Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
24/05/2024, 23:10
General
-
Target
ae801a344716adec281b492bd7a40520_NeikiAnalytics.exe
-
Size
83KB
-
MD5
ae801a344716adec281b492bd7a40520
-
SHA1
4bc9e9a87abce227c6ef282d88057816efac47b1
-
SHA256
f94b47f92b4540fc4f850e319a3b4974811f2424b98181ade17d3f035ee191d1
-
SHA512
ab4df4e75a3d1497c7abaeb0df947a2dfeb69ac61ad0777226c822140e49a900f372f3922d263792fe5f2286fd8019239b3dfd2db52e547bae14223a756757fb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNR:ymb3NkkiQ3mdBjFo73yX+vI+qz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae801a344716adec281b492bd7a40520_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ae801a344716adec281b492bd7a40520_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvd.exec:\jdpvd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfllxrr.exec:\lfllxrr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtn.exec:\btthtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddv.exec:\jpddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddvj.exec:\vddvj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxrlff.exec:\lrxrlff.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbttnh.exec:\tbttnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnn.exec:\bthhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjp.exec:\dpvjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jddd.exec:\9jddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxlflf.exec:\xlxlflf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflfxxl.exec:\xflfxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnbtt.exec:\tnnbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbnbt.exec:\thbnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjdd.exec:\jvjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdp.exec:\vpjdp.exe17⤵
- Executes dropped EXE
-
\??\c:\lxllrll.exec:\lxllrll.exe18⤵
- Executes dropped EXE
-
\??\c:\thhhhh.exec:\thhhhh.exe19⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\5dppj.exec:\5dppj.exe21⤵
- Executes dropped EXE
-
\??\c:\1ddvv.exec:\1ddvv.exe22⤵
- Executes dropped EXE
-
\??\c:\xflllff.exec:\xflllff.exe23⤵
- Executes dropped EXE
-
\??\c:\xlrlrlf.exec:\xlrlrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\tnhhnh.exec:\tnhhnh.exe25⤵
- Executes dropped EXE
-
\??\c:\vdpjv.exec:\vdpjv.exe26⤵
- Executes dropped EXE
-
\??\c:\dpvvv.exec:\dpvvv.exe27⤵
- Executes dropped EXE
-
\??\c:\xrxlxlr.exec:\xrxlxlr.exe28⤵
- Executes dropped EXE
-
\??\c:\rxfxrll.exec:\rxfxrll.exe29⤵
- Executes dropped EXE
-
\??\c:\bttthh.exec:\bttthh.exe30⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe31⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe32⤵
- Executes dropped EXE
-
\??\c:\frxlflr.exec:\frxlflr.exe33⤵
- Executes dropped EXE
-
\??\c:\1rrlfff.exec:\1rrlfff.exe34⤵
- Executes dropped EXE
-
\??\c:\3httnn.exec:\3httnn.exe35⤵
- Executes dropped EXE
-
\??\c:\nbbbnb.exec:\nbbbnb.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe37⤵
- Executes dropped EXE
-
\??\c:\3pvdv.exec:\3pvdv.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllrrr.exec:\lxllrrr.exe39⤵
- Executes dropped EXE
-
\??\c:\9ffrxrx.exec:\9ffrxrx.exe40⤵
- Executes dropped EXE
-
\??\c:\lxrxxrx.exec:\lxrxxrx.exe41⤵
- Executes dropped EXE
-
\??\c:\thnbnn.exec:\thnbnn.exe42⤵
- Executes dropped EXE
-
\??\c:\hthhhb.exec:\hthhhb.exe43⤵
- Executes dropped EXE
-
\??\c:\pdjvd.exec:\pdjvd.exe44⤵
- Executes dropped EXE
-
\??\c:\pdddj.exec:\pdddj.exe45⤵
- Executes dropped EXE
-
\??\c:\frfffxx.exec:\frfffxx.exe46⤵
- Executes dropped EXE
-
\??\c:\3lfffxx.exec:\3lfffxx.exe47⤵
- Executes dropped EXE
-
\??\c:\bnnhtn.exec:\bnnhtn.exe48⤵
- Executes dropped EXE
-
\??\c:\nbhtth.exec:\nbhtth.exe49⤵
- Executes dropped EXE
-
\??\c:\3djpp.exec:\3djpp.exe50⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe51⤵
- Executes dropped EXE
-
\??\c:\7lfrxfl.exec:\7lfrxfl.exe52⤵
- Executes dropped EXE
-
\??\c:\xlxllll.exec:\xlxllll.exe53⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe54⤵
- Executes dropped EXE
-
\??\c:\3nbttn.exec:\3nbttn.exe55⤵
- Executes dropped EXE
-
\??\c:\7jdjv.exec:\7jdjv.exe56⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe57⤵
- Executes dropped EXE
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe58⤵
- Executes dropped EXE
-
\??\c:\9xxxfrx.exec:\9xxxfrx.exe59⤵
- Executes dropped EXE
-
\??\c:\nnnnht.exec:\nnnnht.exe60⤵
- Executes dropped EXE
-
\??\c:\bhntnn.exec:\bhntnn.exe61⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\dpjdv.exec:\dpjdv.exe63⤵
- Executes dropped EXE
-
\??\c:\7rffrrr.exec:\7rffrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\lflrllr.exec:\lflrllr.exe65⤵
- Executes dropped EXE
-
\??\c:\7btnnn.exec:\7btnnn.exe66⤵
-
\??\c:\nbnbbb.exec:\nbnbbb.exe67⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe68⤵
-
\??\c:\9vjjj.exec:\9vjjj.exe69⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe70⤵
-
\??\c:\9frrrrx.exec:\9frrrrx.exe71⤵
-
\??\c:\5rrxlfl.exec:\5rrxlfl.exe72⤵
-
\??\c:\nbnntt.exec:\nbnntt.exe73⤵
-
\??\c:\hbtnnh.exec:\hbtnnh.exe74⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe75⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe76⤵
-
\??\c:\frxffff.exec:\frxffff.exe77⤵
-
\??\c:\rfrlllx.exec:\rfrlllx.exe78⤵
-
\??\c:\9tbttt.exec:\9tbttt.exe79⤵
-
\??\c:\bthntn.exec:\bthntn.exe80⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe81⤵
-
\??\c:\jdppd.exec:\jdppd.exe82⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe83⤵
-
\??\c:\frffxxl.exec:\frffxxl.exe84⤵
-
\??\c:\lxxxfxx.exec:\lxxxfxx.exe85⤵
-
\??\c:\hthhnn.exec:\hthhnn.exe86⤵
-
\??\c:\htbhth.exec:\htbhth.exe87⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe88⤵
-
\??\c:\jvjpp.exec:\jvjpp.exe89⤵
-
\??\c:\lfflxfl.exec:\lfflxfl.exe90⤵
-
\??\c:\lxffrlr.exec:\lxffrlr.exe91⤵
-
\??\c:\tthnbb.exec:\tthnbb.exe92⤵
-
\??\c:\nbhhtn.exec:\nbhhtn.exe93⤵
-
\??\c:\9bhhnt.exec:\9bhhnt.exe94⤵
-
\??\c:\pddjp.exec:\pddjp.exe95⤵
-
\??\c:\1ddpp.exec:\1ddpp.exe96⤵
-
\??\c:\ddppv.exec:\ddppv.exe97⤵
-
\??\c:\xxrfxfl.exec:\xxrfxfl.exe98⤵
-
\??\c:\rlrrfff.exec:\rlrrfff.exe99⤵
-
\??\c:\bnhbnt.exec:\bnhbnt.exe100⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe101⤵
-
\??\c:\ppdvj.exec:\ppdvj.exe102⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe103⤵
-
\??\c:\frffffl.exec:\frffffl.exe104⤵
-
\??\c:\rfffrll.exec:\rfffrll.exe105⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe106⤵
-
\??\c:\htbttn.exec:\htbttn.exe107⤵
-
\??\c:\5vppv.exec:\5vppv.exe108⤵
-
\??\c:\5pddj.exec:\5pddj.exe109⤵
-
\??\c:\1rfflfr.exec:\1rfflfr.exe110⤵
-
\??\c:\lfflxxr.exec:\lfflxxr.exe111⤵
-
\??\c:\htnnnn.exec:\htnnnn.exe112⤵
-
\??\c:\7htbbb.exec:\7htbbb.exe113⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe114⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe115⤵
-
\??\c:\lxrrlrf.exec:\lxrrlrf.exe116⤵
-
\??\c:\7xrxrrl.exec:\7xrxrrl.exe117⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe118⤵
-
\??\c:\1hhhbh.exec:\1hhhbh.exe119⤵
-
\??\c:\ntbhtt.exec:\ntbhtt.exe120⤵
-
\??\c:\7vjjv.exec:\7vjjv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-