Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
31-05-2024 19:25
General
-
Target
0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe
-
Size
62KB
-
MD5
0c86dfa8feef7c24c5b5137eae705760
-
SHA1
4521e0c33a974b2a1e64f2ab6e7997046916c7eb
-
SHA256
f049bc9b8865d0927215c0f6052f96263ff357ef8947bb92966dadb2cf58279a
-
SHA512
0f90a04a8bb8d871ee6d46ee765d9acbed8fc031fa572d82d8c624870f3ca7298fa741c21f7374892b4e65d3e1bef59540e7c567b3b62116ebc9eb790e273ecd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKE4:ymb3NkkiQ3mdBjFII9ZvHKE4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c86dfa8feef7c24c5b5137eae705760_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bbntnb.exec:\bbntnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxfffl.exec:\xrxfffl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbttbh.exec:\hbttbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdj.exec:\jjvdj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfxlx.exec:\rlxfxlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrfrf.exec:\llfrfrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbtn.exec:\bbhbtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtbb.exec:\nnbtbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvdd.exec:\ddvdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrrlx.exec:\xllrrlx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrfr.exec:\lfxlrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnntnt.exec:\nnntnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvdj.exec:\jjvdj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxfrxr.exec:\9fxfrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrxlxr.exec:\9xrxlxr.exe17⤵
- Executes dropped EXE
-
\??\c:\btntht.exec:\btntht.exe18⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe19⤵
- Executes dropped EXE
-
\??\c:\xrlrflx.exec:\xrlrflx.exe20⤵
- Executes dropped EXE
-
\??\c:\5rfxxrr.exec:\5rfxxrr.exe21⤵
- Executes dropped EXE
-
\??\c:\bbnbnh.exec:\bbnbnh.exe22⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe23⤵
- Executes dropped EXE
-
\??\c:\7xlxfrx.exec:\7xlxfrx.exe24⤵
- Executes dropped EXE
-
\??\c:\fllxxrx.exec:\fllxxrx.exe25⤵
- Executes dropped EXE
-
\??\c:\ttnbth.exec:\ttnbth.exe26⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe27⤵
- Executes dropped EXE
-
\??\c:\1flrflr.exec:\1flrflr.exe28⤵
- Executes dropped EXE
-
\??\c:\fxrrxll.exec:\fxrrxll.exe29⤵
- Executes dropped EXE
-
\??\c:\ttbhbb.exec:\ttbhbb.exe30⤵
- Executes dropped EXE
-
\??\c:\5nbnnn.exec:\5nbnnn.exe31⤵
- Executes dropped EXE
-
\??\c:\ppvjd.exec:\ppvjd.exe32⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe33⤵
- Executes dropped EXE
-
\??\c:\5xxlxlf.exec:\5xxlxlf.exe34⤵
- Executes dropped EXE
-
\??\c:\nhtbtb.exec:\nhtbtb.exe35⤵
- Executes dropped EXE
-
\??\c:\3nnhnt.exec:\3nnhnt.exe36⤵
- Executes dropped EXE
-
\??\c:\jjddp.exec:\jjddp.exe37⤵
- Executes dropped EXE
-
\??\c:\3ppdd.exec:\3ppdd.exe38⤵
- Executes dropped EXE
-
\??\c:\rlfllrx.exec:\rlfllrx.exe39⤵
- Executes dropped EXE
-
\??\c:\fxrfflx.exec:\fxrfflx.exe40⤵
- Executes dropped EXE
-
\??\c:\bththh.exec:\bththh.exe41⤵
- Executes dropped EXE
-
\??\c:\7bbhhb.exec:\7bbhhb.exe42⤵
- Executes dropped EXE
-
\??\c:\5pdvj.exec:\5pdvj.exe43⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe44⤵
- Executes dropped EXE
-
\??\c:\lrxllfr.exec:\lrxllfr.exe45⤵
- Executes dropped EXE
-
\??\c:\xxllrrf.exec:\xxllrrf.exe46⤵
- Executes dropped EXE
-
\??\c:\btbtnn.exec:\btbtnn.exe47⤵
- Executes dropped EXE
-
\??\c:\tthbnn.exec:\tthbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\jdvdv.exec:\jdvdv.exe49⤵
- Executes dropped EXE
-
\??\c:\jddjp.exec:\jddjp.exe50⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe51⤵
- Executes dropped EXE
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe52⤵
- Executes dropped EXE
-
\??\c:\1nhntt.exec:\1nhntt.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\fxrxrrx.exec:\fxrxrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe57⤵
- Executes dropped EXE
-
\??\c:\bbnthh.exec:\bbnthh.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\pjjvd.exec:\pjjvd.exe60⤵
- Executes dropped EXE
-
\??\c:\5lxfrxl.exec:\5lxfrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\hbhnbh.exec:\hbhnbh.exe62⤵
- Executes dropped EXE
-
\??\c:\nnntht.exec:\nnntht.exe63⤵
- Executes dropped EXE
-
\??\c:\vvjpp.exec:\vvjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjvd.exec:\ppjvd.exe65⤵
- Executes dropped EXE
-
\??\c:\lffrrfr.exec:\lffrrfr.exe66⤵
-
\??\c:\ttbnbt.exec:\ttbnbt.exe67⤵
-
\??\c:\thntbb.exec:\thntbb.exe68⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe69⤵
-
\??\c:\vvjjv.exec:\vvjjv.exe70⤵
-
\??\c:\jddvj.exec:\jddvj.exe71⤵
-
\??\c:\xrflxfr.exec:\xrflxfr.exe72⤵
-
\??\c:\xrfrxrl.exec:\xrfrxrl.exe73⤵
-
\??\c:\tnthbn.exec:\tnthbn.exe74⤵
-
\??\c:\hhntnn.exec:\hhntnn.exe75⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe76⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe77⤵
-
\??\c:\xrlxlrf.exec:\xrlxlrf.exe78⤵
-
\??\c:\rrrxrxf.exec:\rrrxrxf.exe79⤵
-
\??\c:\bhhnth.exec:\bhhnth.exe80⤵
-
\??\c:\5bbhbb.exec:\5bbhbb.exe81⤵
-
\??\c:\ppvvj.exec:\ppvvj.exe82⤵
-
\??\c:\rfxlllr.exec:\rfxlllr.exe83⤵
-
\??\c:\xrxfxxl.exec:\xrxfxxl.exe84⤵
-
\??\c:\hbbhhh.exec:\hbbhhh.exe85⤵
-
\??\c:\ntttbt.exec:\ntttbt.exe86⤵
-
\??\c:\pppdv.exec:\pppdv.exe87⤵
-
\??\c:\jvjdd.exec:\jvjdd.exe88⤵
-
\??\c:\rxflfrx.exec:\rxflfrx.exe89⤵
-
\??\c:\xxrrfrf.exec:\xxrrfrf.exe90⤵
-
\??\c:\hbbnbh.exec:\hbbnbh.exe91⤵
-
\??\c:\thbhnb.exec:\thbhnb.exe92⤵
-
\??\c:\pdppd.exec:\pdppd.exe93⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe94⤵
-
\??\c:\rlfrrll.exec:\rlfrrll.exe95⤵
-
\??\c:\bhttnn.exec:\bhttnn.exe96⤵
-
\??\c:\7htttt.exec:\7htttt.exe97⤵
-
\??\c:\jvvvp.exec:\jvvvp.exe98⤵
-
\??\c:\xlrllff.exec:\xlrllff.exe99⤵
-
\??\c:\rlfxlxx.exec:\rlfxlxx.exe100⤵
-
\??\c:\tthhnh.exec:\tthhnh.exe101⤵
-
\??\c:\tnhtnn.exec:\tnhtnn.exe102⤵
-
\??\c:\vdvjj.exec:\vdvjj.exe103⤵
-
\??\c:\dvpdj.exec:\dvpdj.exe104⤵
-
\??\c:\lffxflx.exec:\lffxflx.exe105⤵
-
\??\c:\xxfxrfl.exec:\xxfxrfl.exe106⤵
-
\??\c:\hnbtbh.exec:\hnbtbh.exe107⤵
-
\??\c:\3bnbbb.exec:\3bnbbb.exe108⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe109⤵
-
\??\c:\jddpp.exec:\jddpp.exe110⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe111⤵
-
\??\c:\fxxfrxf.exec:\fxxfrxf.exe112⤵
-
\??\c:\fxrfxlx.exec:\fxrfxlx.exe113⤵
-
\??\c:\tnbhbb.exec:\tnbhbb.exe114⤵
-
\??\c:\htthht.exec:\htthht.exe115⤵
-
\??\c:\3vjjv.exec:\3vjjv.exe116⤵
-
\??\c:\9ddvp.exec:\9ddvp.exe117⤵
-
\??\c:\fxrlxfr.exec:\fxrlxfr.exe118⤵
-
\??\c:\llrxllr.exec:\llrxllr.exe119⤵
-
\??\c:\rrrlfrf.exec:\rrrlfrf.exe120⤵
-
\??\c:\tbnbbh.exec:\tbnbbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-