Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/05/2024, 02:51
General
-
Target
96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
96cf1073e1fdaa134d1e12fad5a493c0
-
SHA1
24fcdae0065ddc8b7c3dbc6d1cdda9f5a433e956
-
SHA256
fdc5b000c41842926c4339fe20edd31b86f3cbd0ac4d93ab608338801bd37c0b
-
SHA512
7c8f4bb6124089b062ef45ecf5b78f7fdf76e43ea0804790973724322f094a07d231f5cd6697c3f9f5b4b075214e3d887677b4bb0a023fa314f6237302690961
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDI9Li:ymb3NkkiQ3mdBjFI9m
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 18 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\96cf1073e1fdaa134d1e12fad5a493c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvd.exec:\pvpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflrx.exec:\lfxflrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhh.exec:\thhhhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbbhn.exec:\btbbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvvv.exec:\9vvvv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflrflf.exec:\lflrflf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffrfx.exec:\fxffrfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhb.exec:\hbbbhb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpv.exec:\vpjpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjj.exec:\vpjjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rrxlrx.exec:\5rrxlrx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlllfr.exec:\lxlllfr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhbn.exec:\tbbhbn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdj.exec:\jdvdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrflr.exec:\xlxrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrrx.exec:\fxrfrrx.exe17⤵
- Executes dropped EXE
-
\??\c:\htnnht.exec:\htnnht.exe18⤵
- Executes dropped EXE
-
\??\c:\9jdpv.exec:\9jdpv.exe19⤵
- Executes dropped EXE
-
\??\c:\1pdvv.exec:\1pdvv.exe20⤵
- Executes dropped EXE
-
\??\c:\5xrxlfr.exec:\5xrxlfr.exe21⤵
- Executes dropped EXE
-
\??\c:\xlxxffl.exec:\xlxxffl.exe22⤵
- Executes dropped EXE
-
\??\c:\nbtbnn.exec:\nbtbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\hthhnn.exec:\hthhnn.exe24⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe25⤵
- Executes dropped EXE
-
\??\c:\xlxrffl.exec:\xlxrffl.exe26⤵
- Executes dropped EXE
-
\??\c:\xxllrfr.exec:\xxllrfr.exe27⤵
- Executes dropped EXE
-
\??\c:\hbnnhn.exec:\hbnnhn.exe28⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe29⤵
- Executes dropped EXE
-
\??\c:\3xlxxfl.exec:\3xlxxfl.exe30⤵
- Executes dropped EXE
-
\??\c:\btnhhh.exec:\btnhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhntb.exec:\nbhntb.exe32⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe33⤵
- Executes dropped EXE
-
\??\c:\lxlxflr.exec:\lxlxflr.exe34⤵
- Executes dropped EXE
-
\??\c:\1xlxllr.exec:\1xlxllr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbnhtb.exec:\hbnhtb.exe36⤵
- Executes dropped EXE
-
\??\c:\hthntt.exec:\hthntt.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe38⤵
- Executes dropped EXE
-
\??\c:\5djdd.exec:\5djdd.exe39⤵
- Executes dropped EXE
-
\??\c:\9xxfrfr.exec:\9xxfrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\rfflxxf.exec:\rfflxxf.exe41⤵
- Executes dropped EXE
-
\??\c:\nthhhb.exec:\nthhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnnbn.exec:\nbnnbn.exe43⤵
- Executes dropped EXE
-
\??\c:\nnhtth.exec:\nnhtth.exe44⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe45⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe46⤵
- Executes dropped EXE
-
\??\c:\rlrrxrx.exec:\rlrrxrx.exe47⤵
- Executes dropped EXE
-
\??\c:\7nbtnn.exec:\7nbtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe49⤵
- Executes dropped EXE
-
\??\c:\pddjp.exec:\pddjp.exe50⤵
- Executes dropped EXE
-
\??\c:\vddpd.exec:\vddpd.exe51⤵
- Executes dropped EXE
-
\??\c:\5lxxxff.exec:\5lxxxff.exe52⤵
- Executes dropped EXE
-
\??\c:\xfflxxf.exec:\xfflxxf.exe53⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe54⤵
- Executes dropped EXE
-
\??\c:\1bthbt.exec:\1bthbt.exe55⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe58⤵
- Executes dropped EXE
-
\??\c:\xxfllrl.exec:\xxfllrl.exe59⤵
- Executes dropped EXE
-
\??\c:\rlrxflr.exec:\rlrxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\9bbntt.exec:\9bbntt.exe61⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jppvp.exec:\jppvp.exe63⤵
- Executes dropped EXE
-
\??\c:\7ddjv.exec:\7ddjv.exe64⤵
- Executes dropped EXE
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe65⤵
- Executes dropped EXE
-
\??\c:\lrrrxxf.exec:\lrrrxxf.exe66⤵
-
\??\c:\bhbtbt.exec:\bhbtbt.exe67⤵
-
\??\c:\7vjjv.exec:\7vjjv.exe68⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe69⤵
-
\??\c:\3vvvp.exec:\3vvvp.exe70⤵
-
\??\c:\fffflll.exec:\fffflll.exe71⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe72⤵
-
\??\c:\htnnhh.exec:\htnnhh.exe73⤵
-
\??\c:\7bnhnn.exec:\7bnhnn.exe74⤵
-
\??\c:\pppjj.exec:\pppjj.exe75⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe76⤵
-
\??\c:\rflrxxl.exec:\rflrxxl.exe77⤵
-
\??\c:\5rxxfrx.exec:\5rxxfrx.exe78⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe79⤵
-
\??\c:\jvjjj.exec:\jvjjj.exe80⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe81⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe82⤵
-
\??\c:\xlrrllr.exec:\xlrrllr.exe83⤵
-
\??\c:\rlrflll.exec:\rlrflll.exe84⤵
-
\??\c:\nhbnht.exec:\nhbnht.exe85⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe86⤵
-
\??\c:\jjvvd.exec:\jjvvd.exe87⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe88⤵
-
\??\c:\3xlrflf.exec:\3xlrflf.exe89⤵
-
\??\c:\1rrxlfr.exec:\1rrxlfr.exe90⤵
-
\??\c:\9thhnt.exec:\9thhnt.exe91⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe92⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe93⤵
-
\??\c:\frllfff.exec:\frllfff.exe94⤵
-
\??\c:\frffffl.exec:\frffffl.exe95⤵
-
\??\c:\7flrrlr.exec:\7flrrlr.exe96⤵
-
\??\c:\tbhhhh.exec:\tbhhhh.exe97⤵
-
\??\c:\bnbnbh.exec:\bnbnbh.exe98⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe99⤵
-
\??\c:\1jpdj.exec:\1jpdj.exe100⤵
-
\??\c:\djddd.exec:\djddd.exe101⤵
-
\??\c:\lfrrxrx.exec:\lfrrxrx.exe102⤵
-
\??\c:\7lflrlr.exec:\7lflrlr.exe103⤵
-
\??\c:\9bbbnn.exec:\9bbbnn.exe104⤵
-
\??\c:\1nbhhn.exec:\1nbhhn.exe105⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe106⤵
-
\??\c:\5dpdd.exec:\5dpdd.exe107⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe108⤵
-
\??\c:\9frrxrr.exec:\9frrxrr.exe109⤵
-
\??\c:\lllxxxl.exec:\lllxxxl.exe110⤵
-
\??\c:\tnhbnn.exec:\tnhbnn.exe111⤵
-
\??\c:\vppvp.exec:\vppvp.exe112⤵
-
\??\c:\pdppv.exec:\pdppv.exe113⤵
-
\??\c:\lrfxlfl.exec:\lrfxlfl.exe114⤵
-
\??\c:\3fxfrlr.exec:\3fxfrlr.exe115⤵
-
\??\c:\9bhhbt.exec:\9bhhbt.exe116⤵
-
\??\c:\5hbtbn.exec:\5hbtbn.exe117⤵
-
\??\c:\vddpj.exec:\vddpj.exe118⤵
-
\??\c:\frflxxr.exec:\frflxxr.exe119⤵
-
\??\c:\rlrflrx.exec:\rlrflrx.exe120⤵
-
\??\c:\3tnnnn.exec:\3tnnnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-