Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20/05/2024, 07:35
General
-
Target
d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe
-
Size
64KB
-
MD5
d38573a15be7abde854f49ac976ad280
-
SHA1
957cf4f1f928e4fecd75b4b73e35a031930d55bf
-
SHA256
b8f821774c575f933a31879f6489a0ab71680c162248bbdd8b02b9f708041c6e
-
SHA512
0373dc23ff8278cf935abbc1104293befb6a3270e1f02f8514b49ff84bd8396f47d5de82a5707d020b0ae69259b038dec2e18a9a88c54e53b2be5251aefb6d3d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUuYp+5C8+Luvf:ymb3NkkiQ3mdBjF0yMlc
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d38573a15be7abde854f49ac976ad280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrlxr.exec:\rrlrlxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnht.exec:\tnhnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxlrrl.exec:\lrxlrrl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffxfl.exec:\xrffxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnnbb.exec:\bnnnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjvv.exec:\pvjvv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfxxxf.exec:\llfxxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhbtn.exec:\tbhbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvpj.exec:\vdvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflff.exec:\lfxflff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbttn.exec:\ntbttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhtb.exec:\btbhtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpvd.exec:\pvpvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxllxr.exec:\rlxllxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnht.exec:\bhbnht.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdj.exec:\pjvdj.exe17⤵
- Executes dropped EXE
-
\??\c:\djpdv.exec:\djpdv.exe18⤵
- Executes dropped EXE
-
\??\c:\xrfxrxl.exec:\xrfxrxl.exe19⤵
- Executes dropped EXE
-
\??\c:\9hnhbh.exec:\9hnhbh.exe20⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe21⤵
- Executes dropped EXE
-
\??\c:\vpdpv.exec:\vpdpv.exe22⤵
- Executes dropped EXE
-
\??\c:\rxfrlfr.exec:\rxfrlfr.exe23⤵
- Executes dropped EXE
-
\??\c:\tbhbnt.exec:\tbhbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\hthbbh.exec:\hthbbh.exe25⤵
- Executes dropped EXE
-
\??\c:\9jjjp.exec:\9jjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtbtn.exec:\nbtbtn.exe28⤵
- Executes dropped EXE
-
\??\c:\hbttbh.exec:\hbttbh.exe29⤵
- Executes dropped EXE
-
\??\c:\7pjpd.exec:\7pjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\ppdvd.exec:\ppdvd.exe31⤵
- Executes dropped EXE
-
\??\c:\7fxxffr.exec:\7fxxffr.exe32⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe33⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe34⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvdp.exec:\vvvdp.exe36⤵
- Executes dropped EXE
-
\??\c:\5nnnbh.exec:\5nnnbh.exe37⤵
- Executes dropped EXE
-
\??\c:\thttnn.exec:\thttnn.exe38⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe39⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe40⤵
- Executes dropped EXE
-
\??\c:\9xrffrr.exec:\9xrffrr.exe41⤵
- Executes dropped EXE
-
\??\c:\rrllrxl.exec:\rrllrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\tnnnth.exec:\tnnnth.exe43⤵
- Executes dropped EXE
-
\??\c:\bbnnhn.exec:\bbnnhn.exe44⤵
- Executes dropped EXE
-
\??\c:\djjdp.exec:\djjdp.exe45⤵
- Executes dropped EXE
-
\??\c:\5lfllxr.exec:\5lfllxr.exe46⤵
- Executes dropped EXE
-
\??\c:\bbhthh.exec:\bbhthh.exe47⤵
- Executes dropped EXE
-
\??\c:\bbbtnn.exec:\bbbtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\7pdjp.exec:\7pdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\9jvjp.exec:\9jvjp.exe50⤵
- Executes dropped EXE
-
\??\c:\lxlffxf.exec:\lxlffxf.exe51⤵
- Executes dropped EXE
-
\??\c:\xlllfxl.exec:\xlllfxl.exe52⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjjj.exec:\ddjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe55⤵
- Executes dropped EXE
-
\??\c:\lfrrrxl.exec:\lfrrrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\3fxlrxr.exec:\3fxlrxr.exe57⤵
- Executes dropped EXE
-
\??\c:\nntnnb.exec:\nntnnb.exe58⤵
- Executes dropped EXE
-
\??\c:\ttnttb.exec:\ttnttb.exe59⤵
- Executes dropped EXE
-
\??\c:\vppdv.exec:\vppdv.exe60⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe61⤵
- Executes dropped EXE
-
\??\c:\9lfxlll.exec:\9lfxlll.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlxxxf.exec:\xxlxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnntn.exec:\hbnntn.exe64⤵
- Executes dropped EXE
-
\??\c:\3nhthn.exec:\3nhthn.exe65⤵
- Executes dropped EXE
-
\??\c:\djvvj.exec:\djvvj.exe66⤵
-
\??\c:\5jdjv.exec:\5jdjv.exe67⤵
-
\??\c:\fxlrrrl.exec:\fxlrrrl.exe68⤵
-
\??\c:\xrlxrrx.exec:\xrlxrrx.exe69⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe70⤵
-
\??\c:\bbtbnh.exec:\bbtbnh.exe71⤵
-
\??\c:\vdpjp.exec:\vdpjp.exe72⤵
-
\??\c:\1rrrxxx.exec:\1rrrxxx.exe73⤵
-
\??\c:\rrfrllx.exec:\rrfrllx.exe74⤵
-
\??\c:\hntnbb.exec:\hntnbb.exe75⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe76⤵
-
\??\c:\dppjp.exec:\dppjp.exe77⤵
-
\??\c:\ddjpj.exec:\ddjpj.exe78⤵
-
\??\c:\flxxrlx.exec:\flxxrlx.exe79⤵
-
\??\c:\btbhtt.exec:\btbhtt.exe80⤵
-
\??\c:\hbnntb.exec:\hbnntb.exe81⤵
-
\??\c:\vjjvj.exec:\vjjvj.exe82⤵
-
\??\c:\5fxfrrr.exec:\5fxfrrr.exe83⤵
-
\??\c:\flxrllr.exec:\flxrllr.exe84⤵
-
\??\c:\bntbbt.exec:\bntbbt.exe85⤵
-
\??\c:\djvdj.exec:\djvdj.exe86⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe87⤵
-
\??\c:\lfffrrr.exec:\lfffrrr.exe88⤵
-
\??\c:\xlxxffl.exec:\xlxxffl.exe89⤵
-
\??\c:\5nnbhh.exec:\5nnbhh.exe90⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe91⤵
-
\??\c:\djvvd.exec:\djvvd.exe92⤵
-
\??\c:\xfffllf.exec:\xfffllf.exe93⤵
-
\??\c:\lrlxlxf.exec:\lrlxlxf.exe94⤵
-
\??\c:\hnhbbt.exec:\hnhbbt.exe95⤵
-
\??\c:\tbnthh.exec:\tbnthh.exe96⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe97⤵
-
\??\c:\9jdjv.exec:\9jdjv.exe98⤵
-
\??\c:\fxxlrff.exec:\fxxlrff.exe99⤵
-
\??\c:\nnbhtt.exec:\nnbhtt.exe100⤵
-
\??\c:\htttnn.exec:\htttnn.exe101⤵
-
\??\c:\vdpjd.exec:\vdpjd.exe102⤵
-
\??\c:\fxffrrx.exec:\fxffrrx.exe103⤵
-
\??\c:\rlflrfl.exec:\rlflrfl.exe104⤵
-
\??\c:\bnntht.exec:\bnntht.exe105⤵
-
\??\c:\tnnnnb.exec:\tnnnnb.exe106⤵
-
\??\c:\jpjdp.exec:\jpjdp.exe107⤵
-
\??\c:\xrlrfrl.exec:\xrlrfrl.exe108⤵
-
\??\c:\rlflxlf.exec:\rlflxlf.exe109⤵
-
\??\c:\bttbht.exec:\bttbht.exe110⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe111⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe112⤵
-
\??\c:\lxlffrl.exec:\lxlffrl.exe113⤵
-
\??\c:\ntbbnt.exec:\ntbbnt.exe114⤵
-
\??\c:\btntnh.exec:\btntnh.exe115⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe116⤵
-
\??\c:\jpdpv.exec:\jpdpv.exe117⤵
-
\??\c:\ffrflrf.exec:\ffrflrf.exe118⤵
-
\??\c:\nntbbh.exec:\nntbbh.exe119⤵
-
\??\c:\rxrlxfr.exec:\rxrlxfr.exe120⤵
-
\??\c:\xfrxrxf.exec:\xfrxrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-