Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/05/2024, 01:29
General
-
Target
80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe
-
Size
335KB
-
MD5
80257122a6603984ef181ced2c319de0
-
SHA1
4af3abb2282bf969fcb828fef1a7f53bf2e81607
-
SHA256
74e36c3d155db76f3e7c112c6d99f4dd8b5f9e96b7bd13f1853468178fb352a7
-
SHA512
39af7195744fe0aae40e64d84a5f671299e029724a29d531ec6dffc5d013566ac8becada59cf07c318ab83ee3ad1a1a9787d488ca605099cc7b828fe62ac481a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp99zm+/KZBHqnuOeHzmB600TUA6Z7zupc+BE:n3C9BRo7tvnJ99T/KZEuOod00TG+BE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\80257122a6603984ef181ced2c319de0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvd.exec:\pdjvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfflrx.exec:\rrfflrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrflr.exec:\lfrrflr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbnn.exec:\tnbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddj.exec:\dpddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvj.exec:\pjpvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrffrx.exec:\xlrffrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthhb.exec:\tnthhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bhttt.exec:\3bhttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpp.exec:\ppjpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7fxfffl.exec:\7fxfffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxfxlx.exec:\frxfxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhnt.exec:\thhhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pvdv.exec:\1pvdv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdj.exec:\jvjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxrxr.exec:\rfrxrxr.exe17⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe18⤵
- Executes dropped EXE
-
\??\c:\5djvv.exec:\5djvv.exe19⤵
- Executes dropped EXE
-
\??\c:\jvpvd.exec:\jvpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\3lxrrlr.exec:\3lxrrlr.exe21⤵
- Executes dropped EXE
-
\??\c:\xrffrxf.exec:\xrffrxf.exe22⤵
- Executes dropped EXE
-
\??\c:\9tbbhn.exec:\9tbbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe24⤵
- Executes dropped EXE
-
\??\c:\1rrfxxr.exec:\1rrfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\3hnbth.exec:\3hnbth.exe26⤵
- Executes dropped EXE
-
\??\c:\hhbhnn.exec:\hhbhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\1vjpp.exec:\1vjpp.exe28⤵
- Executes dropped EXE
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhtbh.exec:\nnhtbh.exe30⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe31⤵
- Executes dropped EXE
-
\??\c:\lxxxxfr.exec:\lxxxxfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bnttht.exec:\bnttht.exe33⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe34⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe35⤵
- Executes dropped EXE
-
\??\c:\frflxxl.exec:\frflxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\5ntttt.exec:\5ntttt.exe37⤵
- Executes dropped EXE
-
\??\c:\nbbhnn.exec:\nbbhnn.exe38⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe39⤵
- Executes dropped EXE
-
\??\c:\7xlrlll.exec:\7xlrlll.exe40⤵
- Executes dropped EXE
-
\??\c:\htbbhh.exec:\htbbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe43⤵
- Executes dropped EXE
-
\??\c:\3frrrrf.exec:\3frrrrf.exe44⤵
- Executes dropped EXE
-
\??\c:\3llxrxl.exec:\3llxrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbbhb.exec:\hbbbhb.exe46⤵
- Executes dropped EXE
-
\??\c:\1hbtnh.exec:\1hbtnh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe48⤵
- Executes dropped EXE
-
\??\c:\rlllflx.exec:\rlllflx.exe49⤵
- Executes dropped EXE
-
\??\c:\btthbh.exec:\btthbh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\1jjvv.exec:\1jjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\3vvvv.exec:\3vvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\1rlrfxf.exec:\1rlrfxf.exe54⤵
- Executes dropped EXE
-
\??\c:\5xllxll.exec:\5xllxll.exe55⤵
- Executes dropped EXE
-
\??\c:\bththb.exec:\bththb.exe56⤵
- Executes dropped EXE
-
\??\c:\1jvvv.exec:\1jvvv.exe57⤵
- Executes dropped EXE
-
\??\c:\jvddd.exec:\jvddd.exe58⤵
- Executes dropped EXE
-
\??\c:\frfrlfr.exec:\frfrlfr.exe59⤵
- Executes dropped EXE
-
\??\c:\fxfflrf.exec:\fxfflrf.exe60⤵
- Executes dropped EXE
-
\??\c:\tnbttb.exec:\tnbttb.exe61⤵
- Executes dropped EXE
-
\??\c:\pdvpv.exec:\pdvpv.exe62⤵
- Executes dropped EXE
-
\??\c:\3dpvj.exec:\3dpvj.exe63⤵
- Executes dropped EXE
-
\??\c:\3rffrrx.exec:\3rffrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\btntbh.exec:\btntbh.exe65⤵
- Executes dropped EXE
-
\??\c:\thhnnb.exec:\thhnnb.exe66⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe67⤵
-
\??\c:\xrxxlfr.exec:\xrxxlfr.exe68⤵
-
\??\c:\lrxxfff.exec:\lrxxfff.exe69⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe70⤵
-
\??\c:\9nnthn.exec:\9nnthn.exe71⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe72⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe73⤵
-
\??\c:\fxlxlrl.exec:\fxlxlrl.exe74⤵
-
\??\c:\3ttttb.exec:\3ttttb.exe75⤵
-
\??\c:\nbnntb.exec:\nbnntb.exe76⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe77⤵
-
\??\c:\jvddv.exec:\jvddv.exe78⤵
-
\??\c:\llxrrrf.exec:\llxrrrf.exe79⤵
-
\??\c:\frflrrf.exec:\frflrrf.exe80⤵
-
\??\c:\bthbth.exec:\bthbth.exe81⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe82⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe83⤵
-
\??\c:\fllfxlf.exec:\fllfxlf.exe84⤵
-
\??\c:\lrlxlfl.exec:\lrlxlfl.exe85⤵
-
\??\c:\bhtnbb.exec:\bhtnbb.exe86⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe87⤵
-
\??\c:\1dddd.exec:\1dddd.exe88⤵
-
\??\c:\3lrrxrr.exec:\3lrrxrr.exe89⤵
-
\??\c:\ntbbnn.exec:\ntbbnn.exe90⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe91⤵
-
\??\c:\3dppp.exec:\3dppp.exe92⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe93⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe94⤵
-
\??\c:\3nbhnt.exec:\3nbhnt.exe95⤵
-
\??\c:\bnthhb.exec:\bnthhb.exe96⤵
-
\??\c:\djvpd.exec:\djvpd.exe97⤵
-
\??\c:\9xlrxxl.exec:\9xlrxxl.exe98⤵
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe99⤵
-
\??\c:\nhhthn.exec:\nhhthn.exe100⤵
-
\??\c:\tthttt.exec:\tthttt.exe101⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe102⤵
-
\??\c:\pvjjp.exec:\pvjjp.exe103⤵
-
\??\c:\flxlffl.exec:\flxlffl.exe104⤵
-
\??\c:\rlfxrxx.exec:\rlfxrxx.exe105⤵
-
\??\c:\nhbbnn.exec:\nhbbnn.exe106⤵
-
\??\c:\1nhnbn.exec:\1nhnbn.exe107⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe108⤵
-
\??\c:\9vjjv.exec:\9vjjv.exe109⤵
-
\??\c:\xrxflxl.exec:\xrxflxl.exe110⤵
-
\??\c:\nnhttb.exec:\nnhttb.exe111⤵
-
\??\c:\3nbnbh.exec:\3nbnbh.exe112⤵
-
\??\c:\hbnttt.exec:\hbnttt.exe113⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe114⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe115⤵
-
\??\c:\rlrlrrx.exec:\rlrlrrx.exe116⤵
-
\??\c:\7bbhbb.exec:\7bbhbb.exe117⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe118⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe119⤵
-
\??\c:\vpdpv.exec:\vpdpv.exe120⤵
-
\??\c:\fxfxflr.exec:\fxfxflr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-