Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
24-05-2024 15:30
General
-
Target
9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe
-
Size
76KB
-
MD5
9f36cba1e2229a267117063f837dcee0
-
SHA1
b91582059302d36e4db32ca63c463283619510ba
-
SHA256
dc7db52111af0fd58d64e58947db9c09ead0e2f1565893a94cae34a70a947478
-
SHA512
6daaa9d656a22c056fb356072f51a4ef2d5c25cd66f4447f9bb2ac587dc2f30996620dc16de3cb47a8b98dad03305935bcad0736d6098bdf05469857476cea4f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqK2:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqK2
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9f36cba1e2229a267117063f837dcee0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddp.exec:\jdddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdpd.exec:\jvdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflfffl.exec:\lflfffl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbhn.exec:\ttnbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpd.exec:\dvdpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrrx.exec:\llffrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxlrr.exec:\xlrxlrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtbb.exec:\ntbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dddp.exec:\3dddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxfllx.exec:\frxfllx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frlxxx.exec:\9frlxxx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhnhn.exec:\3hhnhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe17⤵
- Executes dropped EXE
-
\??\c:\9vpjj.exec:\9vpjj.exe18⤵
- Executes dropped EXE
-
\??\c:\5llxfxf.exec:\5llxfxf.exe19⤵
- Executes dropped EXE
-
\??\c:\rlrxfxl.exec:\rlrxfxl.exe20⤵
- Executes dropped EXE
-
\??\c:\5hbhhn.exec:\5hbhhn.exe21⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe22⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrxfff.exec:\fxrxfff.exe24⤵
- Executes dropped EXE
-
\??\c:\1nhhbh.exec:\1nhhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\nhnttb.exec:\nhnttb.exe26⤵
- Executes dropped EXE
-
\??\c:\vvjjp.exec:\vvjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\rffflrx.exec:\rffflrx.exe28⤵
- Executes dropped EXE
-
\??\c:\hhhbth.exec:\hhhbth.exe29⤵
- Executes dropped EXE
-
\??\c:\1bttbb.exec:\1bttbb.exe30⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe31⤵
- Executes dropped EXE
-
\??\c:\1rflrfr.exec:\1rflrfr.exe32⤵
- Executes dropped EXE
-
\??\c:\bbbnbh.exec:\bbbnbh.exe33⤵
- Executes dropped EXE
-
\??\c:\bnhntb.exec:\bnhntb.exe34⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe35⤵
- Executes dropped EXE
-
\??\c:\ppjpv.exec:\ppjpv.exe36⤵
- Executes dropped EXE
-
\??\c:\9rflrfl.exec:\9rflrfl.exe37⤵
- Executes dropped EXE
-
\??\c:\xrxrffl.exec:\xrxrffl.exe38⤵
- Executes dropped EXE
-
\??\c:\nhtttb.exec:\nhtttb.exe39⤵
- Executes dropped EXE
-
\??\c:\htbhbn.exec:\htbhbn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe41⤵
- Executes dropped EXE
-
\??\c:\3jddd.exec:\3jddd.exe42⤵
- Executes dropped EXE
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\hhbnhn.exec:\hhbnhn.exe45⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe46⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\7rfllxl.exec:\7rfllxl.exe48⤵
- Executes dropped EXE
-
\??\c:\bthhtt.exec:\bthhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe50⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe51⤵
- Executes dropped EXE
-
\??\c:\lfxfxfr.exec:\lfxfxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\7rlrllr.exec:\7rlrllr.exe53⤵
- Executes dropped EXE
-
\??\c:\thbntt.exec:\thbntt.exe54⤵
- Executes dropped EXE
-
\??\c:\hbhnbb.exec:\hbhnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\9dvpp.exec:\9dvpp.exe56⤵
- Executes dropped EXE
-
\??\c:\5jjpv.exec:\5jjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\lxlxllr.exec:\lxlxllr.exe58⤵
- Executes dropped EXE
-
\??\c:\lfrflrx.exec:\lfrflrx.exe59⤵
- Executes dropped EXE
-
\??\c:\7hhthn.exec:\7hhthn.exe60⤵
- Executes dropped EXE
-
\??\c:\tnnttb.exec:\tnnttb.exe61⤵
- Executes dropped EXE
-
\??\c:\pdppp.exec:\pdppp.exe62⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe63⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe64⤵
- Executes dropped EXE
-
\??\c:\5lxxllx.exec:\5lxxllx.exe65⤵
- Executes dropped EXE
-
\??\c:\7rrrxfl.exec:\7rrrxfl.exe66⤵
-
\??\c:\bnbhtt.exec:\bnbhtt.exe67⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe68⤵
-
\??\c:\dvjjp.exec:\dvjjp.exe69⤵
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe70⤵
-
\??\c:\7frrffr.exec:\7frrffr.exe71⤵
-
\??\c:\5nhthb.exec:\5nhthb.exe72⤵
-
\??\c:\3btnbb.exec:\3btnbb.exe73⤵
-
\??\c:\pjvjj.exec:\pjvjj.exe74⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe75⤵
-
\??\c:\lfxxlrx.exec:\lfxxlrx.exe76⤵
-
\??\c:\ffrxllx.exec:\ffrxllx.exe77⤵
-
\??\c:\3tnbnn.exec:\3tnbnn.exe78⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe79⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe80⤵
-
\??\c:\xfrlxlr.exec:\xfrlxlr.exe81⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe82⤵
-
\??\c:\btbhtb.exec:\btbhtb.exe83⤵
-
\??\c:\btbbhn.exec:\btbbhn.exe84⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe85⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe86⤵
-
\??\c:\lflrflr.exec:\lflrflr.exe87⤵
-
\??\c:\lfxrlrf.exec:\lfxrlrf.exe88⤵
-
\??\c:\5nntbt.exec:\5nntbt.exe89⤵
-
\??\c:\9tbhtt.exec:\9tbhtt.exe90⤵
-
\??\c:\1nhhnn.exec:\1nhhnn.exe91⤵
-
\??\c:\1pppv.exec:\1pppv.exe92⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe93⤵
-
\??\c:\lfrfxxl.exec:\lfrfxxl.exe94⤵
-
\??\c:\1xlllrf.exec:\1xlllrf.exe95⤵
-
\??\c:\hbhnbb.exec:\hbhnbb.exe96⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe97⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe98⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe99⤵
-
\??\c:\pdpvv.exec:\pdpvv.exe100⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe101⤵
-
\??\c:\frrrxxr.exec:\frrrxxr.exe102⤵
-
\??\c:\tntbhn.exec:\tntbhn.exe103⤵
-
\??\c:\1tnbtb.exec:\1tnbtb.exe104⤵
-
\??\c:\dpdvj.exec:\dpdvj.exe105⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe106⤵
-
\??\c:\1pjpp.exec:\1pjpp.exe107⤵
-
\??\c:\xrfxxrx.exec:\xrfxxrx.exe108⤵
-
\??\c:\rllrffx.exec:\rllrffx.exe109⤵
-
\??\c:\nbbhnb.exec:\nbbhnb.exe110⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe111⤵
-
\??\c:\5vpvj.exec:\5vpvj.exe112⤵
-
\??\c:\1ppjv.exec:\1ppjv.exe113⤵
-
\??\c:\xrlxllf.exec:\xrlxllf.exe114⤵
-
\??\c:\rrrfxfr.exec:\rrrfxfr.exe115⤵
-
\??\c:\lffxffl.exec:\lffxffl.exe116⤵
-
\??\c:\bthtnh.exec:\bthtnh.exe117⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe118⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe119⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe120⤵
-
\??\c:\fllllrr.exec:\fllllrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-