Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
20-05-2024 00:50
General
-
Target
7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe
-
Size
77KB
-
MD5
7491c602491565c79401d5069cd1cc70
-
SHA1
59a4d7edb20fa7151d15bae83182b0fe6018fc40
-
SHA256
42661d71b8c18c6a0ff7816cd7b3debcee0bf04e01447149f7e4cf52a6e1a0c0
-
SHA512
8859ba0cca188eeb30010ed7f9a903b8bfb7d71025d5c685440a7ff2a60da0fe99e527f9e9bef7c2bb9c0ba0966ea5aa52cdf1e548947d818880760ea248b171
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAX8YieVIJclPvPJtcdcE:ymb3NkkiQ3mdBjFo68YBVIJc9JtxE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7491c602491565c79401d5069cd1cc70_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbth.exec:\nhtbth.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvv.exec:\vvjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtb.exec:\ttnhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhthh.exec:\nhhthh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjdj.exec:\ddjdj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lrxfrf.exec:\7lrxfrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnt.exec:\hbthnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvjd.exec:\jjvjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrfllf.exec:\lfrfllf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfxrxxl.exec:\xfxrxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdjj.exec:\9pdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3llxxrf.exec:\3llxxrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbhbh.exec:\hhbhbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvd.exec:\pjjvd.exe17⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe18⤵
- Executes dropped EXE
-
\??\c:\lxxlflf.exec:\lxxlflf.exe19⤵
- Executes dropped EXE
-
\??\c:\fxllrxr.exec:\fxllrxr.exe20⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe22⤵
- Executes dropped EXE
-
\??\c:\lxrfrxr.exec:\lxrfrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\7nbhtb.exec:\7nbhtb.exe24⤵
- Executes dropped EXE
-
\??\c:\nhntbb.exec:\nhntbb.exe25⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjvd.exec:\vpjvd.exe27⤵
- Executes dropped EXE
-
\??\c:\fxffrxl.exec:\fxffrxl.exe28⤵
- Executes dropped EXE
-
\??\c:\bhtnht.exec:\bhtnht.exe29⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\3jjjp.exec:\3jjjp.exe31⤵
- Executes dropped EXE
-
\??\c:\lrxfxfr.exec:\lrxfxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe33⤵
- Executes dropped EXE
-
\??\c:\tnbttb.exec:\tnbttb.exe34⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe35⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe36⤵
- Executes dropped EXE
-
\??\c:\5fxrxfl.exec:\5fxrxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\lfxxxxf.exec:\lfxxxxf.exe38⤵
- Executes dropped EXE
-
\??\c:\9nhtnt.exec:\9nhtnt.exe39⤵
- Executes dropped EXE
-
\??\c:\5vpdp.exec:\5vpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe41⤵
- Executes dropped EXE
-
\??\c:\rlflrxf.exec:\rlflrxf.exe42⤵
- Executes dropped EXE
-
\??\c:\lfxrffr.exec:\lfxrffr.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe44⤵
- Executes dropped EXE
-
\??\c:\nhnntt.exec:\nhnntt.exe45⤵
- Executes dropped EXE
-
\??\c:\jdpvp.exec:\jdpvp.exe46⤵
- Executes dropped EXE
-
\??\c:\7jjpv.exec:\7jjpv.exe47⤵
- Executes dropped EXE
-
\??\c:\rlrfrrr.exec:\rlrfrrr.exe48⤵
- Executes dropped EXE
-
\??\c:\rrrrxxf.exec:\rrrrxxf.exe49⤵
- Executes dropped EXE
-
\??\c:\9thnbh.exec:\9thnbh.exe50⤵
- Executes dropped EXE
-
\??\c:\btthnt.exec:\btthnt.exe51⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe52⤵
- Executes dropped EXE
-
\??\c:\5pjpv.exec:\5pjpv.exe53⤵
- Executes dropped EXE
-
\??\c:\flffxfr.exec:\flffxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\llxlffx.exec:\llxlffx.exe55⤵
- Executes dropped EXE
-
\??\c:\3thnbn.exec:\3thnbn.exe56⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe57⤵
- Executes dropped EXE
-
\??\c:\1vpdp.exec:\1vpdp.exe58⤵
- Executes dropped EXE
-
\??\c:\5vppv.exec:\5vppv.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrflrl.exec:\rlrflrl.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrxfrx.exec:\xxrxfrx.exe61⤵
- Executes dropped EXE
-
\??\c:\9nbhnb.exec:\9nbhnb.exe62⤵
- Executes dropped EXE
-
\??\c:\nhbbth.exec:\nhbbth.exe63⤵
- Executes dropped EXE
-
\??\c:\1dvdp.exec:\1dvdp.exe64⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\xxflrfr.exec:\xxflrfr.exe66⤵
-
\??\c:\hhthhh.exec:\hhthhh.exe67⤵
-
\??\c:\bbhbbh.exec:\bbhbbh.exe68⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe69⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe70⤵
-
\??\c:\xlflxxx.exec:\xlflxxx.exe71⤵
-
\??\c:\xxlfxlx.exec:\xxlfxlx.exe72⤵
-
\??\c:\3hthbn.exec:\3hthbn.exe73⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe74⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe75⤵
-
\??\c:\3fxllrf.exec:\3fxllrf.exe76⤵
-
\??\c:\fxrllxl.exec:\fxrllxl.exe77⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe78⤵
-
\??\c:\tnnhhn.exec:\tnnhhn.exe79⤵
-
\??\c:\ddpvd.exec:\ddpvd.exe80⤵
-
\??\c:\3djvv.exec:\3djvv.exe81⤵
-
\??\c:\3rffffl.exec:\3rffffl.exe82⤵
-
\??\c:\7rlfrrx.exec:\7rlfrrx.exe83⤵
-
\??\c:\nbnnnt.exec:\nbnnnt.exe84⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe85⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe86⤵
-
\??\c:\frllrll.exec:\frllrll.exe87⤵
-
\??\c:\xrfllrx.exec:\xrfllrx.exe88⤵
-
\??\c:\bbthbn.exec:\bbthbn.exe89⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe90⤵
-
\??\c:\jdppv.exec:\jdppv.exe91⤵
-
\??\c:\jvddj.exec:\jvddj.exe92⤵
-
\??\c:\5rfllxr.exec:\5rfllxr.exe93⤵
-
\??\c:\llxfxxr.exec:\llxfxxr.exe94⤵
-
\??\c:\btthbh.exec:\btthbh.exe95⤵
-
\??\c:\pppdj.exec:\pppdj.exe96⤵
-
\??\c:\5pppj.exec:\5pppj.exe97⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe98⤵
-
\??\c:\lxlrrxf.exec:\lxlrrxf.exe99⤵
-
\??\c:\9fxfflr.exec:\9fxfflr.exe100⤵
-
\??\c:\btnbtt.exec:\btnbtt.exe101⤵
-
\??\c:\5pjvv.exec:\5pjvv.exe102⤵
-
\??\c:\ppdpp.exec:\ppdpp.exe103⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe104⤵
-
\??\c:\frxxxxr.exec:\frxxxxr.exe105⤵
-
\??\c:\xlxfrrx.exec:\xlxfrrx.exe106⤵
-
\??\c:\1nbbhn.exec:\1nbbhn.exe107⤵
-
\??\c:\5hnbhh.exec:\5hnbhh.exe108⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe109⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe110⤵
-
\??\c:\fxxrxxf.exec:\fxxrxxf.exe111⤵
-
\??\c:\rlfxflr.exec:\rlfxflr.exe112⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe113⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe114⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe115⤵
-
\??\c:\vjpvv.exec:\vjpvv.exe116⤵
-
\??\c:\xrfxffl.exec:\xrfxffl.exe117⤵
-
\??\c:\fllxfxx.exec:\fllxfxx.exe118⤵
-
\??\c:\tnbtbn.exec:\tnbtbn.exe119⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe120⤵
-
\??\c:\dvvjp.exec:\dvvjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-