Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
02-06-2024 01:24
General
-
Target
1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe
-
Size
57KB
-
MD5
1be7273c7fbab4c570bef17218151d60
-
SHA1
bb232c294015701e576aa3d3a2052d345be62040
-
SHA256
5f9d638fe63a8d9b14f183e8a2a8c97e788e427a52f52d879fdc8f1e64a4b3c9
-
SHA512
f5efdaba92ceac4da85baf14ff6129bb0786b50379b4a9a624067db304b2c4c2e35949d6e2e99994a8f567ff7e7c008d516a8400d757ad34f982c39a3b6c877b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIvuSwFNr:ymb3NkkiQ3mdBjFIvIFNr
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1be7273c7fbab4c570bef17218151d60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbhh.exec:\hbhbhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pdpd.exec:\9pdpd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhntt.exec:\bnhntt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrxl.exec:\xxrfrxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbtthn.exec:\nbtthn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnthn.exec:\ttnthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjjd.exec:\vvjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbb.exec:\bthtbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtnn.exec:\nnbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdv.exec:\vvjdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlxflf.exec:\lrlxflf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnbh.exec:\nnbnbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1btnbb.exec:\1btnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppjpd.exec:\ppjpd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxllxxx.exec:\xxllxxx.exe17⤵
- Executes dropped EXE
-
\??\c:\rlfrxxl.exec:\rlfrxxl.exe18⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe19⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe20⤵
- Executes dropped EXE
-
\??\c:\lxfflff.exec:\lxfflff.exe21⤵
- Executes dropped EXE
-
\??\c:\7xrflrx.exec:\7xrflrx.exe22⤵
- Executes dropped EXE
-
\??\c:\nbtbnn.exec:\nbtbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\bnbtbn.exec:\bnbtbn.exe24⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe25⤵
- Executes dropped EXE
-
\??\c:\rrffffl.exec:\rrffffl.exe26⤵
- Executes dropped EXE
-
\??\c:\xxxlfrl.exec:\xxxlfrl.exe27⤵
- Executes dropped EXE
-
\??\c:\7bttht.exec:\7bttht.exe28⤵
- Executes dropped EXE
-
\??\c:\dvppp.exec:\dvppp.exe29⤵
- Executes dropped EXE
-
\??\c:\9lfxlfl.exec:\9lfxlfl.exe30⤵
- Executes dropped EXE
-
\??\c:\5fxxfff.exec:\5fxxfff.exe31⤵
- Executes dropped EXE
-
\??\c:\tnttnt.exec:\tnttnt.exe32⤵
- Executes dropped EXE
-
\??\c:\thbnhh.exec:\thbnhh.exe33⤵
- Executes dropped EXE
-
\??\c:\dpdvd.exec:\dpdvd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrfllxl.exec:\xrfllxl.exe35⤵
- Executes dropped EXE
-
\??\c:\xlrrxxx.exec:\xlrrxxx.exe36⤵
- Executes dropped EXE
-
\??\c:\thbhnh.exec:\thbhnh.exe37⤵
- Executes dropped EXE
-
\??\c:\pdjdp.exec:\pdjdp.exe38⤵
- Executes dropped EXE
-
\??\c:\xlrlllr.exec:\xlrlllr.exe39⤵
- Executes dropped EXE
-
\??\c:\xrlrllr.exec:\xrlrllr.exe40⤵
- Executes dropped EXE
-
\??\c:\tnttbb.exec:\tnttbb.exe41⤵
- Executes dropped EXE
-
\??\c:\7htbhh.exec:\7htbhh.exe42⤵
- Executes dropped EXE
-
\??\c:\1jdvv.exec:\1jdvv.exe43⤵
- Executes dropped EXE
-
\??\c:\dpdjj.exec:\dpdjj.exe44⤵
- Executes dropped EXE
-
\??\c:\3xrlxxf.exec:\3xrlxxf.exe45⤵
- Executes dropped EXE
-
\??\c:\frrxxxx.exec:\frrxxxx.exe46⤵
- Executes dropped EXE
-
\??\c:\nhtbnh.exec:\nhtbnh.exe47⤵
- Executes dropped EXE
-
\??\c:\1tbttn.exec:\1tbttn.exe48⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe49⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe50⤵
- Executes dropped EXE
-
\??\c:\xrxflrx.exec:\xrxflrx.exe51⤵
- Executes dropped EXE
-
\??\c:\fxfxllr.exec:\fxfxllr.exe52⤵
- Executes dropped EXE
-
\??\c:\hntnnn.exec:\hntnnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hththb.exec:\hththb.exe54⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\frfflxf.exec:\frfflxf.exe56⤵
- Executes dropped EXE
-
\??\c:\lxrxffl.exec:\lxrxffl.exe57⤵
- Executes dropped EXE
-
\??\c:\5tbbhn.exec:\5tbbhn.exe58⤵
- Executes dropped EXE
-
\??\c:\nhtbht.exec:\nhtbht.exe59⤵
- Executes dropped EXE
-
\??\c:\dvpdj.exec:\dvpdj.exe60⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe62⤵
- Executes dropped EXE
-
\??\c:\3xlfxxf.exec:\3xlfxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\9nhtbb.exec:\9nhtbb.exe64⤵
- Executes dropped EXE
-
\??\c:\nbtnnh.exec:\nbtnnh.exe65⤵
- Executes dropped EXE
-
\??\c:\jvvvd.exec:\jvvvd.exe66⤵
-
\??\c:\3dpvj.exec:\3dpvj.exe67⤵
-
\??\c:\xflrflr.exec:\xflrflr.exe68⤵
-
\??\c:\9xlxlff.exec:\9xlxlff.exe69⤵
-
\??\c:\5thbnh.exec:\5thbnh.exe70⤵
-
\??\c:\btnttt.exec:\btnttt.exe71⤵
-
\??\c:\jvddj.exec:\jvddj.exe72⤵
-
\??\c:\vjvpj.exec:\vjvpj.exe73⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe74⤵
-
\??\c:\xrxffxf.exec:\xrxffxf.exe75⤵
-
\??\c:\1bhtbb.exec:\1bhtbb.exe76⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe77⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe78⤵
-
\??\c:\5vdpp.exec:\5vdpp.exe79⤵
-
\??\c:\lfxffxf.exec:\lfxffxf.exe80⤵
-
\??\c:\9xlrffl.exec:\9xlrffl.exe81⤵
-
\??\c:\5bttnt.exec:\5bttnt.exe82⤵
-
\??\c:\nbbthh.exec:\nbbthh.exe83⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe84⤵
-
\??\c:\1vjdp.exec:\1vjdp.exe85⤵
-
\??\c:\lxfffff.exec:\lxfffff.exe86⤵
-
\??\c:\lxllrrx.exec:\lxllrrx.exe87⤵
-
\??\c:\3ntbtn.exec:\3ntbtn.exe88⤵
-
\??\c:\hhnnnn.exec:\hhnnnn.exe89⤵
-
\??\c:\vpjpp.exec:\vpjpp.exe90⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe91⤵
-
\??\c:\rrlfxxf.exec:\rrlfxxf.exe92⤵
-
\??\c:\fxrrfrx.exec:\fxrrfrx.exe93⤵
-
\??\c:\hnbnhb.exec:\hnbnhb.exe94⤵
-
\??\c:\hthbth.exec:\hthbth.exe95⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe96⤵
-
\??\c:\dpddj.exec:\dpddj.exe97⤵
-
\??\c:\5rllrxx.exec:\5rllrxx.exe98⤵
-
\??\c:\5xflfxf.exec:\5xflfxf.exe99⤵
-
\??\c:\3htttt.exec:\3htttt.exe100⤵
-
\??\c:\9nntbb.exec:\9nntbb.exe101⤵
-
\??\c:\jdjpj.exec:\jdjpj.exe102⤵
-
\??\c:\5pdjv.exec:\5pdjv.exe103⤵
-
\??\c:\rrrrrll.exec:\rrrrrll.exe104⤵
-
\??\c:\lfffflx.exec:\lfffflx.exe105⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe106⤵
-
\??\c:\nbntbb.exec:\nbntbb.exe107⤵
-
\??\c:\vjddv.exec:\vjddv.exe108⤵
-
\??\c:\vjpjj.exec:\vjpjj.exe109⤵
-
\??\c:\rxlrlll.exec:\rxlrlll.exe110⤵
-
\??\c:\lxxfffr.exec:\lxxfffr.exe111⤵
-
\??\c:\xrxfflx.exec:\xrxfflx.exe112⤵
-
\??\c:\7bnnbb.exec:\7bnnbb.exe113⤵
-
\??\c:\dpvvd.exec:\dpvvd.exe114⤵
-
\??\c:\pdvpp.exec:\pdvpp.exe115⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe116⤵
-
\??\c:\lfxffxf.exec:\lfxffxf.exe117⤵
-
\??\c:\9rllllr.exec:\9rllllr.exe118⤵
-
\??\c:\thttbb.exec:\thttbb.exe119⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe120⤵
-
\??\c:\dvvdj.exec:\dvvdj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-