Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 05:45
General
-
Target
20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe
-
Size
75KB
-
MD5
20c2ae1adf98979e676e81903e75a800
-
SHA1
90a9e1d227a8f2734fce9e66ce95a9d13125c822
-
SHA256
066e197becd04e501bb1faf937568c4b021aaac23b7765ee6b7f911fda05e686
-
SHA512
4bcad320fece15228c96188cebb7d8bfff8f69bc66fdee5138dcd48afc5746b29eb0f882c792528726bd8579e37b30b70a73dacf125fc7cf0eb609d6e22aa8dc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIoAh2QpUnX1A2:ymb3NkkiQ3mdBjFIsIVbpUH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\20c2ae1adf98979e676e81903e75a800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3lfrxfl.exec:\3lfrxfl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvp.exec:\ppdvp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnn.exec:\nnbbnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppv.exec:\vjppv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlrxf.exec:\llxlrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbtn.exec:\hhbbtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjvj.exec:\5jjvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rxxrrf.exec:\3rxxrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbttn.exec:\ttbttn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnnbt.exec:\htnnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjd.exec:\vvvjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxflrf.exec:\fxxflrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrxlflx.exec:\rrxlflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnttbt.exec:\nnttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\1pddd.exec:\1pddd.exe18⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe19⤵
- Executes dropped EXE
-
\??\c:\lxrlflf.exec:\lxrlflf.exe20⤵
- Executes dropped EXE
-
\??\c:\nthnhb.exec:\nthnhb.exe21⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe22⤵
- Executes dropped EXE
-
\??\c:\ddjdp.exec:\ddjdp.exe23⤵
- Executes dropped EXE
-
\??\c:\9vdvp.exec:\9vdvp.exe24⤵
- Executes dropped EXE
-
\??\c:\7rrfxfx.exec:\7rrfxfx.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbhbn.exec:\hhbhbn.exe26⤵
- Executes dropped EXE
-
\??\c:\7pjjp.exec:\7pjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe28⤵
- Executes dropped EXE
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\hbtbtt.exec:\hbtbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\1pdvj.exec:\1pdvj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrlrfrr.exec:\rrlrfrr.exe32⤵
- Executes dropped EXE
-
\??\c:\1fllrxf.exec:\1fllrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\hbtbnb.exec:\hbtbnb.exe34⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe35⤵
- Executes dropped EXE
-
\??\c:\vvvjd.exec:\vvvjd.exe36⤵
- Executes dropped EXE
-
\??\c:\ffxrflx.exec:\ffxrflx.exe37⤵
- Executes dropped EXE
-
\??\c:\xxrflrx.exec:\xxrflrx.exe38⤵
- Executes dropped EXE
-
\??\c:\hththn.exec:\hththn.exe39⤵
- Executes dropped EXE
-
\??\c:\hbtbhh.exec:\hbtbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\3pjpd.exec:\3pjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\dpddv.exec:\dpddv.exe42⤵
- Executes dropped EXE
-
\??\c:\flrrflr.exec:\flrrflr.exe43⤵
- Executes dropped EXE
-
\??\c:\lfxlffl.exec:\lfxlffl.exe44⤵
- Executes dropped EXE
-
\??\c:\tnhbtb.exec:\tnhbtb.exe45⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe46⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe47⤵
- Executes dropped EXE
-
\??\c:\xrfllrf.exec:\xrfllrf.exe48⤵
- Executes dropped EXE
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe49⤵
- Executes dropped EXE
-
\??\c:\1tntbb.exec:\1tntbb.exe50⤵
- Executes dropped EXE
-
\??\c:\9bthhh.exec:\9bthhh.exe51⤵
- Executes dropped EXE
-
\??\c:\hbhthh.exec:\hbhthh.exe52⤵
- Executes dropped EXE
-
\??\c:\pdpdd.exec:\pdpdd.exe53⤵
- Executes dropped EXE
-
\??\c:\flllffl.exec:\flllffl.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe55⤵
- Executes dropped EXE
-
\??\c:\nhtbnb.exec:\nhtbnb.exe56⤵
- Executes dropped EXE
-
\??\c:\nhhtht.exec:\nhhtht.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe58⤵
- Executes dropped EXE
-
\??\c:\7vvpv.exec:\7vvpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrlrrfl.exec:\rrlrrfl.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrfllf.exec:\fxrfllf.exe61⤵
- Executes dropped EXE
-
\??\c:\nhhbnn.exec:\nhhbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\7ttbnt.exec:\7ttbnt.exe63⤵
- Executes dropped EXE
-
\??\c:\9dvvj.exec:\9dvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\jjjvv.exec:\jjjvv.exe65⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe66⤵
-
\??\c:\5llfrxf.exec:\5llfrxf.exe67⤵
-
\??\c:\btthbb.exec:\btthbb.exe68⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe69⤵
-
\??\c:\tttnhh.exec:\tttnhh.exe70⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe71⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe72⤵
-
\??\c:\frxlrrl.exec:\frxlrrl.exe73⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe74⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe75⤵
-
\??\c:\nthtnb.exec:\nthtnb.exe76⤵
-
\??\c:\pppdj.exec:\pppdj.exe77⤵
-
\??\c:\jjvdv.exec:\jjvdv.exe78⤵
-
\??\c:\llxflrr.exec:\llxflrr.exe79⤵
-
\??\c:\7xlrffx.exec:\7xlrffx.exe80⤵
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe81⤵
-
\??\c:\1bhbtt.exec:\1bhbtt.exe82⤵
-
\??\c:\3vvvd.exec:\3vvvd.exe83⤵
-
\??\c:\pjjjj.exec:\pjjjj.exe84⤵
-
\??\c:\rrrxxfr.exec:\rrrxxfr.exe85⤵
-
\??\c:\lfrxllx.exec:\lfrxllx.exe86⤵
-
\??\c:\nhhtnt.exec:\nhhtnt.exe87⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe88⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe89⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe90⤵
-
\??\c:\xxxfxfr.exec:\xxxfxfr.exe91⤵
-
\??\c:\frrflrr.exec:\frrflrr.exe92⤵
-
\??\c:\bbnthn.exec:\bbnthn.exe93⤵
-
\??\c:\tttnth.exec:\tttnth.exe94⤵
-
\??\c:\pvvjj.exec:\pvvjj.exe95⤵
-
\??\c:\xffxxrr.exec:\xffxxrr.exe96⤵
-
\??\c:\3lflrxf.exec:\3lflrxf.exe97⤵
-
\??\c:\3lxfllf.exec:\3lxfllf.exe98⤵
-
\??\c:\nthhtn.exec:\nthhtn.exe99⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe100⤵
-
\??\c:\9pjpj.exec:\9pjpj.exe101⤵
-
\??\c:\xxrrxxr.exec:\xxrrxxr.exe102⤵
-
\??\c:\rfrxllx.exec:\rfrxllx.exe103⤵
-
\??\c:\bbhnnn.exec:\bbhnnn.exe104⤵
-
\??\c:\hnttnt.exec:\hnttnt.exe105⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe106⤵
-
\??\c:\7vppp.exec:\7vppp.exe107⤵
-
\??\c:\rlrxlll.exec:\rlrxlll.exe108⤵
-
\??\c:\rrflxfx.exec:\rrflxfx.exe109⤵
-
\??\c:\3hbtbb.exec:\3hbtbb.exe110⤵
-
\??\c:\tnnntb.exec:\tnnntb.exe111⤵
-
\??\c:\3dvvd.exec:\3dvvd.exe112⤵
-
\??\c:\5frxfxf.exec:\5frxfxf.exe113⤵
-
\??\c:\hhbbtb.exec:\hhbbtb.exe114⤵
-
\??\c:\tthnth.exec:\tthnth.exe115⤵
-
\??\c:\ppppv.exec:\ppppv.exe116⤵
-
\??\c:\jvvdp.exec:\jvvdp.exe117⤵
-
\??\c:\flrrlrl.exec:\flrrlrl.exe118⤵
-
\??\c:\7llrxxl.exec:\7llrxxl.exe119⤵
-
\??\c:\thttnn.exec:\thttnn.exe120⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-