Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
27/05/2024, 03:18
General
-
Target
1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe
-
Size
94KB
-
MD5
1c43acdffaceee861fc39ff61a659960
-
SHA1
4acfca21813bcfc7160af8d1fc7137f7898cf70f
-
SHA256
8bffe28b1fa4f4ac40b854942d9d2428513740ba1926d6c6a5dbcab6819143d1
-
SHA512
bcccd9b911fa18619c379ad1ea0a5e676b6696a3cdeae365e779e1d6d4a33ee2123a084aeae12b118fa5deee461b28ac7e971f1ecaf0b111d49d3b2a6b3f3eff
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxE6vr/mAF:ymb3NkkiQ3mdBjFo73PYP1lri3KVT+bE
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1c43acdffaceee861fc39ff61a659960_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvdv.exec:\pjvdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrxlf.exec:\xffrxlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtbhb.exec:\thtbhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vpdj.exec:\3vpdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbtb.exec:\ttnbtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpv.exec:\pjdpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llrflx.exec:\7llrflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbhnt.exec:\nhbhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjdj.exec:\5jjdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxxlfl.exec:\1rxxlfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tththn.exec:\tththn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htntbb.exec:\htntbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdp.exec:\dppdp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrflx.exec:\7rxrflx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttbb.exec:\tnttbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjvp.exec:\jdjvp.exe17⤵
- Executes dropped EXE
-
\??\c:\7flfrrx.exec:\7flfrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\tbhbhn.exec:\tbhbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\3tnbnb.exec:\3tnbnb.exe20⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe21⤵
- Executes dropped EXE
-
\??\c:\ffrfflf.exec:\ffrfflf.exe22⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\rlrxfrf.exec:\rlrxfrf.exe25⤵
- Executes dropped EXE
-
\??\c:\9ttbnt.exec:\9ttbnt.exe26⤵
- Executes dropped EXE
-
\??\c:\bbtnbh.exec:\bbtnbh.exe27⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe28⤵
- Executes dropped EXE
-
\??\c:\xxffflf.exec:\xxffflf.exe29⤵
- Executes dropped EXE
-
\??\c:\tnbhnn.exec:\tnbhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\pppvj.exec:\pppvj.exe31⤵
- Executes dropped EXE
-
\??\c:\lfflflf.exec:\lfflflf.exe32⤵
- Executes dropped EXE
-
\??\c:\xfxrxrl.exec:\xfxrxrl.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbnhh.exec:\nbbnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\vjvdj.exec:\vjvdj.exe35⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe36⤵
- Executes dropped EXE
-
\??\c:\fxxrffr.exec:\fxxrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\9xflxxr.exec:\9xflxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnthh.exec:\nbnthh.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe40⤵
- Executes dropped EXE
-
\??\c:\fflxrfx.exec:\fflxrfx.exe41⤵
- Executes dropped EXE
-
\??\c:\9lxlxfr.exec:\9lxlxfr.exe42⤵
- Executes dropped EXE
-
\??\c:\ttnhhn.exec:\ttnhhn.exe43⤵
- Executes dropped EXE
-
\??\c:\7tbbnh.exec:\7tbbnh.exe44⤵
- Executes dropped EXE
-
\??\c:\vddpv.exec:\vddpv.exe45⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe46⤵
- Executes dropped EXE
-
\??\c:\bthhhh.exec:\bthhhh.exe47⤵
- Executes dropped EXE
-
\??\c:\vpvdv.exec:\vpvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe49⤵
- Executes dropped EXE
-
\??\c:\rlfrfrf.exec:\rlfrfrf.exe50⤵
- Executes dropped EXE
-
\??\c:\9ffllxr.exec:\9ffllxr.exe51⤵
- Executes dropped EXE
-
\??\c:\nhbbtn.exec:\nhbbtn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjjdp.exec:\pjjdp.exe53⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe54⤵
- Executes dropped EXE
-
\??\c:\lxrfllr.exec:\lxrfllr.exe55⤵
- Executes dropped EXE
-
\??\c:\rllrflx.exec:\rllrflx.exe56⤵
- Executes dropped EXE
-
\??\c:\nnhntn.exec:\nnhntn.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvjv.exec:\jjvjv.exe58⤵
- Executes dropped EXE
-
\??\c:\vpdpp.exec:\vpdpp.exe59⤵
- Executes dropped EXE
-
\??\c:\5rrxlxf.exec:\5rrxlxf.exe60⤵
- Executes dropped EXE
-
\??\c:\xrrflll.exec:\xrrflll.exe61⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe62⤵
- Executes dropped EXE
-
\??\c:\1thhnt.exec:\1thhnt.exe63⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe64⤵
- Executes dropped EXE
-
\??\c:\vjjpp.exec:\vjjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\3lfllll.exec:\3lfllll.exe66⤵
-
\??\c:\btnthn.exec:\btnthn.exe67⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe68⤵
-
\??\c:\vpdvv.exec:\vpdvv.exe69⤵
-
\??\c:\fxrlxrr.exec:\fxrlxrr.exe70⤵
-
\??\c:\1rffrrx.exec:\1rffrrx.exe71⤵
-
\??\c:\3bhthb.exec:\3bhthb.exe72⤵
-
\??\c:\1hhbnt.exec:\1hhbnt.exe73⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe74⤵
-
\??\c:\7lfrlxl.exec:\7lfrlxl.exe75⤵
-
\??\c:\frrrxxl.exec:\frrrxxl.exe76⤵
-
\??\c:\3hnnbh.exec:\3hnnbh.exe77⤵
-
\??\c:\tnhnnt.exec:\tnhnnt.exe78⤵
-
\??\c:\bbbhht.exec:\bbbhht.exe79⤵
-
\??\c:\3vvjp.exec:\3vvjp.exe80⤵
-
\??\c:\rlflrxx.exec:\rlflrxx.exe81⤵
-
\??\c:\lxrxllf.exec:\lxrxllf.exe82⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe83⤵
-
\??\c:\ttttnt.exec:\ttttnt.exe84⤵
-
\??\c:\jjddv.exec:\jjddv.exe85⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe86⤵
-
\??\c:\fxlxlrf.exec:\fxlxlrf.exe87⤵
-
\??\c:\xxrllll.exec:\xxrllll.exe88⤵
-
\??\c:\bbthnt.exec:\bbthnt.exe89⤵
-
\??\c:\tnhbtt.exec:\tnhbtt.exe90⤵
-
\??\c:\9jpdd.exec:\9jpdd.exe91⤵
-
\??\c:\5vdvv.exec:\5vdvv.exe92⤵
-
\??\c:\rlfrlfr.exec:\rlfrlfr.exe93⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe94⤵
-
\??\c:\bntntt.exec:\bntntt.exe95⤵
-
\??\c:\hbthnh.exec:\hbthnh.exe96⤵
-
\??\c:\1bnntn.exec:\1bnntn.exe97⤵
-
\??\c:\3vjdp.exec:\3vjdp.exe98⤵
-
\??\c:\xlxfrfr.exec:\xlxfrfr.exe99⤵
-
\??\c:\lflxffr.exec:\lflxffr.exe100⤵
-
\??\c:\5hnbbb.exec:\5hnbbb.exe101⤵
-
\??\c:\htthnn.exec:\htthnn.exe102⤵
-
\??\c:\dvvpd.exec:\dvvpd.exe103⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe104⤵
-
\??\c:\ffxxfff.exec:\ffxxfff.exe105⤵
-
\??\c:\frrrlff.exec:\frrrlff.exe106⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe107⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe108⤵
-
\??\c:\pddvj.exec:\pddvj.exe109⤵
-
\??\c:\frflrrx.exec:\frflrrx.exe110⤵
-
\??\c:\9lllxff.exec:\9lllxff.exe111⤵
-
\??\c:\htbnbn.exec:\htbnbn.exe112⤵
-
\??\c:\9btntn.exec:\9btntn.exe113⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe114⤵
-
\??\c:\frlrxrf.exec:\frlrxrf.exe115⤵
-
\??\c:\llrxlxl.exec:\llrxlxl.exe116⤵
-
\??\c:\hthhtt.exec:\hthhtt.exe117⤵
-
\??\c:\9btbbn.exec:\9btbbn.exe118⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe119⤵
-
\??\c:\frlfllx.exec:\frlfllx.exe120⤵
-
\??\c:\lfrrxff.exec:\lfrrxff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-