Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-05-2024 01:16
General
-
Target
6b167f41ac43840e0a28b55aafc60290_NeikiAnalytics.exe
-
Size
162KB
-
MD5
6b167f41ac43840e0a28b55aafc60290
-
SHA1
9bddb7478a121768fcf7baabf113a184289ef225
-
SHA256
6ec008c04ccaea3281fc97d9a4c0bc8316b0061bf8ace6d2aaf694a80b882ac8
-
SHA512
2c16ad48c52410d23e50849e5ae7fc5bc26324a8afd5f4d070e0e0119ed5d56aef2511dc6ac7bd2ea915fb2cd5c1b33d1954219348f8ee75b4195e780c8cd029
-
SSDEEP
3072:xhOmTsF93UYfwC6GIout0fmCiiiXAQ5lpBoGYwNNhu0CzhKPDNuBSF:xcm4FmowdHoSgWrXF5lpKGYV0wh6D9F
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 43 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b167f41ac43840e0a28b55aafc60290_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6b167f41ac43840e0a28b55aafc60290_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\6040624.exec:\6040624.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xllrrx.exec:\9xllrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llflrxf.exec:\llflrxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjp.exec:\pjjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48602.exec:\48602.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btntbb.exec:\btntbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvdd.exec:\pdvdd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrrxfr.exec:\9rrrxfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6006224.exec:\6006224.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtttt.exec:\nhtttt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfxlfx.exec:\frfxlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4800662.exec:\4800662.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s8062.exec:\s8062.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\260206.exec:\260206.exe17⤵
- Executes dropped EXE
-
\??\c:\048466.exec:\048466.exe18⤵
- Executes dropped EXE
-
\??\c:\488022.exec:\488022.exe19⤵
- Executes dropped EXE
-
\??\c:\nbnnbb.exec:\nbnnbb.exe20⤵
- Executes dropped EXE
-
\??\c:\82846.exec:\82846.exe21⤵
- Executes dropped EXE
-
\??\c:\9lffffl.exec:\9lffffl.exe22⤵
- Executes dropped EXE
-
\??\c:\xrlrffl.exec:\xrlrffl.exe23⤵
- Executes dropped EXE
-
\??\c:\hbnttt.exec:\hbnttt.exe24⤵
- Executes dropped EXE
-
\??\c:\864404.exec:\864404.exe25⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\046246.exec:\046246.exe28⤵
- Executes dropped EXE
-
\??\c:\hthntb.exec:\hthntb.exe29⤵
- Executes dropped EXE
-
\??\c:\5jddj.exec:\5jddj.exe30⤵
- Executes dropped EXE
-
\??\c:\604024.exec:\604024.exe31⤵
- Executes dropped EXE
-
\??\c:\lxfflrx.exec:\lxfflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\a2220.exec:\a2220.exe33⤵
- Executes dropped EXE
-
\??\c:\82008.exec:\82008.exe34⤵
- Executes dropped EXE
-
\??\c:\k44608.exec:\k44608.exe35⤵
- Executes dropped EXE
-
\??\c:\608406.exec:\608406.exe36⤵
- Executes dropped EXE
-
\??\c:\42888.exec:\42888.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbntt.exec:\tnbntt.exe38⤵
- Executes dropped EXE
-
\??\c:\7tnthb.exec:\7tnthb.exe39⤵
- Executes dropped EXE
-
\??\c:\fxffrlx.exec:\fxffrlx.exe40⤵
- Executes dropped EXE
-
\??\c:\bntbbt.exec:\bntbbt.exe41⤵
- Executes dropped EXE
-
\??\c:\484844.exec:\484844.exe42⤵
- Executes dropped EXE
-
\??\c:\3fxfffl.exec:\3fxfffl.exe43⤵
- Executes dropped EXE
-
\??\c:\i640228.exec:\i640228.exe44⤵
- Executes dropped EXE
-
\??\c:\jvppp.exec:\jvppp.exe45⤵
- Executes dropped EXE
-
\??\c:\3nbbhh.exec:\3nbbhh.exe46⤵
- Executes dropped EXE
-
\??\c:\thbbhn.exec:\thbbhn.exe47⤵
- Executes dropped EXE
-
\??\c:\tnbtnn.exec:\tnbtnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe49⤵
- Executes dropped EXE
-
\??\c:\08444.exec:\08444.exe50⤵
- Executes dropped EXE
-
\??\c:\g8622.exec:\g8622.exe51⤵
- Executes dropped EXE
-
\??\c:\3thnhh.exec:\3thnhh.exe52⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe53⤵
- Executes dropped EXE
-
\??\c:\9rlrxxr.exec:\9rlrxxr.exe54⤵
- Executes dropped EXE
-
\??\c:\4244444.exec:\4244444.exe55⤵
- Executes dropped EXE
-
\??\c:\604000.exec:\604000.exe56⤵
- Executes dropped EXE
-
\??\c:\bbhthb.exec:\bbhthb.exe57⤵
- Executes dropped EXE
-
\??\c:\frfxfff.exec:\frfxfff.exe58⤵
- Executes dropped EXE
-
\??\c:\82402.exec:\82402.exe59⤵
- Executes dropped EXE
-
\??\c:\lfllrxr.exec:\lfllrxr.exe60⤵
- Executes dropped EXE
-
\??\c:\086248.exec:\086248.exe61⤵
- Executes dropped EXE
-
\??\c:\a8066.exec:\a8066.exe62⤵
- Executes dropped EXE
-
\??\c:\1bhhbh.exec:\1bhhbh.exe63⤵
- Executes dropped EXE
-
\??\c:\rfxxrrx.exec:\rfxxrrx.exe64⤵
- Executes dropped EXE
-
\??\c:\frffxxf.exec:\frffxxf.exe65⤵
- Executes dropped EXE
-
\??\c:\tntthn.exec:\tntthn.exe66⤵
-
\??\c:\424062.exec:\424062.exe67⤵
-
\??\c:\nbhhhh.exec:\nbhhhh.exe68⤵
-
\??\c:\dppvj.exec:\dppvj.exe69⤵
-
\??\c:\u606846.exec:\u606846.exe70⤵
-
\??\c:\7hbtnh.exec:\7hbtnh.exe71⤵
-
\??\c:\864400.exec:\864400.exe72⤵
-
\??\c:\3vpvp.exec:\3vpvp.exe73⤵
-
\??\c:\420028.exec:\420028.exe74⤵
-
\??\c:\frxfllx.exec:\frxfllx.exe75⤵
-
\??\c:\64006.exec:\64006.exe76⤵
-
\??\c:\jvddv.exec:\jvddv.exe77⤵
-
\??\c:\202240.exec:\202240.exe78⤵
-
\??\c:\xrxfllx.exec:\xrxfllx.exe79⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe80⤵
-
\??\c:\rflllff.exec:\rflllff.exe81⤵
-
\??\c:\g6266.exec:\g6266.exe82⤵
-
\??\c:\024288.exec:\024288.exe83⤵
-
\??\c:\u688046.exec:\u688046.exe84⤵
-
\??\c:\3rfllrx.exec:\3rfllrx.exe85⤵
-
\??\c:\202226.exec:\202226.exe86⤵
-
\??\c:\4662440.exec:\4662440.exe87⤵
-
\??\c:\a2002.exec:\a2002.exe88⤵
-
\??\c:\5pjjv.exec:\5pjjv.exe89⤵
-
\??\c:\i248222.exec:\i248222.exe90⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe91⤵
-
\??\c:\42822.exec:\42822.exe92⤵
-
\??\c:\480008.exec:\480008.exe93⤵
-
\??\c:\nbthnb.exec:\nbthnb.exe94⤵
-
\??\c:\m4622.exec:\m4622.exe95⤵
-
\??\c:\c200084.exec:\c200084.exe96⤵
-
\??\c:\rflffxx.exec:\rflffxx.exe97⤵
-
\??\c:\o888000.exec:\o888000.exe98⤵
-
\??\c:\6040048.exec:\6040048.exe99⤵
-
\??\c:\hbhbbb.exec:\hbhbbb.exe100⤵
-
\??\c:\42406.exec:\42406.exe101⤵
-
\??\c:\frlxrrr.exec:\frlxrrr.exe102⤵
-
\??\c:\1nthht.exec:\1nthht.exe103⤵
-
\??\c:\dppjp.exec:\dppjp.exe104⤵
-
\??\c:\rlxxxxf.exec:\rlxxxxf.exe105⤵
-
\??\c:\bnhhhb.exec:\bnhhhb.exe106⤵
-
\??\c:\w86066.exec:\w86066.exe107⤵
-
\??\c:\fllflrr.exec:\fllflrr.exe108⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe109⤵
-
\??\c:\o860044.exec:\o860044.exe110⤵
-
\??\c:\028228.exec:\028228.exe111⤵
-
\??\c:\u840084.exec:\u840084.exe112⤵
-
\??\c:\60840.exec:\60840.exe113⤵
-
\??\c:\xrxxfxf.exec:\xrxxfxf.exe114⤵
-
\??\c:\bnnhnh.exec:\bnnhnh.exe115⤵
-
\??\c:\frrrrrx.exec:\frrrrrx.exe116⤵
-
\??\c:\tnbtnb.exec:\tnbtnb.exe117⤵
-
\??\c:\rlfflrx.exec:\rlfflrx.exe118⤵
-
\??\c:\k08800.exec:\k08800.exe119⤵
-
\??\c:\5tbbhh.exec:\5tbbhh.exe120⤵
-
\??\c:\i262406.exec:\i262406.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-