Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29/05/2024, 21:59
General
-
Target
5753a3ed64664111e67962837584ab30_NeikiAnalytics.exe
-
Size
460KB
-
MD5
5753a3ed64664111e67962837584ab30
-
SHA1
792a2d5c93083e12e890f77699ec9777398ecb12
-
SHA256
61aad338b59b0c3564afe313d06786771185c0280c0dbcce8c3f3f72dfaf0927
-
SHA512
ed5adb6cd090dfd585380e354b25dba60fc1fd3675c32a2b7083a3b0973ced52c59109307adea1eef187db2945b8bfce7e001005d216cdfa4a46f144bc190767
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/TJTaYvMmr3C9BRo7tvnJ9Fywhk/Tku2:n3C9ytvn8whkbJTaFmr3C9ytvn8whkbW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5753a3ed64664111e67962837584ab30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5753a3ed64664111e67962837584ab30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxfrlf.exec:\lfxfrlf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhnb.exec:\nnhhnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fffrxr.exec:\9fffrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbht.exec:\tnbbht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpvd.exec:\jjpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrfxxl.exec:\rxrfxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddjv.exec:\jddjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbt.exec:\thbhbt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjv.exec:\pdpjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3httnb.exec:\3httnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xrrrxl.exec:\5xrrrxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbbt.exec:\hbbbbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrxfrx.exec:\rlrxfrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhntt.exec:\nnhntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrlrlx.exec:\lfrlrlx.exe17⤵
- Executes dropped EXE
-
\??\c:\nhtthn.exec:\nhtthn.exe18⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe19⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe20⤵
- Executes dropped EXE
-
\??\c:\rlffxfr.exec:\rlffxfr.exe21⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\xxllrxr.exec:\xxllrxr.exe23⤵
- Executes dropped EXE
-
\??\c:\hbbbbt.exec:\hbbbbt.exe24⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe25⤵
- Executes dropped EXE
-
\??\c:\xfxrxlx.exec:\xfxrxlx.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xflxrll.exec:\xflxrll.exe28⤵
- Executes dropped EXE
-
\??\c:\3thhnt.exec:\3thhnt.exe29⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe30⤵
- Executes dropped EXE
-
\??\c:\3htbhn.exec:\3htbhn.exe31⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe32⤵
- Executes dropped EXE
-
\??\c:\rrflxxl.exec:\rrflxxl.exe33⤵
- Executes dropped EXE
-
\??\c:\hbnhhn.exec:\hbnhhn.exe34⤵
- Executes dropped EXE
-
\??\c:\5jvvj.exec:\5jvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\9lxlxfx.exec:\9lxlxfx.exe36⤵
- Executes dropped EXE
-
\??\c:\9tnnnt.exec:\9tnnnt.exe37⤵
- Executes dropped EXE
-
\??\c:\1jvvp.exec:\1jvvp.exe38⤵
- Executes dropped EXE
-
\??\c:\fxrrflx.exec:\fxrrflx.exe39⤵
- Executes dropped EXE
-
\??\c:\rrlflfr.exec:\rrlflfr.exe40⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\5jvvp.exec:\5jvvp.exe42⤵
- Executes dropped EXE
-
\??\c:\xxlrflr.exec:\xxlrflr.exe43⤵
- Executes dropped EXE
-
\??\c:\3tbtbb.exec:\3tbtbb.exe44⤵
- Executes dropped EXE
-
\??\c:\nhthnt.exec:\nhthnt.exe45⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\9fxflrf.exec:\9fxflrf.exe47⤵
- Executes dropped EXE
-
\??\c:\nhbnht.exec:\nhbnht.exe48⤵
- Executes dropped EXE
-
\??\c:\tthnhh.exec:\tthnhh.exe49⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe50⤵
- Executes dropped EXE
-
\??\c:\3fflfrl.exec:\3fflfrl.exe51⤵
- Executes dropped EXE
-
\??\c:\3lxlrxl.exec:\3lxlrxl.exe52⤵
- Executes dropped EXE
-
\??\c:\hhnnbh.exec:\hhnnbh.exe53⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe54⤵
- Executes dropped EXE
-
\??\c:\xffxrxx.exec:\xffxrxx.exe55⤵
- Executes dropped EXE
-
\??\c:\bbthtb.exec:\bbthtb.exe56⤵
- Executes dropped EXE
-
\??\c:\hhthbh.exec:\hhthbh.exe57⤵
- Executes dropped EXE
-
\??\c:\dpjdd.exec:\dpjdd.exe58⤵
- Executes dropped EXE
-
\??\c:\xrxlxfr.exec:\xrxlxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\xxfxfff.exec:\xxfxfff.exe60⤵
- Executes dropped EXE
-
\??\c:\bbhhtt.exec:\bbhhtt.exe61⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe62⤵
- Executes dropped EXE
-
\??\c:\vpddv.exec:\vpddv.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrfrfx.exec:\rrrfrfx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnbbhn.exec:\nnbbhn.exe65⤵
- Executes dropped EXE
-
\??\c:\hthbnt.exec:\hthbnt.exe66⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe67⤵
-
\??\c:\lfrlxrf.exec:\lfrlxrf.exe68⤵
-
\??\c:\hhhtbn.exec:\hhhtbn.exe69⤵
-
\??\c:\9vdjv.exec:\9vdjv.exe70⤵
-
\??\c:\pjddj.exec:\pjddj.exe71⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe72⤵
-
\??\c:\hbthtt.exec:\hbthtt.exe73⤵
-
\??\c:\hbbbhb.exec:\hbbbhb.exe74⤵
-
\??\c:\dvppd.exec:\dvppd.exe75⤵
-
\??\c:\3fxxxlr.exec:\3fxxxlr.exe76⤵
-
\??\c:\7xllxxr.exec:\7xllxxr.exe77⤵
-
\??\c:\tnnttt.exec:\tnnttt.exe78⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe79⤵
-
\??\c:\rrrxrxr.exec:\rrrxrxr.exe80⤵
-
\??\c:\fxllrfr.exec:\fxllrfr.exe81⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe82⤵
-
\??\c:\1pddj.exec:\1pddj.exe83⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe84⤵
-
\??\c:\ffrrrfl.exec:\ffrrrfl.exe85⤵
-
\??\c:\bbtbtt.exec:\bbtbtt.exe86⤵
-
\??\c:\5tnntb.exec:\5tnntb.exe87⤵
-
\??\c:\dvvvj.exec:\dvvvj.exe88⤵
-
\??\c:\xlflxlx.exec:\xlflxlx.exe89⤵
-
\??\c:\btbbbn.exec:\btbbbn.exe90⤵
-
\??\c:\bthbbt.exec:\bthbbt.exe91⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe92⤵
-
\??\c:\1lffrrf.exec:\1lffrrf.exe93⤵
-
\??\c:\rxfxxxr.exec:\rxfxxxr.exe94⤵
-
\??\c:\hbnhnn.exec:\hbnhnn.exe95⤵
-
\??\c:\9pjdj.exec:\9pjdj.exe96⤵
-
\??\c:\vppvd.exec:\vppvd.exe97⤵
-
\??\c:\xxxfrxl.exec:\xxxfrxl.exe98⤵
-
\??\c:\hhthtn.exec:\hhthtn.exe99⤵
-
\??\c:\tnttbh.exec:\tnttbh.exe100⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe101⤵
-
\??\c:\ffxlxff.exec:\ffxlxff.exe102⤵
-
\??\c:\xxrrlrf.exec:\xxrrlrf.exe103⤵
-
\??\c:\bbthnn.exec:\bbthnn.exe104⤵
-
\??\c:\vpddv.exec:\vpddv.exe105⤵
-
\??\c:\vdddd.exec:\vdddd.exe106⤵
-
\??\c:\xrrxffr.exec:\xrrxffr.exe107⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe108⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe109⤵
-
\??\c:\rxxlxll.exec:\rxxlxll.exe110⤵
-
\??\c:\3lflrfr.exec:\3lflrfr.exe111⤵
-
\??\c:\nttnbb.exec:\nttnbb.exe112⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe113⤵
-
\??\c:\vpjvj.exec:\vpjvj.exe114⤵
-
\??\c:\lllllll.exec:\lllllll.exe115⤵
-
\??\c:\7nhtbn.exec:\7nhtbn.exe116⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe117⤵
-
\??\c:\vdpdp.exec:\vdpdp.exe118⤵
-
\??\c:\lllrxfl.exec:\lllrxfl.exe119⤵
-
\??\c:\nnbntb.exec:\nnbntb.exe120⤵
-
\??\c:\httbbb.exec:\httbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-