Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
26/05/2024, 18:23
General
-
Target
b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe
-
Size
441KB
-
MD5
b6227b51478fc50c793c1097f9a25270
-
SHA1
3cc4c3e0c12515ffe4a2b48934db399039ba516a
-
SHA256
004ab26c1eee3145a14af87d783262944abb7fd17de982d202e44f046a13c58c
-
SHA512
151b11fe654b43b815c7ec4fe8f6f60ec8073fcb75fa50348a12e94db63779b69bcf14e099973ec5b268f12108e9aea858697675e5d42b1b41bb7cb26a562cb9
-
SSDEEP
12288:M4wFHoSpg4wFHonR/nPF2LnFL4wF04wFK4wFK4wluz:UrR/nPs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b6227b51478fc50c793c1097f9a25270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxrxrl.exec:\xrxrxrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnn.exec:\btnbnn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjvd.exec:\7pjvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflrxl.exec:\ffflrxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtt.exec:\tnbhtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvdd.exec:\ppvdd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lflxlx.exec:\3lflxlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnthh.exec:\tnnthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxfrrf.exec:\ffxfrrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbnht.exec:\hhbnht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvvj.exec:\9dvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9frfrrf.exec:\9frfrrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtnbh.exec:\bbtnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfflx.exec:\1rrfflx.exe17⤵
- Executes dropped EXE
-
\??\c:\xrlrrfl.exec:\xrlrrfl.exe18⤵
- Executes dropped EXE
-
\??\c:\pjjvp.exec:\pjjvp.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdjj.exec:\pjdjj.exe20⤵
- Executes dropped EXE
-
\??\c:\rfflrxl.exec:\rfflrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\tntbnn.exec:\tntbnn.exe22⤵
- Executes dropped EXE
-
\??\c:\vpppj.exec:\vpppj.exe23⤵
- Executes dropped EXE
-
\??\c:\rrlfrlx.exec:\rrlfrlx.exe24⤵
- Executes dropped EXE
-
\??\c:\7hbtnn.exec:\7hbtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\dpjvd.exec:\dpjvd.exe26⤵
- Executes dropped EXE
-
\??\c:\rlfrfrx.exec:\rlfrfrx.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjvj.exec:\vvjvj.exe28⤵
- Executes dropped EXE
-
\??\c:\rlxflrx.exec:\rlxflrx.exe29⤵
- Executes dropped EXE
-
\??\c:\nnhtnn.exec:\nnhtnn.exe30⤵
- Executes dropped EXE
-
\??\c:\9ddpj.exec:\9ddpj.exe31⤵
- Executes dropped EXE
-
\??\c:\3xlrllx.exec:\3xlrllx.exe32⤵
- Executes dropped EXE
-
\??\c:\9tnthh.exec:\9tnthh.exe33⤵
- Executes dropped EXE
-
\??\c:\lfflxlx.exec:\lfflxlx.exe34⤵
- Executes dropped EXE
-
\??\c:\1tntbb.exec:\1tntbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jvvjj.exec:\jvvjj.exe36⤵
- Executes dropped EXE
-
\??\c:\1lxxllx.exec:\1lxxllx.exe37⤵
- Executes dropped EXE
-
\??\c:\7bbhbh.exec:\7bbhbh.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe39⤵
- Executes dropped EXE
-
\??\c:\3rllrrf.exec:\3rllrrf.exe40⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpvp.exec:\vvpvp.exe42⤵
- Executes dropped EXE
-
\??\c:\rlllxxf.exec:\rlllxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe44⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\rrlxllx.exec:\rrlxllx.exe46⤵
- Executes dropped EXE
-
\??\c:\bbnbnt.exec:\bbnbnt.exe47⤵
- Executes dropped EXE
-
\??\c:\dvvjv.exec:\dvvjv.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlxllf.exec:\fxlxllf.exe49⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe50⤵
- Executes dropped EXE
-
\??\c:\nhtntt.exec:\nhtntt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe52⤵
- Executes dropped EXE
-
\??\c:\pjpvj.exec:\pjpvj.exe53⤵
- Executes dropped EXE
-
\??\c:\7llflll.exec:\7llflll.exe54⤵
- Executes dropped EXE
-
\??\c:\5bbhnt.exec:\5bbhnt.exe55⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe56⤵
- Executes dropped EXE
-
\??\c:\rxrrxfl.exec:\rxrrxfl.exe57⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\nhbnbn.exec:\nhbnbn.exe59⤵
- Executes dropped EXE
-
\??\c:\9hhnbt.exec:\9hhnbt.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlrxxl.exec:\xrlrxxl.exe61⤵
- Executes dropped EXE
-
\??\c:\3nnbnn.exec:\3nnbnn.exe62⤵
- Executes dropped EXE
-
\??\c:\xrflxfl.exec:\xrflxfl.exe63⤵
- Executes dropped EXE
-
\??\c:\1nntbb.exec:\1nntbb.exe64⤵
- Executes dropped EXE
-
\??\c:\vjdjv.exec:\vjdjv.exe65⤵
- Executes dropped EXE
-
\??\c:\ffrfflf.exec:\ffrfflf.exe66⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe67⤵
-
\??\c:\1dddj.exec:\1dddj.exe68⤵
-
\??\c:\nnnbhn.exec:\nnnbhn.exe69⤵
-
\??\c:\9bbtbh.exec:\9bbtbh.exe70⤵
-
\??\c:\lfxflrf.exec:\lfxflrf.exe71⤵
-
\??\c:\9btthh.exec:\9btthh.exe72⤵
-
\??\c:\5hntht.exec:\5hntht.exe73⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe74⤵
-
\??\c:\xxrlxrx.exec:\xxrlxrx.exe75⤵
-
\??\c:\5lxfllr.exec:\5lxfllr.exe76⤵
-
\??\c:\5nhhnn.exec:\5nhhnn.exe77⤵
-
\??\c:\tththh.exec:\tththh.exe78⤵
-
\??\c:\7vdvv.exec:\7vdvv.exe79⤵
-
\??\c:\fxlrrrf.exec:\fxlrrrf.exe80⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe81⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe82⤵
-
\??\c:\pppvd.exec:\pppvd.exe83⤵
-
\??\c:\5fxxxrf.exec:\5fxxxrf.exe84⤵
-
\??\c:\xxlrllx.exec:\xxlrllx.exe85⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe86⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe87⤵
-
\??\c:\xrfllrf.exec:\xrfllrf.exe88⤵
-
\??\c:\rxrxlxl.exec:\rxrxlxl.exe89⤵
-
\??\c:\3tthtb.exec:\3tthtb.exe90⤵
-
\??\c:\jddjv.exec:\jddjv.exe91⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe92⤵
-
\??\c:\llllrrx.exec:\llllrrx.exe93⤵
-
\??\c:\tttbhn.exec:\tttbhn.exe94⤵
-
\??\c:\nhbntt.exec:\nhbntt.exe95⤵
-
\??\c:\jvddd.exec:\jvddd.exe96⤵
-
\??\c:\rlrrflx.exec:\rlrrflx.exe97⤵
-
\??\c:\xfrlxll.exec:\xfrlxll.exe98⤵
-
\??\c:\3nnthn.exec:\3nnthn.exe99⤵
-
\??\c:\3nbbhh.exec:\3nbbhh.exe100⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe101⤵
-
\??\c:\3lfllrr.exec:\3lfllrr.exe102⤵
-
\??\c:\5tbntt.exec:\5tbntt.exe103⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe104⤵
-
\??\c:\vjddj.exec:\vjddj.exe105⤵
-
\??\c:\frfffrx.exec:\frfffrx.exe106⤵
-
\??\c:\nbbhnt.exec:\nbbhnt.exe107⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe108⤵
-
\??\c:\3flrfff.exec:\3flrfff.exe109⤵
-
\??\c:\3fxrxfr.exec:\3fxrxfr.exe110⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe111⤵
-
\??\c:\vddjj.exec:\vddjj.exe112⤵
-
\??\c:\1vdjd.exec:\1vdjd.exe113⤵
-
\??\c:\rllxllx.exec:\rllxllx.exe114⤵
-
\??\c:\9bnntt.exec:\9bnntt.exe115⤵
-
\??\c:\1hnnbb.exec:\1hnnbb.exe116⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe117⤵
-
\??\c:\5rxffll.exec:\5rxffll.exe118⤵
-
\??\c:\5xlflff.exec:\5xlflff.exe119⤵
-
\??\c:\3bthth.exec:\3bthth.exe120⤵
-
\??\c:\5jjpv.exec:\5jjpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-