Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 05:05
General
-
Target
1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe
-
Size
64KB
-
MD5
1f2c6bf219350ecd07168d1cd92eb370
-
SHA1
af2e906c4b71037750bf3f8c68f97d86ae32a6fe
-
SHA256
f2c0891f0b29c29ff9e3b00a377dd15af1deb8f1efd9b0d2d8ad1ec6621d7d20
-
SHA512
3025a8207dea7258b66b9f0e31afc7171d24d19d61cf3aa5a7e41474d0cee0e9c29f06da1d7eac49f4a647f7b0eae27f70c5f263b93e21206970bdb71501bfbd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6MTSqfw:ymb3NkkiQ3mdBjFI4VE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1f2c6bf219350ecd07168d1cd92eb370_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1xrxrlx.exec:\1xrxrlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrrl.exec:\xrflrrl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtbh.exec:\tnbtbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnn.exec:\tnbhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllrx.exec:\lfxllrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbhtb.exec:\7hbhtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppd.exec:\jjppd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvpv.exec:\dvvpv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xfllrx.exec:\7xfllrx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhnhn.exec:\nhhnhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvdp.exec:\9dvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvp.exec:\9vpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xlxflr.exec:\1xlxflr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthb.exec:\bbtthb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hbthn.exec:\7hbthn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vvjv.exec:\9vvjv.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlrffx.exec:\fxlrffx.exe18⤵
- Executes dropped EXE
-
\??\c:\5bttbn.exec:\5bttbn.exe19⤵
- Executes dropped EXE
-
\??\c:\9hhnhn.exec:\9hhnhn.exe20⤵
- Executes dropped EXE
-
\??\c:\9vjjv.exec:\9vjjv.exe21⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe22⤵
- Executes dropped EXE
-
\??\c:\fffrfrf.exec:\fffrfrf.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnbht.exec:\tnnbht.exe24⤵
- Executes dropped EXE
-
\??\c:\1hbnth.exec:\1hbnth.exe25⤵
- Executes dropped EXE
-
\??\c:\dpdvj.exec:\dpdvj.exe26⤵
- Executes dropped EXE
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\3bhthb.exec:\3bhthb.exe28⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\jjjpj.exec:\jjjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\rfrfxlr.exec:\rfrfxlr.exe31⤵
- Executes dropped EXE
-
\??\c:\bttnhn.exec:\bttnhn.exe32⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\ppvjj.exec:\ppvjj.exe34⤵
- Executes dropped EXE
-
\??\c:\lfflxlr.exec:\lfflxlr.exe35⤵
- Executes dropped EXE
-
\??\c:\1lfxlrl.exec:\1lfxlrl.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhbnb.exec:\hhhbnb.exe37⤵
- Executes dropped EXE
-
\??\c:\tnnhtb.exec:\tnnhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe39⤵
- Executes dropped EXE
-
\??\c:\ddjpv.exec:\ddjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\vpjpv.exec:\vpjpv.exe41⤵
- Executes dropped EXE
-
\??\c:\lflrflr.exec:\lflrflr.exe42⤵
- Executes dropped EXE
-
\??\c:\nnbthn.exec:\nnbthn.exe43⤵
- Executes dropped EXE
-
\??\c:\9tbhth.exec:\9tbhth.exe44⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe45⤵
- Executes dropped EXE
-
\??\c:\dvdjp.exec:\dvdjp.exe46⤵
- Executes dropped EXE
-
\??\c:\9frxfrf.exec:\9frxfrf.exe47⤵
- Executes dropped EXE
-
\??\c:\llfxrrf.exec:\llfxrrf.exe48⤵
- Executes dropped EXE
-
\??\c:\nnbnbn.exec:\nnbnbn.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbhnt.exec:\hbbhnt.exe50⤵
- Executes dropped EXE
-
\??\c:\jpdpj.exec:\jpdpj.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe52⤵
- Executes dropped EXE
-
\??\c:\llrflrf.exec:\llrflrf.exe53⤵
- Executes dropped EXE
-
\??\c:\lflrfxr.exec:\lflrfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\1nntbh.exec:\1nntbh.exe55⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe56⤵
- Executes dropped EXE
-
\??\c:\3rrxffl.exec:\3rrxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\lxrxfrx.exec:\lxrxfrx.exe58⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe59⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe61⤵
- Executes dropped EXE
-
\??\c:\rlfrrxl.exec:\rlfrrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlrxlx.exec:\xxlrxlx.exe63⤵
- Executes dropped EXE
-
\??\c:\nnnnbt.exec:\nnnnbt.exe64⤵
- Executes dropped EXE
-
\??\c:\bnbbnb.exec:\bnbbnb.exe65⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe66⤵
-
\??\c:\7jvdd.exec:\7jvdd.exe67⤵
-
\??\c:\llfrfxf.exec:\llfrfxf.exe68⤵
-
\??\c:\xrlxxxl.exec:\xrlxxxl.exe69⤵
-
\??\c:\7hhbhb.exec:\7hhbhb.exe70⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe71⤵
-
\??\c:\3jdjv.exec:\3jdjv.exe72⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe73⤵
-
\??\c:\rlrlfxf.exec:\rlrlfxf.exe74⤵
-
\??\c:\rfxflrl.exec:\rfxflrl.exe75⤵
-
\??\c:\bttntt.exec:\bttntt.exe76⤵
-
\??\c:\nnhntb.exec:\nnhntb.exe77⤵
-
\??\c:\vpjpj.exec:\vpjpj.exe78⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe79⤵
-
\??\c:\rlfrflx.exec:\rlfrflx.exe80⤵
-
\??\c:\fffxflr.exec:\fffxflr.exe81⤵
-
\??\c:\fffrxfr.exec:\fffrxfr.exe82⤵
-
\??\c:\1bthnb.exec:\1bthnb.exe83⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe84⤵
-
\??\c:\jdpvv.exec:\jdpvv.exe85⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe86⤵
-
\??\c:\rlrrxfr.exec:\rlrrxfr.exe87⤵
-
\??\c:\xlxlxxx.exec:\xlxlxxx.exe88⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe89⤵
-
\??\c:\hbhhhn.exec:\hbhhhn.exe90⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe91⤵
-
\??\c:\1vpdd.exec:\1vpdd.exe92⤵
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe93⤵
-
\??\c:\9flxffr.exec:\9flxffr.exe94⤵
-
\??\c:\hhbnbb.exec:\hhbnbb.exe95⤵
-
\??\c:\thnhnb.exec:\thnhnb.exe96⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe97⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe98⤵
-
\??\c:\5fxrlxx.exec:\5fxrlxx.exe99⤵
-
\??\c:\xrxfxfl.exec:\xrxfxfl.exe100⤵
-
\??\c:\3btthn.exec:\3btthn.exe101⤵
-
\??\c:\hhhbhh.exec:\hhhbhh.exe102⤵
-
\??\c:\3pjvj.exec:\3pjvj.exe103⤵
-
\??\c:\9jvvj.exec:\9jvvj.exe104⤵
-
\??\c:\lflrxxf.exec:\lflrxxf.exe105⤵
-
\??\c:\7frfrxx.exec:\7frfrxx.exe106⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe107⤵
-
\??\c:\nnntbn.exec:\nnntbn.exe108⤵
-
\??\c:\3jjjp.exec:\3jjjp.exe109⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe110⤵
-
\??\c:\9pdpv.exec:\9pdpv.exe111⤵
-
\??\c:\xrrfrxf.exec:\xrrfrxf.exe112⤵
-
\??\c:\rrlrffr.exec:\rrlrffr.exe113⤵
-
\??\c:\7tbnbh.exec:\7tbnbh.exe114⤵
-
\??\c:\nnnbnh.exec:\nnnbnh.exe115⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe116⤵
-
\??\c:\rrrrffr.exec:\rrrrffr.exe117⤵
-
\??\c:\5xxflrf.exec:\5xxflrf.exe118⤵
-
\??\c:\nhnbtn.exec:\nhnbtn.exe119⤵
-
\??\c:\7hnbbn.exec:\7hnbbn.exe120⤵
-
\??\c:\hbnbnb.exec:\hbnbnb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-