Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 05:48
General
-
Target
21605f73fc3c5ce1211c0903b47a9da0_NeikiAnalytics.exe
-
Size
367KB
-
MD5
21605f73fc3c5ce1211c0903b47a9da0
-
SHA1
c858c4467f4dd038b059f156782b70617ba6f016
-
SHA256
4b591ac061c6eca1a8867f5b30ddde0c06c447c3a97ed1276a4c25a4ad844d54
-
SHA512
cecfb591f5668d1b69ae1656425f7c6854c668540530b880cf4fd3205e3c8d3d519d1524725f9bcbf751d2809aae838e9e93b399156e2843fafdffe558f2c923
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOFltH4tiAlSpgFZAzwdjcIlSpgFZZr3GSM/xK:y4wFHoS3eFplAlSpgFZAKjcIlSpgFZZf
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21605f73fc3c5ce1211c0903b47a9da0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\21605f73fc3c5ce1211c0903b47a9da0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnhh.exec:\hbbnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlrxxr.exec:\xxlrxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnht.exec:\hhbnht.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvd.exec:\3ddvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbb.exec:\bthnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvjv.exec:\9jvjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllrxlx.exec:\lllrxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bntnt.exec:\7bntnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djddp.exec:\djddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xrllrx.exec:\7xrllrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjv.exec:\vvjjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxll.exec:\fxflxll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbhbt.exec:\hnbhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrfrx.exec:\lfxrfrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhtnb.exec:\nhhtnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfrf.exec:\fffrfrf.exe17⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe18⤵
- Executes dropped EXE
-
\??\c:\xrrrlrl.exec:\xrrrlrl.exe19⤵
- Executes dropped EXE
-
\??\c:\hthhbb.exec:\hthhbb.exe20⤵
- Executes dropped EXE
-
\??\c:\xrxlrrf.exec:\xrxlrrf.exe21⤵
- Executes dropped EXE
-
\??\c:\9bthbb.exec:\9bthbb.exe22⤵
- Executes dropped EXE
-
\??\c:\5pjjd.exec:\5pjjd.exe23⤵
- Executes dropped EXE
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe24⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe25⤵
- Executes dropped EXE
-
\??\c:\jppjv.exec:\jppjv.exe26⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\llfrxfr.exec:\llfrxfr.exe28⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe29⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe30⤵
- Executes dropped EXE
-
\??\c:\1frxffl.exec:\1frxffl.exe31⤵
- Executes dropped EXE
-
\??\c:\nhbbtb.exec:\nhbbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\jjjjv.exec:\jjjjv.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhntb.exec:\nnhntb.exe34⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe35⤵
- Executes dropped EXE
-
\??\c:\1dpvd.exec:\1dpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrlrfl.exec:\lxrlrfl.exe37⤵
- Executes dropped EXE
-
\??\c:\bbthhn.exec:\bbthhn.exe38⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\rffxlxx.exec:\rffxlxx.exe40⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\vvddp.exec:\vvddp.exe42⤵
- Executes dropped EXE
-
\??\c:\7fxlrfl.exec:\7fxlrfl.exe43⤵
- Executes dropped EXE
-
\??\c:\bhhhth.exec:\bhhhth.exe44⤵
- Executes dropped EXE
-
\??\c:\ntbhtn.exec:\ntbhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe46⤵
- Executes dropped EXE
-
\??\c:\lrlxllr.exec:\lrlxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\7fxrlrf.exec:\7fxrlrf.exe48⤵
- Executes dropped EXE
-
\??\c:\nhntht.exec:\nhntht.exe49⤵
- Executes dropped EXE
-
\??\c:\pdvpd.exec:\pdvpd.exe50⤵
- Executes dropped EXE
-
\??\c:\jvdvp.exec:\jvdvp.exe51⤵
- Executes dropped EXE
-
\??\c:\flfrlrf.exec:\flfrlrf.exe52⤵
- Executes dropped EXE
-
\??\c:\btnnth.exec:\btnnth.exe53⤵
- Executes dropped EXE
-
\??\c:\htnbnb.exec:\htnbnb.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe55⤵
- Executes dropped EXE
-
\??\c:\llrrllx.exec:\llrrllx.exe56⤵
- Executes dropped EXE
-
\??\c:\hhbhnh.exec:\hhbhnh.exe57⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe58⤵
- Executes dropped EXE
-
\??\c:\dvjpd.exec:\dvjpd.exe59⤵
- Executes dropped EXE
-
\??\c:\llflrxl.exec:\llflrxl.exe60⤵
- Executes dropped EXE
-
\??\c:\rrlrflx.exec:\rrlrflx.exe61⤵
- Executes dropped EXE
-
\??\c:\nnnhnh.exec:\nnnhnh.exe62⤵
- Executes dropped EXE
-
\??\c:\3pjpd.exec:\3pjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\vppjp.exec:\vppjp.exe64⤵
- Executes dropped EXE
-
\??\c:\lrlfrxl.exec:\lrlfrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\hbntbn.exec:\hbntbn.exe66⤵
-
\??\c:\nhttbn.exec:\nhttbn.exe67⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe68⤵
-
\??\c:\lllxlrf.exec:\lllxlrf.exe69⤵
-
\??\c:\9nnbbt.exec:\9nnbbt.exe70⤵
-
\??\c:\nbhthh.exec:\nbhthh.exe71⤵
-
\??\c:\7pppp.exec:\7pppp.exe72⤵
-
\??\c:\rrrfflx.exec:\rrrfflx.exe73⤵
-
\??\c:\nthttn.exec:\nthttn.exe74⤵
-
\??\c:\thbhnn.exec:\thbhnn.exe75⤵
-
\??\c:\3jjvd.exec:\3jjvd.exe76⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe77⤵
-
\??\c:\xxfxrxx.exec:\xxfxrxx.exe78⤵
-
\??\c:\hhbbbh.exec:\hhbbbh.exe79⤵
-
\??\c:\9jjvd.exec:\9jjvd.exe80⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe81⤵
-
\??\c:\rlffxlr.exec:\rlffxlr.exe82⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe83⤵
-
\??\c:\7djvv.exec:\7djvv.exe84⤵
-
\??\c:\3dpvd.exec:\3dpvd.exe85⤵
-
\??\c:\5fxrffl.exec:\5fxrffl.exe86⤵
-
\??\c:\llflflx.exec:\llflflx.exe87⤵
-
\??\c:\bthntb.exec:\bthntb.exe88⤵
-
\??\c:\jpjvj.exec:\jpjvj.exe89⤵
-
\??\c:\pjvpd.exec:\pjvpd.exe90⤵
-
\??\c:\5xllxfr.exec:\5xllxfr.exe91⤵
-
\??\c:\tttttb.exec:\tttttb.exe92⤵
-
\??\c:\nhttnh.exec:\nhttnh.exe93⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe94⤵
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe95⤵
-
\??\c:\5hbbnt.exec:\5hbbnt.exe96⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe97⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe98⤵
-
\??\c:\3vvjv.exec:\3vvjv.exe99⤵
-
\??\c:\rfxffff.exec:\rfxffff.exe100⤵
-
\??\c:\1tthhn.exec:\1tthhn.exe101⤵
-
\??\c:\pjddp.exec:\pjddp.exe102⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe103⤵
-
\??\c:\1lffffr.exec:\1lffffr.exe104⤵
-
\??\c:\rxrfrfx.exec:\rxrfrfx.exe105⤵
-
\??\c:\1tnbbn.exec:\1tnbbn.exe106⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe107⤵
-
\??\c:\ffxxfrr.exec:\ffxxfrr.exe108⤵
-
\??\c:\tttnht.exec:\tttnht.exe109⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe110⤵
-
\??\c:\jjppd.exec:\jjppd.exe111⤵
-
\??\c:\lfxrxxf.exec:\lfxrxxf.exe112⤵
-
\??\c:\7xflrxl.exec:\7xflrxl.exe113⤵
-
\??\c:\3hbhtt.exec:\3hbhtt.exe114⤵
-
\??\c:\dpdpp.exec:\dpdpp.exe115⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe116⤵
-
\??\c:\7lllxfr.exec:\7lllxfr.exe117⤵
-
\??\c:\ttthnt.exec:\ttthnt.exe118⤵
-
\??\c:\bnttbb.exec:\bnttbb.exe119⤵
-
\??\c:\jdpdj.exec:\jdpdj.exe120⤵
-
\??\c:\5frflrf.exec:\5frflrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-