Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
31-05-2024 00:07
General
-
Target
6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe
-
Size
55KB
-
MD5
6e59366cbf414d2f36b1c406de666110
-
SHA1
fa4d33307c702ba6e3ae81d0fc62fc1d6d857b60
-
SHA256
2dcbd3b8e67df09445a5c4149d249517abe460116654826fc57cb3cc74970c1b
-
SHA512
3dffd5182850e60bf92753116dbd0da7144b1fb3df04305797eae64cd175527c23909779d0fe54a1d6c42493e41e6656fc00761bcc08d2934473641e17274317
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEVB:ymb3NkkiQ3mdBjFIe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6e59366cbf414d2f36b1c406de666110_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1dddd.exec:\1dddd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflrlf.exec:\ffflrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpvj.exec:\jdpvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrxrfr.exec:\rfrxrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthnt.exec:\ttthnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppd.exec:\dvppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrxxlf.exec:\xlrxxlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhbn.exec:\bbbhbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjpjj.exec:\jjpjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxfrfl.exec:\5fxfrfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnntt.exec:\btnntt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdjp.exec:\jjdjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rfxlxl.exec:\1rfxlxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxrrrf.exec:\5xxrrrf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbbtb.exec:\thbbtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvv.exec:\jjvvv.exe17⤵
- Executes dropped EXE
-
\??\c:\lfrfxrx.exec:\lfrfxrx.exe18⤵
- Executes dropped EXE
-
\??\c:\tbhbhb.exec:\tbhbhb.exe19⤵
- Executes dropped EXE
-
\??\c:\dvvjj.exec:\dvvjj.exe20⤵
- Executes dropped EXE
-
\??\c:\rrflxxx.exec:\rrflxxx.exe21⤵
- Executes dropped EXE
-
\??\c:\flxlxlr.exec:\flxlxlr.exe22⤵
- Executes dropped EXE
-
\??\c:\tnthtb.exec:\tnthtb.exe23⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe24⤵
- Executes dropped EXE
-
\??\c:\vppdd.exec:\vppdd.exe25⤵
- Executes dropped EXE
-
\??\c:\llxxlrf.exec:\llxxlrf.exe26⤵
- Executes dropped EXE
-
\??\c:\ntbbhb.exec:\ntbbhb.exe27⤵
- Executes dropped EXE
-
\??\c:\9httht.exec:\9httht.exe28⤵
- Executes dropped EXE
-
\??\c:\5vpdd.exec:\5vpdd.exe29⤵
- Executes dropped EXE
-
\??\c:\5lflxlf.exec:\5lflxlf.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbnhn.exec:\hbbnhn.exe31⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe32⤵
- Executes dropped EXE
-
\??\c:\ffxffrr.exec:\ffxffrr.exe33⤵
- Executes dropped EXE
-
\??\c:\btnhhb.exec:\btnhhb.exe34⤵
- Executes dropped EXE
-
\??\c:\nbbhtb.exec:\nbbhtb.exe35⤵
- Executes dropped EXE
-
\??\c:\jjvjj.exec:\jjvjj.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpvv.exec:\pjpvv.exe37⤵
- Executes dropped EXE
-
\??\c:\fxfllrf.exec:\fxfllrf.exe38⤵
- Executes dropped EXE
-
\??\c:\xrflrxf.exec:\xrflrxf.exe39⤵
- Executes dropped EXE
-
\??\c:\hthnhn.exec:\hthnhn.exe40⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe41⤵
- Executes dropped EXE
-
\??\c:\ddjpd.exec:\ddjpd.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpjv.exec:\jdpjv.exe43⤵
- Executes dropped EXE
-
\??\c:\7lrxrfx.exec:\7lrxrfx.exe44⤵
- Executes dropped EXE
-
\??\c:\3rlrxxf.exec:\3rlrxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\1tnhnh.exec:\1tnhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\1ddvj.exec:\1ddvj.exe47⤵
- Executes dropped EXE
-
\??\c:\fllflrr.exec:\fllflrr.exe48⤵
- Executes dropped EXE
-
\??\c:\1rlrffr.exec:\1rlrffr.exe49⤵
- Executes dropped EXE
-
\??\c:\9hbnth.exec:\9hbnth.exe50⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe51⤵
- Executes dropped EXE
-
\??\c:\7vvpv.exec:\7vvpv.exe52⤵
- Executes dropped EXE
-
\??\c:\llfrlff.exec:\llfrlff.exe53⤵
- Executes dropped EXE
-
\??\c:\llllxll.exec:\llllxll.exe54⤵
- Executes dropped EXE
-
\??\c:\9nbnhn.exec:\9nbnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\flrxffl.exec:\flrxffl.exe58⤵
- Executes dropped EXE
-
\??\c:\tttbhb.exec:\tttbhb.exe59⤵
- Executes dropped EXE
-
\??\c:\nnnbht.exec:\nnnbht.exe60⤵
- Executes dropped EXE
-
\??\c:\djjvp.exec:\djjvp.exe61⤵
- Executes dropped EXE
-
\??\c:\3pdpj.exec:\3pdpj.exe62⤵
- Executes dropped EXE
-
\??\c:\frrlfxr.exec:\frrlfxr.exe63⤵
- Executes dropped EXE
-
\??\c:\xxfrflx.exec:\xxfrflx.exe64⤵
- Executes dropped EXE
-
\??\c:\7nbbnn.exec:\7nbbnn.exe65⤵
- Executes dropped EXE
-
\??\c:\3bthhh.exec:\3bthhh.exe66⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe67⤵
-
\??\c:\7lfrflf.exec:\7lfrflf.exe68⤵
-
\??\c:\lxrlfxl.exec:\lxrlfxl.exe69⤵
-
\??\c:\nntbbt.exec:\nntbbt.exe70⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe71⤵
-
\??\c:\5jjjj.exec:\5jjjj.exe72⤵
-
\??\c:\xlrrlxx.exec:\xlrrlxx.exe73⤵
-
\??\c:\llflrrl.exec:\llflrrl.exe74⤵
-
\??\c:\nbthtb.exec:\nbthtb.exe75⤵
-
\??\c:\ppvdv.exec:\ppvdv.exe76⤵
-
\??\c:\pppvp.exec:\pppvp.exe77⤵
-
\??\c:\lxrffrl.exec:\lxrffrl.exe78⤵
-
\??\c:\frllfrf.exec:\frllfrf.exe79⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe80⤵
-
\??\c:\tntnnb.exec:\tntnnb.exe81⤵
-
\??\c:\3jvjv.exec:\3jvjv.exe82⤵
-
\??\c:\fxrxllf.exec:\fxrxllf.exe83⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe84⤵
-
\??\c:\ttntbb.exec:\ttntbb.exe85⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe86⤵
-
\??\c:\jjjpv.exec:\jjjpv.exe87⤵
-
\??\c:\frllffr.exec:\frllffr.exe88⤵
-
\??\c:\7rffxxx.exec:\7rffxxx.exe89⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe90⤵
-
\??\c:\ddvpv.exec:\ddvpv.exe91⤵
-
\??\c:\9djvp.exec:\9djvp.exe92⤵
-
\??\c:\ffxxrlx.exec:\ffxxrlx.exe93⤵
-
\??\c:\rrlflxf.exec:\rrlflxf.exe94⤵
-
\??\c:\thntbh.exec:\thntbh.exe95⤵
-
\??\c:\nbtntn.exec:\nbtntn.exe96⤵
-
\??\c:\vjppd.exec:\vjppd.exe97⤵
-
\??\c:\pvjpv.exec:\pvjpv.exe98⤵
-
\??\c:\ffxrrfl.exec:\ffxrrfl.exe99⤵
-
\??\c:\fxrxrxx.exec:\fxrxrxx.exe100⤵
-
\??\c:\btnnbh.exec:\btnnbh.exe101⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe102⤵
-
\??\c:\5dvdv.exec:\5dvdv.exe103⤵
-
\??\c:\fffxlrf.exec:\fffxlrf.exe104⤵
-
\??\c:\5xrrxff.exec:\5xrrxff.exe105⤵
-
\??\c:\ntnnnn.exec:\ntnnnn.exe106⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe107⤵
-
\??\c:\vvdvj.exec:\vvdvj.exe108⤵
-
\??\c:\9rfrxrr.exec:\9rfrxrr.exe109⤵
-
\??\c:\rffxfrx.exec:\rffxfrx.exe110⤵
-
\??\c:\ntbbbt.exec:\ntbbbt.exe111⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe112⤵
-
\??\c:\jdppv.exec:\jdppv.exe113⤵
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe114⤵
-
\??\c:\9fxfrlf.exec:\9fxfrlf.exe115⤵
-
\??\c:\tthbbt.exec:\tthbbt.exe116⤵
-
\??\c:\tnhhhb.exec:\tnhhhb.exe117⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe118⤵
-
\??\c:\3ffxfff.exec:\3ffxfff.exe119⤵
-
\??\c:\xxlrrxr.exec:\xxlrrxr.exe120⤵
-
\??\c:\tbhnnt.exec:\tbhnnt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-