Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
01/06/2024, 04:08
General
-
Target
8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe
-
Size
105KB
-
MD5
8cf49fb36ba7877d2a6507fb8d7087c0
-
SHA1
a9c7e49481ed62eac53a0db7175c91ab796a51b8
-
SHA256
b8772df95e941b06040c9fb9ab27e41c1032b0a1b0d2c78909e4c419a1d5eccf
-
SHA512
99c8fe53121bcd2c36b10b961a83c61e44373c1c905ad3c730ce1b1a9ef263ee7d82d3e97a373e9ea035b192a7e68aab07a426a1c9b237f2969d6b343ce8c006
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJNI:ymb3NkkiQ3mdBjFo5KDe88g1fDI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8cf49fb36ba7877d2a6507fb8d7087c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxflx.exec:\xffxflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhbb.exec:\nnbhbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpd.exec:\pjjpd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntnbbn.exec:\ntnbbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnhh.exec:\tnnnhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vpdv.exec:\7vpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxrrl.exec:\xffxrrl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhthth.exec:\hhthth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvjv.exec:\pjvjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vddd.exec:\5vddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3thhnn.exec:\3thhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3hhhtb.exec:\3hhhtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrlrx.exec:\rfrrlrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnhb.exec:\nntnhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nttbt.exec:\1nttbt.exe17⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe18⤵
- Executes dropped EXE
-
\??\c:\ffrfrrf.exec:\ffrfrrf.exe19⤵
- Executes dropped EXE
-
\??\c:\3hhtnt.exec:\3hhtnt.exe20⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe21⤵
- Executes dropped EXE
-
\??\c:\jjdjv.exec:\jjdjv.exe22⤵
- Executes dropped EXE
-
\??\c:\7rlxrfr.exec:\7rlxrfr.exe23⤵
- Executes dropped EXE
-
\??\c:\ttbbnt.exec:\ttbbnt.exe24⤵
- Executes dropped EXE
-
\??\c:\jddjd.exec:\jddjd.exe25⤵
- Executes dropped EXE
-
\??\c:\7flrfxx.exec:\7flrfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\3ttbhn.exec:\3ttbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\5jjjv.exec:\5jjjv.exe28⤵
- Executes dropped EXE
-
\??\c:\3vvdd.exec:\3vvdd.exe29⤵
- Executes dropped EXE
-
\??\c:\xrllflr.exec:\xrllflr.exe30⤵
- Executes dropped EXE
-
\??\c:\nbhbhh.exec:\nbhbhh.exe31⤵
- Executes dropped EXE
-
\??\c:\ttnttb.exec:\ttnttb.exe32⤵
- Executes dropped EXE
-
\??\c:\vppvd.exec:\vppvd.exe33⤵
- Executes dropped EXE
-
\??\c:\xrflxfr.exec:\xrflxfr.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlrxlr.exec:\xrlrxlr.exe35⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnbhb.exec:\tnnbhb.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjvp.exec:\dvjvp.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjvp.exec:\jvjvp.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxlflx.exec:\rlxlflx.exe40⤵
- Executes dropped EXE
-
\??\c:\thbhhh.exec:\thbhhh.exe41⤵
- Executes dropped EXE
-
\??\c:\nhtbtt.exec:\nhtbtt.exe42⤵
- Executes dropped EXE
-
\??\c:\7dpvj.exec:\7dpvj.exe43⤵
- Executes dropped EXE
-
\??\c:\jjdjp.exec:\jjdjp.exe44⤵
- Executes dropped EXE
-
\??\c:\pjddv.exec:\pjddv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxlxflf.exec:\fxlxflf.exe46⤵
- Executes dropped EXE
-
\??\c:\rxfxlff.exec:\rxfxlff.exe47⤵
- Executes dropped EXE
-
\??\c:\nnbhhh.exec:\nnbhhh.exe48⤵
- Executes dropped EXE
-
\??\c:\jpdvv.exec:\jpdvv.exe49⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe50⤵
- Executes dropped EXE
-
\??\c:\7rfrrlr.exec:\7rfrrlr.exe51⤵
- Executes dropped EXE
-
\??\c:\7fxfllf.exec:\7fxfllf.exe52⤵
- Executes dropped EXE
-
\??\c:\nbnhnh.exec:\nbnhnh.exe53⤵
- Executes dropped EXE
-
\??\c:\bbbtnb.exec:\bbbtnb.exe54⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe55⤵
- Executes dropped EXE
-
\??\c:\1jdjj.exec:\1jdjj.exe56⤵
- Executes dropped EXE
-
\??\c:\7xxxxrr.exec:\7xxxxrr.exe57⤵
- Executes dropped EXE
-
\??\c:\rlflxlr.exec:\rlflxlr.exe58⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe59⤵
- Executes dropped EXE
-
\??\c:\1hbtbh.exec:\1hbtbh.exe60⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnttb.exec:\hbnttb.exe64⤵
- Executes dropped EXE
-
\??\c:\hnnbhb.exec:\hnnbhb.exe65⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe66⤵
-
\??\c:\vvdjd.exec:\vvdjd.exe67⤵
-
\??\c:\xffxflr.exec:\xffxflr.exe68⤵
-
\??\c:\rlflrfl.exec:\rlflrfl.exe69⤵
-
\??\c:\hnbbth.exec:\hnbbth.exe70⤵
-
\??\c:\tthnth.exec:\tthnth.exe71⤵
-
\??\c:\jdvvp.exec:\jdvvp.exe72⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe73⤵
-
\??\c:\1llfllx.exec:\1llfllx.exe74⤵
-
\??\c:\7lflrfr.exec:\7lflrfr.exe75⤵
-
\??\c:\hbttnn.exec:\hbttnn.exe76⤵
-
\??\c:\ttnthh.exec:\ttnthh.exe77⤵
-
\??\c:\3dddv.exec:\3dddv.exe78⤵
-
\??\c:\5ddjv.exec:\5ddjv.exe79⤵
-
\??\c:\llxfrrx.exec:\llxfrrx.exe80⤵
-
\??\c:\3lffllf.exec:\3lffllf.exe81⤵
-
\??\c:\7bnntb.exec:\7bnntb.exe82⤵
-
\??\c:\bbnnnn.exec:\bbnnnn.exe83⤵
-
\??\c:\ddpvp.exec:\ddpvp.exe84⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe85⤵
-
\??\c:\lfxxllr.exec:\lfxxllr.exe86⤵
-
\??\c:\5rxfffl.exec:\5rxfffl.exe87⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe88⤵
-
\??\c:\5bnthh.exec:\5bnthh.exe89⤵
-
\??\c:\vvdjv.exec:\vvdjv.exe90⤵
-
\??\c:\5vvdj.exec:\5vvdj.exe91⤵
-
\??\c:\xrlrfll.exec:\xrlrfll.exe92⤵
-
\??\c:\ffrfllx.exec:\ffrfllx.exe93⤵
-
\??\c:\bnnhtb.exec:\bnnhtb.exe94⤵
-
\??\c:\1nnhnt.exec:\1nnhnt.exe95⤵
-
\??\c:\jdvdd.exec:\jdvdd.exe96⤵
-
\??\c:\vvpdj.exec:\vvpdj.exe97⤵
-
\??\c:\xrllxxl.exec:\xrllxxl.exe98⤵
-
\??\c:\5rlrffr.exec:\5rlrffr.exe99⤵
-
\??\c:\httbnt.exec:\httbnt.exe100⤵
-
\??\c:\bththn.exec:\bththn.exe101⤵
-
\??\c:\5jdpp.exec:\5jdpp.exe102⤵
-
\??\c:\ppjvv.exec:\ppjvv.exe103⤵
-
\??\c:\1xllxrf.exec:\1xllxrf.exe104⤵
-
\??\c:\9rlrrfl.exec:\9rlrrfl.exe105⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe106⤵
-
\??\c:\5htbtb.exec:\5htbtb.exe107⤵
-
\??\c:\jppjp.exec:\jppjp.exe108⤵
-
\??\c:\pjjvv.exec:\pjjvv.exe109⤵
-
\??\c:\5rfrxrx.exec:\5rfrxrx.exe110⤵
-
\??\c:\lxfrlrf.exec:\lxfrlrf.exe111⤵
-
\??\c:\nntthn.exec:\nntthn.exe112⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe113⤵
-
\??\c:\9vdpd.exec:\9vdpd.exe114⤵
-
\??\c:\9vpvd.exec:\9vpvd.exe115⤵
-
\??\c:\llxfrrx.exec:\llxfrrx.exe116⤵
-
\??\c:\1lxfllx.exec:\1lxfllx.exe117⤵
-
\??\c:\nhhhnt.exec:\nhhhnt.exe118⤵
-
\??\c:\hbnbnt.exec:\hbnbnt.exe119⤵
-
\??\c:\bbthhn.exec:\bbthhn.exe120⤵
-
\??\c:\pjdjd.exec:\pjdjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-