Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/05/2024, 00:05
General
-
Target
671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe
-
Size
393KB
-
MD5
671d108f79163b0bd9ae03da5e9239e0
-
SHA1
7b334ea6a8274899bfed7833f84d4903515289fe
-
SHA256
80e7a0cfbece452df0f557fde6101df26f6be93f8a761f2e4099036e5139ddf1
-
SHA512
436e8e1cc8f2854f0ce5c5e6cd143596454a63b45a255c12e6c4de85ddc34a916641bc92133c344e120d36e7075e5455be8e2bd688f4bf382879103f209297a9
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRt:m7TcJWjdpKGATTk/jYIOWN/KnnPe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\671d108f79163b0bd9ae03da5e9239e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxxllx.exec:\1xxxllx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhtt.exec:\hbbhtt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflrrx.exec:\frflrrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6262420.exec:\6262420.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbnh.exec:\thtbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbb.exec:\bbbhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22062.exec:\22062.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0822884.exec:\0822884.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntbt.exec:\thntbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rflllr.exec:\3rflllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhtt.exec:\9hbhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0428462.exec:\0428462.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5htbnn.exec:\5htbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffllr.exec:\9fffllr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnh.exec:\tnnhnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\486244.exec:\486244.exe17⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe18⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\0862402.exec:\0862402.exe20⤵
- Executes dropped EXE
-
\??\c:\0826688.exec:\0826688.exe21⤵
- Executes dropped EXE
-
\??\c:\4644402.exec:\4644402.exe22⤵
- Executes dropped EXE
-
\??\c:\nnhtnt.exec:\nnhtnt.exe23⤵
- Executes dropped EXE
-
\??\c:\btntnh.exec:\btntnh.exe24⤵
- Executes dropped EXE
-
\??\c:\8240220.exec:\8240220.exe25⤵
- Executes dropped EXE
-
\??\c:\44246.exec:\44246.exe26⤵
- Executes dropped EXE
-
\??\c:\9bnntn.exec:\9bnntn.exe27⤵
- Executes dropped EXE
-
\??\c:\8200848.exec:\8200848.exe28⤵
- Executes dropped EXE
-
\??\c:\60624.exec:\60624.exe29⤵
- Executes dropped EXE
-
\??\c:\2684062.exec:\2684062.exe30⤵
- Executes dropped EXE
-
\??\c:\8684668.exec:\8684668.exe31⤵
- Executes dropped EXE
-
\??\c:\m6624.exec:\m6624.exe32⤵
- Executes dropped EXE
-
\??\c:\3lflrfr.exec:\3lflrfr.exe33⤵
- Executes dropped EXE
-
\??\c:\86068.exec:\86068.exe34⤵
- Executes dropped EXE
-
\??\c:\9dvvd.exec:\9dvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\xrlllrf.exec:\xrlllrf.exe36⤵
- Executes dropped EXE
-
\??\c:\a0448.exec:\a0448.exe37⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe38⤵
- Executes dropped EXE
-
\??\c:\62866.exec:\62866.exe39⤵
- Executes dropped EXE
-
\??\c:\04880.exec:\04880.exe40⤵
- Executes dropped EXE
-
\??\c:\thnbhh.exec:\thnbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\ddppp.exec:\ddppp.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhhhh.exec:\tnhhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\624242.exec:\624242.exe44⤵
- Executes dropped EXE
-
\??\c:\420628.exec:\420628.exe45⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe46⤵
- Executes dropped EXE
-
\??\c:\vjjjj.exec:\vjjjj.exe47⤵
- Executes dropped EXE
-
\??\c:\w08400.exec:\w08400.exe48⤵
- Executes dropped EXE
-
\??\c:\rlxxffr.exec:\rlxxffr.exe49⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe50⤵
- Executes dropped EXE
-
\??\c:\9pjjp.exec:\9pjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\w64060.exec:\w64060.exe52⤵
- Executes dropped EXE
-
\??\c:\tnhthh.exec:\tnhthh.exe53⤵
- Executes dropped EXE
-
\??\c:\nhthnn.exec:\nhthnn.exe54⤵
- Executes dropped EXE
-
\??\c:\lfflxxr.exec:\lfflxxr.exe55⤵
- Executes dropped EXE
-
\??\c:\8262440.exec:\8262440.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\202240.exec:\202240.exe58⤵
- Executes dropped EXE
-
\??\c:\rrrfrxr.exec:\rrrfrxr.exe59⤵
- Executes dropped EXE
-
\??\c:\44886.exec:\44886.exe60⤵
- Executes dropped EXE
-
\??\c:\m6840.exec:\m6840.exe61⤵
- Executes dropped EXE
-
\??\c:\86468.exec:\86468.exe62⤵
- Executes dropped EXE
-
\??\c:\g0806.exec:\g0806.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe64⤵
- Executes dropped EXE
-
\??\c:\442806.exec:\442806.exe65⤵
- Executes dropped EXE
-
\??\c:\7lflffl.exec:\7lflffl.exe66⤵
-
\??\c:\04242.exec:\04242.exe67⤵
-
\??\c:\dvppv.exec:\dvppv.exe68⤵
-
\??\c:\2084840.exec:\2084840.exe69⤵
-
\??\c:\0084668.exec:\0084668.exe70⤵
-
\??\c:\824024.exec:\824024.exe71⤵
-
\??\c:\08062.exec:\08062.exe72⤵
-
\??\c:\48884.exec:\48884.exe73⤵
-
\??\c:\hbnthb.exec:\hbnthb.exe74⤵
-
\??\c:\1pddv.exec:\1pddv.exe75⤵
-
\??\c:\2206224.exec:\2206224.exe76⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe77⤵
-
\??\c:\60408.exec:\60408.exe78⤵
-
\??\c:\822800.exec:\822800.exe79⤵
-
\??\c:\1hhtbh.exec:\1hhtbh.exe80⤵
-
\??\c:\822480.exec:\822480.exe81⤵
-
\??\c:\ththnn.exec:\ththnn.exe82⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe83⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe84⤵
-
\??\c:\2202844.exec:\2202844.exe85⤵
-
\??\c:\02002.exec:\02002.exe86⤵
-
\??\c:\xllrrlx.exec:\xllrrlx.exe87⤵
-
\??\c:\a4662.exec:\a4662.exe88⤵
-
\??\c:\pjddj.exec:\pjddj.exe89⤵
-
\??\c:\m4804.exec:\m4804.exe90⤵
-
\??\c:\c460068.exec:\c460068.exe91⤵
-
\??\c:\tbbtth.exec:\tbbtth.exe92⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe93⤵
-
\??\c:\fxlrrrr.exec:\fxlrrrr.exe94⤵
-
\??\c:\602800.exec:\602800.exe95⤵
-
\??\c:\e80066.exec:\e80066.exe96⤵
-
\??\c:\2640664.exec:\2640664.exe97⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe98⤵
-
\??\c:\4462464.exec:\4462464.exe99⤵
-
\??\c:\2622446.exec:\2622446.exe100⤵
-
\??\c:\5pdpd.exec:\5pdpd.exe101⤵
-
\??\c:\k42800.exec:\k42800.exe102⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe103⤵
-
\??\c:\s8804.exec:\s8804.exe104⤵
-
\??\c:\608028.exec:\608028.exe105⤵
-
\??\c:\btbhbh.exec:\btbhbh.exe106⤵
-
\??\c:\w86240.exec:\w86240.exe107⤵
-
\??\c:\e66222.exec:\e66222.exe108⤵
-
\??\c:\7bnnnb.exec:\7bnnnb.exe109⤵
-
\??\c:\i268008.exec:\i268008.exe110⤵
-
\??\c:\tttbhn.exec:\tttbhn.exe111⤵
-
\??\c:\440204.exec:\440204.exe112⤵
-
\??\c:\42402.exec:\42402.exe113⤵
-
\??\c:\24824.exec:\24824.exe114⤵
-
\??\c:\484084.exec:\484084.exe115⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe116⤵
-
\??\c:\682062.exec:\682062.exe117⤵
-
\??\c:\htnbhh.exec:\htnbhh.exe118⤵
-
\??\c:\64684.exec:\64684.exe119⤵
-
\??\c:\3btbbb.exec:\3btbbb.exe120⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-