Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
30-05-2024 22:57
General
-
Target
6be826529daad59455168e12fb86bbf0_NeikiAnalytics.exe
-
Size
59KB
-
MD5
6be826529daad59455168e12fb86bbf0
-
SHA1
48ec0d4d2c7f7c3564a3006d4948b327c00d3bbf
-
SHA256
0170eb96e3b819c1bd6490e8baa518d635d2548a28398b1282e262cd76c0089c
-
SHA512
bb8d3b46298792672f160bae05f83f58c35707ed938692a7a1be0a2abf1e81f96a9a5ce4bfacf4c5cee582087c2f2e6b56fc2380c60a91ec2d55fd23031970a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsImshz:ymb3NkkiQ3mdBjFIsIFhz
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6be826529daad59455168e12fb86bbf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6be826529daad59455168e12fb86bbf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7pvpj.exec:\7pvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxfr.exec:\lfrxxfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrrlr.exec:\xlrrrlr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nbhnb.exec:\7nbhnb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hbhbh.exec:\9hbhbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dvjd.exec:\5dvjd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpv.exec:\1vvpv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffrxfx.exec:\9ffrxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbbnn.exec:\7bbbnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbnb.exec:\ntnbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dpdp.exec:\5dpdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdjp.exec:\5pdjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjjj.exec:\pjjjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlfffl.exec:\lxlfffl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflrxf.exec:\xrflrxf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnnnn.exec:\thnnnn.exe17⤵
- Executes dropped EXE
-
\??\c:\7hnntn.exec:\7hnntn.exe18⤵
- Executes dropped EXE
-
\??\c:\jvjdd.exec:\jvjdd.exe19⤵
- Executes dropped EXE
-
\??\c:\ddjvp.exec:\ddjvp.exe20⤵
- Executes dropped EXE
-
\??\c:\lxrrflf.exec:\lxrrflf.exe21⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe22⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe23⤵
- Executes dropped EXE
-
\??\c:\9thnnn.exec:\9thnnn.exe24⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe25⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe26⤵
- Executes dropped EXE
-
\??\c:\llrxllf.exec:\llrxllf.exe27⤵
- Executes dropped EXE
-
\??\c:\bhnnnb.exec:\bhnnnb.exe28⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe29⤵
- Executes dropped EXE
-
\??\c:\3dvvj.exec:\3dvvj.exe30⤵
- Executes dropped EXE
-
\??\c:\fxlrrrx.exec:\fxlrrrx.exe31⤵
- Executes dropped EXE
-
\??\c:\7lrrrrr.exec:\7lrrrrr.exe32⤵
- Executes dropped EXE
-
\??\c:\fxlrffl.exec:\fxlrffl.exe33⤵
- Executes dropped EXE
-
\??\c:\5nbbtn.exec:\5nbbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\7pvjj.exec:\7pvjj.exe35⤵
- Executes dropped EXE
-
\??\c:\pdddd.exec:\pdddd.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxxffl.exec:\rlxxffl.exe37⤵
- Executes dropped EXE
-
\??\c:\fxflrll.exec:\fxflrll.exe38⤵
- Executes dropped EXE
-
\??\c:\rflffxr.exec:\rflffxr.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnhtn.exec:\hbnhtn.exe40⤵
- Executes dropped EXE
-
\??\c:\jdppd.exec:\jdppd.exe41⤵
- Executes dropped EXE
-
\??\c:\vpdvv.exec:\vpdvv.exe42⤵
- Executes dropped EXE
-
\??\c:\5ppjp.exec:\5ppjp.exe43⤵
- Executes dropped EXE
-
\??\c:\xfllfxx.exec:\xfllfxx.exe44⤵
- Executes dropped EXE
-
\??\c:\xrflffl.exec:\xrflffl.exe45⤵
- Executes dropped EXE
-
\??\c:\frrlxrl.exec:\frrlxrl.exe46⤵
- Executes dropped EXE
-
\??\c:\5thhtn.exec:\5thhtn.exe47⤵
- Executes dropped EXE
-
\??\c:\hhtbbb.exec:\hhtbbb.exe48⤵
- Executes dropped EXE
-
\??\c:\tnnhhb.exec:\tnnhhb.exe49⤵
- Executes dropped EXE
-
\??\c:\pdvdj.exec:\pdvdj.exe50⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe51⤵
- Executes dropped EXE
-
\??\c:\rrxxrlx.exec:\rrxxrlx.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxfrrx.exec:\ffxfrrx.exe53⤵
- Executes dropped EXE
-
\??\c:\7hbnbb.exec:\7hbnbb.exe54⤵
- Executes dropped EXE
-
\??\c:\hbbnnh.exec:\hbbnnh.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\5djdd.exec:\5djdd.exe57⤵
- Executes dropped EXE
-
\??\c:\1jdjp.exec:\1jdjp.exe58⤵
- Executes dropped EXE
-
\??\c:\5fxlxxl.exec:\5fxlxxl.exe59⤵
- Executes dropped EXE
-
\??\c:\lxfxffl.exec:\lxfxffl.exe60⤵
- Executes dropped EXE
-
\??\c:\1btbhn.exec:\1btbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\nbhntt.exec:\nbhntt.exe62⤵
- Executes dropped EXE
-
\??\c:\jvdpp.exec:\jvdpp.exe63⤵
- Executes dropped EXE
-
\??\c:\xlxxrxx.exec:\xlxxrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\frxxxrx.exec:\frxxxrx.exe65⤵
- Executes dropped EXE
-
\??\c:\frrrrlf.exec:\frrrrlf.exe66⤵
-
\??\c:\hhttbb.exec:\hhttbb.exe67⤵
-
\??\c:\btnthb.exec:\btnthb.exe68⤵
-
\??\c:\pjddp.exec:\pjddp.exe69⤵
-
\??\c:\7vjjd.exec:\7vjjd.exe70⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe71⤵
-
\??\c:\xrfllll.exec:\xrfllll.exe72⤵
-
\??\c:\lxlxllr.exec:\lxlxllr.exe73⤵
-
\??\c:\tbtnnb.exec:\tbtnnb.exe74⤵
-
\??\c:\hbthnt.exec:\hbthnt.exe75⤵
-
\??\c:\7dpvd.exec:\7dpvd.exe76⤵
-
\??\c:\dvvdp.exec:\dvvdp.exe77⤵
-
\??\c:\ddvvj.exec:\ddvvj.exe78⤵
-
\??\c:\rrrlffr.exec:\rrrlffr.exe79⤵
-
\??\c:\xllflfr.exec:\xllflfr.exe80⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe81⤵
-
\??\c:\rlxxffr.exec:\rlxxffr.exe82⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe83⤵
-
\??\c:\hhthtb.exec:\hhthtb.exe84⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe85⤵
-
\??\c:\ffxxlrf.exec:\ffxxlrf.exe86⤵
-
\??\c:\llxxfff.exec:\llxxfff.exe87⤵
-
\??\c:\llffrfx.exec:\llffrfx.exe88⤵
-
\??\c:\3bbhbb.exec:\3bbhbb.exe89⤵
-
\??\c:\3bnnnn.exec:\3bnnnn.exe90⤵
-
\??\c:\nhhntt.exec:\nhhntt.exe91⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe92⤵
-
\??\c:\pjvdv.exec:\pjvdv.exe93⤵
-
\??\c:\dvpdd.exec:\dvpdd.exe94⤵
-
\??\c:\rrlflxr.exec:\rrlflxr.exe95⤵
-
\??\c:\5rffrxx.exec:\5rffrxx.exe96⤵
-
\??\c:\rrfrfxf.exec:\rrfrfxf.exe97⤵
-
\??\c:\ttbhtt.exec:\ttbhtt.exe98⤵
-
\??\c:\3nbhhn.exec:\3nbhhn.exe99⤵
-
\??\c:\nnhnbh.exec:\nnhnbh.exe100⤵
-
\??\c:\jdjvj.exec:\jdjvj.exe101⤵
-
\??\c:\ppjjp.exec:\ppjjp.exe102⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe103⤵
-
\??\c:\5lfxxxf.exec:\5lfxxxf.exe104⤵
-
\??\c:\1lllrrf.exec:\1lllrrf.exe105⤵
-
\??\c:\lxflffr.exec:\lxflffr.exe106⤵
-
\??\c:\bhnbht.exec:\bhnbht.exe107⤵
-
\??\c:\ttnhth.exec:\ttnhth.exe108⤵
-
\??\c:\tbnntt.exec:\tbnntt.exe109⤵
-
\??\c:\vvjjp.exec:\vvjjp.exe110⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe111⤵
-
\??\c:\pjpdv.exec:\pjpdv.exe112⤵
-
\??\c:\jjppd.exec:\jjppd.exe113⤵
-
\??\c:\9ffrflx.exec:\9ffrflx.exe114⤵
-
\??\c:\5llxllx.exec:\5llxllx.exe115⤵
-
\??\c:\fxffxxr.exec:\fxffxxr.exe116⤵
-
\??\c:\ttbtht.exec:\ttbtht.exe117⤵
-
\??\c:\7hbntb.exec:\7hbntb.exe118⤵
-
\??\c:\3hthbb.exec:\3hthbb.exe119⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe120⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-