Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 22:28
General
-
Target
10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe
-
Size
78KB
-
MD5
10688ca3eca8c69a70f27dbf75425750
-
SHA1
bfdf3b795f59c8c2105e657c10bcd5ea5b9eea9b
-
SHA256
96a69dd1a69c654d09dd1e0874b550e693af07ec367854e95fb5953141fd5642
-
SHA512
bdc0b120acd83f543857be6e90339115453596d2340af714e956e7264d4dd4c6550d065efbabbb7172b21ae2ec5dd3262caaa40274977a9aa3b283cd12160e26
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHWkuhU:ymb3NkkiQ3mdBjFIpkPcy8qsHjn
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\10688ca3eca8c69a70f27dbf75425750_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\664066.exec:\664066.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjjj.exec:\pvjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxllll.exec:\flxllll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\640006.exec:\640006.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2066668.exec:\2066668.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\42624.exec:\42624.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28282.exec:\28282.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6020662.exec:\6020662.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\602060.exec:\602060.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjv.exec:\7pjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8400048.exec:\8400048.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u424084.exec:\u424084.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0420284.exec:\0420284.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\264406.exec:\264406.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k68204.exec:\k68204.exe17⤵
- Executes dropped EXE
-
\??\c:\u062266.exec:\u062266.exe18⤵
- Executes dropped EXE
-
\??\c:\lfrxlfl.exec:\lfrxlfl.exe19⤵
- Executes dropped EXE
-
\??\c:\m4662.exec:\m4662.exe20⤵
- Executes dropped EXE
-
\??\c:\hntbbb.exec:\hntbbb.exe21⤵
- Executes dropped EXE
-
\??\c:\xlrxllr.exec:\xlrxllr.exe22⤵
- Executes dropped EXE
-
\??\c:\e02840.exec:\e02840.exe23⤵
- Executes dropped EXE
-
\??\c:\2602440.exec:\2602440.exe24⤵
- Executes dropped EXE
-
\??\c:\862800.exec:\862800.exe25⤵
- Executes dropped EXE
-
\??\c:\htbttn.exec:\htbttn.exe26⤵
- Executes dropped EXE
-
\??\c:\3rfllrr.exec:\3rfllrr.exe27⤵
- Executes dropped EXE
-
\??\c:\86884.exec:\86884.exe28⤵
- Executes dropped EXE
-
\??\c:\lrrxfxf.exec:\lrrxfxf.exe29⤵
- Executes dropped EXE
-
\??\c:\444606.exec:\444606.exe30⤵
- Executes dropped EXE
-
\??\c:\486880.exec:\486880.exe31⤵
- Executes dropped EXE
-
\??\c:\q06244.exec:\q06244.exe32⤵
- Executes dropped EXE
-
\??\c:\rlxxrlx.exec:\rlxxrlx.exe33⤵
- Executes dropped EXE
-
\??\c:\040028.exec:\040028.exe34⤵
- Executes dropped EXE
-
\??\c:\828426.exec:\828426.exe35⤵
- Executes dropped EXE
-
\??\c:\26242.exec:\26242.exe36⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\bhnnbh.exec:\bhnnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\42442.exec:\42442.exe39⤵
- Executes dropped EXE
-
\??\c:\9pdvv.exec:\9pdvv.exe40⤵
- Executes dropped EXE
-
\??\c:\q24400.exec:\q24400.exe41⤵
- Executes dropped EXE
-
\??\c:\a8062.exec:\a8062.exe42⤵
- Executes dropped EXE
-
\??\c:\82046.exec:\82046.exe43⤵
- Executes dropped EXE
-
\??\c:\68066.exec:\68066.exe44⤵
- Executes dropped EXE
-
\??\c:\3xxxflr.exec:\3xxxflr.exe45⤵
- Executes dropped EXE
-
\??\c:\42840.exec:\42840.exe46⤵
- Executes dropped EXE
-
\??\c:\9dppd.exec:\9dppd.exe47⤵
- Executes dropped EXE
-
\??\c:\s8628.exec:\s8628.exe48⤵
- Executes dropped EXE
-
\??\c:\04800.exec:\04800.exe49⤵
- Executes dropped EXE
-
\??\c:\7jjjp.exec:\7jjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe51⤵
- Executes dropped EXE
-
\??\c:\86888.exec:\86888.exe52⤵
- Executes dropped EXE
-
\??\c:\9ttbbb.exec:\9ttbbb.exe53⤵
- Executes dropped EXE
-
\??\c:\rlrrrxf.exec:\rlrrrxf.exe54⤵
- Executes dropped EXE
-
\??\c:\60224.exec:\60224.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe57⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe58⤵
- Executes dropped EXE
-
\??\c:\260062.exec:\260062.exe59⤵
- Executes dropped EXE
-
\??\c:\nbtthh.exec:\nbtthh.exe60⤵
- Executes dropped EXE
-
\??\c:\w20228.exec:\w20228.exe61⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe62⤵
- Executes dropped EXE
-
\??\c:\26440.exec:\26440.exe63⤵
- Executes dropped EXE
-
\??\c:\m4484.exec:\m4484.exe64⤵
- Executes dropped EXE
-
\??\c:\fxrxflr.exec:\fxrxflr.exe65⤵
- Executes dropped EXE
-
\??\c:\5djdj.exec:\5djdj.exe66⤵
-
\??\c:\bbbhtb.exec:\bbbhtb.exe67⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe68⤵
-
\??\c:\btbnhh.exec:\btbnhh.exe69⤵
-
\??\c:\s0628.exec:\s0628.exe70⤵
-
\??\c:\xlrrrfl.exec:\xlrrrfl.exe71⤵
-
\??\c:\frflxxl.exec:\frflxxl.exe72⤵
-
\??\c:\48624.exec:\48624.exe73⤵
-
\??\c:\626840.exec:\626840.exe74⤵
-
\??\c:\u840662.exec:\u840662.exe75⤵
-
\??\c:\8622400.exec:\8622400.exe76⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe77⤵
-
\??\c:\nthntt.exec:\nthntt.exe78⤵
-
\??\c:\pdddp.exec:\pdddp.exe79⤵
-
\??\c:\hbnhnh.exec:\hbnhnh.exe80⤵
-
\??\c:\484446.exec:\484446.exe81⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe82⤵
-
\??\c:\44268.exec:\44268.exe83⤵
-
\??\c:\hthbbn.exec:\hthbbn.exe84⤵
-
\??\c:\xlxrrrx.exec:\xlxrrrx.exe85⤵
-
\??\c:\vpdpp.exec:\vpdpp.exe86⤵
-
\??\c:\5nhtbh.exec:\5nhtbh.exe87⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe88⤵
-
\??\c:\rrrxflx.exec:\rrrxflx.exe89⤵
-
\??\c:\4820006.exec:\4820006.exe90⤵
-
\??\c:\pvpvv.exec:\pvpvv.exe91⤵
-
\??\c:\llxxflx.exec:\llxxflx.exe92⤵
-
\??\c:\9dppp.exec:\9dppp.exe93⤵
-
\??\c:\486848.exec:\486848.exe94⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe95⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe96⤵
-
\??\c:\1dpdd.exec:\1dpdd.exe97⤵
-
\??\c:\htbbnt.exec:\htbbnt.exe98⤵
-
\??\c:\7hhttt.exec:\7hhttt.exe99⤵
-
\??\c:\8684824.exec:\8684824.exe100⤵
-
\??\c:\6422440.exec:\6422440.exe101⤵
-
\??\c:\s0628.exec:\s0628.exe102⤵
-
\??\c:\2006228.exec:\2006228.exe103⤵
-
\??\c:\20086.exec:\20086.exe104⤵
-
\??\c:\26802.exec:\26802.exe105⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe106⤵
-
\??\c:\2646628.exec:\2646628.exe107⤵
-
\??\c:\o806446.exec:\o806446.exe108⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe109⤵
-
\??\c:\6488006.exec:\6488006.exe110⤵
-
\??\c:\nttnbn.exec:\nttnbn.exe111⤵
-
\??\c:\ddjdp.exec:\ddjdp.exe112⤵
-
\??\c:\864448.exec:\864448.exe113⤵
-
\??\c:\020060.exec:\020060.exe114⤵
-
\??\c:\20280.exec:\20280.exe115⤵
-
\??\c:\42400.exec:\42400.exe116⤵
-
\??\c:\lxlffxf.exec:\lxlffxf.exe117⤵
-
\??\c:\q80060.exec:\q80060.exe118⤵
-
\??\c:\6466840.exec:\6466840.exe119⤵
-
\??\c:\k08444.exec:\k08444.exe120⤵
-
\??\c:\g8680.exec:\g8680.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-