Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
03/06/2024, 02:35
General
-
Target
98677c339931efd69197d13b42506220_NeikiAnalytics.exe
-
Size
442KB
-
MD5
98677c339931efd69197d13b42506220
-
SHA1
4a99a65df1c615a29052705cb79b83a823f1414c
-
SHA256
ecd4583e76f899bd65edac7700d430af0ffdd0be9a4b30fe13d66ef7dd29ac5f
-
SHA512
952446ed2488eccbc714b1fd69edaa829bb37c1496d8890f45e1b3c0f7b806d82527f6f72a1aa9e80ca12f9b5437ec2fff50a426e3465fa0cc86fe5382d1e8a6
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFwT0JOfZKlLXh/rQi:8cm7ImGddXmNt251UriZFwT+aZKl7Si
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 61 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 62 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\98677c339931efd69197d13b42506220_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\98677c339931efd69197d13b42506220_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7llfflr.exec:\7llfflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvvj.exec:\9jvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tthtt.exec:\5tthtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddddj.exec:\ddddj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9rxfrxf.exec:\9rxfrxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbbth.exec:\hnbbth.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vdjd.exec:\7vdjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rflrxl.exec:\5rflrxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhtnb.exec:\1nhtnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flfrfrr.exec:\flfrfrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlxllf.exec:\rxlxllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhtth.exec:\nnhtth.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjdvd.exec:\jjdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rllxfr.exec:\1rllxfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe17⤵
- Executes dropped EXE
-
\??\c:\3dvpv.exec:\3dvpv.exe18⤵
- Executes dropped EXE
-
\??\c:\bnbbhn.exec:\bnbbhn.exe19⤵
- Executes dropped EXE
-
\??\c:\3xrlrrf.exec:\3xrlrrf.exe20⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe21⤵
- Executes dropped EXE
-
\??\c:\7jppj.exec:\7jppj.exe22⤵
- Executes dropped EXE
-
\??\c:\rrrxxfx.exec:\rrrxxfx.exe23⤵
- Executes dropped EXE
-
\??\c:\7jddv.exec:\7jddv.exe24⤵
- Executes dropped EXE
-
\??\c:\xxlrlrf.exec:\xxlrlrf.exe25⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\xlrxlll.exec:\xlrxlll.exe27⤵
- Executes dropped EXE
-
\??\c:\btbbhh.exec:\btbbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\bntbnn.exec:\bntbnn.exe29⤵
- Executes dropped EXE
-
\??\c:\lxllrlr.exec:\lxllrlr.exe30⤵
- Executes dropped EXE
-
\??\c:\9btntt.exec:\9btntt.exe31⤵
- Executes dropped EXE
-
\??\c:\bnhhnh.exec:\bnhhnh.exe32⤵
- Executes dropped EXE
-
\??\c:\lfflxfl.exec:\lfflxfl.exe33⤵
- Executes dropped EXE
-
\??\c:\frxlxxl.exec:\frxlxxl.exe34⤵
- Executes dropped EXE
-
\??\c:\rlrxfff.exec:\rlrxfff.exe35⤵
- Executes dropped EXE
-
\??\c:\fxlrllf.exec:\fxlrllf.exe36⤵
- Executes dropped EXE
-
\??\c:\tntbhh.exec:\tntbhh.exe37⤵
- Executes dropped EXE
-
\??\c:\xlxrxrr.exec:\xlxrxrr.exe38⤵
- Executes dropped EXE
-
\??\c:\frxrxrx.exec:\frxrxrx.exe39⤵
- Executes dropped EXE
-
\??\c:\bhnntn.exec:\bhnntn.exe40⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe41⤵
- Executes dropped EXE
-
\??\c:\rfllxfl.exec:\rfllxfl.exe42⤵
- Executes dropped EXE
-
\??\c:\5frfffr.exec:\5frfffr.exe43⤵
- Executes dropped EXE
-
\??\c:\pvpdj.exec:\pvpdj.exe44⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe45⤵
- Executes dropped EXE
-
\??\c:\btbbtb.exec:\btbbtb.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhntb.exec:\nhhntb.exe47⤵
- Executes dropped EXE
-
\??\c:\7pvvd.exec:\7pvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\9rlrfrx.exec:\9rlrfrx.exe49⤵
- Executes dropped EXE
-
\??\c:\rfxfrfl.exec:\rfxfrfl.exe50⤵
- Executes dropped EXE
-
\??\c:\thhhtn.exec:\thhhtn.exe51⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe52⤵
- Executes dropped EXE
-
\??\c:\7dppv.exec:\7dppv.exe53⤵
- Executes dropped EXE
-
\??\c:\rfllffl.exec:\rfllffl.exe54⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe55⤵
- Executes dropped EXE
-
\??\c:\7pvjj.exec:\7pvjj.exe56⤵
- Executes dropped EXE
-
\??\c:\xrffxlr.exec:\xrffxlr.exe57⤵
- Executes dropped EXE
-
\??\c:\thhhhb.exec:\thhhhb.exe58⤵
- Executes dropped EXE
-
\??\c:\nhhbnh.exec:\nhhbnh.exe59⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe60⤵
- Executes dropped EXE
-
\??\c:\lflfrfx.exec:\lflfrfx.exe61⤵
- Executes dropped EXE
-
\??\c:\1httht.exec:\1httht.exe62⤵
- Executes dropped EXE
-
\??\c:\7hbnhh.exec:\7hbnhh.exe63⤵
- Executes dropped EXE
-
\??\c:\7djjj.exec:\7djjj.exe64⤵
- Executes dropped EXE
-
\??\c:\fffrxrf.exec:\fffrxrf.exe65⤵
- Executes dropped EXE
-
\??\c:\fxffllf.exec:\fxffllf.exe66⤵
-
\??\c:\bttbnn.exec:\bttbnn.exe67⤵
-
\??\c:\pvpdv.exec:\pvpdv.exe68⤵
-
\??\c:\3lrxlfl.exec:\3lrxlfl.exe69⤵
-
\??\c:\llfrrfx.exec:\llfrrfx.exe70⤵
-
\??\c:\9btbtt.exec:\9btbtt.exe71⤵
-
\??\c:\5pjpv.exec:\5pjpv.exe72⤵
-
\??\c:\vppvj.exec:\vppvj.exe73⤵
-
\??\c:\xlfxffx.exec:\xlfxffx.exe74⤵
-
\??\c:\3btnht.exec:\3btnht.exe75⤵
-
\??\c:\ntntbh.exec:\ntntbh.exe76⤵
-
\??\c:\vjpjd.exec:\vjpjd.exe77⤵
-
\??\c:\vvjvp.exec:\vvjvp.exe78⤵
-
\??\c:\rrlrrlr.exec:\rrlrrlr.exe79⤵
-
\??\c:\ntnhbh.exec:\ntnhbh.exe80⤵
-
\??\c:\9nbnbn.exec:\9nbnbn.exe81⤵
-
\??\c:\jvppd.exec:\jvppd.exe82⤵
-
\??\c:\xxrxrxl.exec:\xxrxrxl.exe83⤵
-
\??\c:\ntbttt.exec:\ntbttt.exe84⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe85⤵
-
\??\c:\vvdvv.exec:\vvdvv.exe86⤵
-
\??\c:\7rxxlrx.exec:\7rxxlrx.exe87⤵
-
\??\c:\ttbhbn.exec:\ttbhbn.exe88⤵
-
\??\c:\hhbtht.exec:\hhbtht.exe89⤵
-
\??\c:\dvdpv.exec:\dvdpv.exe90⤵
-
\??\c:\xrffrlf.exec:\xrffrlf.exe91⤵
-
\??\c:\rlffrrf.exec:\rlffrrf.exe92⤵
-
\??\c:\bbtbnn.exec:\bbtbnn.exe93⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe94⤵
-
\??\c:\3jjdj.exec:\3jjdj.exe95⤵
-
\??\c:\lfrlllf.exec:\lfrlllf.exe96⤵
-
\??\c:\3bthht.exec:\3bthht.exe97⤵
-
\??\c:\5pjpj.exec:\5pjpj.exe98⤵
-
\??\c:\5pjjd.exec:\5pjjd.exe99⤵
-
\??\c:\flrffxf.exec:\flrffxf.exe100⤵
-
\??\c:\tthtbh.exec:\tthtbh.exe101⤵
-
\??\c:\9btbnb.exec:\9btbnb.exe102⤵
-
\??\c:\xxrxxlf.exec:\xxrxxlf.exe103⤵
-
\??\c:\hthhhh.exec:\hthhhh.exe104⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe105⤵
-
\??\c:\7jdpd.exec:\7jdpd.exe106⤵
-
\??\c:\5lflfrf.exec:\5lflfrf.exe107⤵
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe108⤵
-
\??\c:\hhbhnb.exec:\hhbhnb.exe109⤵
-
\??\c:\jpdjv.exec:\jpdjv.exe110⤵
-
\??\c:\ddddp.exec:\ddddp.exe111⤵
-
\??\c:\rrrxxrf.exec:\rrrxxrf.exe112⤵
-
\??\c:\bnhtbh.exec:\bnhtbh.exe113⤵
-
\??\c:\nnbhtb.exec:\nnbhtb.exe114⤵
-
\??\c:\dppvj.exec:\dppvj.exe115⤵
-
\??\c:\xrrrxrr.exec:\xrrrxrr.exe116⤵
-
\??\c:\llrxrxr.exec:\llrxrxr.exe117⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe118⤵
-
\??\c:\5ppvj.exec:\5ppvj.exe119⤵
-
\??\c:\jdvvj.exec:\jdvvj.exe120⤵
-
\??\c:\xrlrxxf.exec:\xrlrxxf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-