Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25/05/2024, 05:26
General
-
Target
f8e755246fba718660341b0f41d35930_NeikiAnalytics.exe
-
Size
286KB
-
MD5
f8e755246fba718660341b0f41d35930
-
SHA1
c098780c7e444652fd5edc18196bc49c800baa44
-
SHA256
dad1ce0389ee0c38bf289c48b9a839869da3b124fb547d126ae2bc2bf5bcdb89
-
SHA512
20f2ac704e3293f9b086244e4d61eb9804ac43c1d7c5c4a61a4e50dfaa4bf94a765d592fd2adaf39842a1c1afc3fe86f429a9f2420a5f4ce13bd17fc939e0285
-
SSDEEP
3072:ThOm2sI93UufdC67cipfmCiiiXAQ5lpBoGYwNNhu0CzhKPx:Tcm7ImGddXlWrXF5lpKGYV0wh6x
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 59 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f8e755246fba718660341b0f41d35930_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f8e755246fba718660341b0f41d35930_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thhtnt.exec:\thhtnt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjd.exec:\jvvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjd.exec:\pdpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpv.exec:\djdpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnbb.exec:\tnhnbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpd.exec:\3pjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrx.exec:\rlxflrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btttbn.exec:\btttbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jvvj.exec:\3jvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrrxl.exec:\llfrrxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhh.exec:\nhbbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxlfxl.exec:\rlxlfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbtn.exec:\hnbbtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdjp.exec:\ppdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlffxr.exec:\rrlffxr.exe17⤵
- Executes dropped EXE
-
\??\c:\bbnnbh.exec:\bbnnbh.exe18⤵
- Executes dropped EXE
-
\??\c:\1pdjd.exec:\1pdjd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe20⤵
- Executes dropped EXE
-
\??\c:\9tbhht.exec:\9tbhht.exe21⤵
- Executes dropped EXE
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe22⤵
- Executes dropped EXE
-
\??\c:\1ppdp.exec:\1ppdp.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxrrrl.exec:\ffxrrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\hbnnhh.exec:\hbnnhh.exe25⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe26⤵
- Executes dropped EXE
-
\??\c:\xlfrlrx.exec:\xlfrlrx.exe27⤵
- Executes dropped EXE
-
\??\c:\thnhnb.exec:\thnhnb.exe28⤵
- Executes dropped EXE
-
\??\c:\dvppv.exec:\dvppv.exe29⤵
- Executes dropped EXE
-
\??\c:\ffxlfll.exec:\ffxlfll.exe30⤵
- Executes dropped EXE
-
\??\c:\hbnbth.exec:\hbnbth.exe31⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe32⤵
- Executes dropped EXE
-
\??\c:\rrrrrlf.exec:\rrrrrlf.exe33⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvjv.exec:\pdvjv.exe35⤵
- Executes dropped EXE
-
\??\c:\5xlrxxl.exec:\5xlrxxl.exe36⤵
- Executes dropped EXE
-
\??\c:\7btthn.exec:\7btthn.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe38⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe39⤵
- Executes dropped EXE
-
\??\c:\xlfllrx.exec:\xlfllrx.exe40⤵
- Executes dropped EXE
-
\??\c:\xlxxlxl.exec:\xlxxlxl.exe41⤵
- Executes dropped EXE
-
\??\c:\ttthth.exec:\ttthth.exe42⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe44⤵
- Executes dropped EXE
-
\??\c:\thnhtn.exec:\thnhtn.exe45⤵
- Executes dropped EXE
-
\??\c:\hbbhhn.exec:\hbbhhn.exe46⤵
- Executes dropped EXE
-
\??\c:\pvpdv.exec:\pvpdv.exe47⤵
- Executes dropped EXE
-
\??\c:\5lxxlxx.exec:\5lxxlxx.exe48⤵
- Executes dropped EXE
-
\??\c:\9lfxfrl.exec:\9lfxfrl.exe49⤵
- Executes dropped EXE
-
\??\c:\bthnnb.exec:\bthnnb.exe50⤵
- Executes dropped EXE
-
\??\c:\3jpjv.exec:\3jpjv.exe51⤵
- Executes dropped EXE
-
\??\c:\frfrrfx.exec:\frfrrfx.exe52⤵
- Executes dropped EXE
-
\??\c:\nbhnhb.exec:\nbhnhb.exe53⤵
- Executes dropped EXE
-
\??\c:\bbhhth.exec:\bbhhth.exe54⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe55⤵
- Executes dropped EXE
-
\??\c:\lxlffff.exec:\lxlffff.exe56⤵
- Executes dropped EXE
-
\??\c:\rrxllrl.exec:\rrxllrl.exe57⤵
- Executes dropped EXE
-
\??\c:\nhbnbh.exec:\nhbnbh.exe58⤵
- Executes dropped EXE
-
\??\c:\djdpv.exec:\djdpv.exe59⤵
- Executes dropped EXE
-
\??\c:\rrrlrrl.exec:\rrrlrrl.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhbtt.exec:\tnhbtt.exe61⤵
- Executes dropped EXE
-
\??\c:\nntbhb.exec:\nntbhb.exe62⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe63⤵
- Executes dropped EXE
-
\??\c:\xxrfxlx.exec:\xxrfxlx.exe64⤵
- Executes dropped EXE
-
\??\c:\bttthn.exec:\bttthn.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdjv.exec:\ppdjv.exe66⤵
-
\??\c:\pdvdd.exec:\pdvdd.exe67⤵
-
\??\c:\1nntbh.exec:\1nntbh.exe68⤵
-
\??\c:\nnnhtb.exec:\nnnhtb.exe69⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe70⤵
-
\??\c:\3rllrxf.exec:\3rllrxf.exe71⤵
-
\??\c:\htnhnt.exec:\htnhnt.exe72⤵
-
\??\c:\tbtbbn.exec:\tbtbbn.exe73⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe74⤵
-
\??\c:\frfxffl.exec:\frfxffl.exe75⤵
-
\??\c:\hthbbn.exec:\hthbbn.exe76⤵
-
\??\c:\pjddj.exec:\pjddj.exe77⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe78⤵
-
\??\c:\rlfrflr.exec:\rlfrflr.exe79⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe80⤵
-
\??\c:\dvppd.exec:\dvppd.exe81⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe82⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe83⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe84⤵
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe85⤵
-
\??\c:\9lffxll.exec:\9lffxll.exe86⤵
-
\??\c:\3tnhtb.exec:\3tnhtb.exe87⤵
-
\??\c:\vvjpd.exec:\vvjpd.exe88⤵
-
\??\c:\vjpjp.exec:\vjpjp.exe89⤵
-
\??\c:\ffxxlrx.exec:\ffxxlrx.exe90⤵
-
\??\c:\9htnth.exec:\9htnth.exe91⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe92⤵
-
\??\c:\3pdvd.exec:\3pdvd.exe93⤵
-
\??\c:\lxfxlff.exec:\lxfxlff.exe94⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe95⤵
-
\??\c:\hbnthh.exec:\hbnthh.exe96⤵
-
\??\c:\jvvvj.exec:\jvvvj.exe97⤵
-
\??\c:\jjvdj.exec:\jjvdj.exe98⤵
-
\??\c:\rlxrflr.exec:\rlxrflr.exe99⤵
-
\??\c:\7rlrfxl.exec:\7rlrfxl.exe100⤵
-
\??\c:\nnntnb.exec:\nnntnb.exe101⤵
-
\??\c:\vvpvj.exec:\vvpvj.exe102⤵
-
\??\c:\xlrrlrf.exec:\xlrrlrf.exe103⤵
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe104⤵
-
\??\c:\9hhhtt.exec:\9hhhtt.exe105⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe106⤵
-
\??\c:\rlxrrlf.exec:\rlxrrlf.exe107⤵
-
\??\c:\3nbhnt.exec:\3nbhnt.exe108⤵
-
\??\c:\bnbttn.exec:\bnbttn.exe109⤵
-
\??\c:\1vjpv.exec:\1vjpv.exe110⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe111⤵
-
\??\c:\xrxflxl.exec:\xrxflxl.exe112⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe113⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe114⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe115⤵
-
\??\c:\xxrrflr.exec:\xxrrflr.exe116⤵
-
\??\c:\tthhtb.exec:\tthhtb.exe117⤵
-
\??\c:\jvjvv.exec:\jvjvv.exe118⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe119⤵
-
\??\c:\3fxxfff.exec:\3fxxfff.exe120⤵
-
\??\c:\xlflrxf.exec:\xlflrxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-