Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-05-2024 01:59
General
-
Target
2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe
-
Size
56KB
-
MD5
2cc1b47cdbfd32db5694b2edb07ceb10
-
SHA1
4fb78a4047a4afbcf5ea04cc942d246f947308ed
-
SHA256
53ae40a5f5e64a10d74076f1cca0230657775f3a74cfd3d716f2dc48b8deec50
-
SHA512
d3c3ae309d2a596cc8c3a8f3aa2033451553a34fe512cbf4bbc02535ee3cf5c7767bb9089678ae8ef2a5a42d955b38544ec77793c3218722c8af312d9e27c62a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFH:ymb3NkkiQ3mdBjFIvIFH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2cc1b47cdbfd32db5694b2edb07ceb10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nthhtt.exec:\nthhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjd.exec:\pjvjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvpv.exec:\vjvpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrxx.exec:\xxxrrxx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbnt.exec:\bthbnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbhtt.exec:\7bbhtt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdv.exec:\djjdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlrrfr.exec:\lxlrrfr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthtn.exec:\nhthtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpd.exec:\ddvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxxll.exec:\xxrxxll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnnth.exec:\tbnnth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddp.exec:\vpddp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpvj.exec:\pdpvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxxllx.exec:\5xxxllx.exe17⤵
- Executes dropped EXE
-
\??\c:\xrllrxf.exec:\xrllrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\btnnbn.exec:\btnnbn.exe19⤵
- Executes dropped EXE
-
\??\c:\jdjpd.exec:\jdjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\ffflxlf.exec:\ffflxlf.exe21⤵
- Executes dropped EXE
-
\??\c:\rxllffl.exec:\rxllffl.exe22⤵
- Executes dropped EXE
-
\??\c:\hbnbhn.exec:\hbnbhn.exe23⤵
- Executes dropped EXE
-
\??\c:\nhhtnt.exec:\nhhtnt.exe24⤵
- Executes dropped EXE
-
\??\c:\jpvvv.exec:\jpvvv.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe26⤵
- Executes dropped EXE
-
\??\c:\flffxfr.exec:\flffxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\tbtbbn.exec:\tbtbbn.exe28⤵
- Executes dropped EXE
-
\??\c:\bthnht.exec:\bthnht.exe29⤵
- Executes dropped EXE
-
\??\c:\jvjdj.exec:\jvjdj.exe30⤵
- Executes dropped EXE
-
\??\c:\llxxlrf.exec:\llxxlrf.exe31⤵
- Executes dropped EXE
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe32⤵
- Executes dropped EXE
-
\??\c:\ttntht.exec:\ttntht.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe34⤵
- Executes dropped EXE
-
\??\c:\pdjjd.exec:\pdjjd.exe35⤵
- Executes dropped EXE
-
\??\c:\fxflxfx.exec:\fxflxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\xrxrxfr.exec:\xrxrxfr.exe37⤵
-
\??\c:\nhbnhn.exec:\nhbnhn.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtbtb.exec:\bbtbtb.exe39⤵
- Executes dropped EXE
-
\??\c:\djpvj.exec:\djpvj.exe40⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe41⤵
- Executes dropped EXE
-
\??\c:\1xxlxlx.exec:\1xxlxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\9lxrxff.exec:\9lxrxff.exe43⤵
- Executes dropped EXE
-
\??\c:\1rlrxfx.exec:\1rlrxfx.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnbbb.exec:\hbnbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\5bttnt.exec:\5bttnt.exe46⤵
- Executes dropped EXE
-
\??\c:\5pvvd.exec:\5pvvd.exe47⤵
- Executes dropped EXE
-
\??\c:\9dvdd.exec:\9dvdd.exe48⤵
- Executes dropped EXE
-
\??\c:\5xlxlrf.exec:\5xlxlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\1frxlxf.exec:\1frxlxf.exe50⤵
- Executes dropped EXE
-
\??\c:\bnnbhn.exec:\bnnbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\nnhthh.exec:\nnhthh.exe52⤵
- Executes dropped EXE
-
\??\c:\xxrffrf.exec:\xxrffrf.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrxlr.exec:\fxlrxlr.exe54⤵
- Executes dropped EXE
-
\??\c:\1hbnbb.exec:\1hbnbb.exe55⤵
- Executes dropped EXE
-
\??\c:\tthtnn.exec:\tthtnn.exe56⤵
- Executes dropped EXE
-
\??\c:\jvpjj.exec:\jvpjj.exe57⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\xrlxflr.exec:\xrlxflr.exe59⤵
- Executes dropped EXE
-
\??\c:\lfxfrxx.exec:\lfxfrxx.exe60⤵
- Executes dropped EXE
-
\??\c:\nbhnbn.exec:\nbhnbn.exe61⤵
- Executes dropped EXE
-
\??\c:\3dpdp.exec:\3dpdp.exe62⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe63⤵
- Executes dropped EXE
-
\??\c:\fffrflr.exec:\fffrflr.exe64⤵
- Executes dropped EXE
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe65⤵
- Executes dropped EXE
-
\??\c:\nhttnb.exec:\nhttnb.exe66⤵
- Executes dropped EXE
-
\??\c:\btnbnb.exec:\btnbnb.exe67⤵
-
\??\c:\7pdjp.exec:\7pdjp.exe68⤵
-
\??\c:\jvjpd.exec:\jvjpd.exe69⤵
-
\??\c:\3lfrxrf.exec:\3lfrxrf.exe70⤵
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe71⤵
-
\??\c:\xrxlflr.exec:\xrxlflr.exe72⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe73⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe74⤵
-
\??\c:\dvvpv.exec:\dvvpv.exe75⤵
-
\??\c:\xlxfrrf.exec:\xlxfrrf.exe76⤵
-
\??\c:\xxxfxfl.exec:\xxxfxfl.exe77⤵
-
\??\c:\3rxflxx.exec:\3rxflxx.exe78⤵
-
\??\c:\1bbthh.exec:\1bbthh.exe79⤵
-
\??\c:\5nbhtb.exec:\5nbhtb.exe80⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe81⤵
-
\??\c:\lfrxrfl.exec:\lfrxrfl.exe82⤵
-
\??\c:\frflrrf.exec:\frflrrf.exe83⤵
-
\??\c:\nhhthh.exec:\nhhthh.exe84⤵
-
\??\c:\nnnbht.exec:\nnnbht.exe85⤵
-
\??\c:\vppdd.exec:\vppdd.exe86⤵
-
\??\c:\vpvjd.exec:\vpvjd.exe87⤵
-
\??\c:\7lxxflr.exec:\7lxxflr.exe88⤵
-
\??\c:\lflxlrx.exec:\lflxlrx.exe89⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe90⤵
-
\??\c:\1nhnbb.exec:\1nhnbb.exe91⤵
-
\??\c:\djpjj.exec:\djpjj.exe92⤵
-
\??\c:\1dddd.exec:\1dddd.exe93⤵
-
\??\c:\xllrrxl.exec:\xllrrxl.exe94⤵
-
\??\c:\9xxlffl.exec:\9xxlffl.exe95⤵
-
\??\c:\hthtbt.exec:\hthtbt.exe96⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe97⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe98⤵
-
\??\c:\lfflrxf.exec:\lfflrxf.exe99⤵
-
\??\c:\fxrxlrl.exec:\fxrxlrl.exe100⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe101⤵
-
\??\c:\nhtbbn.exec:\nhtbbn.exe102⤵
-
\??\c:\1btbhh.exec:\1btbhh.exe103⤵
-
\??\c:\9jdvv.exec:\9jdvv.exe104⤵
-
\??\c:\pddpv.exec:\pddpv.exe105⤵
-
\??\c:\xxrflrx.exec:\xxrflrx.exe106⤵
-
\??\c:\5fllffl.exec:\5fllffl.exe107⤵
-
\??\c:\9bhnhn.exec:\9bhnhn.exe108⤵
-
\??\c:\nnbbhn.exec:\nnbbhn.exe109⤵
-
\??\c:\dddvv.exec:\dddvv.exe110⤵
-
\??\c:\ppppp.exec:\ppppp.exe111⤵
-
\??\c:\lfxxflr.exec:\lfxxflr.exe112⤵
-
\??\c:\7rlrffr.exec:\7rlrffr.exe113⤵
-
\??\c:\tntnbn.exec:\tntnbn.exe114⤵
-
\??\c:\tttbbn.exec:\tttbbn.exe115⤵
-
\??\c:\1vjpd.exec:\1vjpd.exe116⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe117⤵
-
\??\c:\ffffxfr.exec:\ffffxfr.exe118⤵
-
\??\c:\lrfxxrr.exec:\lrfxxrr.exe119⤵
-
\??\c:\nnntnn.exec:\nnntnn.exe120⤵
-
\??\c:\bthtnn.exec:\bthtnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-