Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29-05-2024 00:17
General
-
Target
1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe
-
Size
520KB
-
MD5
1d8241f54bc9fe616a9d278a6110ae10
-
SHA1
3421919049276645bef654f50dce75b3dc34e8d3
-
SHA256
03d1811f1ab5eb5a2827997f50c2600acf0ba1d94f1f7e9a459b61aee413786f
-
SHA512
d0e2bd521690c0926bcbc9776113f8347bcb68c2b9ee2e44c85258c56e25a2f3c701008e008ab52d5693bec38ca1571addfcb1211e15b207377f8592fadc45bc
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2CfNnkymTwaJ3o89H3w:q7Tc2NYHUrAwfMHNnpls489A
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 42 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d8241f54bc9fe616a9d278a6110ae10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnnnn.exec:\bbnnnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22088.exec:\22088.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthhtt.exec:\tthhtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20222.exec:\20222.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhbnh.exec:\bnhbnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\640402.exec:\640402.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8206484.exec:\8206484.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8206228.exec:\8206228.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4860284.exec:\4860284.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddd.exec:\vvddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrrfl.exec:\flxrrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnhthh.exec:\hnhthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u468006.exec:\u468006.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0020608.exec:\0020608.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbtth.exec:\btbtth.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrxxl.exec:\lxxrxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\66846.exec:\66846.exe18⤵
- Executes dropped EXE
-
\??\c:\nnbbnn.exec:\nnbbnn.exe19⤵
- Executes dropped EXE
-
\??\c:\42448.exec:\42448.exe20⤵
- Executes dropped EXE
-
\??\c:\rrllxlr.exec:\rrllxlr.exe21⤵
- Executes dropped EXE
-
\??\c:\nhhnbn.exec:\nhhnbn.exe22⤵
- Executes dropped EXE
-
\??\c:\04246.exec:\04246.exe23⤵
- Executes dropped EXE
-
\??\c:\dppjp.exec:\dppjp.exe24⤵
- Executes dropped EXE
-
\??\c:\44206.exec:\44206.exe25⤵
- Executes dropped EXE
-
\??\c:\vvppj.exec:\vvppj.exe26⤵
- Executes dropped EXE
-
\??\c:\5vjjp.exec:\5vjjp.exe27⤵
- Executes dropped EXE
-
\??\c:\xxflrxx.exec:\xxflrxx.exe28⤵
- Executes dropped EXE
-
\??\c:\7xlxlrf.exec:\7xlxlrf.exe29⤵
- Executes dropped EXE
-
\??\c:\hnhhbb.exec:\hnhhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\llxllxf.exec:\llxllxf.exe31⤵
- Executes dropped EXE
-
\??\c:\0464286.exec:\0464286.exe32⤵
- Executes dropped EXE
-
\??\c:\hnbtnh.exec:\hnbtnh.exe33⤵
- Executes dropped EXE
-
\??\c:\4884662.exec:\4884662.exe34⤵
- Executes dropped EXE
-
\??\c:\882828.exec:\882828.exe35⤵
- Executes dropped EXE
-
\??\c:\26446.exec:\26446.exe36⤵
- Executes dropped EXE
-
\??\c:\lrrrllx.exec:\lrrrllx.exe37⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe38⤵
- Executes dropped EXE
-
\??\c:\7bbhtb.exec:\7bbhtb.exe39⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\26440.exec:\26440.exe41⤵
- Executes dropped EXE
-
\??\c:\82440.exec:\82440.exe42⤵
- Executes dropped EXE
-
\??\c:\lllfrrx.exec:\lllfrrx.exe43⤵
- Executes dropped EXE
-
\??\c:\268826.exec:\268826.exe44⤵
- Executes dropped EXE
-
\??\c:\xfffllx.exec:\xfffllx.exe45⤵
- Executes dropped EXE
-
\??\c:\88486.exec:\88486.exe46⤵
- Executes dropped EXE
-
\??\c:\248426.exec:\248426.exe47⤵
- Executes dropped EXE
-
\??\c:\820066.exec:\820066.exe48⤵
- Executes dropped EXE
-
\??\c:\ttbbht.exec:\ttbbht.exe49⤵
- Executes dropped EXE
-
\??\c:\2688466.exec:\2688466.exe50⤵
- Executes dropped EXE
-
\??\c:\2200284.exec:\2200284.exe51⤵
- Executes dropped EXE
-
\??\c:\48628.exec:\48628.exe52⤵
- Executes dropped EXE
-
\??\c:\e22200.exec:\e22200.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvdp.exec:\jjvdp.exe54⤵
- Executes dropped EXE
-
\??\c:\8464204.exec:\8464204.exe55⤵
- Executes dropped EXE
-
\??\c:\ffflxlr.exec:\ffflxlr.exe56⤵
- Executes dropped EXE
-
\??\c:\ffrrxrx.exec:\ffrrxrx.exe57⤵
- Executes dropped EXE
-
\??\c:\046684.exec:\046684.exe58⤵
- Executes dropped EXE
-
\??\c:\ddvjp.exec:\ddvjp.exe59⤵
- Executes dropped EXE
-
\??\c:\nnnbhb.exec:\nnnbhb.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrlxxf.exec:\fxrlxxf.exe61⤵
- Executes dropped EXE
-
\??\c:\5frlxll.exec:\5frlxll.exe62⤵
- Executes dropped EXE
-
\??\c:\xxlflff.exec:\xxlflff.exe63⤵
- Executes dropped EXE
-
\??\c:\886628.exec:\886628.exe64⤵
- Executes dropped EXE
-
\??\c:\rflfffr.exec:\rflfffr.exe65⤵
- Executes dropped EXE
-
\??\c:\hbttnn.exec:\hbttnn.exe66⤵
-
\??\c:\8446440.exec:\8446440.exe67⤵
-
\??\c:\4846606.exec:\4846606.exe68⤵
-
\??\c:\w64406.exec:\w64406.exe69⤵
-
\??\c:\668222.exec:\668222.exe70⤵
-
\??\c:\ffllrxf.exec:\ffllrxf.exe71⤵
-
\??\c:\xrrlffr.exec:\xrrlffr.exe72⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe73⤵
-
\??\c:\e64460.exec:\e64460.exe74⤵
-
\??\c:\o062842.exec:\o062842.exe75⤵
-
\??\c:\dddjd.exec:\dddjd.exe76⤵
-
\??\c:\vdppd.exec:\vdppd.exe77⤵
-
\??\c:\000622.exec:\000622.exe78⤵
-
\??\c:\xxlrlff.exec:\xxlrlff.exe79⤵
-
\??\c:\c466246.exec:\c466246.exe80⤵
-
\??\c:\1jdjp.exec:\1jdjp.exe81⤵
-
\??\c:\q48840.exec:\q48840.exe82⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe83⤵
-
\??\c:\04002.exec:\04002.exe84⤵
-
\??\c:\nnbbtt.exec:\nnbbtt.exe85⤵
-
\??\c:\jjdpv.exec:\jjdpv.exe86⤵
-
\??\c:\6688022.exec:\6688022.exe87⤵
-
\??\c:\nhthnn.exec:\nhthnn.exe88⤵
-
\??\c:\02620.exec:\02620.exe89⤵
-
\??\c:\48624.exec:\48624.exe90⤵
-
\??\c:\88402.exec:\88402.exe91⤵
-
\??\c:\6828462.exec:\6828462.exe92⤵
-
\??\c:\g8224.exec:\g8224.exe93⤵
-
\??\c:\nhhhht.exec:\nhhhht.exe94⤵
-
\??\c:\0068228.exec:\0068228.exe95⤵
-
\??\c:\5vppj.exec:\5vppj.exe96⤵
-
\??\c:\62640.exec:\62640.exe97⤵
-
\??\c:\2688444.exec:\2688444.exe98⤵
-
\??\c:\nnttnt.exec:\nnttnt.exe99⤵
-
\??\c:\rlxfllf.exec:\rlxfllf.exe100⤵
-
\??\c:\04002.exec:\04002.exe101⤵
-
\??\c:\7pjvp.exec:\7pjvp.exe102⤵
-
\??\c:\nthhnn.exec:\nthhnn.exe103⤵
-
\??\c:\bbttbb.exec:\bbttbb.exe104⤵
-
\??\c:\5xfxlrf.exec:\5xfxlrf.exe105⤵
-
\??\c:\llfxlrx.exec:\llfxlrx.exe106⤵
-
\??\c:\llrflff.exec:\llrflff.exe107⤵
-
\??\c:\5vjvp.exec:\5vjvp.exe108⤵
-
\??\c:\3pdvv.exec:\3pdvv.exe109⤵
-
\??\c:\6482846.exec:\6482846.exe110⤵
-
\??\c:\pjppd.exec:\pjppd.exe111⤵
-
\??\c:\pppjv.exec:\pppjv.exe112⤵
-
\??\c:\604022.exec:\604022.exe113⤵
-
\??\c:\668468.exec:\668468.exe114⤵
-
\??\c:\480684.exec:\480684.exe115⤵
-
\??\c:\rrfrffr.exec:\rrfrffr.exe116⤵
-
\??\c:\s6440.exec:\s6440.exe117⤵
-
\??\c:\bbtnbh.exec:\bbtnbh.exe118⤵
-
\??\c:\xlrxfll.exec:\xlrxfll.exe119⤵
-
\??\c:\042200.exec:\042200.exe120⤵
-
\??\c:\2684062.exec:\2684062.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-