Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
23-05-2024 02:55
General
-
Target
7cda909b9b7cfacaa3ed6179476b5870_NeikiAnalytics.exe
-
Size
88KB
-
MD5
7cda909b9b7cfacaa3ed6179476b5870
-
SHA1
16b35a4e4baab536df3a7f38dce93d29aec84e36
-
SHA256
5f63d8ccc2d8e08eb25f2da86b38affbde699d958ef11ffb9424dabfd74d68c5
-
SHA512
6797e0ba73d5307968fad892403909fec619b3ad689c258a1e9ebc161f29f230e744089ad2bc1387464891bfa461fc83c2286e2989e666a4c3fa2aff8b0f186e
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjveT:ymb3NkkiQ3mdBjFo73yX+vm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7cda909b9b7cfacaa3ed6179476b5870_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7cda909b9b7cfacaa3ed6179476b5870_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbtb.exec:\bbtbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtnnn.exec:\thtnnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxxr.exec:\lrrfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhtbt.exec:\tnhtbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjjd.exec:\ppjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xlflrx.exec:\3xlflrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtnbb.exec:\nbtnbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddv.exec:\ppddv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrrlr.exec:\rxrrrlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbnbt.exec:\bhbnbt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbttth.exec:\bbttth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdpd.exec:\vvdpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvd.exec:\jjjvd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxlrl.exec:\9llxlrl.exe17⤵
- Executes dropped EXE
-
\??\c:\nhnnbh.exec:\nhnnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\thbbbt.exec:\thbbbt.exe19⤵
- Executes dropped EXE
-
\??\c:\vjpvd.exec:\vjpvd.exe20⤵
- Executes dropped EXE
-
\??\c:\rlfrlfr.exec:\rlfrlfr.exe21⤵
- Executes dropped EXE
-
\??\c:\frffflx.exec:\frffflx.exe22⤵
- Executes dropped EXE
-
\??\c:\hhbthn.exec:\hhbthn.exe23⤵
- Executes dropped EXE
-
\??\c:\hhtnbb.exec:\hhtnbb.exe24⤵
- Executes dropped EXE
-
\??\c:\7vjpd.exec:\7vjpd.exe25⤵
- Executes dropped EXE
-
\??\c:\fflrxrl.exec:\fflrxrl.exe26⤵
- Executes dropped EXE
-
\??\c:\ffxrxrx.exec:\ffxrxrx.exe27⤵
- Executes dropped EXE
-
\??\c:\nthnhh.exec:\nthnhh.exe28⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe29⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe30⤵
- Executes dropped EXE
-
\??\c:\ffflrfr.exec:\ffflrfr.exe31⤵
- Executes dropped EXE
-
\??\c:\btbttt.exec:\btbttt.exe32⤵
- Executes dropped EXE
-
\??\c:\jvpjp.exec:\jvpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe34⤵
-
\??\c:\fffflxr.exec:\fffflxr.exe35⤵
- Executes dropped EXE
-
\??\c:\fffxfff.exec:\fffxfff.exe36⤵
- Executes dropped EXE
-
\??\c:\btnntt.exec:\btnntt.exe37⤵
- Executes dropped EXE
-
\??\c:\1ppvd.exec:\1ppvd.exe38⤵
- Executes dropped EXE
-
\??\c:\9vppp.exec:\9vppp.exe39⤵
- Executes dropped EXE
-
\??\c:\5rrfxfr.exec:\5rrfxfr.exe40⤵
- Executes dropped EXE
-
\??\c:\ntthhb.exec:\ntthhb.exe41⤵
- Executes dropped EXE
-
\??\c:\bbbtth.exec:\bbbtth.exe42⤵
- Executes dropped EXE
-
\??\c:\jpvvj.exec:\jpvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\vdvpj.exec:\vdvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxxlll.exec:\lrxxlll.exe45⤵
- Executes dropped EXE
-
\??\c:\9frfrrl.exec:\9frfrrl.exe46⤵
- Executes dropped EXE
-
\??\c:\5bnbtt.exec:\5bnbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\djvjp.exec:\djvjp.exe48⤵
- Executes dropped EXE
-
\??\c:\frxxrrr.exec:\frxxrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\btbntt.exec:\btbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\7pjjv.exec:\7pjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\rfxxlxr.exec:\rfxxlxr.exe53⤵
- Executes dropped EXE
-
\??\c:\nbhnnb.exec:\nbhnnb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbnbn.exec:\hbbnbn.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrrfxx.exec:\ffrrfxx.exe57⤵
- Executes dropped EXE
-
\??\c:\9rxfflf.exec:\9rxfflf.exe58⤵
- Executes dropped EXE
-
\??\c:\bntntb.exec:\bntntb.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe60⤵
- Executes dropped EXE
-
\??\c:\5vvdp.exec:\5vvdp.exe61⤵
- Executes dropped EXE
-
\??\c:\xrfxlrr.exec:\xrfxlrr.exe62⤵
- Executes dropped EXE
-
\??\c:\rrfrrfl.exec:\rrfrrfl.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe64⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe65⤵
- Executes dropped EXE
-
\??\c:\3pdvv.exec:\3pdvv.exe66⤵
- Executes dropped EXE
-
\??\c:\5vdvv.exec:\5vdvv.exe67⤵
-
\??\c:\frxlxxf.exec:\frxlxxf.exe68⤵
-
\??\c:\xrxlrfx.exec:\xrxlrfx.exe69⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe70⤵
-
\??\c:\tnntnn.exec:\tnntnn.exe71⤵
-
\??\c:\vvjpj.exec:\vvjpj.exe72⤵
-
\??\c:\xrlrxrf.exec:\xrlrxrf.exe73⤵
-
\??\c:\rlflfrf.exec:\rlflfrf.exe74⤵
-
\??\c:\bhnhnh.exec:\bhnhnh.exe75⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe76⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe77⤵
-
\??\c:\1xxlrrl.exec:\1xxlrrl.exe78⤵
-
\??\c:\nbtttb.exec:\nbtttb.exe79⤵
-
\??\c:\bnbbht.exec:\bnbbht.exe80⤵
-
\??\c:\7jdvd.exec:\7jdvd.exe81⤵
-
\??\c:\rxlxxxl.exec:\rxlxxxl.exe82⤵
-
\??\c:\rlffffx.exec:\rlffffx.exe83⤵
-
\??\c:\htttnh.exec:\htttnh.exe84⤵
-
\??\c:\djdvp.exec:\djdvp.exe85⤵
-
\??\c:\dddjv.exec:\dddjv.exe86⤵
-
\??\c:\lfrrxlx.exec:\lfrrxlx.exe87⤵
-
\??\c:\bbhhnt.exec:\bbhhnt.exe88⤵
-
\??\c:\7bnhhh.exec:\7bnhhh.exe89⤵
-
\??\c:\dvvvv.exec:\dvvvv.exe90⤵
-
\??\c:\xfllfrx.exec:\xfllfrx.exe91⤵
-
\??\c:\xrrflrr.exec:\xrrflrr.exe92⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe93⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe94⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe95⤵
-
\??\c:\jjjvv.exec:\jjjvv.exe96⤵
-
\??\c:\5lrxffl.exec:\5lrxffl.exe97⤵
-
\??\c:\lfrrxlf.exec:\lfrrxlf.exe98⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe99⤵
-
\??\c:\nthbhh.exec:\nthbhh.exe100⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe101⤵
-
\??\c:\7fffrlx.exec:\7fffrlx.exe102⤵
-
\??\c:\rxflffx.exec:\rxflffx.exe103⤵
-
\??\c:\bnnbnh.exec:\bnnbnh.exe104⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe105⤵
-
\??\c:\7pjpv.exec:\7pjpv.exe106⤵
-
\??\c:\fxfllrx.exec:\fxfllrx.exe107⤵
-
\??\c:\bhhnbb.exec:\bhhnbb.exe108⤵
-
\??\c:\5htttt.exec:\5htttt.exe109⤵
-
\??\c:\ppppj.exec:\ppppj.exe110⤵
-
\??\c:\7pvpd.exec:\7pvpd.exe111⤵
-
\??\c:\fffrfrx.exec:\fffrfrx.exe112⤵
-
\??\c:\nhnhhn.exec:\nhnhhn.exe113⤵
-
\??\c:\3bnntt.exec:\3bnntt.exe114⤵
-
\??\c:\dvppv.exec:\dvppv.exe115⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe116⤵
-
\??\c:\frfrflx.exec:\frfrflx.exe117⤵
-
\??\c:\5btbtb.exec:\5btbtb.exe118⤵
-
\??\c:\9bthtn.exec:\9bthtn.exe119⤵
-
\??\c:\flxlxfr.exec:\flxlxfr.exe120⤵
-
\??\c:\lxlxxxr.exec:\lxlxxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-