Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 01:03
General
-
Target
12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe
-
Size
441KB
-
MD5
12fe4659700f67a4d6813a77feeb3ed0
-
SHA1
5f4daa79699e0861a2c93ddb9113edcc4609cc1b
-
SHA256
a1b9907c04cfc85c546b3678e93a9045c19268aa60502284f3512a1afa2de094
-
SHA512
8aefa8907d3583e9cf8c5f57858c7decb92c0ea114a58e9f29b8bc3d8e386b3687338960700bceb59004cfa69d29e158b162365bd4b10926ee4edd59d89cbe55
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluw:UrR/nPV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\12fe4659700f67a4d6813a77feeb3ed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvd.exec:\vjpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nnntt.exec:\5nnntt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffllx.exec:\3lffllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fflxfx.exec:\1fflxfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrffl.exec:\fxrrffl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrff.exec:\lfxfrff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lffllr.exec:\1lffllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbh.exec:\tnbbbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjd.exec:\dddjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxllr.exec:\frlxllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppjp.exec:\vppjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpvd.exec:\vvpvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnthn.exec:\hbnthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvdp.exec:\5dvdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdp.exec:\jdpdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlxfx.exec:\rlxlxfx.exe17⤵
- Executes dropped EXE
-
\??\c:\1dvdj.exec:\1dvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\1rxflll.exec:\1rxflll.exe19⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe20⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe22⤵
- Executes dropped EXE
-
\??\c:\frrlrfr.exec:\frrlrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\9btthh.exec:\9btthh.exe24⤵
- Executes dropped EXE
-
\??\c:\tttbbb.exec:\tttbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\7vppd.exec:\7vppd.exe26⤵
- Executes dropped EXE
-
\??\c:\1jpdv.exec:\1jpdv.exe27⤵
- Executes dropped EXE
-
\??\c:\hhthtt.exec:\hhthtt.exe28⤵
- Executes dropped EXE
-
\??\c:\7hnhbb.exec:\7hnhbb.exe29⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\9fxxfll.exec:\9fxxfll.exe31⤵
- Executes dropped EXE
-
\??\c:\3pvpv.exec:\3pvpv.exe32⤵
- Executes dropped EXE
-
\??\c:\rlfrxfr.exec:\rlfrxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\7btnbb.exec:\7btnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\xrllffr.exec:\xrllffr.exe35⤵
- Executes dropped EXE
-
\??\c:\hbthnt.exec:\hbthnt.exe36⤵
- Executes dropped EXE
-
\??\c:\dvvvp.exec:\dvvvp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrllxfl.exec:\xrllxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe39⤵
- Executes dropped EXE
-
\??\c:\rfrxllx.exec:\rfrxllx.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe41⤵
- Executes dropped EXE
-
\??\c:\1hhbhh.exec:\1hhbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\rfrxllx.exec:\rfrxllx.exe43⤵
- Executes dropped EXE
-
\??\c:\nhhhhn.exec:\nhhhhn.exe44⤵
- Executes dropped EXE
-
\??\c:\jpjpd.exec:\jpjpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxxfrfx.exec:\xxxfrfx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbhn.exec:\nhhbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\fxrxllf.exec:\fxrxllf.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe49⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe50⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe51⤵
- Executes dropped EXE
-
\??\c:\bthttn.exec:\bthttn.exe52⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe53⤵
- Executes dropped EXE
-
\??\c:\frrffrr.exec:\frrffrr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnthnn.exec:\tnthnn.exe55⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe56⤵
- Executes dropped EXE
-
\??\c:\7vjpj.exec:\7vjpj.exe57⤵
- Executes dropped EXE
-
\??\c:\tnntbt.exec:\tnntbt.exe58⤵
- Executes dropped EXE
-
\??\c:\rllfrrl.exec:\rllfrrl.exe59⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe60⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe61⤵
- Executes dropped EXE
-
\??\c:\1nttbb.exec:\1nttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1nttbh.exec:\1nttbh.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe64⤵
- Executes dropped EXE
-
\??\c:\7lxlrxl.exec:\7lxlrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\btnbht.exec:\btnbht.exe66⤵
-
\??\c:\thbntt.exec:\thbntt.exe67⤵
-
\??\c:\1jvvd.exec:\1jvvd.exe68⤵
-
\??\c:\7vjpd.exec:\7vjpd.exe69⤵
-
\??\c:\xrxlxfl.exec:\xrxlxfl.exe70⤵
-
\??\c:\tttnbn.exec:\tttnbn.exe71⤵
-
\??\c:\5vvvv.exec:\5vvvv.exe72⤵
-
\??\c:\1pjdp.exec:\1pjdp.exe73⤵
-
\??\c:\xxlrxfx.exec:\xxlrxfx.exe74⤵
-
\??\c:\hbthnn.exec:\hbthnn.exe75⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe76⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe77⤵
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe78⤵
-
\??\c:\3rfrflr.exec:\3rfrflr.exe79⤵
-
\??\c:\hbntbb.exec:\hbntbb.exe80⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe81⤵
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe82⤵
-
\??\c:\lfxfrxr.exec:\lfxfrxr.exe83⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe84⤵
-
\??\c:\dddjv.exec:\dddjv.exe85⤵
-
\??\c:\lffflrf.exec:\lffflrf.exe86⤵
-
\??\c:\3hhntb.exec:\3hhntb.exe87⤵
-
\??\c:\pvppp.exec:\pvppp.exe88⤵
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe89⤵
-
\??\c:\nhhttt.exec:\nhhttt.exe90⤵
-
\??\c:\pvdpv.exec:\pvdpv.exe91⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe92⤵
-
\??\c:\7lflrrf.exec:\7lflrrf.exe93⤵
-
\??\c:\nnhhtt.exec:\nnhhtt.exe94⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe95⤵
-
\??\c:\jjjdd.exec:\jjjdd.exe96⤵
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe97⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe98⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe99⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe100⤵
-
\??\c:\frllxxf.exec:\frllxxf.exe101⤵
-
\??\c:\ttthnn.exec:\ttthnn.exe102⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe103⤵
-
\??\c:\vppvp.exec:\vppvp.exe104⤵
-
\??\c:\5lxxxfl.exec:\5lxxxfl.exe105⤵
-
\??\c:\lfxlxxr.exec:\lfxlxxr.exe106⤵
-
\??\c:\bnbbnn.exec:\bnbbnn.exe107⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe108⤵
-
\??\c:\llfflxr.exec:\llfflxr.exe109⤵
-
\??\c:\ffrfrxf.exec:\ffrfrxf.exe110⤵
-
\??\c:\1bnbhh.exec:\1bnbhh.exe111⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe112⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe113⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe114⤵
-
\??\c:\5nhhhh.exec:\5nhhhh.exe115⤵
-
\??\c:\3ththn.exec:\3ththn.exe116⤵
-
\??\c:\dddjd.exec:\dddjd.exe117⤵
-
\??\c:\xxlrllr.exec:\xxlrllr.exe118⤵
-
\??\c:\5bthbn.exec:\5bthbn.exe119⤵
-
\??\c:\9hbntb.exec:\9hbntb.exe120⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-