Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 21:56
General
-
Target
45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe
-
Size
233KB
-
MD5
45ad003da58b4f8ecd9d574443dce020
-
SHA1
79feaf9f95cd5f35bc5e6378445f9db73154edf5
-
SHA256
4e8bf1c7e1ec9cbf4ab3fc8ad5d508ead2bfd791a797e33ba9372dc34b5bc8c9
-
SHA512
0c325c4ea53f063ab08ae5d06a0475a95c4d44d896980ff197a75b9ae12bfc9d0f49045a750553c7f683c6be6ddf636bf7d9c831b6686251e0ccf2c8685db387
-
SSDEEP
6144:kcm4FmowdHoSSGpJw4PqhraHcpOmFTHDGYhEf5X2a9E:y4wFHoSSGpJwGeeFmFTNAp2AE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\45ad003da58b4f8ecd9d574443dce020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbn.exec:\tnbbbn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxflrf.exec:\lfxflrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnhh.exec:\tthnhh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xlffxx.exec:\5xlffxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbb.exec:\tnbhbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvdp.exec:\vpvdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddvv.exec:\dddvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxxf.exec:\xrflxxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhntb.exec:\tnhntb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdd.exec:\jdvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxlr.exec:\xrxrxlr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlrrf.exec:\9frlrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bththn.exec:\bththn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxrxr.exec:\rrfxrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxfrx.exec:\xffxfrx.exe17⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe18⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrlrxrr.exec:\xrlrxrr.exe20⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe21⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe22⤵
- Executes dropped EXE
-
\??\c:\5jdpj.exec:\5jdpj.exe23⤵
- Executes dropped EXE
-
\??\c:\xrlxxfl.exec:\xrlxxfl.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe25⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe26⤵
- Executes dropped EXE
-
\??\c:\tbhtbn.exec:\tbhtbn.exe27⤵
- Executes dropped EXE
-
\??\c:\jpjdd.exec:\jpjdd.exe28⤵
- Executes dropped EXE
-
\??\c:\7fxrffr.exec:\7fxrffr.exe29⤵
- Executes dropped EXE
-
\??\c:\htttbn.exec:\htttbn.exe30⤵
- Executes dropped EXE
-
\??\c:\vdpvj.exec:\vdpvj.exe31⤵
- Executes dropped EXE
-
\??\c:\5xlrxlx.exec:\5xlrxlx.exe32⤵
- Executes dropped EXE
-
\??\c:\7nhhnt.exec:\7nhhnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe34⤵
- Executes dropped EXE
-
\??\c:\5dvjj.exec:\5dvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\frxrfxx.exec:\frxrfxx.exe36⤵
- Executes dropped EXE
-
\??\c:\nntbtt.exec:\nntbtt.exe37⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe38⤵
- Executes dropped EXE
-
\??\c:\rxllrll.exec:\rxllrll.exe39⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\nbbbbt.exec:\nbbbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\jvdjv.exec:\jvdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\xrfxxfl.exec:\xrfxxfl.exe43⤵
- Executes dropped EXE
-
\??\c:\fxfllxf.exec:\fxfllxf.exe44⤵
- Executes dropped EXE
-
\??\c:\hntttn.exec:\hntttn.exe45⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxflrf.exec:\xxxflrf.exe47⤵
- Executes dropped EXE
-
\??\c:\htbtbt.exec:\htbtbt.exe48⤵
- Executes dropped EXE
-
\??\c:\tbnthb.exec:\tbnthb.exe49⤵
- Executes dropped EXE
-
\??\c:\ppjdd.exec:\ppjdd.exe50⤵
- Executes dropped EXE
-
\??\c:\5lrlrff.exec:\5lrlrff.exe51⤵
- Executes dropped EXE
-
\??\c:\5lxxffx.exec:\5lxxffx.exe52⤵
- Executes dropped EXE
-
\??\c:\bhhhtn.exec:\bhhhtn.exe53⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe54⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe55⤵
- Executes dropped EXE
-
\??\c:\lrxxfxf.exec:\lrxxfxf.exe56⤵
- Executes dropped EXE
-
\??\c:\bttbhn.exec:\bttbhn.exe57⤵
- Executes dropped EXE
-
\??\c:\pvdvd.exec:\pvdvd.exe58⤵
- Executes dropped EXE
-
\??\c:\vvpvj.exec:\vvpvj.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe60⤵
- Executes dropped EXE
-
\??\c:\7llrflx.exec:\7llrflx.exe61⤵
- Executes dropped EXE
-
\??\c:\btthnb.exec:\btthnb.exe62⤵
- Executes dropped EXE
-
\??\c:\7pvjv.exec:\7pvjv.exe63⤵
- Executes dropped EXE
-
\??\c:\xrfrrrr.exec:\xrfrrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\tnnnbt.exec:\tnnnbt.exe65⤵
- Executes dropped EXE
-
\??\c:\bthbbb.exec:\bthbbb.exe66⤵
-
\??\c:\7vddd.exec:\7vddd.exe67⤵
-
\??\c:\ppddd.exec:\ppddd.exe68⤵
-
\??\c:\xrflffx.exec:\xrflffx.exe69⤵
-
\??\c:\hbntnh.exec:\hbntnh.exe70⤵
-
\??\c:\9hthnt.exec:\9hthnt.exe71⤵
-
\??\c:\jpjpv.exec:\jpjpv.exe72⤵
-
\??\c:\frrllxl.exec:\frrllxl.exe73⤵
-
\??\c:\3bnhhh.exec:\3bnhhh.exe74⤵
-
\??\c:\bthbbb.exec:\bthbbb.exe75⤵
-
\??\c:\3pdpp.exec:\3pdpp.exe76⤵
-
\??\c:\xrrxflr.exec:\xrrxflr.exe77⤵
-
\??\c:\lrfllrr.exec:\lrfllrr.exe78⤵
-
\??\c:\hthbnt.exec:\hthbnt.exe79⤵
-
\??\c:\pjjjv.exec:\pjjjv.exe80⤵
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe81⤵
-
\??\c:\rlrxlxr.exec:\rlrxlxr.exe82⤵
-
\??\c:\3hbhhh.exec:\3hbhhh.exe83⤵
-
\??\c:\1jvdd.exec:\1jvdd.exe84⤵
-
\??\c:\vppvd.exec:\vppvd.exe85⤵
-
\??\c:\9rllrrx.exec:\9rllrrx.exe86⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe87⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe88⤵
-
\??\c:\jjppj.exec:\jjppj.exe89⤵
-
\??\c:\9lfxxfl.exec:\9lfxxfl.exe90⤵
-
\??\c:\frlxlrf.exec:\frlxlrf.exe91⤵
-
\??\c:\1hhbbb.exec:\1hhbbb.exe92⤵
-
\??\c:\tnhthn.exec:\tnhthn.exe93⤵
-
\??\c:\9djpp.exec:\9djpp.exe94⤵
-
\??\c:\rfrfxfr.exec:\rfrfxfr.exe95⤵
-
\??\c:\lrfxlxl.exec:\lrfxlxl.exe96⤵
-
\??\c:\bbbbnn.exec:\bbbbnn.exe97⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe98⤵
-
\??\c:\fxxrfff.exec:\fxxrfff.exe99⤵
-
\??\c:\bnbhbt.exec:\bnbhbt.exe100⤵
-
\??\c:\thtttb.exec:\thtttb.exe101⤵
-
\??\c:\vvppd.exec:\vvppd.exe102⤵
-
\??\c:\lrrfrfx.exec:\lrrfrfx.exe103⤵
-
\??\c:\flxrllr.exec:\flxrllr.exe104⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe105⤵
-
\??\c:\5vvjp.exec:\5vvjp.exe106⤵
-
\??\c:\xxxrrfx.exec:\xxxrrfx.exe107⤵
-
\??\c:\rxlfffl.exec:\rxlfffl.exe108⤵
-
\??\c:\hbhbht.exec:\hbhbht.exe109⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe110⤵
-
\??\c:\dppvp.exec:\dppvp.exe111⤵
-
\??\c:\xxlxrrx.exec:\xxlxrrx.exe112⤵
-
\??\c:\nhhhnn.exec:\nhhhnn.exe113⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe114⤵
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe115⤵
-
\??\c:\flflrrx.exec:\flflrrx.exe116⤵
-
\??\c:\1tbbnt.exec:\1tbbnt.exe117⤵
-
\??\c:\bntnbb.exec:\bntnbb.exe118⤵
-
\??\c:\vvppv.exec:\vvppv.exe119⤵
-
\??\c:\lrlfffl.exec:\lrlfffl.exe120⤵
-
\??\c:\xlxlrlr.exec:\xlxlrlr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-