Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22-05-2024 23:26
General
-
Target
5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
5795e7d1e5ae624b824c2fe9e3cfd4c0
-
SHA1
20e3134dceec4f5e91e332de5c19382a004bf0d6
-
SHA256
22c2c9a00d98dca419a0dd3285b1622eddf585b7e66d588d90d22ab70db80f64
-
SHA512
d5afc922f75b8d21c16fd1ee581e00770228b81d015c9fb972adfac6b7e753d32c050419f622649e93a18d79b9f497433e6b923db80d2fc622388f0cef557d1e
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7QGIC:zhOmTsF93UYfwC6GIoutiTU2HVS63Qg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5795e7d1e5ae624b824c2fe9e3cfd4c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxflr.exec:\lllxflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbn.exec:\bthnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlxll.exec:\7rrlxll.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lrfrrx.exec:\9lrfrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnnh.exec:\tthnnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjpj.exec:\vvjpj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrlllr.exec:\7xrlllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fllxxx.exec:\5fllxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbbh.exec:\nhtbbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvp.exec:\jjvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpj.exec:\dvdpj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrrxxr.exec:\rrrrxxr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxflxf.exec:\5xxflxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnnb.exec:\bthnnb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjd.exec:\dvdjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjd.exec:\ddpjd.exe17⤵
- Executes dropped EXE
-
\??\c:\frrxlrf.exec:\frrxlrf.exe18⤵
- Executes dropped EXE
-
\??\c:\1nbhtb.exec:\1nbhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\9thtnb.exec:\9thtnb.exe20⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe21⤵
- Executes dropped EXE
-
\??\c:\lfxfxfl.exec:\lfxfxfl.exe22⤵
- Executes dropped EXE
-
\??\c:\bbhhbh.exec:\bbhhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\1nbhth.exec:\1nbhth.exe24⤵
- Executes dropped EXE
-
\??\c:\3dvdp.exec:\3dvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe26⤵
- Executes dropped EXE
-
\??\c:\rxllllx.exec:\rxllllx.exe27⤵
- Executes dropped EXE
-
\??\c:\hbnbbn.exec:\hbnbbn.exe28⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe30⤵
- Executes dropped EXE
-
\??\c:\xxlllff.exec:\xxlllff.exe31⤵
- Executes dropped EXE
-
\??\c:\frffffl.exec:\frffffl.exe32⤵
- Executes dropped EXE
-
\??\c:\bhhnth.exec:\bhhnth.exe33⤵
- Executes dropped EXE
-
\??\c:\9jddj.exec:\9jddj.exe34⤵
- Executes dropped EXE
-
\??\c:\xfxfrrx.exec:\xfxfrrx.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrrlrl.exec:\rlrrlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\5nbhnt.exec:\5nbhnt.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe38⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe39⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe40⤵
- Executes dropped EXE
-
\??\c:\lllrffr.exec:\lllrffr.exe41⤵
- Executes dropped EXE
-
\??\c:\llfrffl.exec:\llfrffl.exe42⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe43⤵
- Executes dropped EXE
-
\??\c:\dddpj.exec:\dddpj.exe44⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe45⤵
- Executes dropped EXE
-
\??\c:\jppdj.exec:\jppdj.exe46⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe47⤵
- Executes dropped EXE
-
\??\c:\rfrrxrx.exec:\rfrrxrx.exe48⤵
- Executes dropped EXE
-
\??\c:\ththth.exec:\ththth.exe49⤵
- Executes dropped EXE
-
\??\c:\bnbnhb.exec:\bnbnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\9dpdp.exec:\9dpdp.exe51⤵
- Executes dropped EXE
-
\??\c:\xrllrrx.exec:\xrllrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\5xxrrxx.exec:\5xxrrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hbnhtb.exec:\hbnhtb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhhtb.exec:\hbhhtb.exe55⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe56⤵
- Executes dropped EXE
-
\??\c:\5dppj.exec:\5dppj.exe57⤵
- Executes dropped EXE
-
\??\c:\7fxllfx.exec:\7fxllfx.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrfxfr.exec:\rfrfxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\tbnthn.exec:\tbnthn.exe60⤵
- Executes dropped EXE
-
\??\c:\1hbbnn.exec:\1hbbnn.exe61⤵
- Executes dropped EXE
-
\??\c:\9ppdv.exec:\9ppdv.exe62⤵
- Executes dropped EXE
-
\??\c:\jvddp.exec:\jvddp.exe63⤵
- Executes dropped EXE
-
\??\c:\1lxrxlr.exec:\1lxrxlr.exe64⤵
- Executes dropped EXE
-
\??\c:\xxfrflx.exec:\xxfrflx.exe65⤵
- Executes dropped EXE
-
\??\c:\bnbhtn.exec:\bnbhtn.exe66⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe67⤵
-
\??\c:\dddpj.exec:\dddpj.exe68⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe69⤵
-
\??\c:\xflflxr.exec:\xflflxr.exe70⤵
-
\??\c:\rlrllfl.exec:\rlrllfl.exe71⤵
-
\??\c:\tntnhh.exec:\tntnhh.exe72⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe73⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe74⤵
-
\??\c:\3lfrxll.exec:\3lfrxll.exe75⤵
-
\??\c:\3rfxlrf.exec:\3rfxlrf.exe76⤵
-
\??\c:\tnbbnn.exec:\tnbbnn.exe77⤵
-
\??\c:\3tnhbh.exec:\3tnhbh.exe78⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe79⤵
-
\??\c:\fxlrffr.exec:\fxlrffr.exe80⤵
-
\??\c:\ffrlfxr.exec:\ffrlfxr.exe81⤵
-
\??\c:\bhntnn.exec:\bhntnn.exe82⤵
-
\??\c:\7nttbb.exec:\7nttbb.exe83⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe84⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe85⤵
-
\??\c:\xflxrfr.exec:\xflxrfr.exe86⤵
-
\??\c:\5xxxllx.exec:\5xxxllx.exe87⤵
-
\??\c:\nhtnbn.exec:\nhtnbn.exe88⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe89⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe90⤵
-
\??\c:\9ppdj.exec:\9ppdj.exe91⤵
-
\??\c:\9jpvd.exec:\9jpvd.exe92⤵
-
\??\c:\ffrxflx.exec:\ffrxflx.exe93⤵
-
\??\c:\fffxxll.exec:\fffxxll.exe94⤵
-
\??\c:\hthttb.exec:\hthttb.exe95⤵
-
\??\c:\nhbhbn.exec:\nhbhbn.exe96⤵
-
\??\c:\jvddv.exec:\jvddv.exe97⤵
-
\??\c:\ppppv.exec:\ppppv.exe98⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe99⤵
-
\??\c:\9tnbth.exec:\9tnbth.exe100⤵
-
\??\c:\7hhtnn.exec:\7hhtnn.exe101⤵
-
\??\c:\9bbtbn.exec:\9bbtbn.exe102⤵
-
\??\c:\vvjvv.exec:\vvjvv.exe103⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe104⤵
-
\??\c:\xlxlrxf.exec:\xlxlrxf.exe105⤵
-
\??\c:\rfflxlf.exec:\rfflxlf.exe106⤵
-
\??\c:\tnnbtb.exec:\tnnbtb.exe107⤵
-
\??\c:\ntbnnt.exec:\ntbnnt.exe108⤵
-
\??\c:\djddj.exec:\djddj.exe109⤵
-
\??\c:\pdvjp.exec:\pdvjp.exe110⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe111⤵
-
\??\c:\xrfrlfr.exec:\xrfrlfr.exe112⤵
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe113⤵
-
\??\c:\tbnhbn.exec:\tbnhbn.exe114⤵
-
\??\c:\nhtthn.exec:\nhtthn.exe115⤵
-
\??\c:\5pjvd.exec:\5pjvd.exe116⤵
-
\??\c:\dvppd.exec:\dvppd.exe117⤵
-
\??\c:\fxrrllr.exec:\fxrrllr.exe118⤵
-
\??\c:\rfxlrlr.exec:\rfxlrlr.exe119⤵
-
\??\c:\nbhbbb.exec:\nbhbbb.exe120⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-