Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23/05/2024, 02:00
General
-
Target
733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe
-
Size
54KB
-
MD5
733e256ea2349a7e7546fa7a205ab280
-
SHA1
8d2f1ae0eae614d18bdbe6830e510967e250ad8a
-
SHA256
bda02be31992ffd3c2737da30b1e35ea744aae0094b6a80320f404f9c4a66389
-
SHA512
834cdaa7ec6827d156174d8e3366fcfd5425354adc068e0ef892d4ccea1399b7e467f47a405050bbf5662326a623f73bc6ecb7eeef423f0b98fd319be42459ca
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFx:ymb3NkkiQ3mdBjFIFx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 20 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\733e256ea2349a7e7546fa7a205ab280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvd.exec:\dpvvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrlfrf.exec:\fxrlfrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnth.exec:\nnbnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flllrlx.exec:\flllrlx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfxxlr.exec:\rrfxxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jdvj.exec:\5jdvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpp.exec:\dvjpp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfllrf.exec:\xrfllrf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbhhnn.exec:\tbhhnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttnn.exec:\btttnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdj.exec:\ppvdj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlllx.exec:\rxxlllx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbnn.exec:\ttnbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnnb.exec:\tnhnnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djjp.exec:\9djjp.exe17⤵
- Executes dropped EXE
-
\??\c:\jjvpp.exec:\jjvpp.exe18⤵
- Executes dropped EXE
-
\??\c:\9lfxlfr.exec:\9lfxlfr.exe19⤵
- Executes dropped EXE
-
\??\c:\hbnbnt.exec:\hbnbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\djppj.exec:\djppj.exe21⤵
- Executes dropped EXE
-
\??\c:\ffxflfl.exec:\ffxflfl.exe22⤵
- Executes dropped EXE
-
\??\c:\3xrxflr.exec:\3xrxflr.exe23⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe24⤵
- Executes dropped EXE
-
\??\c:\bbnbtt.exec:\bbnbtt.exe25⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe26⤵
- Executes dropped EXE
-
\??\c:\5pjjv.exec:\5pjjv.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrrlff.exec:\ffrrlff.exe28⤵
- Executes dropped EXE
-
\??\c:\htnbhh.exec:\htnbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\hbnnnh.exec:\hbnnnh.exe30⤵
- Executes dropped EXE
-
\??\c:\5jvpp.exec:\5jvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe32⤵
- Executes dropped EXE
-
\??\c:\5lrrffl.exec:\5lrrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\bhnbth.exec:\bhnbth.exe34⤵
- Executes dropped EXE
-
\??\c:\thtntb.exec:\thtntb.exe35⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe36⤵
- Executes dropped EXE
-
\??\c:\jvjpp.exec:\jvjpp.exe37⤵
- Executes dropped EXE
-
\??\c:\frrlrlr.exec:\frrlrlr.exe38⤵
- Executes dropped EXE
-
\??\c:\rfxrlrx.exec:\rfxrlrx.exe39⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe40⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe41⤵
- Executes dropped EXE
-
\??\c:\3vjjp.exec:\3vjjp.exe42⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe43⤵
- Executes dropped EXE
-
\??\c:\7frrxfl.exec:\7frrxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\1nbbbb.exec:\1nbbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\bbnttt.exec:\bbnttt.exe46⤵
- Executes dropped EXE
-
\??\c:\ddjvj.exec:\ddjvj.exe47⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\xlxrxfl.exec:\xlxrxfl.exe49⤵
- Executes dropped EXE
-
\??\c:\ntnbth.exec:\ntnbth.exe50⤵
- Executes dropped EXE
-
\??\c:\tntnbt.exec:\tntnbt.exe51⤵
- Executes dropped EXE
-
\??\c:\dddvv.exec:\dddvv.exe52⤵
- Executes dropped EXE
-
\??\c:\ffrfflr.exec:\ffrfflr.exe53⤵
- Executes dropped EXE
-
\??\c:\7frfxfr.exec:\7frfxfr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbntbt.exec:\hbntbt.exe55⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe56⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe58⤵
- Executes dropped EXE
-
\??\c:\ffflxrr.exec:\ffflxrr.exe59⤵
- Executes dropped EXE
-
\??\c:\rxxlxxr.exec:\rxxlxxr.exe60⤵
- Executes dropped EXE
-
\??\c:\1htbhn.exec:\1htbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe62⤵
- Executes dropped EXE
-
\??\c:\1jvpp.exec:\1jvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrrxfr.exec:\rrrrxfr.exe64⤵
- Executes dropped EXE
-
\??\c:\frrxlrl.exec:\frrxlrl.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbnhn.exec:\nhbnhn.exe66⤵
-
\??\c:\tbtbnt.exec:\tbtbnt.exe67⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe68⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe69⤵
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe70⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe71⤵
-
\??\c:\thnbtb.exec:\thnbtb.exe72⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe73⤵
-
\??\c:\jvdvj.exec:\jvdvj.exe74⤵
-
\??\c:\ddjpd.exec:\ddjpd.exe75⤵
-
\??\c:\rflxlxf.exec:\rflxlxf.exe76⤵
-
\??\c:\xflflff.exec:\xflflff.exe77⤵
-
\??\c:\9lxfllx.exec:\9lxfllx.exe78⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe79⤵
-
\??\c:\thtnnh.exec:\thtnnh.exe80⤵
-
\??\c:\pjddd.exec:\pjddd.exe81⤵
-
\??\c:\1vvpv.exec:\1vvpv.exe82⤵
-
\??\c:\xfrlfrr.exec:\xfrlfrr.exe83⤵
-
\??\c:\9lffrll.exec:\9lffrll.exe84⤵
-
\??\c:\tntnnh.exec:\tntnnh.exe85⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe86⤵
-
\??\c:\ntnntb.exec:\ntnntb.exe87⤵
-
\??\c:\jdpjj.exec:\jdpjj.exe88⤵
-
\??\c:\jdppp.exec:\jdppp.exe89⤵
-
\??\c:\fxxlxfx.exec:\fxxlxfx.exe90⤵
-
\??\c:\5rfxrll.exec:\5rfxrll.exe91⤵
-
\??\c:\7rxfrlf.exec:\7rxfrlf.exe92⤵
-
\??\c:\ttnbth.exec:\ttnbth.exe93⤵
-
\??\c:\thnthn.exec:\thnthn.exe94⤵
-
\??\c:\jjppp.exec:\jjppp.exe95⤵
-
\??\c:\3jppp.exec:\3jppp.exe96⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe97⤵
-
\??\c:\fxfxrff.exec:\fxfxrff.exe98⤵
-
\??\c:\3nhnbn.exec:\3nhnbn.exe99⤵
-
\??\c:\1thhhb.exec:\1thhhb.exe100⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe101⤵
-
\??\c:\9jppj.exec:\9jppj.exe102⤵
-
\??\c:\vdpjj.exec:\vdpjj.exe103⤵
-
\??\c:\1ppdj.exec:\1ppdj.exe104⤵
-
\??\c:\frxrrrx.exec:\frxrrrx.exe105⤵
-
\??\c:\1rfxxrf.exec:\1rfxxrf.exe106⤵
-
\??\c:\3rxfllf.exec:\3rxfllf.exe107⤵
-
\??\c:\9tnntt.exec:\9tnntt.exe108⤵
-
\??\c:\nnnnhn.exec:\nnnnhn.exe109⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe110⤵
-
\??\c:\pdppv.exec:\pdppv.exe111⤵
-
\??\c:\3vvjd.exec:\3vvjd.exe112⤵
-
\??\c:\lfrfxrr.exec:\lfrfxrr.exe113⤵
-
\??\c:\fxllxxr.exec:\fxllxxr.exe114⤵
-
\??\c:\9frxrlx.exec:\9frxrlx.exe115⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe116⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe117⤵
-
\??\c:\thnhtb.exec:\thnhtb.exe118⤵
-
\??\c:\jvddv.exec:\jvddv.exe119⤵
-
\??\c:\jjjjp.exec:\jjjjp.exe120⤵
-
\??\c:\lrfxxxf.exec:\lrfxxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-