Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
20-05-2024 10:45
General
-
Target
ec1dbc7a78298f9c53175925219e59b0_NeikiAnalytics.exe
-
Size
226KB
-
MD5
ec1dbc7a78298f9c53175925219e59b0
-
SHA1
2048aa61f9d9ba74f07b3c970557c96c9251c1bf
-
SHA256
2486211ef5e25602802a2c51ecb07a8a43ce1f60d369dbfe6bfbaa3e2108a48b
-
SHA512
79a27849dc3e06d300357b0a8d8fc3e61c6bd4c917ed65147556ba80f28bbbd7b09f7d1211a18128003329cd45f60467f07e8ae4756a598211530f75fb5e8c71
-
SSDEEP
6144:Dcm4FmowdHoSkHcJkkcm4FmowdHoS2qOv7r+MubPtylb:p4wFHoSk0ky4wFHoS2nDr9ubQlb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec1dbc7a78298f9c53175925219e59b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ec1dbc7a78298f9c53175925219e59b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ntthh.exec:\5ntthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjj.exec:\vvvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhntb.exec:\5bhntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflff.exec:\rlxflff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdjd.exec:\7vdjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvd.exec:\ddpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxrxxf.exec:\rfxrxxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbthn.exec:\hhbthn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjv.exec:\djdjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxrfl.exec:\fxxxrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntt.exec:\hthntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppdp.exec:\vppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflxlfx.exec:\lflxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbtt.exec:\ttbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrfxl.exec:\lfrrfxl.exe17⤵
- Executes dropped EXE
-
\??\c:\bnnntt.exec:\bnnntt.exe18⤵
- Executes dropped EXE
-
\??\c:\dvvjd.exec:\dvvjd.exe19⤵
- Executes dropped EXE
-
\??\c:\5frxlll.exec:\5frxlll.exe20⤵
- Executes dropped EXE
-
\??\c:\3nhtbt.exec:\3nhtbt.exe21⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrxllr.exec:\lfrxllr.exe23⤵
- Executes dropped EXE
-
\??\c:\lxlrfxf.exec:\lxlrfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe26⤵
- Executes dropped EXE
-
\??\c:\xrxflrl.exec:\xrxflrl.exe27⤵
- Executes dropped EXE
-
\??\c:\1tnthh.exec:\1tnthh.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxlxxl.exec:\ffxlxxl.exe29⤵
- Executes dropped EXE
-
\??\c:\tbttht.exec:\tbttht.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrrfxl.exec:\rfrrfxl.exe31⤵
- Executes dropped EXE
-
\??\c:\thhbbn.exec:\thhbbn.exe32⤵
- Executes dropped EXE
-
\??\c:\9ddpj.exec:\9ddpj.exe33⤵
- Executes dropped EXE
-
\??\c:\bthttb.exec:\bthttb.exe34⤵
- Executes dropped EXE
-
\??\c:\frlrflr.exec:\frlrflr.exe35⤵
- Executes dropped EXE
-
\??\c:\7nhthn.exec:\7nhthn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjjjd.exec:\pjjjd.exe37⤵
- Executes dropped EXE
-
\??\c:\7pvdp.exec:\7pvdp.exe38⤵
- Executes dropped EXE
-
\??\c:\lrxxflr.exec:\lrxxflr.exe39⤵
- Executes dropped EXE
-
\??\c:\5ttthh.exec:\5ttthh.exe40⤵
- Executes dropped EXE
-
\??\c:\1pddj.exec:\1pddj.exe41⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe42⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe43⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\3frxrfr.exec:\3frxrfr.exe45⤵
- Executes dropped EXE
-
\??\c:\xfllrfl.exec:\xfllrfl.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhtnt.exec:\nhhtnt.exe47⤵
- Executes dropped EXE
-
\??\c:\5vjvp.exec:\5vjvp.exe48⤵
- Executes dropped EXE
-
\??\c:\rxxfxll.exec:\rxxfxll.exe49⤵
- Executes dropped EXE
-
\??\c:\nbbbhh.exec:\nbbbhh.exe50⤵
- Executes dropped EXE
-
\??\c:\fffrflr.exec:\fffrflr.exe51⤵
- Executes dropped EXE
-
\??\c:\7nbhnt.exec:\7nbhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\rrlfffl.exec:\rrlfffl.exe54⤵
- Executes dropped EXE
-
\??\c:\7bntbh.exec:\7bntbh.exe55⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe56⤵
- Executes dropped EXE
-
\??\c:\9ffllrr.exec:\9ffllrr.exe57⤵
- Executes dropped EXE
-
\??\c:\9thnbb.exec:\9thnbb.exe58⤵
- Executes dropped EXE
-
\??\c:\1xxrlrx.exec:\1xxrlrx.exe59⤵
- Executes dropped EXE
-
\??\c:\nhhhth.exec:\nhhhth.exe60⤵
- Executes dropped EXE
-
\??\c:\3jdpj.exec:\3jdpj.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxrflr.exec:\lfxrflr.exe62⤵
- Executes dropped EXE
-
\??\c:\rlxxrxf.exec:\rlxxrxf.exe63⤵
- Executes dropped EXE
-
\??\c:\3bhbnn.exec:\3bhbnn.exe64⤵
- Executes dropped EXE
-
\??\c:\jjdvp.exec:\jjdvp.exe65⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe66⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe67⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe68⤵
-
\??\c:\tnbntn.exec:\tnbntn.exe69⤵
-
\??\c:\ppjdp.exec:\ppjdp.exe70⤵
-
\??\c:\rlfrrlr.exec:\rlfrrlr.exe71⤵
-
\??\c:\lfffxxf.exec:\lfffxxf.exe72⤵
-
\??\c:\hnnbbn.exec:\hnnbbn.exe73⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe74⤵
-
\??\c:\frfxllf.exec:\frfxllf.exe75⤵
-
\??\c:\xrxxllx.exec:\xrxxllx.exe76⤵
-
\??\c:\httthh.exec:\httthh.exe77⤵
-
\??\c:\tnhtht.exec:\tnhtht.exe78⤵
-
\??\c:\jppjv.exec:\jppjv.exe79⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe80⤵
-
\??\c:\bttnhn.exec:\bttnhn.exe81⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe82⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe83⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe84⤵
-
\??\c:\5flfffl.exec:\5flfffl.exe85⤵
-
\??\c:\bbtnnt.exec:\bbtnnt.exe86⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe87⤵
-
\??\c:\jpjjv.exec:\jpjjv.exe88⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe89⤵
-
\??\c:\rlxxlxl.exec:\rlxxlxl.exe90⤵
-
\??\c:\hhnnbn.exec:\hhnnbn.exe91⤵
-
\??\c:\9dvpj.exec:\9dvpj.exe92⤵
-
\??\c:\1jjdp.exec:\1jjdp.exe93⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe94⤵
-
\??\c:\bhbhth.exec:\bhbhth.exe95⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe96⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe97⤵
-
\??\c:\ffrflfr.exec:\ffrflfr.exe98⤵
-
\??\c:\btttbh.exec:\btttbh.exe99⤵
-
\??\c:\tnhbbb.exec:\tnhbbb.exe100⤵
-
\??\c:\9pddp.exec:\9pddp.exe101⤵
-
\??\c:\dvppv.exec:\dvppv.exe102⤵
-
\??\c:\rlxfffr.exec:\rlxfffr.exe103⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe104⤵
-
\??\c:\7hhhbn.exec:\7hhhbn.exe105⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe106⤵
-
\??\c:\lrfllfr.exec:\lrfllfr.exe107⤵
-
\??\c:\lxrlxll.exec:\lxrlxll.exe108⤵
-
\??\c:\hnhhnh.exec:\hnhhnh.exe109⤵
-
\??\c:\1vvvd.exec:\1vvvd.exe110⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe111⤵
-
\??\c:\3xxrrrx.exec:\3xxrrrx.exe112⤵
-
\??\c:\hbnnbh.exec:\hbnnbh.exe113⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe114⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe115⤵
-
\??\c:\rfrfxxx.exec:\rfrfxxx.exe116⤵
-
\??\c:\rlxflrl.exec:\rlxflrl.exe117⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe118⤵
-
\??\c:\nnhtnb.exec:\nnhtnb.exe119⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe120⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-