Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22-05-2024 05:44
General
-
Target
2084f48c2d61d255ce33045398a41ed0_NeikiAnalytics.exe
-
Size
80KB
-
MD5
2084f48c2d61d255ce33045398a41ed0
-
SHA1
2a3ddda528d04d9630a6e2f576e03a18623ba184
-
SHA256
ba2c5e4ddeecd8c6c7aed2488c3068fc953cbaa3a33d2bddf02e3364fc22d637
-
SHA512
e1e42c1f7cccc7385bbaf552d3d94a20135177074f7bb7dfcf258e895b63b3eae4bdea9212b9a1da4e75f949283fc587a7698fcc52e7a05492a67205a70f176f
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6TVqMJ89v:zhOmTsF93UYfwC6GIoutiTU2HVS6cMJC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 49 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2084f48c2d61d255ce33045398a41ed0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2084f48c2d61d255ce33045398a41ed0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhtn.exec:\nhhhtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0800828.exec:\0800828.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86240.exec:\86240.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\864800.exec:\864800.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\60806.exec:\60806.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\860444.exec:\860444.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frrxlf.exec:\9frrxlf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8626262.exec:\8626262.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllrrl.exec:\lfllrrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20280.exec:\20280.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhnn.exec:\bnhhnn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26846.exec:\26846.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxfff.exec:\xlrxfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjj.exec:\vjdjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhthn.exec:\thhthn.exe17⤵
- Executes dropped EXE
-
\??\c:\00228.exec:\00228.exe18⤵
- Executes dropped EXE
-
\??\c:\0686440.exec:\0686440.exe19⤵
- Executes dropped EXE
-
\??\c:\486800.exec:\486800.exe20⤵
- Executes dropped EXE
-
\??\c:\k84000.exec:\k84000.exe21⤵
- Executes dropped EXE
-
\??\c:\o804088.exec:\o804088.exe22⤵
- Executes dropped EXE
-
\??\c:\o820806.exec:\o820806.exe23⤵
- Executes dropped EXE
-
\??\c:\o200228.exec:\o200228.exe24⤵
- Executes dropped EXE
-
\??\c:\88248.exec:\88248.exe25⤵
- Executes dropped EXE
-
\??\c:\hbtbnt.exec:\hbtbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\3jppd.exec:\3jppd.exe28⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe29⤵
- Executes dropped EXE
-
\??\c:\04242.exec:\04242.exe30⤵
- Executes dropped EXE
-
\??\c:\pppdv.exec:\pppdv.exe31⤵
- Executes dropped EXE
-
\??\c:\4064060.exec:\4064060.exe32⤵
- Executes dropped EXE
-
\??\c:\04680.exec:\04680.exe33⤵
- Executes dropped EXE
-
\??\c:\flxxflr.exec:\flxxflr.exe34⤵
- Executes dropped EXE
-
\??\c:\04028.exec:\04028.exe35⤵
- Executes dropped EXE
-
\??\c:\2084444.exec:\2084444.exe36⤵
- Executes dropped EXE
-
\??\c:\lxlxfff.exec:\lxlxfff.exe37⤵
- Executes dropped EXE
-
\??\c:\i244462.exec:\i244462.exe38⤵
- Executes dropped EXE
-
\??\c:\e68406.exec:\e68406.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbhhn.exec:\bbbhhn.exe40⤵
- Executes dropped EXE
-
\??\c:\0240268.exec:\0240268.exe41⤵
- Executes dropped EXE
-
\??\c:\lrlrffr.exec:\lrlrffr.exe42⤵
- Executes dropped EXE
-
\??\c:\26420.exec:\26420.exe43⤵
- Executes dropped EXE
-
\??\c:\84460.exec:\84460.exe44⤵
- Executes dropped EXE
-
\??\c:\3ttthb.exec:\3ttthb.exe45⤵
- Executes dropped EXE
-
\??\c:\a4686.exec:\a4686.exe46⤵
- Executes dropped EXE
-
\??\c:\xxxlxlr.exec:\xxxlxlr.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfrxxf.exec:\xrfrxxf.exe48⤵
- Executes dropped EXE
-
\??\c:\684268.exec:\684268.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhhbh.exec:\tnhhbh.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe51⤵
- Executes dropped EXE
-
\??\c:\e46202.exec:\e46202.exe52⤵
- Executes dropped EXE
-
\??\c:\m4284.exec:\m4284.exe53⤵
- Executes dropped EXE
-
\??\c:\lfxlflx.exec:\lfxlflx.exe54⤵
- Executes dropped EXE
-
\??\c:\rxfrxfl.exec:\rxfrxfl.exe55⤵
- Executes dropped EXE
-
\??\c:\440880.exec:\440880.exe56⤵
- Executes dropped EXE
-
\??\c:\1rlfrfl.exec:\1rlfrfl.exe57⤵
- Executes dropped EXE
-
\??\c:\4246240.exec:\4246240.exe58⤵
- Executes dropped EXE
-
\??\c:\s8068.exec:\s8068.exe59⤵
- Executes dropped EXE
-
\??\c:\c660062.exec:\c660062.exe60⤵
- Executes dropped EXE
-
\??\c:\04662.exec:\04662.exe61⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe62⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe63⤵
- Executes dropped EXE
-
\??\c:\nbbbbb.exec:\nbbbbb.exe64⤵
- Executes dropped EXE
-
\??\c:\04406.exec:\04406.exe65⤵
- Executes dropped EXE
-
\??\c:\xlxfllr.exec:\xlxfllr.exe66⤵
-
\??\c:\lfrrffl.exec:\lfrrffl.exe67⤵
-
\??\c:\frrrxrf.exec:\frrrxrf.exe68⤵
-
\??\c:\7hhtbh.exec:\7hhtbh.exe69⤵
-
\??\c:\482406.exec:\482406.exe70⤵
-
\??\c:\hhhtnn.exec:\hhhtnn.exe71⤵
-
\??\c:\8666484.exec:\8666484.exe72⤵
-
\??\c:\q88220.exec:\q88220.exe73⤵
-
\??\c:\080288.exec:\080288.exe74⤵
-
\??\c:\20402.exec:\20402.exe75⤵
-
\??\c:\000844.exec:\000844.exe76⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe77⤵
-
\??\c:\nhntth.exec:\nhntth.exe78⤵
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe79⤵
-
\??\c:\8260668.exec:\8260668.exe80⤵
-
\??\c:\6084624.exec:\6084624.exe81⤵
-
\??\c:\86406.exec:\86406.exe82⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe83⤵
-
\??\c:\26808.exec:\26808.exe84⤵
-
\??\c:\1bnthb.exec:\1bnthb.exe85⤵
-
\??\c:\xrrxffr.exec:\xrrxffr.exe86⤵
-
\??\c:\42400.exec:\42400.exe87⤵
-
\??\c:\dddpd.exec:\dddpd.exe88⤵
-
\??\c:\7pjjv.exec:\7pjjv.exe89⤵
-
\??\c:\rfrrxxr.exec:\rfrrxxr.exe90⤵
-
\??\c:\60468.exec:\60468.exe91⤵
-
\??\c:\6400628.exec:\6400628.exe92⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe93⤵
-
\??\c:\4684224.exec:\4684224.exe94⤵
-
\??\c:\rlrxfff.exec:\rlrxfff.exe95⤵
-
\??\c:\2046846.exec:\2046846.exe96⤵
-
\??\c:\m6468.exec:\m6468.exe97⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe98⤵
-
\??\c:\nnnbtt.exec:\nnnbtt.exe99⤵
-
\??\c:\60246.exec:\60246.exe100⤵
-
\??\c:\284462.exec:\284462.exe101⤵
-
\??\c:\rlrrffr.exec:\rlrrffr.exe102⤵
-
\??\c:\602864.exec:\602864.exe103⤵
-
\??\c:\k62222.exec:\k62222.exe104⤵
-
\??\c:\64668.exec:\64668.exe105⤵
-
\??\c:\nhhhhh.exec:\nhhhhh.exe106⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe107⤵
-
\??\c:\86880.exec:\86880.exe108⤵
-
\??\c:\m0800.exec:\m0800.exe109⤵
-
\??\c:\5lxlxrx.exec:\5lxlxrx.exe110⤵
-
\??\c:\084448.exec:\084448.exe111⤵
-
\??\c:\jpdjj.exec:\jpdjj.exe112⤵
-
\??\c:\626088.exec:\626088.exe113⤵
-
\??\c:\vppjp.exec:\vppjp.exe114⤵
-
\??\c:\u606280.exec:\u606280.exe115⤵
-
\??\c:\fxlrrxx.exec:\fxlrrxx.exe116⤵
-
\??\c:\1nhnnn.exec:\1nhnnn.exe117⤵
-
\??\c:\g0884.exec:\g0884.exe118⤵
-
\??\c:\5vpdp.exec:\5vpdp.exe119⤵
-
\??\c:\20846.exec:\20846.exe120⤵
-
\??\c:\0844062.exec:\0844062.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-