Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19/05/2024, 21:57
General
-
Target
44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe
-
Size
94KB
-
MD5
44dd4a993028693f9c236f5fa473b3e0
-
SHA1
c005759f054200c21cc8347c5ea81bf0a0bad2ef
-
SHA256
fe8e9c1f002320cfdd77d161f1623a8198d88611d869e3b1f557a376a21e8580
-
SHA512
bdcd83153cdc34d20162686b1f5bc6086c3e0e3f023dc8e273181c82048b9961e28e0a3e6f1e91261a60ad80ba3fc547f78b5a7cb4eb5c79414a543c32dbb3e4
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQY:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\44dd4a993028693f9c236f5fa473b3e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxfllr.exec:\3xxfllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbht.exec:\hbnbht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpj.exec:\vjdpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fllllll.exec:\fllllll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbbt.exec:\hnbbbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxfxr.exec:\ffxxfxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhhb.exec:\nhnhhb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdj.exec:\9dvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfrrx.exec:\5xxfrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthh.exec:\bbnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntntt.exec:\tntntt.exe17⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe18⤵
- Executes dropped EXE
-
\??\c:\xxlxrlf.exec:\xxlxrlf.exe19⤵
- Executes dropped EXE
-
\??\c:\3thbnn.exec:\3thbnn.exe20⤵
- Executes dropped EXE
-
\??\c:\7vjjp.exec:\7vjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe22⤵
- Executes dropped EXE
-
\??\c:\7lfflrx.exec:\7lfflrx.exe23⤵
- Executes dropped EXE
-
\??\c:\1rflxxf.exec:\1rflxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\3tnbnb.exec:\3tnbnb.exe25⤵
- Executes dropped EXE
-
\??\c:\hhtnth.exec:\hhtnth.exe26⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe27⤵
- Executes dropped EXE
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe28⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\5djpj.exec:\5djpj.exe30⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe31⤵
- Executes dropped EXE
-
\??\c:\lxfxrff.exec:\lxfxrff.exe32⤵
- Executes dropped EXE
-
\??\c:\btthth.exec:\btthth.exe33⤵
- Executes dropped EXE
-
\??\c:\ppjdv.exec:\ppjdv.exe34⤵
- Executes dropped EXE
-
\??\c:\9lllfrf.exec:\9lllfrf.exe35⤵
- Executes dropped EXE
-
\??\c:\xlfxffl.exec:\xlfxffl.exe36⤵
-
\??\c:\nhtnbh.exec:\nhtnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhbhn.exec:\hbhbhn.exe38⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe39⤵
- Executes dropped EXE
-
\??\c:\llxxrxf.exec:\llxxrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\xfllflx.exec:\xfllflx.exe41⤵
- Executes dropped EXE
-
\??\c:\hbhtbh.exec:\hbhtbh.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhhtb.exec:\nnhhtb.exe43⤵
- Executes dropped EXE
-
\??\c:\djdvv.exec:\djdvv.exe44⤵
- Executes dropped EXE
-
\??\c:\xflffff.exec:\xflffff.exe45⤵
- Executes dropped EXE
-
\??\c:\3ffrfrr.exec:\3ffrfrr.exe46⤵
- Executes dropped EXE
-
\??\c:\tttnbn.exec:\tttnbn.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\dppvj.exec:\dppvj.exe49⤵
- Executes dropped EXE
-
\??\c:\xrrlffx.exec:\xrrlffx.exe50⤵
- Executes dropped EXE
-
\??\c:\3fflrrl.exec:\3fflrrl.exe51⤵
- Executes dropped EXE
-
\??\c:\3hnnnn.exec:\3hnnnn.exe52⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe53⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxrrlfx.exec:\lxrrlfx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxxfxlx.exec:\fxxfxlx.exe56⤵
- Executes dropped EXE
-
\??\c:\3nhhnn.exec:\3nhhnn.exe57⤵
- Executes dropped EXE
-
\??\c:\tnttth.exec:\tnttth.exe58⤵
- Executes dropped EXE
-
\??\c:\3jvjd.exec:\3jvjd.exe59⤵
- Executes dropped EXE
-
\??\c:\7rrfrfx.exec:\7rrfrfx.exe60⤵
- Executes dropped EXE
-
\??\c:\3rlllrx.exec:\3rlllrx.exe61⤵
- Executes dropped EXE
-
\??\c:\bhbnth.exec:\bhbnth.exe62⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\7jvvv.exec:\7jvvv.exe65⤵
- Executes dropped EXE
-
\??\c:\9llxrrf.exec:\9llxrrf.exe66⤵
- Executes dropped EXE
-
\??\c:\5lflxfr.exec:\5lflxfr.exe67⤵
-
\??\c:\tnhtbn.exec:\tnhtbn.exe68⤵
-
\??\c:\bbtnnb.exec:\bbtnnb.exe69⤵
-
\??\c:\djdjv.exec:\djdjv.exe70⤵
-
\??\c:\3pdjp.exec:\3pdjp.exe71⤵
-
\??\c:\3rlxflx.exec:\3rlxflx.exe72⤵
-
\??\c:\7rlllxf.exec:\7rlllxf.exe73⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe74⤵
-
\??\c:\1ttthh.exec:\1ttthh.exe75⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe76⤵
-
\??\c:\rrxrxfx.exec:\rrxrxfx.exe77⤵
-
\??\c:\xxrfrxr.exec:\xxrfrxr.exe78⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe79⤵
-
\??\c:\tthhhn.exec:\tthhhn.exe80⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe81⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe82⤵
-
\??\c:\xrxxlrx.exec:\xrxxlrx.exe83⤵
-
\??\c:\lrlrlll.exec:\lrlrlll.exe84⤵
-
\??\c:\nhnhbh.exec:\nhnhbh.exe85⤵
-
\??\c:\pvvvd.exec:\pvvvd.exe86⤵
-
\??\c:\7pdvv.exec:\7pdvv.exe87⤵
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe88⤵
-
\??\c:\llxfxlf.exec:\llxfxlf.exe89⤵
-
\??\c:\hbtnht.exec:\hbtnht.exe90⤵
-
\??\c:\dpjdv.exec:\dpjdv.exe91⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe92⤵
-
\??\c:\fxffllr.exec:\fxffllr.exe93⤵
-
\??\c:\xrlxfrl.exec:\xrlxfrl.exe94⤵
-
\??\c:\hnnbhb.exec:\hnnbhb.exe95⤵
-
\??\c:\bhnbbn.exec:\bhnbbn.exe96⤵
-
\??\c:\pppvd.exec:\pppvd.exe97⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe98⤵
-
\??\c:\fffrlfx.exec:\fffrlfx.exe99⤵
-
\??\c:\1rlxflr.exec:\1rlxflr.exe100⤵
-
\??\c:\nhtnht.exec:\nhtnht.exe101⤵
-
\??\c:\hntbbn.exec:\hntbbn.exe102⤵
-
\??\c:\5ppvp.exec:\5ppvp.exe103⤵
-
\??\c:\ppvjj.exec:\ppvjj.exe104⤵
-
\??\c:\1frflxr.exec:\1frflxr.exe105⤵
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe106⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe107⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe108⤵
-
\??\c:\1jjvd.exec:\1jjvd.exe109⤵
-
\??\c:\rrllxlx.exec:\rrllxlx.exe110⤵
-
\??\c:\lrllxlr.exec:\lrllxlr.exe111⤵
-
\??\c:\5nhhnt.exec:\5nhhnt.exe112⤵
-
\??\c:\djdpv.exec:\djdpv.exe113⤵
-
\??\c:\rlfrrxl.exec:\rlfrrxl.exe114⤵
-
\??\c:\lxfflff.exec:\lxfflff.exe115⤵
-
\??\c:\bhnntt.exec:\bhnntt.exe116⤵
-
\??\c:\3nhhnn.exec:\3nhhnn.exe117⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe118⤵
-
\??\c:\1vppv.exec:\1vppv.exe119⤵
-
\??\c:\flrflxr.exec:\flrflxr.exe120⤵
-
\??\c:\xrlrflf.exec:\xrlrflf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-