Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
21/05/2024, 09:23
General
-
Target
2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe
-
Size
134KB
-
MD5
662b3a7ef89fe4673b736e2f459e68b0
-
SHA1
0ee957c9ee4ba64d80a86eba91639876f1d867a0
-
SHA256
2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211
-
SHA512
93dfabd58466b96148b11ce000068f34f74330998499d067d1d5843b1673acb19712685ba2aad87163aeb69722c16b5ba6a14b49cae3d66c983dfe03c6e0f789
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorn:n3C9BRW0j/1px+dGC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2b4e88f05b501e93f5d99b2671ba811cb3cf65f22766811cef39a9dfe0229211_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddd.exec:\jvddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxffl.exec:\fxlxffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntt.exec:\hthntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvv.exec:\jjjvv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xllrll.exec:\1xllrll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xllrxl.exec:\9xllrxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbntt.exec:\bnbntt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vppd.exec:\9vppd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflrxfl.exec:\rflrxfl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfxxr.exec:\lfxfxxr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnnhh.exec:\5hnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpp.exec:\7djpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddd.exec:\5pddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxffr.exec:\xlrxffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtb.exec:\nnnbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtb.exec:\nnnbtb.exe17⤵
- Executes dropped EXE
-
\??\c:\vdpdd.exec:\vdpdd.exe18⤵
- Executes dropped EXE
-
\??\c:\xfffxll.exec:\xfffxll.exe19⤵
- Executes dropped EXE
-
\??\c:\5lrxxff.exec:\5lrxxff.exe20⤵
- Executes dropped EXE
-
\??\c:\9btbhb.exec:\9btbhb.exe21⤵
- Executes dropped EXE
-
\??\c:\5vvpp.exec:\5vvpp.exe22⤵
- Executes dropped EXE
-
\??\c:\ddpjv.exec:\ddpjv.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrflfl.exec:\rfrflfl.exe24⤵
- Executes dropped EXE
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe25⤵
- Executes dropped EXE
-
\??\c:\ntbbhh.exec:\ntbbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\dvdpv.exec:\dvdpv.exe27⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe28⤵
- Executes dropped EXE
-
\??\c:\xrflxrx.exec:\xrflxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe30⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe31⤵
- Executes dropped EXE
-
\??\c:\5vdvd.exec:\5vdvd.exe32⤵
- Executes dropped EXE
-
\??\c:\1llrrxf.exec:\1llrrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hthhhn.exec:\hthhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe35⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe36⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrxxxr.exec:\xxrxxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\frfrrxl.exec:\frfrrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\nbhbbh.exec:\nbhbbh.exe40⤵
- Executes dropped EXE
-
\??\c:\5bntth.exec:\5bntth.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe42⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe43⤵
- Executes dropped EXE
-
\??\c:\pdvvd.exec:\pdvvd.exe44⤵
- Executes dropped EXE
-
\??\c:\llxxrrf.exec:\llxxrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\xrffllf.exec:\xrffllf.exe46⤵
- Executes dropped EXE
-
\??\c:\bntbtt.exec:\bntbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe48⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe49⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe50⤵
- Executes dropped EXE
-
\??\c:\9rffxxx.exec:\9rffxxx.exe51⤵
- Executes dropped EXE
-
\??\c:\lfrlllx.exec:\lfrlllx.exe52⤵
- Executes dropped EXE
-
\??\c:\htbhhb.exec:\htbhhb.exe53⤵
- Executes dropped EXE
-
\??\c:\7tttnn.exec:\7tttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe55⤵
- Executes dropped EXE
-
\??\c:\jpjdd.exec:\jpjdd.exe56⤵
- Executes dropped EXE
-
\??\c:\xrlflrl.exec:\xrlflrl.exe57⤵
- Executes dropped EXE
-
\??\c:\rxfxxrx.exec:\rxfxxrx.exe58⤵
- Executes dropped EXE
-
\??\c:\htnnth.exec:\htnnth.exe59⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe60⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrxlxf.exec:\lfrxlxf.exe63⤵
- Executes dropped EXE
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe64⤵
- Executes dropped EXE
-
\??\c:\bthbnh.exec:\bthbnh.exe65⤵
- Executes dropped EXE
-
\??\c:\thnttn.exec:\thnttn.exe66⤵
-
\??\c:\vppdp.exec:\vppdp.exe67⤵
-
\??\c:\5djvv.exec:\5djvv.exe68⤵
-
\??\c:\xrfllfx.exec:\xrfllfx.exe69⤵
-
\??\c:\lfxxrlr.exec:\lfxxrlr.exe70⤵
-
\??\c:\3lffllx.exec:\3lffllx.exe71⤵
-
\??\c:\htbntt.exec:\htbntt.exe72⤵
-
\??\c:\7nhttb.exec:\7nhttb.exe73⤵
-
\??\c:\5vpvd.exec:\5vpvd.exe74⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe75⤵
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe76⤵
-
\??\c:\llrfxxr.exec:\llrfxxr.exe77⤵
-
\??\c:\nbhhnh.exec:\nbhhnh.exe78⤵
-
\??\c:\nhthbb.exec:\nhthbb.exe79⤵
-
\??\c:\jdpdv.exec:\jdpdv.exe80⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe81⤵
-
\??\c:\5rlrxfl.exec:\5rlrxfl.exe82⤵
-
\??\c:\ffxxfff.exec:\ffxxfff.exe83⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe84⤵
-
\??\c:\3nbhhb.exec:\3nbhhb.exe85⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe86⤵
-
\??\c:\7dvdd.exec:\7dvdd.exe87⤵
-
\??\c:\lxlxxfl.exec:\lxlxxfl.exe88⤵
-
\??\c:\lxllrrr.exec:\lxllrrr.exe89⤵
-
\??\c:\bnbntt.exec:\bnbntt.exe90⤵
-
\??\c:\tntntt.exec:\tntntt.exe91⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe92⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe93⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe94⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe95⤵
-
\??\c:\7thhhb.exec:\7thhhb.exe96⤵
-
\??\c:\bthbht.exec:\bthbht.exe97⤵
-
\??\c:\pjppv.exec:\pjppv.exe98⤵
-
\??\c:\5rxffrx.exec:\5rxffrx.exe99⤵
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe100⤵
-
\??\c:\1htbhb.exec:\1htbhb.exe101⤵
-
\??\c:\nhttbh.exec:\nhttbh.exe102⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe103⤵
-
\??\c:\jvppp.exec:\jvppp.exe104⤵
-
\??\c:\5lffffl.exec:\5lffffl.exe105⤵
-
\??\c:\xrlllfl.exec:\xrlllfl.exe106⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe107⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe108⤵
-
\??\c:\3djdd.exec:\3djdd.exe109⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe110⤵
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe111⤵
-
\??\c:\lfrxxxx.exec:\lfrxxxx.exe112⤵
-
\??\c:\9bnttt.exec:\9bnttt.exe113⤵
-
\??\c:\3hbhbt.exec:\3hbhbt.exe114⤵
-
\??\c:\pjddp.exec:\pjddp.exe115⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe116⤵
-
\??\c:\5xffrrf.exec:\5xffrrf.exe117⤵
-
\??\c:\xllxfrf.exec:\xllxfrf.exe118⤵
-
\??\c:\3nbbbt.exec:\3nbbbt.exe119⤵
-
\??\c:\vjjvv.exec:\vjjvv.exe120⤵
-
\??\c:\9lrrffl.exec:\9lrrffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-