Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
21/05/2024, 12:34
General
-
Target
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe
-
Size
56KB
-
MD5
b0a9a55fbebae79c87ac820fc23cc970
-
SHA1
0034c370f57336bd29b0afbdc9cd4d328e198a55
-
SHA256
4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff
-
SHA512
ab834ec8c469838fbe15955b4d807d2ef9fa6330e6db7eeddd4e7879630f51cbcbbba7aab43acb552c1a1fc9461f7b2dfac69f4427c25f3faa93af344cf103ed
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFeD:ymb3NkkiQ3mdBjFIFeD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 23 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4be3b077b59ef04896f19507e594e4facce7ed4af8ec264daa746a672590edff_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhhtb.exec:\9nhhtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbtbh.exec:\5nbtbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdp.exec:\pjvdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdvj.exec:\7jdvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dppv.exec:\9dppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlllrr.exec:\xrlllrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnn.exec:\nbhhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bnhhb.exec:\1bnhhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxfff.exec:\rfxxfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xfrflx.exec:\3xfrflx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnbt.exec:\hthnbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnntn.exec:\7bnntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdj.exec:\jdjdj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dppd.exec:\7dppd.exe17⤵
- Executes dropped EXE
-
\??\c:\rlrrxxf.exec:\rlrrxxf.exe18⤵
- Executes dropped EXE
-
\??\c:\hthtbb.exec:\hthtbb.exe19⤵
- Executes dropped EXE
-
\??\c:\bnhhhb.exec:\bnhhhb.exe20⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe21⤵
- Executes dropped EXE
-
\??\c:\7ffllrx.exec:\7ffllrx.exe22⤵
- Executes dropped EXE
-
\??\c:\xrrrxxl.exec:\xrrrxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe24⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjpv.exec:\7vjpv.exe26⤵
- Executes dropped EXE
-
\??\c:\dvdjd.exec:\dvdjd.exe27⤵
- Executes dropped EXE
-
\??\c:\fxrrfff.exec:\fxrrfff.exe28⤵
- Executes dropped EXE
-
\??\c:\lfxfllr.exec:\lfxfllr.exe29⤵
- Executes dropped EXE
-
\??\c:\tntthh.exec:\tntthh.exe30⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe31⤵
- Executes dropped EXE
-
\??\c:\jdvvp.exec:\jdvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlffxf.exec:\fxlffxf.exe33⤵
- Executes dropped EXE
-
\??\c:\5thhnt.exec:\5thhnt.exe34⤵
- Executes dropped EXE
-
\??\c:\hthhhh.exec:\hthhhh.exe35⤵
- Executes dropped EXE
-
\??\c:\vjppp.exec:\vjppp.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe37⤵
- Executes dropped EXE
-
\??\c:\lflllfr.exec:\lflllfr.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrrxxf.exec:\xlrrxxf.exe39⤵
- Executes dropped EXE
-
\??\c:\9fxlrrx.exec:\9fxlrrx.exe40⤵
- Executes dropped EXE
-
\??\c:\7nhbnt.exec:\7nhbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe43⤵
- Executes dropped EXE
-
\??\c:\3xrrlrl.exec:\3xrrlrl.exe44⤵
- Executes dropped EXE
-
\??\c:\frxxlrx.exec:\frxxlrx.exe45⤵
- Executes dropped EXE
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe46⤵
- Executes dropped EXE
-
\??\c:\1thntt.exec:\1thntt.exe47⤵
- Executes dropped EXE
-
\??\c:\5btbnt.exec:\5btbnt.exe48⤵
- Executes dropped EXE
-
\??\c:\9jvjj.exec:\9jvjj.exe49⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe50⤵
- Executes dropped EXE
-
\??\c:\frllrrr.exec:\frllrrr.exe51⤵
- Executes dropped EXE
-
\??\c:\rfflrrr.exec:\rfflrrr.exe52⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\btbhtn.exec:\btbhtn.exe54⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe55⤵
- Executes dropped EXE
-
\??\c:\5ddvd.exec:\5ddvd.exe56⤵
- Executes dropped EXE
-
\??\c:\3dppv.exec:\3dppv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfrxffl.exec:\lfrxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\7lxfrrf.exec:\7lxfrrf.exe59⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\7dppv.exec:\7dppv.exe61⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvvp.exec:\dpvvp.exe63⤵
- Executes dropped EXE
-
\??\c:\3fxlrrr.exec:\3fxlrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\5nhthh.exec:\5nhthh.exe65⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe66⤵
-
\??\c:\9vvvd.exec:\9vvvd.exe67⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe68⤵
-
\??\c:\frfffff.exec:\frfffff.exe69⤵
-
\??\c:\ffrrxfl.exec:\ffrrxfl.exe70⤵
-
\??\c:\thhnbb.exec:\thhnbb.exe71⤵
-
\??\c:\bntbhb.exec:\bntbhb.exe72⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe73⤵
-
\??\c:\dpddd.exec:\dpddd.exe74⤵
-
\??\c:\dppdj.exec:\dppdj.exe75⤵
-
\??\c:\frllxlx.exec:\frllxlx.exe76⤵
-
\??\c:\1ffxlll.exec:\1ffxlll.exe77⤵
-
\??\c:\7htbhn.exec:\7htbhn.exe78⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe79⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe80⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe81⤵
-
\??\c:\xlfffff.exec:\xlfffff.exe82⤵
-
\??\c:\frfflfl.exec:\frfflfl.exe83⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe84⤵
-
\??\c:\bnhtnb.exec:\bnhtnb.exe85⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe86⤵
-
\??\c:\3dppp.exec:\3dppp.exe87⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe88⤵
-
\??\c:\llrxrxf.exec:\llrxrxf.exe89⤵
-
\??\c:\btnbtb.exec:\btnbtb.exe90⤵
-
\??\c:\nnbnhh.exec:\nnbnhh.exe91⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe92⤵
-
\??\c:\7pdpv.exec:\7pdpv.exe93⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe94⤵
-
\??\c:\xffxxrl.exec:\xffxxrl.exe95⤵
-
\??\c:\3rlxllx.exec:\3rlxllx.exe96⤵
-
\??\c:\bnbhbb.exec:\bnbhbb.exe97⤵
-
\??\c:\7nhhhn.exec:\7nhhhn.exe98⤵
-
\??\c:\dvddd.exec:\dvddd.exe99⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe100⤵
-
\??\c:\7lrlrlr.exec:\7lrlrlr.exe101⤵
-
\??\c:\9frrllf.exec:\9frrllf.exe102⤵
-
\??\c:\thtntt.exec:\thtntt.exe103⤵
-
\??\c:\7ththh.exec:\7ththh.exe104⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe105⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe106⤵
-
\??\c:\1rlllfl.exec:\1rlllfl.exe107⤵
-
\??\c:\7frlfll.exec:\7frlfll.exe108⤵
-
\??\c:\ffrfrxr.exec:\ffrfrxr.exe109⤵
-
\??\c:\3bntbn.exec:\3bntbn.exe110⤵
-
\??\c:\nbnhnn.exec:\nbnhnn.exe111⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe112⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe113⤵
-
\??\c:\5xlrxxf.exec:\5xlrxxf.exe114⤵
-
\??\c:\rfxrxrx.exec:\rfxrxrx.exe115⤵
-
\??\c:\bbntnn.exec:\bbntnn.exe116⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe117⤵
-
\??\c:\9vjpv.exec:\9vjpv.exe118⤵
-
\??\c:\jdjdp.exec:\jdjdp.exe119⤵
-
\??\c:\lfxxfff.exec:\lfxxfff.exe120⤵
-
\??\c:\lxlrxrr.exec:\lxlrxrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-