Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
25/05/2024, 19:24
General
-
Target
10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe
-
Size
66KB
-
MD5
10576250f3bca1089e6277e9e44ecb30
-
SHA1
b320daf96da6c4a165e181407028ced066016f9b
-
SHA256
f714f902b143b780e5d2a433fd664ef8e99d649f50f7a0ce5aa7427a6277e9f4
-
SHA512
b78839afc98e0f3ad2665fe233ad68e4c05d1930f6f97b2a3bc3c72f9e362e147eaaf8a77181ff0ad284c5b50dfccd2dd44389d520695353a39b2c3087f0d58a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmcz:ymb3NkkiQ3mdBjFI46TQyXmcz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\10576250f3bca1089e6277e9e44ecb30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflrf.exec:\rlxflrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlfrfrx.exec:\rlfrfrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrxxrx.exec:\lxrxxrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnnhb.exec:\hhnnhb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxxfxf.exec:\3fxxfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbbt.exec:\nbhbbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhnhh.exec:\1nhnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdjv.exec:\pvdjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdpp.exec:\1vdpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlxlx.exec:\lfxlxlx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjvp.exec:\pjjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfrrfff.exec:\xfrrfff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hhhtb.exec:\9hhhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjpd.exec:\jjjpd.exe17⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe18⤵
- Executes dropped EXE
-
\??\c:\frllrrf.exec:\frllrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\9nhthn.exec:\9nhthn.exe20⤵
- Executes dropped EXE
-
\??\c:\dvpdp.exec:\dvpdp.exe21⤵
- Executes dropped EXE
-
\??\c:\lrxlrff.exec:\lrxlrff.exe22⤵
- Executes dropped EXE
-
\??\c:\5rllrfr.exec:\5rllrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\btntbn.exec:\btntbn.exe24⤵
- Executes dropped EXE
-
\??\c:\vvpjv.exec:\vvpjv.exe25⤵
- Executes dropped EXE
-
\??\c:\dvvdj.exec:\dvvdj.exe26⤵
- Executes dropped EXE
-
\??\c:\rrxlrfx.exec:\rrxlrfx.exe27⤵
- Executes dropped EXE
-
\??\c:\7nntht.exec:\7nntht.exe28⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe29⤵
- Executes dropped EXE
-
\??\c:\flxrxrr.exec:\flxrxrr.exe30⤵
- Executes dropped EXE
-
\??\c:\hbtthh.exec:\hbtthh.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe32⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe33⤵
- Executes dropped EXE
-
\??\c:\lrrlllx.exec:\lrrlllx.exe34⤵
- Executes dropped EXE
-
\??\c:\bhhnbt.exec:\bhhnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\nnttbn.exec:\nnttbn.exe36⤵
- Executes dropped EXE
-
\??\c:\vdvdj.exec:\vdvdj.exe37⤵
- Executes dropped EXE
-
\??\c:\xflxxfx.exec:\xflxxfx.exe38⤵
- Executes dropped EXE
-
\??\c:\rrflxfr.exec:\rrflxfr.exe39⤵
- Executes dropped EXE
-
\??\c:\1tthnt.exec:\1tthnt.exe40⤵
- Executes dropped EXE
-
\??\c:\dvpvv.exec:\dvpvv.exe41⤵
- Executes dropped EXE
-
\??\c:\1ddpd.exec:\1ddpd.exe42⤵
- Executes dropped EXE
-
\??\c:\xxxrxxf.exec:\xxxrxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\hbtntt.exec:\hbtntt.exe44⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\frxffll.exec:\frxffll.exe47⤵
- Executes dropped EXE
-
\??\c:\7flxxrr.exec:\7flxxrr.exe48⤵
- Executes dropped EXE
-
\??\c:\7tbnth.exec:\7tbnth.exe49⤵
- Executes dropped EXE
-
\??\c:\3ttbbh.exec:\3ttbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\3xxfrfr.exec:\3xxfrfr.exe53⤵
- Executes dropped EXE
-
\??\c:\5llxflr.exec:\5llxflr.exe54⤵
- Executes dropped EXE
-
\??\c:\tthnbb.exec:\tthnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhtbb.exec:\bnhtbb.exe56⤵
- Executes dropped EXE
-
\??\c:\djddp.exec:\djddp.exe57⤵
- Executes dropped EXE
-
\??\c:\flxlrlf.exec:\flxlrlf.exe58⤵
- Executes dropped EXE
-
\??\c:\1rrrflf.exec:\1rrrflf.exe59⤵
- Executes dropped EXE
-
\??\c:\3bbhtt.exec:\3bbhtt.exe60⤵
- Executes dropped EXE
-
\??\c:\ddjvv.exec:\ddjvv.exe61⤵
- Executes dropped EXE
-
\??\c:\5llflrx.exec:\5llflrx.exe62⤵
- Executes dropped EXE
-
\??\c:\hbtbnb.exec:\hbtbnb.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbnnn.exec:\ttbnnn.exe64⤵
- Executes dropped EXE
-
\??\c:\3jpvj.exec:\3jpvj.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxrfrf.exec:\lfxrfrf.exe66⤵
-
\??\c:\xrlllll.exec:\xrlllll.exe67⤵
-
\??\c:\tnttht.exec:\tnttht.exe68⤵
-
\??\c:\bbtttn.exec:\bbtttn.exe69⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe70⤵
-
\??\c:\ffrlrlr.exec:\ffrlrlr.exe71⤵
-
\??\c:\nnhnth.exec:\nnhnth.exe72⤵
-
\??\c:\djvdd.exec:\djvdd.exe73⤵
-
\??\c:\pdvjd.exec:\pdvjd.exe74⤵
-
\??\c:\5ffrlxl.exec:\5ffrlxl.exe75⤵
-
\??\c:\7nnnbt.exec:\7nnnbt.exe76⤵
-
\??\c:\3pjjv.exec:\3pjjv.exe77⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe78⤵
-
\??\c:\xrrxrfl.exec:\xrrxrfl.exe79⤵
-
\??\c:\xffxlrf.exec:\xffxlrf.exe80⤵
-
\??\c:\jpvjj.exec:\jpvjj.exe81⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe82⤵
-
\??\c:\rrrfxfr.exec:\rrrfxfr.exe83⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe84⤵
-
\??\c:\hnnnbb.exec:\hnnnbb.exe85⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe86⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe87⤵
-
\??\c:\9rxrfxr.exec:\9rxrfxr.exe88⤵
-
\??\c:\thttnh.exec:\thttnh.exe89⤵
-
\??\c:\tbbnht.exec:\tbbnht.exe90⤵
-
\??\c:\pddjv.exec:\pddjv.exe91⤵
-
\??\c:\vvjvd.exec:\vvjvd.exe92⤵
-
\??\c:\1rrlxfr.exec:\1rrlxfr.exe93⤵
-
\??\c:\rlrxrfx.exec:\rlrxrfx.exe94⤵
-
\??\c:\1hhnht.exec:\1hhnht.exe95⤵
-
\??\c:\bbnbnt.exec:\bbnbnt.exe96⤵
-
\??\c:\7pvjp.exec:\7pvjp.exe97⤵
-
\??\c:\xxxlrfl.exec:\xxxlrfl.exe98⤵
-
\??\c:\llrfrrr.exec:\llrfrrr.exe99⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe100⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe101⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe102⤵
-
\??\c:\frllrlx.exec:\frllrlx.exe103⤵
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe104⤵
-
\??\c:\7btbnt.exec:\7btbnt.exe105⤵
-
\??\c:\hbhbnb.exec:\hbhbnb.exe106⤵
-
\??\c:\5vjvv.exec:\5vjvv.exe107⤵
-
\??\c:\xrrrxfx.exec:\xrrrxfx.exe108⤵
-
\??\c:\lfllrxf.exec:\lfllrxf.exe109⤵
-
\??\c:\bbtbtb.exec:\bbtbtb.exe110⤵
-
\??\c:\jpjjp.exec:\jpjjp.exe111⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe112⤵
-
\??\c:\flfxfxl.exec:\flfxfxl.exe113⤵
-
\??\c:\ffrfrfl.exec:\ffrfrfl.exe114⤵
-
\??\c:\hhhhnn.exec:\hhhhnn.exe115⤵
-
\??\c:\7dvpd.exec:\7dvpd.exe116⤵
-
\??\c:\pddvp.exec:\pddvp.exe117⤵
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe118⤵
-
\??\c:\tbhbbb.exec:\tbhbbb.exe119⤵
-
\??\c:\nbbhhh.exec:\nbbhhh.exe120⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-