Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
01-06-2024 10:52
General
-
Target
37ace104493fc601d378121297017200_NeikiAnalytics.exe
-
Size
56KB
-
MD5
37ace104493fc601d378121297017200
-
SHA1
8f12daec013402982b6b1753abf47949dc316b43
-
SHA256
03edc67a971ca7ff5d91525980507167627342ea39009f50abdf90a3c233abc9
-
SHA512
91c9384b94c83a81205f25c53a093b77ba1de8fdac195f29c7cb7e8858da7848a24a4d033e5cec01da0c24a7902a913c5b99ccbe4d2a98127c1b900d46250907
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0chV+:ymb3NkkiQ3mdBjF0cr+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37ace104493fc601d378121297017200_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\37ace104493fc601d378121297017200_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rfrflr.exec:\5rfrflr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9fxllxr.exec:\9fxllxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1httbh.exec:\1httbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhnt.exec:\tnnhnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvpdv.exec:\pvpdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rrxfll.exec:\9rrxfll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxxr.exec:\xrllxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbntt.exec:\1hbntt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbtbb.exec:\hhbtbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpdd.exec:\dvpdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpp.exec:\jpdpp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpdv.exec:\ddpdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrlxl.exec:\llfrlxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrlll.exec:\rrfrlll.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvdp.exec:\vjvdp.exe17⤵
- Executes dropped EXE
-
\??\c:\7xfrxxx.exec:\7xfrxxx.exe18⤵
- Executes dropped EXE
-
\??\c:\flrxxrf.exec:\flrxxrf.exe19⤵
- Executes dropped EXE
-
\??\c:\nnnthn.exec:\nnnthn.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbnhn.exec:\tnbnhn.exe21⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe22⤵
- Executes dropped EXE
-
\??\c:\pvjpd.exec:\pvjpd.exe23⤵
- Executes dropped EXE
-
\??\c:\rfrfrlr.exec:\rfrfrlr.exe24⤵
- Executes dropped EXE
-
\??\c:\bhthhb.exec:\bhthhb.exe25⤵
- Executes dropped EXE
-
\??\c:\bhhntt.exec:\bhhntt.exe26⤵
- Executes dropped EXE
-
\??\c:\ppvvd.exec:\ppvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\dpdjv.exec:\dpdjv.exe28⤵
- Executes dropped EXE
-
\??\c:\lfflxxf.exec:\lfflxxf.exe29⤵
- Executes dropped EXE
-
\??\c:\ntthht.exec:\ntthht.exe30⤵
- Executes dropped EXE
-
\??\c:\tttttn.exec:\tttttn.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhtbn.exec:\hhhtbn.exe32⤵
- Executes dropped EXE
-
\??\c:\ddjdd.exec:\ddjdd.exe33⤵
- Executes dropped EXE
-
\??\c:\lffrxlx.exec:\lffrxlx.exe34⤵
- Executes dropped EXE
-
\??\c:\rlffxrl.exec:\rlffxrl.exe35⤵
- Executes dropped EXE
-
\??\c:\ffrxrrx.exec:\ffrxrrx.exe36⤵
- Executes dropped EXE
-
\??\c:\9nnthh.exec:\9nnthh.exe37⤵
- Executes dropped EXE
-
\??\c:\3tbnnb.exec:\3tbnnb.exe38⤵
- Executes dropped EXE
-
\??\c:\vvdjj.exec:\vvdjj.exe39⤵
- Executes dropped EXE
-
\??\c:\3vjpp.exec:\3vjpp.exe40⤵
- Executes dropped EXE
-
\??\c:\7dppd.exec:\7dppd.exe41⤵
- Executes dropped EXE
-
\??\c:\lfffxxl.exec:\lfffxxl.exe42⤵
- Executes dropped EXE
-
\??\c:\1hbhhh.exec:\1hbhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\9pdpp.exec:\9pdpp.exe44⤵
- Executes dropped EXE
-
\??\c:\pdppv.exec:\pdppv.exe45⤵
- Executes dropped EXE
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe46⤵
- Executes dropped EXE
-
\??\c:\rlfllxl.exec:\rlfllxl.exe47⤵
- Executes dropped EXE
-
\??\c:\bhtthn.exec:\bhtthn.exe48⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\9lxrffl.exec:\9lxrffl.exe50⤵
- Executes dropped EXE
-
\??\c:\lfrxlxf.exec:\lfrxlxf.exe51⤵
- Executes dropped EXE
-
\??\c:\hbthth.exec:\hbthth.exe52⤵
- Executes dropped EXE
-
\??\c:\1rlllrx.exec:\1rlllrx.exe53⤵
- Executes dropped EXE
-
\??\c:\lfrxflr.exec:\lfrxflr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbthtb.exec:\hbthtb.exe55⤵
- Executes dropped EXE
-
\??\c:\thbbhh.exec:\thbbhh.exe56⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe57⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe58⤵
- Executes dropped EXE
-
\??\c:\rrlrlxr.exec:\rrlrlxr.exe59⤵
- Executes dropped EXE
-
\??\c:\xrllxfr.exec:\xrllxfr.exe60⤵
- Executes dropped EXE
-
\??\c:\3lrlfrf.exec:\3lrlfrf.exe61⤵
- Executes dropped EXE
-
\??\c:\hbnhtb.exec:\hbnhtb.exe62⤵
- Executes dropped EXE
-
\??\c:\nnbnbt.exec:\nnbnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\9dvjv.exec:\9dvjv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlxxllx.exec:\rlxxllx.exe65⤵
- Executes dropped EXE
-
\??\c:\nhhtth.exec:\nhhtth.exe66⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe67⤵
-
\??\c:\7vvpv.exec:\7vvpv.exe68⤵
-
\??\c:\9hnnbt.exec:\9hnnbt.exe69⤵
-
\??\c:\thbntn.exec:\thbntn.exe70⤵
-
\??\c:\7vdjd.exec:\7vdjd.exe71⤵
-
\??\c:\dpddv.exec:\dpddv.exe72⤵
-
\??\c:\lrlrrrf.exec:\lrlrrrf.exe73⤵
-
\??\c:\frflrrx.exec:\frflrrx.exe74⤵
-
\??\c:\1nhnhn.exec:\1nhnhn.exe75⤵
-
\??\c:\jppjv.exec:\jppjv.exe76⤵
-
\??\c:\rfrrrfr.exec:\rfrrrfr.exe77⤵
-
\??\c:\rrflrxl.exec:\rrflrxl.exe78⤵
-
\??\c:\9hhnbt.exec:\9hhnbt.exe79⤵
-
\??\c:\tbbhtt.exec:\tbbhtt.exe80⤵
-
\??\c:\7vvdp.exec:\7vvdp.exe81⤵
-
\??\c:\dddpv.exec:\dddpv.exe82⤵
-
\??\c:\llxxrxr.exec:\llxxrxr.exe83⤵
-
\??\c:\9rrfrrf.exec:\9rrfrrf.exe84⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe85⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe86⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe87⤵
-
\??\c:\lfxflxl.exec:\lfxflxl.exe88⤵
-
\??\c:\1rffflr.exec:\1rffflr.exe89⤵
-
\??\c:\hbhhnt.exec:\hbhhnt.exe90⤵
-
\??\c:\nbthnh.exec:\nbthnh.exe91⤵
-
\??\c:\pdvpv.exec:\pdvpv.exe92⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe93⤵
-
\??\c:\llrfrrf.exec:\llrfrrf.exe94⤵
-
\??\c:\htnbbh.exec:\htnbbh.exe95⤵
-
\??\c:\tnbbbb.exec:\tnbbbb.exe96⤵
-
\??\c:\dvjjj.exec:\dvjjj.exe97⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe98⤵
-
\??\c:\ffxxrfx.exec:\ffxxrfx.exe99⤵
-
\??\c:\xxllllr.exec:\xxllllr.exe100⤵
-
\??\c:\nhtbbh.exec:\nhtbbh.exe101⤵
-
\??\c:\nhbthn.exec:\nhbthn.exe102⤵
-
\??\c:\pjddj.exec:\pjddj.exe103⤵
-
\??\c:\pjddp.exec:\pjddp.exe104⤵
-
\??\c:\rlxrlrl.exec:\rlxrlrl.exe105⤵
-
\??\c:\3xrlxlf.exec:\3xrlxlf.exe106⤵
-
\??\c:\xffxlxr.exec:\xffxlxr.exe107⤵
-
\??\c:\hhbhtn.exec:\hhbhtn.exe108⤵
-
\??\c:\5vjpj.exec:\5vjpj.exe109⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe110⤵
-
\??\c:\vpjvd.exec:\vpjvd.exe111⤵
-
\??\c:\rrflfrx.exec:\rrflfrx.exe112⤵
-
\??\c:\nhnbhn.exec:\nhnbhn.exe113⤵
-
\??\c:\bnbhnt.exec:\bnbhnt.exe114⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe115⤵
-
\??\c:\9dvvj.exec:\9dvvj.exe116⤵
-
\??\c:\rlrxfrl.exec:\rlrxfrl.exe117⤵
-
\??\c:\fxrxrxl.exec:\fxrxrxl.exe118⤵
-
\??\c:\hbntnt.exec:\hbntnt.exe119⤵
-
\??\c:\bhhttt.exec:\bhhttt.exe120⤵
-
\??\c:\5dpjd.exec:\5dpjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-