Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22-05-2024 21:25
General
-
Target
3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe
-
Size
55KB
-
MD5
3f9749336d3c821526de4a61502a1cd0
-
SHA1
23d1e7b3540c250946fdded77d56879eda2767aa
-
SHA256
3d413113005b2b2714358ce0d10600bfb0b08cb87d618afa98832d212fb421c3
-
SHA512
db2d7f7ace3c8ee294abb71d3b1bcedebdae0d0276d25455030d17c5f42c61b5c2662132ec0691df6d0751b46e781439f3ba522b1ce4bc91c7d4497410ad0329
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chVn+:ymb3NkkiQ3mdBjF0cr+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 18 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3f9749336d3c821526de4a61502a1cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7frlxlx.exec:\7frlxlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbbbn.exec:\ntbbbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdpv.exec:\jjdpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrfll.exec:\lffrfll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrxf.exec:\xxrfrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhnb.exec:\5tnhnb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhbh.exec:\tnbhbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vpvv.exec:\5vpvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frxxfx.exec:\3frxxfx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bttbb.exec:\5bttbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bbthh.exec:\9bbthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrflx.exec:\xfrrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflfrr.exec:\llflfrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtn.exec:\bbtbtn.exe17⤵
- Executes dropped EXE
-
\??\c:\hhnnbh.exec:\hhnnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\pvpjp.exec:\pvpjp.exe19⤵
- Executes dropped EXE
-
\??\c:\vpvdj.exec:\vpvdj.exe20⤵
- Executes dropped EXE
-
\??\c:\llxlrxl.exec:\llxlrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\tthnhh.exec:\tthnhh.exe22⤵
- Executes dropped EXE
-
\??\c:\ttnhth.exec:\ttnhth.exe23⤵
- Executes dropped EXE
-
\??\c:\1pppd.exec:\1pppd.exe24⤵
- Executes dropped EXE
-
\??\c:\vdpdj.exec:\vdpdj.exe25⤵
- Executes dropped EXE
-
\??\c:\fflxffl.exec:\fflxffl.exe26⤵
- Executes dropped EXE
-
\??\c:\xfrxlrx.exec:\xfrxlrx.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\hnhthb.exec:\hnhthb.exe29⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xxrrflx.exec:\xxrrflx.exe31⤵
- Executes dropped EXE
-
\??\c:\hhbntn.exec:\hhbntn.exe32⤵
- Executes dropped EXE
-
\??\c:\ththnt.exec:\ththnt.exe33⤵
- Executes dropped EXE
-
\??\c:\3pvvp.exec:\3pvvp.exe34⤵
- Executes dropped EXE
-
\??\c:\pvvpp.exec:\pvvpp.exe35⤵
- Executes dropped EXE
-
\??\c:\llxfrrx.exec:\llxfrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\1fxlfll.exec:\1fxlfll.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbthb.exec:\hhbthb.exe38⤵
- Executes dropped EXE
-
\??\c:\tbnhnh.exec:\tbnhnh.exe39⤵
- Executes dropped EXE
-
\??\c:\ppvjp.exec:\ppvjp.exe40⤵
- Executes dropped EXE
-
\??\c:\vjjdd.exec:\vjjdd.exe41⤵
- Executes dropped EXE
-
\??\c:\rlrrxxl.exec:\rlrrxxl.exe42⤵
- Executes dropped EXE
-
\??\c:\3xxfrxl.exec:\3xxfrxl.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnnth.exec:\hbnnth.exe44⤵
- Executes dropped EXE
-
\??\c:\jpdvd.exec:\jpdvd.exe45⤵
- Executes dropped EXE
-
\??\c:\9vjpd.exec:\9vjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\frflllx.exec:\frflllx.exe47⤵
- Executes dropped EXE
-
\??\c:\ffrxlrx.exec:\ffrxlrx.exe48⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe49⤵
- Executes dropped EXE
-
\??\c:\hhbnnb.exec:\hhbnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\7pjpp.exec:\7pjpp.exe51⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\rrffrrf.exec:\rrffrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\llrfxfl.exec:\llrfxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\hhttbt.exec:\hhttbt.exe55⤵
- Executes dropped EXE
-
\??\c:\1hnnbh.exec:\1hnnbh.exe56⤵
- Executes dropped EXE
-
\??\c:\5vjdp.exec:\5vjdp.exe57⤵
- Executes dropped EXE
-
\??\c:\1dppv.exec:\1dppv.exe58⤵
- Executes dropped EXE
-
\??\c:\flfxffx.exec:\flfxffx.exe59⤵
- Executes dropped EXE
-
\??\c:\rflffff.exec:\rflffff.exe60⤵
- Executes dropped EXE
-
\??\c:\1nhtbb.exec:\1nhtbb.exe61⤵
- Executes dropped EXE
-
\??\c:\ttnbtb.exec:\ttnbtb.exe62⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpvd.exec:\vvpvd.exe64⤵
- Executes dropped EXE
-
\??\c:\fxlrfxl.exec:\fxlrfxl.exe65⤵
- Executes dropped EXE
-
\??\c:\lfrrfrx.exec:\lfrrfrx.exe66⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe67⤵
-
\??\c:\xrffxxl.exec:\xrffxxl.exe68⤵
-
\??\c:\xfxrxxl.exec:\xfxrxxl.exe69⤵
-
\??\c:\ttbhnt.exec:\ttbhnt.exe70⤵
-
\??\c:\bnbbhh.exec:\bnbbhh.exe71⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe72⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe73⤵
-
\??\c:\rlflxfr.exec:\rlflxfr.exe74⤵
-
\??\c:\xxxlffr.exec:\xxxlffr.exe75⤵
-
\??\c:\tbhnbb.exec:\tbhnbb.exe76⤵
-
\??\c:\1hhnhb.exec:\1hhnhb.exe77⤵
-
\??\c:\ddvpp.exec:\ddvpp.exe78⤵
-
\??\c:\dddjj.exec:\dddjj.exe79⤵
-
\??\c:\lxlrffr.exec:\lxlrffr.exe80⤵
-
\??\c:\lfrxxlx.exec:\lfrxxlx.exe81⤵
-
\??\c:\9thnbh.exec:\9thnbh.exe82⤵
-
\??\c:\bnnhhn.exec:\bnnhhn.exe83⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe84⤵
-
\??\c:\jpppv.exec:\jpppv.exe85⤵
-
\??\c:\llxlrxl.exec:\llxlrxl.exe86⤵
-
\??\c:\rfllxrx.exec:\rfllxrx.exe87⤵
-
\??\c:\hbnnnb.exec:\hbnnnb.exe88⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe89⤵
-
\??\c:\3dpvv.exec:\3dpvv.exe90⤵
-
\??\c:\prfrl.exec:\prfrl.exe91⤵
-
\??\c:\fxlrxrf.exec:\fxlrxrf.exe92⤵
-
\??\c:\rfxlrff.exec:\rfxlrff.exe93⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe94⤵
-
\??\c:\bhhhnt.exec:\bhhhnt.exe95⤵
-
\??\c:\5pjvv.exec:\5pjvv.exe96⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe97⤵
-
\??\c:\xlfllxl.exec:\xlfllxl.exe98⤵
-
\??\c:\fxrlrxl.exec:\fxrlrxl.exe99⤵
-
\??\c:\7hbbnh.exec:\7hbbnh.exe100⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe101⤵
-
\??\c:\5bbnnn.exec:\5bbnnn.exe102⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe103⤵
-
\??\c:\9djpv.exec:\9djpv.exe104⤵
-
\??\c:\lfxrflr.exec:\lfxrflr.exe105⤵
-
\??\c:\3frrffr.exec:\3frrffr.exe106⤵
-
\??\c:\tbbbnn.exec:\tbbbnn.exe107⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe108⤵
-
\??\c:\7jjjp.exec:\7jjjp.exe109⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe110⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe111⤵
-
\??\c:\xxrfffr.exec:\xxrfffr.exe112⤵
-
\??\c:\1ffrfrf.exec:\1ffrfrf.exe113⤵
-
\??\c:\5hbnnt.exec:\5hbnnt.exe114⤵
-
\??\c:\tnhhbn.exec:\tnhhbn.exe115⤵
-
\??\c:\5jdjj.exec:\5jdjj.exe116⤵
-
\??\c:\djvpp.exec:\djvpp.exe117⤵
-
\??\c:\frllfxf.exec:\frllfxf.exe118⤵
-
\??\c:\lfxflrr.exec:\lfxflrr.exe119⤵
-
\??\c:\htthtt.exec:\htthtt.exe120⤵
-
\??\c:\5bttbt.exec:\5bttbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-