Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
30/05/2024, 05:47
General
-
Target
670a366d9c3502226bb44d289bca8280_NeikiAnalytics.exe
-
Size
70KB
-
MD5
670a366d9c3502226bb44d289bca8280
-
SHA1
72588d8b3c4df118caeff8a3534a3f6c407f1146
-
SHA256
33754ec150fe48c025ef07cd0b88cd2ac86218dde1598bf01851bd56d48e160d
-
SHA512
6fdc2b8f792c2581715aaccdb75151f3d812046b4df8a75a1160ecdd7446ba8c0d1ff639886cfd42d6b246cab7d08be5e720f7827963f6656dff1eaf272fc450
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7tAHEqSCkKWSq:ymb3NkkiQ3mdBjFIynIKq
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\670a366d9c3502226bb44d289bca8280_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\670a366d9c3502226bb44d289bca8280_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflxlx.exec:\xlflxlx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhtnt.exec:\9nhtnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dpdp.exec:\7dpdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxllrf.exec:\lfxllrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntbth.exec:\tntbth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpp.exec:\5pvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lflxfr.exec:\5lflxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthnbh.exec:\bthnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdd.exec:\djvdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffllrl.exec:\xffllrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rffxff.exec:\1rffxff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnnnh.exec:\nbnnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvpj.exec:\pjvpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxfrxr.exec:\1rxfrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbnt.exec:\5tnbnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nthbh.exec:\1nthbh.exe17⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe18⤵
- Executes dropped EXE
-
\??\c:\xrxrffx.exec:\xrxrffx.exe19⤵
- Executes dropped EXE
-
\??\c:\nntbht.exec:\nntbht.exe20⤵
- Executes dropped EXE
-
\??\c:\3jpvp.exec:\3jpvp.exe21⤵
- Executes dropped EXE
-
\??\c:\5jpvp.exec:\5jpvp.exe22⤵
- Executes dropped EXE
-
\??\c:\3xxrllx.exec:\3xxrllx.exe23⤵
- Executes dropped EXE
-
\??\c:\3tbbbb.exec:\3tbbbb.exe24⤵
- Executes dropped EXE
-
\??\c:\nnbnht.exec:\nnbnht.exe25⤵
- Executes dropped EXE
-
\??\c:\pvvjj.exec:\pvvjj.exe26⤵
- Executes dropped EXE
-
\??\c:\rlflfxr.exec:\rlflfxr.exe27⤵
- Executes dropped EXE
-
\??\c:\3frxllr.exec:\3frxllr.exe28⤵
- Executes dropped EXE
-
\??\c:\1ntbht.exec:\1ntbht.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvjp.exec:\jvvjp.exe30⤵
- Executes dropped EXE
-
\??\c:\dvddj.exec:\dvddj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrxxlxf.exec:\rrxxlxf.exe32⤵
- Executes dropped EXE
-
\??\c:\tntbtt.exec:\tntbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\7hbhbh.exec:\7hbhbh.exe34⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe35⤵
-
\??\c:\ffxrxlx.exec:\ffxrxlx.exe36⤵
- Executes dropped EXE
-
\??\c:\5rxlxff.exec:\5rxlxff.exe37⤵
- Executes dropped EXE
-
\??\c:\hbbntb.exec:\hbbntb.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtnbn.exec:\hbtnbn.exe39⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe40⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe41⤵
- Executes dropped EXE
-
\??\c:\xrllxxr.exec:\xrllxxr.exe42⤵
- Executes dropped EXE
-
\??\c:\llfxrfl.exec:\llfxrfl.exe43⤵
- Executes dropped EXE
-
\??\c:\thhntt.exec:\thhntt.exe44⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe45⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe46⤵
- Executes dropped EXE
-
\??\c:\9xrllfx.exec:\9xrllfx.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxxlxx.exec:\rlxxlxx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtthn.exec:\bbtthn.exe49⤵
- Executes dropped EXE
-
\??\c:\vvdpd.exec:\vvdpd.exe50⤵
- Executes dropped EXE
-
\??\c:\pdvpp.exec:\pdvpp.exe51⤵
- Executes dropped EXE
-
\??\c:\3xxlfrl.exec:\3xxlfrl.exe52⤵
- Executes dropped EXE
-
\??\c:\xrflrfl.exec:\xrflrfl.exe53⤵
- Executes dropped EXE
-
\??\c:\ttbnhb.exec:\ttbnhb.exe54⤵
- Executes dropped EXE
-
\??\c:\7tnnht.exec:\7tnnht.exe55⤵
- Executes dropped EXE
-
\??\c:\dpvjp.exec:\dpvjp.exe56⤵
- Executes dropped EXE
-
\??\c:\rrrrrfr.exec:\rrrrrfr.exe57⤵
- Executes dropped EXE
-
\??\c:\llxlrrx.exec:\llxlrrx.exe58⤵
- Executes dropped EXE
-
\??\c:\dppvd.exec:\dppvd.exe59⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe60⤵
- Executes dropped EXE
-
\??\c:\9rllfrf.exec:\9rllfrf.exe61⤵
- Executes dropped EXE
-
\??\c:\nbnttb.exec:\nbnttb.exe62⤵
- Executes dropped EXE
-
\??\c:\hhnntt.exec:\hhnntt.exe63⤵
- Executes dropped EXE
-
\??\c:\vvdvj.exec:\vvdvj.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe65⤵
- Executes dropped EXE
-
\??\c:\rxxxrfr.exec:\rxxxrfr.exe66⤵
- Executes dropped EXE
-
\??\c:\rfxrrfx.exec:\rfxrrfx.exe67⤵
-
\??\c:\ttbnnh.exec:\ttbnnh.exe68⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe69⤵
-
\??\c:\dvjpv.exec:\dvjpv.exe70⤵
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe71⤵
-
\??\c:\7xfxfxl.exec:\7xfxfxl.exe72⤵
-
\??\c:\btbhhn.exec:\btbhhn.exe73⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe74⤵
-
\??\c:\5jjvd.exec:\5jjvd.exe75⤵
-
\??\c:\xlxflxl.exec:\xlxflxl.exe76⤵
-
\??\c:\rxfxrxr.exec:\rxfxrxr.exe77⤵
-
\??\c:\3bbhnt.exec:\3bbhnt.exe78⤵
-
\??\c:\nnnhhn.exec:\nnnhhn.exe79⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe80⤵
-
\??\c:\vdvjd.exec:\vdvjd.exe81⤵
-
\??\c:\xrffrxl.exec:\xrffrxl.exe82⤵
-
\??\c:\xlrxrrl.exec:\xlrxrrl.exe83⤵
-
\??\c:\3htnhb.exec:\3htnhb.exe84⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe85⤵
-
\??\c:\3vddv.exec:\3vddv.exe86⤵
-
\??\c:\fxfflxl.exec:\fxfflxl.exe87⤵
-
\??\c:\3frxxfl.exec:\3frxxfl.exe88⤵
-
\??\c:\bnhnnt.exec:\bnhnnt.exe89⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe90⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe91⤵
-
\??\c:\flrxllx.exec:\flrxllx.exe92⤵
-
\??\c:\rxlxxff.exec:\rxlxxff.exe93⤵
-
\??\c:\hbbhbh.exec:\hbbhbh.exe94⤵
-
\??\c:\ttthbh.exec:\ttthbh.exe95⤵
-
\??\c:\ddvjd.exec:\ddvjd.exe96⤵
-
\??\c:\9vjjp.exec:\9vjjp.exe97⤵
-
\??\c:\rrfllxf.exec:\rrfllxf.exe98⤵
-
\??\c:\rflrfxf.exec:\rflrfxf.exe99⤵
-
\??\c:\hbbthn.exec:\hbbthn.exe100⤵
-
\??\c:\hbnhnt.exec:\hbnhnt.exe101⤵
-
\??\c:\1vjdd.exec:\1vjdd.exe102⤵
-
\??\c:\3jdpj.exec:\3jdpj.exe103⤵
-
\??\c:\xrrffrx.exec:\xrrffrx.exe104⤵
-
\??\c:\lfrrxfx.exec:\lfrrxfx.exe105⤵
-
\??\c:\thnnnb.exec:\thnnnb.exe106⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe107⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe108⤵
-
\??\c:\dvvdv.exec:\dvvdv.exe109⤵
-
\??\c:\jddpp.exec:\jddpp.exe110⤵
-
\??\c:\frrrrrr.exec:\frrrrrr.exe111⤵
-
\??\c:\9xfrxfx.exec:\9xfrxfx.exe112⤵
-
\??\c:\thttbh.exec:\thttbh.exe113⤵
-
\??\c:\ntbtbb.exec:\ntbtbb.exe114⤵
-
\??\c:\jdvjj.exec:\jdvjj.exe115⤵
-
\??\c:\7pppd.exec:\7pppd.exe116⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe117⤵
-
\??\c:\9ffrrrl.exec:\9ffrrrl.exe118⤵
-
\??\c:\5bbhht.exec:\5bbhht.exe119⤵
-
\??\c:\hbntnn.exec:\hbntnn.exe120⤵
-
\??\c:\vppdj.exec:\vppdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-