Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23-05-2024 02:49
General
-
Target
7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe
-
Size
70KB
-
MD5
7bbc0794be0decc6cdeef75d88ba6620
-
SHA1
56ddf8d1a08a4d98087384be6ebfda11aa3c26b8
-
SHA256
6836cf9c4082c9deca48d8d8500542d6b4f76c5abe56b5640199e778d11a5ce5
-
SHA512
adaba19961403a14398fb34a45a7031d9e54d3c33f766def437e447eec4eeac3935e67bca1fdc5a2958e8b412668028fb62a8a8fc17e283077019396954b67a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWr:ymb3NkkiQ3mdBjFIynIK+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7bbc0794be0decc6cdeef75d88ba6620_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhttt.exec:\bnhttt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrffxf.exec:\lrrffxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfxfl.exec:\rfxfxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tttntb.exec:\tttntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxxffl.exec:\rfxxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrrflr.exec:\1rrrflr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntt.exec:\hthntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjppj.exec:\vjppj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrfxf.exec:\xrlrfxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbbnn.exec:\ttbbnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tnthh.exec:\7tnthh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdj.exec:\pvpdj.exe17⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe18⤵
- Executes dropped EXE
-
\??\c:\3xffflf.exec:\3xffflf.exe19⤵
- Executes dropped EXE
-
\??\c:\lxlffxr.exec:\lxlffxr.exe20⤵
- Executes dropped EXE
-
\??\c:\hnhhhn.exec:\hnhhhn.exe21⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\vvpvv.exec:\vvpvv.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe24⤵
- Executes dropped EXE
-
\??\c:\rlxflll.exec:\rlxflll.exe25⤵
- Executes dropped EXE
-
\??\c:\9ffrlfl.exec:\9ffrlfl.exe26⤵
- Executes dropped EXE
-
\??\c:\5thnbh.exec:\5thnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\nhttbb.exec:\nhttbb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe29⤵
- Executes dropped EXE
-
\??\c:\vddvp.exec:\vddvp.exe30⤵
- Executes dropped EXE
-
\??\c:\rlxlllx.exec:\rlxlllx.exe31⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe32⤵
- Executes dropped EXE
-
\??\c:\thhbnt.exec:\thhbnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe34⤵
- Executes dropped EXE
-
\??\c:\dpjpj.exec:\dpjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\rrflxfl.exec:\rrflxfl.exe36⤵
- Executes dropped EXE
-
\??\c:\bntnbb.exec:\bntnbb.exe37⤵
- Executes dropped EXE
-
\??\c:\bnhhtt.exec:\bnhhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\xffxffx.exec:\xffxffx.exe39⤵
- Executes dropped EXE
-
\??\c:\1fxlxfl.exec:\1fxlxfl.exe40⤵
- Executes dropped EXE
-
\??\c:\fllflfl.exec:\fllflfl.exe41⤵
- Executes dropped EXE
-
\??\c:\ntntbn.exec:\ntntbn.exe42⤵
- Executes dropped EXE
-
\??\c:\nbhnth.exec:\nbhnth.exe43⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe44⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe45⤵
- Executes dropped EXE
-
\??\c:\pjdpj.exec:\pjdpj.exe46⤵
- Executes dropped EXE
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe47⤵
- Executes dropped EXE
-
\??\c:\llxxrfx.exec:\llxxrfx.exe48⤵
- Executes dropped EXE
-
\??\c:\thhnhh.exec:\thhnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\nnbtnh.exec:\nnbtnh.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe51⤵
- Executes dropped EXE
-
\??\c:\pvvvp.exec:\pvvvp.exe52⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe53⤵
- Executes dropped EXE
-
\??\c:\frrllfl.exec:\frrllfl.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\1bnhtb.exec:\1bnhtb.exe56⤵
- Executes dropped EXE
-
\??\c:\ttthht.exec:\ttthht.exe57⤵
- Executes dropped EXE
-
\??\c:\ppvpj.exec:\ppvpj.exe58⤵
- Executes dropped EXE
-
\??\c:\3pjvd.exec:\3pjvd.exe59⤵
- Executes dropped EXE
-
\??\c:\jdddv.exec:\jdddv.exe60⤵
- Executes dropped EXE
-
\??\c:\rlxlrfr.exec:\rlxlrfr.exe61⤵
- Executes dropped EXE
-
\??\c:\xrlrflf.exec:\xrlrflf.exe62⤵
- Executes dropped EXE
-
\??\c:\nhttbt.exec:\nhttbt.exe63⤵
- Executes dropped EXE
-
\??\c:\7nhhbh.exec:\7nhhbh.exe64⤵
- Executes dropped EXE
-
\??\c:\pvdpj.exec:\pvdpj.exe65⤵
- Executes dropped EXE
-
\??\c:\pppdp.exec:\pppdp.exe66⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe67⤵
-
\??\c:\xrfllxf.exec:\xrfllxf.exe68⤵
-
\??\c:\xlffllx.exec:\xlffllx.exe69⤵
-
\??\c:\7bbnbb.exec:\7bbnbb.exe70⤵
-
\??\c:\htbbhn.exec:\htbbhn.exe71⤵
-
\??\c:\7dvjv.exec:\7dvjv.exe72⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe73⤵
-
\??\c:\flffxrx.exec:\flffxrx.exe74⤵
-
\??\c:\fxlxlxl.exec:\fxlxlxl.exe75⤵
-
\??\c:\7xxxflx.exec:\7xxxflx.exe76⤵
-
\??\c:\7nttnb.exec:\7nttnb.exe77⤵
-
\??\c:\7tthnn.exec:\7tthnn.exe78⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe79⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe80⤵
-
\??\c:\jddpv.exec:\jddpv.exe81⤵
-
\??\c:\xxxxlrx.exec:\xxxxlrx.exe82⤵
-
\??\c:\xlxxxff.exec:\xlxxxff.exe83⤵
-
\??\c:\xllxflf.exec:\xllxflf.exe84⤵
-
\??\c:\tntnnn.exec:\tntnnn.exe85⤵
-
\??\c:\btntbb.exec:\btntbb.exe86⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe87⤵
-
\??\c:\7vdvj.exec:\7vdvj.exe88⤵
-
\??\c:\jjpvv.exec:\jjpvv.exe89⤵
-
\??\c:\rxrxxlf.exec:\rxrxxlf.exe90⤵
-
\??\c:\lflrxxl.exec:\lflrxxl.exe91⤵
-
\??\c:\xrfrxlr.exec:\xrfrxlr.exe92⤵
-
\??\c:\ttbbbb.exec:\ttbbbb.exe93⤵
-
\??\c:\tttnht.exec:\tttnht.exe94⤵
-
\??\c:\7dvdj.exec:\7dvdj.exe95⤵
-
\??\c:\dpddp.exec:\dpddp.exe96⤵
-
\??\c:\vppvp.exec:\vppvp.exe97⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe98⤵
-
\??\c:\lrffrrl.exec:\lrffrrl.exe99⤵
-
\??\c:\7rxfrxr.exec:\7rxfrxr.exe100⤵
-
\??\c:\3ffrxlr.exec:\3ffrxlr.exe101⤵
-
\??\c:\1bnhbh.exec:\1bnhbh.exe102⤵
-
\??\c:\bhhbhb.exec:\bhhbhb.exe103⤵
-
\??\c:\bntnth.exec:\bntnth.exe104⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe105⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe106⤵
-
\??\c:\fllffxx.exec:\fllffxx.exe107⤵
-
\??\c:\rrxlfxl.exec:\rrxlfxl.exe108⤵
-
\??\c:\flxrxxf.exec:\flxrxxf.exe109⤵
-
\??\c:\llrfxxf.exec:\llrfxxf.exe110⤵
-
\??\c:\btthtt.exec:\btthtt.exe111⤵
-
\??\c:\nhbhnt.exec:\nhbhnt.exe112⤵
-
\??\c:\bbhbnb.exec:\bbhbnb.exe113⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe114⤵
-
\??\c:\5vdpp.exec:\5vdpp.exe115⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe116⤵
-
\??\c:\xxxxfll.exec:\xxxxfll.exe117⤵
-
\??\c:\lxxllxx.exec:\lxxllxx.exe118⤵
-
\??\c:\xxrfrfr.exec:\xxrfrfr.exe119⤵
-
\??\c:\5nbhnt.exec:\5nbhnt.exe120⤵
-
\??\c:\hhbbbn.exec:\hhbbbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-