Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
27/05/2024, 17:55
General
-
Target
06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe
-
Size
63KB
-
MD5
06b32bde5b260c24fa49ee30b9eae520
-
SHA1
db18fa1d3ea1dd87cca7e34e01d522580d443278
-
SHA256
bb7961612d580ad3338b2aa4739faa5782bd9c1f7929eea36efcfa7d3aab4a32
-
SHA512
ff8026089c715cb9d1bc9c161ac13a9cd0ac3bad612b2d55475b8d844970ed9134b237d47c3889b1340b616b8760bc18ab34d608b2e7ef647238a666035a1534
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/w+d:ymb3NkkiQ3mdBjFILmPd
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\06b32bde5b260c24fa49ee30b9eae520_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtthh.exec:\bbtthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpjv.exec:\ddpjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnnth.exec:\ttnnth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbthn.exec:\bbbthn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvppv.exec:\pvppv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppvj.exec:\9ppvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxflxf.exec:\rlxflxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhthn.exec:\nnhthn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbtnb.exec:\tnbtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vjvd.exec:\9vjvd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjjp.exec:\9jjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxflrf.exec:\ffxflrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbth.exec:\btnbth.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddjj.exec:\dddjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxllllx.exec:\rxllllx.exe17⤵
- Executes dropped EXE
-
\??\c:\rxfxffl.exec:\rxfxffl.exe18⤵
- Executes dropped EXE
-
\??\c:\9hbtnn.exec:\9hbtnn.exe19⤵
- Executes dropped EXE
-
\??\c:\bbhhnh.exec:\bbhhnh.exe20⤵
- Executes dropped EXE
-
\??\c:\5dpvp.exec:\5dpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrrffl.exec:\fxrrffl.exe22⤵
- Executes dropped EXE
-
\??\c:\9xxfxrf.exec:\9xxfxrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ntbbtt.exec:\ntbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe25⤵
- Executes dropped EXE
-
\??\c:\lxllffl.exec:\lxllffl.exe26⤵
- Executes dropped EXE
-
\??\c:\xrllrfl.exec:\xrllrfl.exe27⤵
- Executes dropped EXE
-
\??\c:\nhbhtt.exec:\nhbhtt.exe28⤵
- Executes dropped EXE
-
\??\c:\vppvj.exec:\vppvj.exe29⤵
- Executes dropped EXE
-
\??\c:\fllxflf.exec:\fllxflf.exe30⤵
- Executes dropped EXE
-
\??\c:\9frxfrf.exec:\9frxfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\9hhnhn.exec:\9hhnhn.exe32⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe33⤵
- Executes dropped EXE
-
\??\c:\jpdpv.exec:\jpdpv.exe34⤵
- Executes dropped EXE
-
\??\c:\xlrllxr.exec:\xlrllxr.exe35⤵
- Executes dropped EXE
-
\??\c:\9fxfllf.exec:\9fxfllf.exe36⤵
- Executes dropped EXE
-
\??\c:\nnhbbh.exec:\nnhbbh.exe37⤵
- Executes dropped EXE
-
\??\c:\hnhthn.exec:\hnhthn.exe38⤵
- Executes dropped EXE
-
\??\c:\3vpjv.exec:\3vpjv.exe39⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe40⤵
- Executes dropped EXE
-
\??\c:\xlfllfr.exec:\xlfllfr.exe41⤵
- Executes dropped EXE
-
\??\c:\xrflrfr.exec:\xrflrfr.exe42⤵
- Executes dropped EXE
-
\??\c:\tbhhtb.exec:\tbhhtb.exe43⤵
- Executes dropped EXE
-
\??\c:\9tbnnb.exec:\9tbnnb.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe45⤵
- Executes dropped EXE
-
\??\c:\flxxxfr.exec:\flxxxfr.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrfrfr.exec:\fxrfrfr.exe47⤵
- Executes dropped EXE
-
\??\c:\ttthhh.exec:\ttthhh.exe48⤵
- Executes dropped EXE
-
\??\c:\ntbtnh.exec:\ntbtnh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe50⤵
- Executes dropped EXE
-
\??\c:\fffllxr.exec:\fffllxr.exe51⤵
- Executes dropped EXE
-
\??\c:\llxrxxf.exec:\llxrxxf.exe52⤵
- Executes dropped EXE
-
\??\c:\7hbntt.exec:\7hbntt.exe53⤵
- Executes dropped EXE
-
\??\c:\5bnhbb.exec:\5bnhbb.exe54⤵
- Executes dropped EXE
-
\??\c:\jvdjj.exec:\jvdjj.exe55⤵
- Executes dropped EXE
-
\??\c:\dvdvj.exec:\dvdvj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrfflxr.exec:\xrfflxr.exe57⤵
- Executes dropped EXE
-
\??\c:\fxrllrf.exec:\fxrllrf.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnbbt.exec:\nhnbbt.exe59⤵
- Executes dropped EXE
-
\??\c:\7bnnnt.exec:\7bnnnt.exe60⤵
- Executes dropped EXE
-
\??\c:\vdjdv.exec:\vdjdv.exe61⤵
- Executes dropped EXE
-
\??\c:\7jdjv.exec:\7jdjv.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrlrlr.exec:\lfrlrlr.exe63⤵
- Executes dropped EXE
-
\??\c:\nthhhh.exec:\nthhhh.exe64⤵
- Executes dropped EXE
-
\??\c:\nhhthh.exec:\nhhthh.exe65⤵
- Executes dropped EXE
-
\??\c:\3jvpv.exec:\3jvpv.exe66⤵
-
\??\c:\dddjv.exec:\dddjv.exe67⤵
-
\??\c:\vjvvv.exec:\vjvvv.exe68⤵
-
\??\c:\ffrxlxf.exec:\ffrxlxf.exe69⤵
-
\??\c:\bthtbh.exec:\bthtbh.exe70⤵
-
\??\c:\9nhnnn.exec:\9nhnnn.exe71⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe72⤵
-
\??\c:\jdvpd.exec:\jdvpd.exe73⤵
-
\??\c:\dddvv.exec:\dddvv.exe74⤵
-
\??\c:\xrlllfl.exec:\xrlllfl.exe75⤵
-
\??\c:\hbhnhh.exec:\hbhnhh.exe76⤵
-
\??\c:\hhthnt.exec:\hhthnt.exe77⤵
-
\??\c:\vpjdv.exec:\vpjdv.exe78⤵
-
\??\c:\ppppv.exec:\ppppv.exe79⤵
-
\??\c:\ffflxlx.exec:\ffflxlx.exe80⤵
-
\??\c:\xrxxlll.exec:\xrxxlll.exe81⤵
-
\??\c:\nhhnbh.exec:\nhhnbh.exe82⤵
-
\??\c:\jdppj.exec:\jdppj.exe83⤵
-
\??\c:\jddjp.exec:\jddjp.exe84⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe85⤵
-
\??\c:\rrlrlxl.exec:\rrlrlxl.exe86⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe87⤵
-
\??\c:\bbbbbh.exec:\bbbbbh.exe88⤵
-
\??\c:\7ppvd.exec:\7ppvd.exe89⤵
-
\??\c:\9jdjp.exec:\9jdjp.exe90⤵
-
\??\c:\rlfllxl.exec:\rlfllxl.exe91⤵
-
\??\c:\xrxfxlx.exec:\xrxfxlx.exe92⤵
-
\??\c:\nhhhbt.exec:\nhhhbt.exe93⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe94⤵
-
\??\c:\7pjpp.exec:\7pjpp.exe95⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe96⤵
-
\??\c:\fxlllfx.exec:\fxlllfx.exe97⤵
-
\??\c:\ffrxfrf.exec:\ffrxfrf.exe98⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe99⤵
-
\??\c:\nnhbnn.exec:\nnhbnn.exe100⤵
-
\??\c:\7bbhhn.exec:\7bbhhn.exe101⤵
-
\??\c:\dvppv.exec:\dvppv.exe102⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe103⤵
-
\??\c:\7rxrrxr.exec:\7rxrrxr.exe104⤵
-
\??\c:\lfxxffr.exec:\lfxxffr.exe105⤵
-
\??\c:\xxlxlfl.exec:\xxlxlfl.exe106⤵
-
\??\c:\hbtnbb.exec:\hbtnbb.exe107⤵
-
\??\c:\nbnthb.exec:\nbnthb.exe108⤵
-
\??\c:\1ddpj.exec:\1ddpj.exe109⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe110⤵
-
\??\c:\1frxflr.exec:\1frxflr.exe111⤵
-
\??\c:\rlffrlf.exec:\rlffrlf.exe112⤵
-
\??\c:\hbnnhn.exec:\hbnnhn.exe113⤵
-
\??\c:\nthhtb.exec:\nthhtb.exe114⤵
-
\??\c:\jjdpd.exec:\jjdpd.exe115⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe116⤵
-
\??\c:\rflfrxx.exec:\rflfrxx.exe117⤵
-
\??\c:\ffxlrrr.exec:\ffxlrrr.exe118⤵
-
\??\c:\9xlxxfl.exec:\9xlxxfl.exe119⤵
-
\??\c:\hhhbth.exec:\hhhbth.exe120⤵
-
\??\c:\nnhntn.exec:\nnhntn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-