Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
02/06/2024, 02:04
General
-
Target
21fd02934695328955b1fe69e11619e0_NeikiAnalytics.exe
-
Size
61KB
-
MD5
21fd02934695328955b1fe69e11619e0
-
SHA1
4e6a91ec585a2be0bfb11317bc66b3cf537f7511
-
SHA256
69130e48a0377a8911c9f642d18454af6f4558d281626cfb3479e7765313e6d1
-
SHA512
975f18d7efafa4c502dcf9ad848ed2b07da9d4faf52af69f10517a4eefda1a1d8d152af4e179607763775017b95717b159a98f809e3162ffe347f047b0fa884a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKEV:ymb3NkkiQ3mdBjFII9ZvHKEV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21fd02934695328955b1fe69e11619e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\21fd02934695328955b1fe69e11619e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhbb.exec:\bthhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpv.exec:\dvjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllllr.exec:\fxllllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnth.exec:\tthnth.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjj.exec:\dpvjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjdp.exec:\vvjdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rffrxll.exec:\rffrxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthntb.exec:\hthntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9pvpv.exec:\9pvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrfxxr.exec:\7rrfxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhn.exec:\nhtbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btthtt.exec:\btthtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdjv.exec:\dpdjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pdjp.exec:\3pdjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrffll.exec:\ffrffll.exe17⤵
- Executes dropped EXE
-
\??\c:\3lflrll.exec:\3lflrll.exe18⤵
- Executes dropped EXE
-
\??\c:\httbht.exec:\httbht.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe20⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe21⤵
- Executes dropped EXE
-
\??\c:\3rlxfxl.exec:\3rlxfxl.exe22⤵
- Executes dropped EXE
-
\??\c:\bthhbh.exec:\bthhbh.exe23⤵
- Executes dropped EXE
-
\??\c:\hnhnht.exec:\hnhnht.exe24⤵
- Executes dropped EXE
-
\??\c:\dpjvj.exec:\dpjvj.exe25⤵
- Executes dropped EXE
-
\??\c:\9vjpj.exec:\9vjpj.exe26⤵
- Executes dropped EXE
-
\??\c:\llllrxr.exec:\llllrxr.exe27⤵
- Executes dropped EXE
-
\??\c:\7btntn.exec:\7btntn.exe28⤵
- Executes dropped EXE
-
\??\c:\hbnnbh.exec:\hbnnbh.exe29⤵
- Executes dropped EXE
-
\??\c:\1pppp.exec:\1pppp.exe30⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe31⤵
- Executes dropped EXE
-
\??\c:\5fflrrx.exec:\5fflrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\llrrrxf.exec:\llrrrxf.exe33⤵
- Executes dropped EXE
-
\??\c:\5tbbtt.exec:\5tbbtt.exe34⤵
- Executes dropped EXE
-
\??\c:\nhnnbb.exec:\nhnnbb.exe35⤵
- Executes dropped EXE
-
\??\c:\jvjjv.exec:\jvjjv.exe36⤵
- Executes dropped EXE
-
\??\c:\lxrflrf.exec:\lxrflrf.exe37⤵
- Executes dropped EXE
-
\??\c:\rflllfl.exec:\rflllfl.exe38⤵
- Executes dropped EXE
-
\??\c:\1btbnn.exec:\1btbnn.exe39⤵
- Executes dropped EXE
-
\??\c:\nbnnbt.exec:\nbnnbt.exe40⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe41⤵
- Executes dropped EXE
-
\??\c:\7vpvv.exec:\7vpvv.exe42⤵
- Executes dropped EXE
-
\??\c:\ffrxffl.exec:\ffrxffl.exe43⤵
- Executes dropped EXE
-
\??\c:\3xllxfl.exec:\3xllxfl.exe44⤵
- Executes dropped EXE
-
\??\c:\7hhbbh.exec:\7hhbbh.exe45⤵
- Executes dropped EXE
-
\??\c:\1nnnbb.exec:\1nnnbb.exe46⤵
- Executes dropped EXE
-
\??\c:\bnhhht.exec:\bnhhht.exe47⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe48⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe49⤵
- Executes dropped EXE
-
\??\c:\xflrxrx.exec:\xflrxrx.exe50⤵
- Executes dropped EXE
-
\??\c:\9rfxrlr.exec:\9rfxrlr.exe51⤵
- Executes dropped EXE
-
\??\c:\hbbbnt.exec:\hbbbnt.exe52⤵
- Executes dropped EXE
-
\??\c:\hthbbn.exec:\hthbbn.exe53⤵
- Executes dropped EXE
-
\??\c:\pjpvp.exec:\pjpvp.exe54⤵
- Executes dropped EXE
-
\??\c:\djjdd.exec:\djjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\lxlllrr.exec:\lxlllrr.exe56⤵
- Executes dropped EXE
-
\??\c:\fxffllx.exec:\fxffllx.exe57⤵
- Executes dropped EXE
-
\??\c:\htbhhb.exec:\htbhhb.exe58⤵
- Executes dropped EXE
-
\??\c:\hbtthb.exec:\hbtthb.exe59⤵
- Executes dropped EXE
-
\??\c:\vpjvj.exec:\vpjvj.exe60⤵
- Executes dropped EXE
-
\??\c:\jvvdd.exec:\jvvdd.exe61⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\xlrffxx.exec:\xlrffxx.exe63⤵
- Executes dropped EXE
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\nbbbhh.exec:\nbbbhh.exe65⤵
- Executes dropped EXE
-
\??\c:\nbnhnt.exec:\nbnhnt.exe66⤵
-
\??\c:\ddjvj.exec:\ddjvj.exe67⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe68⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe69⤵
-
\??\c:\1rllfll.exec:\1rllfll.exe70⤵
-
\??\c:\rfrfxff.exec:\rfrfxff.exe71⤵
-
\??\c:\7nhnnn.exec:\7nhnnn.exe72⤵
-
\??\c:\ntnhhb.exec:\ntnhhb.exe73⤵
-
\??\c:\ppjvd.exec:\ppjvd.exe74⤵
-
\??\c:\vdddj.exec:\vdddj.exe75⤵
-
\??\c:\fxlxfrr.exec:\fxlxfrr.exe76⤵
-
\??\c:\xlllrll.exec:\xlllrll.exe77⤵
-
\??\c:\nhtthb.exec:\nhtthb.exe78⤵
-
\??\c:\1hbbbh.exec:\1hbbbh.exe79⤵
-
\??\c:\djdpj.exec:\djdpj.exe80⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe81⤵
-
\??\c:\lxfllfr.exec:\lxfllfr.exe82⤵
-
\??\c:\llrrrrr.exec:\llrrrrr.exe83⤵
-
\??\c:\frffffl.exec:\frffffl.exe84⤵
-
\??\c:\thnbtt.exec:\thnbtt.exe85⤵
-
\??\c:\9htbbh.exec:\9htbbh.exe86⤵
-
\??\c:\9vvvp.exec:\9vvvp.exe87⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe88⤵
-
\??\c:\dpvpp.exec:\dpvpp.exe89⤵
-
\??\c:\rxfrrrr.exec:\rxfrrrr.exe90⤵
-
\??\c:\7fllrll.exec:\7fllrll.exe91⤵
-
\??\c:\bhbbbn.exec:\bhbbbn.exe92⤵
-
\??\c:\bnttnh.exec:\bnttnh.exe93⤵
-
\??\c:\dpjjj.exec:\dpjjj.exe94⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe95⤵
-
\??\c:\rfxffff.exec:\rfxffff.exe96⤵
-
\??\c:\5rxllff.exec:\5rxllff.exe97⤵
-
\??\c:\frxrlfx.exec:\frxrlfx.exe98⤵
-
\??\c:\3thbtn.exec:\3thbtn.exe99⤵
-
\??\c:\5htntn.exec:\5htntn.exe100⤵
-
\??\c:\bntttn.exec:\bntttn.exe101⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe102⤵
-
\??\c:\vjvpv.exec:\vjvpv.exe103⤵
-
\??\c:\frxrrrf.exec:\frxrrrf.exe104⤵
-
\??\c:\rllffxr.exec:\rllffxr.exe105⤵
-
\??\c:\frfffxf.exec:\frfffxf.exe106⤵
-
\??\c:\ntbnnh.exec:\ntbnnh.exe107⤵
-
\??\c:\bnbbbb.exec:\bnbbbb.exe108⤵
-
\??\c:\jvpvp.exec:\jvpvp.exe109⤵
-
\??\c:\jvddv.exec:\jvddv.exe110⤵
-
\??\c:\xrffxxf.exec:\xrffxxf.exe111⤵
-
\??\c:\rlxrxrr.exec:\rlxrxrr.exe112⤵
-
\??\c:\xrlffxx.exec:\xrlffxx.exe113⤵
-
\??\c:\djvvv.exec:\djvvv.exe114⤵
-
\??\c:\pddvp.exec:\pddvp.exe115⤵
-
\??\c:\3dppp.exec:\3dppp.exe116⤵
-
\??\c:\rfrffxx.exec:\rfrffxx.exe117⤵
-
\??\c:\xllrxrx.exec:\xllrxrx.exe118⤵
-
\??\c:\bnbhhb.exec:\bnbhhb.exe119⤵
-
\??\c:\nhbhtb.exec:\nhbhtb.exe120⤵
-
\??\c:\1vdvv.exec:\1vdvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-