd.exe102⤵
-
\??\c:\pjppd.exec:\pjppd.exe103⤵
-
\??\c:\xrflrlr.exec:\xrflrlr.exe104⤵
-
\??\c:\xlxxflr.exec:\xlxxflr.exe105⤵
-
\??\c:\fxffxlr.exec:\fxffxlr.exe106⤵
-
\??\c:\bttbnt.exec:\bttbnt.exe107⤵
-
\??\c:\bnhhnt.exec:\bnhhnt.exe108⤵
-
\??\c:\pdppj.exec:\pdppj.exe109⤵
-
\??\c:\vppvv.exec:\vppvv.exe110⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe111⤵
-
\??\c:\xrffffl.exec:\xrffffl.exe112⤵
-
\??\c:\frxxlfl.exec:\frxxlfl.exe113⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe114⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe115⤵
-
\??\c:\5vjpv.exec:\5vjpv.exe116⤵
-
\??\c:\jvppv.exec:\jvppv.exe117⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe118⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe119⤵
-
\??\c:\frfflrf.exec:\frfflrf.exe120⤵
-
\??\c:\9ffxxxl.exec:\9ffxxxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-