Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 13:00
General
-
Target
2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe
-
Size
58KB
-
MD5
2ccea5b6d5917c0196f2c1d48f4ea330
-
SHA1
526168feb91211244d52c37632b796b002d71244
-
SHA256
53d735060eac315659542f46c2fdebb960aaec6a53fe584a0d71caa563d6ed59
-
SHA512
0343397b10ddfd26e2b468031c51cc5ae897aef2b80edc4f40aed970a71d014f50d1056005e58294ac318cbf3f08f1c00741ad9fefd07f66c719cf0d80cbc7be
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIm2hb:ymb3NkkiQ3mdBjFIsIrhb
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2ccea5b6d5917c0196f2c1d48f4ea330_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7vvjv.exec:\7vvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrllfl.exec:\llrllfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbnn.exec:\tnnbnn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxlxl.exec:\rlrxlxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbhb.exec:\bnhbhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rflxxl.exec:\9rflxxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbnt.exec:\nnnbnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpjp.exec:\vdpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddppv.exec:\ddppv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrffxx.exec:\rxrffxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbntn.exec:\htbntn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbbtn.exec:\7nbbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjdp.exec:\ppjdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe17⤵
- Executes dropped EXE
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe18⤵
- Executes dropped EXE
-
\??\c:\9htbnn.exec:\9htbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\5dppv.exec:\5dppv.exe20⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe21⤵
- Executes dropped EXE
-
\??\c:\5fxxffr.exec:\5fxxffr.exe22⤵
- Executes dropped EXE
-
\??\c:\7thhnt.exec:\7thhnt.exe23⤵
- Executes dropped EXE
-
\??\c:\1pjvv.exec:\1pjvv.exe24⤵
- Executes dropped EXE
-
\??\c:\vpvvj.exec:\vpvvj.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe26⤵
- Executes dropped EXE
-
\??\c:\bnnthn.exec:\bnnthn.exe27⤵
- Executes dropped EXE
-
\??\c:\1jvdj.exec:\1jvdj.exe28⤵
- Executes dropped EXE
-
\??\c:\fxlffrx.exec:\fxlffrx.exe29⤵
- Executes dropped EXE
-
\??\c:\xxxfxxr.exec:\xxxfxxr.exe30⤵
- Executes dropped EXE
-
\??\c:\tttbnn.exec:\tttbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe32⤵
- Executes dropped EXE
-
\??\c:\fxrxlxf.exec:\fxrxlxf.exe33⤵
- Executes dropped EXE
-
\??\c:\9rrrlrf.exec:\9rrrlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe35⤵
- Executes dropped EXE
-
\??\c:\hbbhnb.exec:\hbbhnb.exe36⤵
- Executes dropped EXE
-
\??\c:\5pjpd.exec:\5pjpd.exe37⤵
- Executes dropped EXE
-
\??\c:\ddvvj.exec:\ddvvj.exe38⤵
- Executes dropped EXE
-
\??\c:\xrxxflx.exec:\xrxxflx.exe39⤵
- Executes dropped EXE
-
\??\c:\llrfrxf.exec:\llrfrxf.exe40⤵
- Executes dropped EXE
-
\??\c:\nhhtbn.exec:\nhhtbn.exe41⤵
- Executes dropped EXE
-
\??\c:\pjdpd.exec:\pjdpd.exe42⤵
- Executes dropped EXE
-
\??\c:\vvjdp.exec:\vvjdp.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrrxxl.exec:\lfrrxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\rrflrxl.exec:\rrflrxl.exe45⤵
- Executes dropped EXE
-
\??\c:\rlrxffl.exec:\rlrxffl.exe46⤵
- Executes dropped EXE
-
\??\c:\9hhntt.exec:\9hhntt.exe47⤵
- Executes dropped EXE
-
\??\c:\5nhhnb.exec:\5nhhnb.exe48⤵
- Executes dropped EXE
-
\??\c:\1vjjj.exec:\1vjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe50⤵
- Executes dropped EXE
-
\??\c:\7xxlxfr.exec:\7xxlxfr.exe51⤵
- Executes dropped EXE
-
\??\c:\9tnbnh.exec:\9tnbnh.exe52⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe53⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\rlrxllr.exec:\rlrxllr.exe55⤵
- Executes dropped EXE
-
\??\c:\xflffxf.exec:\xflffxf.exe56⤵
- Executes dropped EXE
-
\??\c:\5nnntt.exec:\5nnntt.exe57⤵
- Executes dropped EXE
-
\??\c:\hnnbnn.exec:\hnnbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\5lrlxrf.exec:\5lrlxrf.exe61⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1nntbb.exec:\1nntbb.exe63⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe64⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe65⤵
- Executes dropped EXE
-
\??\c:\frffflf.exec:\frffflf.exe66⤵
-
\??\c:\ffxlrxr.exec:\ffxlrxr.exe67⤵
-
\??\c:\bhbhnn.exec:\bhbhnn.exe68⤵
-
\??\c:\vddpp.exec:\vddpp.exe69⤵
-
\??\c:\1jvpv.exec:\1jvpv.exe70⤵
-
\??\c:\xrlxxxl.exec:\xrlxxxl.exe71⤵
-
\??\c:\lfflllf.exec:\lfflllf.exe72⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe73⤵
-
\??\c:\tnbbht.exec:\tnbbht.exe74⤵
-
\??\c:\jdjvv.exec:\jdjvv.exe75⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe76⤵
-
\??\c:\5rlrxxl.exec:\5rlrxxl.exe77⤵
-
\??\c:\xlflxrl.exec:\xlflxrl.exe78⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe79⤵
-
\??\c:\bthnhn.exec:\bthnhn.exe80⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe81⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe82⤵
-
\??\c:\llflxrf.exec:\llflxrf.exe83⤵
-
\??\c:\3hbhth.exec:\3hbhth.exe84⤵
-
\??\c:\3thbth.exec:\3thbth.exe85⤵
-
\??\c:\vjvvp.exec:\vjvvp.exe86⤵
-
\??\c:\rlxxxrx.exec:\rlxxxrx.exe87⤵
-
\??\c:\lrrlxxx.exec:\lrrlxxx.exe88⤵
-
\??\c:\3thnnt.exec:\3thnnt.exe89⤵
-
\??\c:\tbhbhb.exec:\tbhbhb.exe90⤵
-
\??\c:\5jvdj.exec:\5jvdj.exe91⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe92⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe93⤵
-
\??\c:\hthtbn.exec:\hthtbn.exe94⤵
-
\??\c:\nthhhb.exec:\nthhhb.exe95⤵
-
\??\c:\dddpd.exec:\dddpd.exe96⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe97⤵
-
\??\c:\rlfrxrf.exec:\rlfrxrf.exe98⤵
-
\??\c:\nhntbn.exec:\nhntbn.exe99⤵
-
\??\c:\tnhttb.exec:\tnhttb.exe100⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe101⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe102⤵
-
\??\c:\vpjvp.exec:\vpjvp.exe103⤵
-
\??\c:\rrxllfr.exec:\rrxllfr.exe104⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe105⤵
-
\??\c:\hbbbhh.exec:\hbbbhh.exe106⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe107⤵
-
\??\c:\dvvdd.exec:\dvvdd.exe108⤵
-
\??\c:\rfxxrrr.exec:\rfxxrrr.exe109⤵
-
\??\c:\lrlfrfx.exec:\lrlfrfx.exe110⤵
-
\??\c:\3hhtbb.exec:\3hhtbb.exe111⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe112⤵
-
\??\c:\9vppd.exec:\9vppd.exe113⤵
-
\??\c:\xxxfrxf.exec:\xxxfrxf.exe114⤵
-
\??\c:\fxflrxf.exec:\fxflrxf.exe115⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe116⤵
-
\??\c:\hbnbhn.exec:\hbnbhn.exe117⤵
-
\??\c:\pdjpd.exec:\pdjpd.exe118⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe119⤵
-
\??\c:\xrxxxfl.exec:\xrxxxfl.exe120⤵
-
\??\c:\xrllxfr.exec:\xrllxfr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-