Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 00:16
General
-
Target
6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe
-
Size
61KB
-
MD5
6007507ee4e870d54002d695cf047710
-
SHA1
11585ef509848e568948f2a16b3f37a57db61eb3
-
SHA256
cc8e602b9e85e6a4f8648c27ca62f8e62fc68b58d9abe06acec52d7bcf72fe05
-
SHA512
5d4cf564dabea7755e3a920a5579684b965b06a2a66488145fdcf28caf5fb804354e8b3324268a8e9929f3ac53d7468e84fde0b83657e5ee389f80845394ff27
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvAEaFJL8:ymb3NkkiQ3mdBjFIvAv8
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6007507ee4e870d54002d695cf047710_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbbt.exec:\thtbbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnbtb.exec:\nbnbtb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvv.exec:\pvdvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxxll.exec:\5rxxxll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrfxl.exec:\llfrfxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthb.exec:\nnhthb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3djjj.exec:\3djjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxfxf.exec:\lfrxfxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbt.exec:\htbbbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtnh.exec:\bthtnh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjp.exec:\vjpjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xlrfll.exec:\7xlrfll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhhhb.exec:\thhhhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhnh.exec:\nbhhnh.exe17⤵
- Executes dropped EXE
-
\??\c:\9dvvd.exec:\9dvvd.exe18⤵
- Executes dropped EXE
-
\??\c:\9vjpv.exec:\9vjpv.exe19⤵
- Executes dropped EXE
-
\??\c:\xffffxx.exec:\xffffxx.exe20⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe21⤵
- Executes dropped EXE
-
\??\c:\3htnnn.exec:\3htnnn.exe22⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe23⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrxflr.exec:\rlrxflr.exe25⤵
- Executes dropped EXE
-
\??\c:\7tthhn.exec:\7tthhn.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtnnn.exec:\nhtnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\jvdvd.exec:\jvdvd.exe28⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe29⤵
- Executes dropped EXE
-
\??\c:\rflfxrx.exec:\rflfxrx.exe30⤵
- Executes dropped EXE
-
\??\c:\rxlffrx.exec:\rxlffrx.exe31⤵
- Executes dropped EXE
-
\??\c:\nbhbbb.exec:\nbhbbb.exe32⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpjj.exec:\vjpjj.exe34⤵
- Executes dropped EXE
-
\??\c:\xllfrlf.exec:\xllfrlf.exe35⤵
- Executes dropped EXE
-
\??\c:\nthbbt.exec:\nthbbt.exe36⤵
- Executes dropped EXE
-
\??\c:\3nbbhn.exec:\3nbbhn.exe37⤵
- Executes dropped EXE
-
\??\c:\vpjjd.exec:\vpjjd.exe38⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\lfrfrrx.exec:\lfrfrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\9nbbbh.exec:\9nbbbh.exe42⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe43⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\9xlllrf.exec:\9xlllrf.exe45⤵
- Executes dropped EXE
-
\??\c:\lfxflxl.exec:\lfxflxl.exe46⤵
- Executes dropped EXE
-
\??\c:\bthbhh.exec:\bthbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\nhhhbn.exec:\nhhhbn.exe48⤵
- Executes dropped EXE
-
\??\c:\hnbbhb.exec:\hnbbhb.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpdv.exec:\jdpdv.exe50⤵
- Executes dropped EXE
-
\??\c:\7vvdp.exec:\7vvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe52⤵
- Executes dropped EXE
-
\??\c:\lflrxxr.exec:\lflrxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\1xxfllr.exec:\1xxfllr.exe54⤵
- Executes dropped EXE
-
\??\c:\thtbbt.exec:\thtbbt.exe55⤵
- Executes dropped EXE
-
\??\c:\hbhbnt.exec:\hbhbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\htbhbb.exec:\htbhbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jvjpd.exec:\jvjpd.exe58⤵
- Executes dropped EXE
-
\??\c:\1vppv.exec:\1vppv.exe59⤵
- Executes dropped EXE
-
\??\c:\5rflrlx.exec:\5rflrlx.exe60⤵
- Executes dropped EXE
-
\??\c:\llllrrx.exec:\llllrrx.exe61⤵
- Executes dropped EXE
-
\??\c:\nbtbnt.exec:\nbtbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\bnbtbh.exec:\bnbtbh.exe63⤵
- Executes dropped EXE
-
\??\c:\7ppvv.exec:\7ppvv.exe64⤵
- Executes dropped EXE
-
\??\c:\5xrlrrr.exec:\5xrlrrr.exe65⤵
- Executes dropped EXE
-
\??\c:\lxlfllr.exec:\lxlfllr.exe66⤵
-
\??\c:\hhbhbt.exec:\hhbhbt.exe67⤵
-
\??\c:\jddjp.exec:\jddjp.exe68⤵
-
\??\c:\rlxxllr.exec:\rlxxllr.exe69⤵
-
\??\c:\1rxxfll.exec:\1rxxfll.exe70⤵
-
\??\c:\htnnnt.exec:\htnnnt.exe71⤵
-
\??\c:\7btbhh.exec:\7btbhh.exe72⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe73⤵
-
\??\c:\5dpvd.exec:\5dpvd.exe74⤵
-
\??\c:\3lxflrf.exec:\3lxflrf.exe75⤵
-
\??\c:\xrfrflx.exec:\xrfrflx.exe76⤵
-
\??\c:\5bnnbb.exec:\5bnnbb.exe77⤵
-
\??\c:\hbtbbt.exec:\hbtbbt.exe78⤵
-
\??\c:\htnhnn.exec:\htnhnn.exe79⤵
-
\??\c:\pjjjd.exec:\pjjjd.exe80⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe81⤵
-
\??\c:\fxrlxxf.exec:\fxrlxxf.exe82⤵
-
\??\c:\lxrxfxf.exec:\lxrxfxf.exe83⤵
-
\??\c:\fxrfflx.exec:\fxrfflx.exe84⤵
-
\??\c:\hthtth.exec:\hthtth.exe85⤵
-
\??\c:\9dpdv.exec:\9dpdv.exe86⤵
-
\??\c:\jddvp.exec:\jddvp.exe87⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe88⤵
-
\??\c:\xrlxxxl.exec:\xrlxxxl.exe89⤵
-
\??\c:\rrllfff.exec:\rrllfff.exe90⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe91⤵
-
\??\c:\9htbht.exec:\9htbht.exe92⤵
-
\??\c:\5thhhb.exec:\5thhhb.exe93⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe94⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe95⤵
-
\??\c:\frxflll.exec:\frxflll.exe96⤵
-
\??\c:\xrxfxff.exec:\xrxfxff.exe97⤵
-
\??\c:\9lrflrx.exec:\9lrflrx.exe98⤵
-
\??\c:\3htbnt.exec:\3htbnt.exe99⤵
-
\??\c:\5pjdp.exec:\5pjdp.exe100⤵
-
\??\c:\7vdjp.exec:\7vdjp.exe101⤵
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe102⤵
-
\??\c:\fxrxflf.exec:\fxrxflf.exe103⤵
-
\??\c:\nhbhnn.exec:\nhbhnn.exe104⤵
-
\??\c:\btbbbh.exec:\btbbbh.exe105⤵
-
\??\c:\vjppp.exec:\vjppp.exe106⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe107⤵
-
\??\c:\5fllxfl.exec:\5fllxfl.exe108⤵
-
\??\c:\rrrllfl.exec:\rrrllfl.exe109⤵
-
\??\c:\nhbhbt.exec:\nhbhbt.exe110⤵
-
\??\c:\7bnbtb.exec:\7bnbtb.exe111⤵
-
\??\c:\thtbtt.exec:\thtbtt.exe112⤵
-
\??\c:\1jdvv.exec:\1jdvv.exe113⤵
-
\??\c:\xrxxfxl.exec:\xrxxfxl.exe114⤵
-
\??\c:\9rxflfr.exec:\9rxflfr.exe115⤵
-
\??\c:\1htntt.exec:\1htntt.exe116⤵
-
\??\c:\7tnttb.exec:\7tnttb.exe117⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe118⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe119⤵
-
\??\c:\1lxflxf.exec:\1lxflxf.exe120⤵
-
\??\c:\lxxffxx.exec:\lxxffxx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-