Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
21-05-2024 20:41
General
-
Target
0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
0a81d6de9a73518776e3c141cd3f17e0
-
SHA1
00583453fc75b583c5dca7a87887fa6f4e1bb345
-
SHA256
f67e3022b39d951607d0f7ad6047d931091f9e1dfb8851ac98bc7142d0e51fcd
-
SHA512
ca528e304bf1e7cb4608ef52064b464acae017baf5fae7d1c2fd8966eba5cd5baadedf355f67bb02a80c7c4bf303b8fad8885d610fc8644c42bc37dfd5aae42f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wk:ymb3NkkiQ3mdBjFILmT
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0a81d6de9a73518776e3c141cd3f17e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjv.exec:\ppdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhnt.exec:\7hbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nbbhh.exec:\5nbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvj.exec:\jdvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfx.exec:\xrflxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbbbt.exec:\bbbbbt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9btbnn.exec:\9btbnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrrffl.exec:\7xrrffl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbhh.exec:\hhtbhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthh.exec:\bbnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjj.exec:\7vjjj.exe17⤵
- Executes dropped EXE
-
\??\c:\xxxfffr.exec:\xxxfffr.exe18⤵
- Executes dropped EXE
-
\??\c:\htnnbh.exec:\htnnbh.exe19⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe20⤵
- Executes dropped EXE
-
\??\c:\vpjdj.exec:\vpjdj.exe21⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe22⤵
- Executes dropped EXE
-
\??\c:\lfrlxxl.exec:\lfrlxxl.exe23⤵
- Executes dropped EXE
-
\??\c:\nthnnh.exec:\nthnnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jvjpj.exec:\jvjpj.exe25⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrxfrrx.exec:\lrxfrrx.exe27⤵
- Executes dropped EXE
-
\??\c:\tbhttb.exec:\tbhttb.exe28⤵
- Executes dropped EXE
-
\??\c:\7pdvv.exec:\7pdvv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxlrlx.exec:\ffxlrlx.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrrffl.exec:\rfrrffl.exe31⤵
- Executes dropped EXE
-
\??\c:\hbhtht.exec:\hbhtht.exe32⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdjp.exec:\jpdjp.exe34⤵
- Executes dropped EXE
-
\??\c:\fxflrrl.exec:\fxflrrl.exe35⤵
- Executes dropped EXE
-
\??\c:\fxffllr.exec:\fxffllr.exe36⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe37⤵
- Executes dropped EXE
-
\??\c:\ntbtbb.exec:\ntbtbb.exe38⤵
- Executes dropped EXE
-
\??\c:\dvvdd.exec:\dvvdd.exe39⤵
- Executes dropped EXE
-
\??\c:\vddjd.exec:\vddjd.exe40⤵
- Executes dropped EXE
-
\??\c:\rlrrlrx.exec:\rlrrlrx.exe41⤵
- Executes dropped EXE
-
\??\c:\1lllrrf.exec:\1lllrrf.exe42⤵
- Executes dropped EXE
-
\??\c:\bbhnnn.exec:\bbhnnn.exe43⤵
- Executes dropped EXE
-
\??\c:\5bttnh.exec:\5bttnh.exe44⤵
- Executes dropped EXE
-
\??\c:\ppdjj.exec:\ppdjj.exe45⤵
- Executes dropped EXE
-
\??\c:\pvjdj.exec:\pvjdj.exe46⤵
- Executes dropped EXE
-
\??\c:\frffrrf.exec:\frffrrf.exe47⤵
- Executes dropped EXE
-
\??\c:\9rxlfrr.exec:\9rxlfrr.exe48⤵
- Executes dropped EXE
-
\??\c:\bhhnhb.exec:\bhhnhb.exe49⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe50⤵
- Executes dropped EXE
-
\??\c:\1ddjj.exec:\1ddjj.exe51⤵
- Executes dropped EXE
-
\??\c:\llrxfrl.exec:\llrxfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\lrxllxx.exec:\lrxllxx.exe53⤵
- Executes dropped EXE
-
\??\c:\9thtbn.exec:\9thtbn.exe54⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrfflrl.exec:\xrfflrl.exe57⤵
- Executes dropped EXE
-
\??\c:\ffrxflr.exec:\ffrxflr.exe58⤵
- Executes dropped EXE
-
\??\c:\5hbhnn.exec:\5hbhnn.exe59⤵
- Executes dropped EXE
-
\??\c:\9ddjp.exec:\9ddjp.exe60⤵
- Executes dropped EXE
-
\??\c:\5dvdd.exec:\5dvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\lxrrxxl.exec:\lxrrxxl.exe62⤵
- Executes dropped EXE
-
\??\c:\3bbtnb.exec:\3bbtnb.exe63⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe65⤵
- Executes dropped EXE
-
\??\c:\9rlrrxf.exec:\9rlrrxf.exe66⤵
-
\??\c:\xrxflrl.exec:\xrxflrl.exe67⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe68⤵
-
\??\c:\9hnttt.exec:\9hnttt.exe69⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe70⤵
-
\??\c:\vvddd.exec:\vvddd.exe71⤵
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe72⤵
-
\??\c:\5xxfrxl.exec:\5xxfrxl.exe73⤵
-
\??\c:\3tthhb.exec:\3tthhb.exe74⤵
-
\??\c:\thttbh.exec:\thttbh.exe75⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe76⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe77⤵
-
\??\c:\rlxfrlx.exec:\rlxfrlx.exe78⤵
-
\??\c:\tnttht.exec:\tnttht.exe79⤵
-
\??\c:\hhhhth.exec:\hhhhth.exe80⤵
-
\??\c:\7ddpj.exec:\7ddpj.exe81⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe82⤵
-
\??\c:\lxffrxx.exec:\lxffrxx.exe83⤵
-
\??\c:\3rxxflr.exec:\3rxxflr.exe84⤵
-
\??\c:\bnttbh.exec:\bnttbh.exe85⤵
-
\??\c:\9ttnth.exec:\9ttnth.exe86⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe87⤵
-
\??\c:\vvjvj.exec:\vvjvj.exe88⤵
-
\??\c:\fffffxl.exec:\fffffxl.exe89⤵
-
\??\c:\ttnbbn.exec:\ttnbbn.exe90⤵
-
\??\c:\nbthtt.exec:\nbthtt.exe91⤵
-
\??\c:\3vjpp.exec:\3vjpp.exe92⤵
-
\??\c:\rrrrlxr.exec:\rrrrlxr.exe93⤵
-
\??\c:\xxrfrfl.exec:\xxrfrfl.exe94⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe95⤵
-
\??\c:\7bbbth.exec:\7bbbth.exe96⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe97⤵
-
\??\c:\5lrxflr.exec:\5lrxflr.exe98⤵
-
\??\c:\3lxlrfl.exec:\3lxlrfl.exe99⤵
-
\??\c:\bhbnhn.exec:\bhbnhn.exe100⤵
-
\??\c:\1ttnbh.exec:\1ttnbh.exe101⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe102⤵
-
\??\c:\5lfxllr.exec:\5lfxllr.exe103⤵
-
\??\c:\1fxllrf.exec:\1fxllrf.exe104⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe105⤵
-
\??\c:\3hnbnb.exec:\3hnbnb.exe106⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe107⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe108⤵
-
\??\c:\frxfrxl.exec:\frxfrxl.exe109⤵
-
\??\c:\nhnbnn.exec:\nhnbnn.exe110⤵
-
\??\c:\hhbbbt.exec:\hhbbbt.exe111⤵
-
\??\c:\vjdpp.exec:\vjdpp.exe112⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe113⤵
-
\??\c:\lrxxrff.exec:\lrxxrff.exe114⤵
-
\??\c:\fflrlrx.exec:\fflrlrx.exe115⤵
-
\??\c:\hnhhth.exec:\hnhhth.exe116⤵
-
\??\c:\dpppv.exec:\dpppv.exe117⤵
-
\??\c:\vvvvj.exec:\vvvvj.exe118⤵
-
\??\c:\lrxrlfl.exec:\lrxrlfl.exe119⤵
-
\??\c:\fxrfxxf.exec:\fxrfxxf.exe120⤵
-
\??\c:\1bntbh.exec:\1bntbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-