Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
21/05/2024, 06:49
General
-
Target
13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe
-
Size
480KB
-
MD5
bdf8e9336f08d504a96e6a17fe3ceef0
-
SHA1
9e52db39105ce762b2a60f24939763274f547846
-
SHA256
13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7
-
SHA512
b947047a686ec0cbb4f84c85e27e84c9f6aff46cd0572162bed82eb26ca3dfb783326bc9b790f5a875f6140fb41eb3a3361b97966517460906fe8de4a59e171d
-
SSDEEP
12288:n3C9uDVw6326pKZ9asZqoZHz+evcn0Meh2Fezt:Su326p0aroZt0st
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\13ccedd2f14485d2851a68ccff464f84faa45d3b2b5cebd045e16d4dbf6b47a7_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxfxr.exec:\lxfxfxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvjj.exec:\jdvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfrxr.exec:\rxrfrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtnt.exec:\nnhtnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrfrx.exec:\fxlrfrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrlxfx.exec:\xxrlxfx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhn.exec:\hhbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxflfl.exec:\ffxflfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhnhh.exec:\3nhnhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxlxfr.exec:\7lxlxfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnntt.exec:\1bnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfflffr.exec:\xfflffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnbnb.exec:\thnbnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrrxr.exec:\rrlrrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\5rfxrrf.exec:\5rfxrrf.exe18⤵
- Executes dropped EXE
-
\??\c:\9tbbnn.exec:\9tbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\7rflrrf.exec:\7rflrrf.exe20⤵
- Executes dropped EXE
-
\??\c:\nhbnbt.exec:\nhbnbt.exe21⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\xxrrxrf.exec:\xxrrxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe24⤵
- Executes dropped EXE
-
\??\c:\rrfxxxl.exec:\rrfxxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\7tnbtb.exec:\7tnbtb.exe26⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbhnn.exec:\nhbhnn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\rfrrffl.exec:\rfrrffl.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhhhb.exec:\nbhhhb.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhthh.exec:\hhhthh.exe32⤵
- Executes dropped EXE
-
\??\c:\nnntbb.exec:\nnntbb.exe33⤵
- Executes dropped EXE
-
\??\c:\rxlfxff.exec:\rxlfxff.exe34⤵
- Executes dropped EXE
-
\??\c:\bhbthh.exec:\bhbthh.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\1rfrrxf.exec:\1rfrrxf.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrfrfx.exec:\xxrfrfx.exe38⤵
- Executes dropped EXE
-
\??\c:\tnttbh.exec:\tnttbh.exe39⤵
- Executes dropped EXE
-
\??\c:\vvjjv.exec:\vvjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\nnbnbb.exec:\nnbnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\3thntb.exec:\3thntb.exe43⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxxlxl.exec:\lfxxlxl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnbbht.exec:\tnbbht.exe46⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe47⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe48⤵
- Executes dropped EXE
-
\??\c:\1xlxrfr.exec:\1xlxrfr.exe49⤵
- Executes dropped EXE
-
\??\c:\llfrxxl.exec:\llfrxxl.exe50⤵
- Executes dropped EXE
-
\??\c:\1tbnhn.exec:\1tbnhn.exe51⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxfxfl.exec:\rfxfxfl.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxflrf.exec:\fxxflrf.exe54⤵
- Executes dropped EXE
-
\??\c:\bbnthh.exec:\bbnthh.exe55⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrfflrf.exec:\xrfflrf.exe58⤵
- Executes dropped EXE
-
\??\c:\5ntnhh.exec:\5ntnhh.exe59⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe60⤵
- Executes dropped EXE
-
\??\c:\llflrrf.exec:\llflrrf.exe61⤵
- Executes dropped EXE
-
\??\c:\1lfxrfr.exec:\1lfxrfr.exe62⤵
- Executes dropped EXE
-
\??\c:\httbnb.exec:\httbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe64⤵
- Executes dropped EXE
-
\??\c:\3pjjj.exec:\3pjjj.exe65⤵
- Executes dropped EXE
-
\??\c:\xrffrrf.exec:\xrffrrf.exe66⤵
-
\??\c:\nhbntb.exec:\nhbntb.exe67⤵
-
\??\c:\9nhthh.exec:\9nhthh.exe68⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe69⤵
-
\??\c:\frllxxr.exec:\frllxxr.exe70⤵
-
\??\c:\xxlrflx.exec:\xxlrflx.exe71⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe72⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe73⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe74⤵
-
\??\c:\1lxxfxx.exec:\1lxxfxx.exe75⤵
-
\??\c:\btttbb.exec:\btttbb.exe76⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe77⤵
-
\??\c:\djjpv.exec:\djjpv.exe78⤵
-
\??\c:\fxfrxrx.exec:\fxfrxrx.exe79⤵
-
\??\c:\bnnbbh.exec:\bnnbbh.exe80⤵
-
\??\c:\vddpj.exec:\vddpj.exe81⤵
-
\??\c:\5xllrlr.exec:\5xllrlr.exe82⤵
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe83⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe84⤵
-
\??\c:\jdjpv.exec:\jdjpv.exe85⤵
-
\??\c:\djvjv.exec:\djvjv.exe86⤵
-
\??\c:\5lffffr.exec:\5lffffr.exe87⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe88⤵
-
\??\c:\1vddd.exec:\1vddd.exe89⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe90⤵
-
\??\c:\rlflffl.exec:\rlflffl.exe91⤵
-
\??\c:\5hbhhb.exec:\5hbhhb.exe92⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe93⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe94⤵
-
\??\c:\llffxlf.exec:\llffxlf.exe95⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe96⤵
-
\??\c:\9btnbn.exec:\9btnbn.exe97⤵
-
\??\c:\9pjvd.exec:\9pjvd.exe98⤵
-
\??\c:\xrlxxfl.exec:\xrlxxfl.exe99⤵
-
\??\c:\xxrrlrl.exec:\xxrrlrl.exe100⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe101⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe102⤵
-
\??\c:\ffrrxxl.exec:\ffrrxxl.exe103⤵
-
\??\c:\7fxxxfl.exec:\7fxxxfl.exe104⤵
-
\??\c:\bhnbth.exec:\bhnbth.exe105⤵
-
\??\c:\vdjvv.exec:\vdjvv.exe106⤵
-
\??\c:\rlfrffx.exec:\rlfrffx.exe107⤵
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe108⤵
-
\??\c:\hnnbbh.exec:\hnnbbh.exe109⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe110⤵
-
\??\c:\lflrfff.exec:\lflrfff.exe111⤵
-
\??\c:\fxlllfl.exec:\fxlllfl.exe112⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe113⤵
-
\??\c:\5djjd.exec:\5djjd.exe114⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe115⤵
-
\??\c:\xxrfrrl.exec:\xxrfrrl.exe116⤵
-
\??\c:\hbtbnn.exec:\hbtbnn.exe117⤵
-
\??\c:\7vpvj.exec:\7vpvj.exe118⤵
-
\??\c:\ffflxxl.exec:\ffflxxl.exe119⤵
-
\??\c:\3jvvp.exec:\3jvvp.exe120⤵
-
\??\c:\llflxxr.exec:\llflxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-