Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-06-2024 03:54
General
-
Target
9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe
-
Size
835KB
-
MD5
9ab072ccd484d8da62ebb19ebdde2f60
-
SHA1
9912dc7816a7a9e8544ee7477cefcba7ddd0d011
-
SHA256
672913e70c81197a5f6633d5c5376330f7617a16c81c947183a2e4b7721953de
-
SHA512
dca4e79d183478b9322617e73648ee7807ecd47d8b262bdb225d805a356bd4e7b5eeac3023500917f31cad18b60051acd6d113126a4d4c5a36da49c4e474ba46
-
SSDEEP
24576:Sgdn8whSenedn8whhdn76gdn8whSfgdn8whSzn:TFyVPfm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9ab072ccd484d8da62ebb19ebdde2f60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\88284.exec:\88284.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntbnh.exec:\nntbnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\822446.exec:\822446.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7hnnnt.exec:\7hnnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\042244.exec:\042244.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhh.exec:\hhbbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4488222.exec:\4488222.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfrrrrr.exec:\rfrrrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpp.exec:\dpjpp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86406.exec:\86406.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjdj.exec:\djjdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxflrl.exec:\xxxflrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddd.exec:\jdddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvjp.exec:\pvvjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dddpv.exec:\dddpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m2484.exec:\m2484.exe17⤵
- Executes dropped EXE
-
\??\c:\i224062.exec:\i224062.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjpj.exec:\dvjpj.exe19⤵
- Executes dropped EXE
-
\??\c:\xxlrlll.exec:\xxlrlll.exe20⤵
- Executes dropped EXE
-
\??\c:\1ttbth.exec:\1ttbth.exe21⤵
- Executes dropped EXE
-
\??\c:\00404.exec:\00404.exe22⤵
- Executes dropped EXE
-
\??\c:\802008.exec:\802008.exe23⤵
- Executes dropped EXE
-
\??\c:\208624.exec:\208624.exe24⤵
- Executes dropped EXE
-
\??\c:\m6662.exec:\m6662.exe25⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhthb.exec:\hbhthb.exe27⤵
- Executes dropped EXE
-
\??\c:\ttnnnn.exec:\ttnnnn.exe28⤵
- Executes dropped EXE
-
\??\c:\26842.exec:\26842.exe29⤵
- Executes dropped EXE
-
\??\c:\426882.exec:\426882.exe30⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe31⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\m4402.exec:\m4402.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrlrlf.exec:\xrrlrlf.exe34⤵
- Executes dropped EXE
-
\??\c:\ffxllxf.exec:\ffxllxf.exe35⤵
- Executes dropped EXE
-
\??\c:\22486.exec:\22486.exe36⤵
- Executes dropped EXE
-
\??\c:\o642624.exec:\o642624.exe37⤵
- Executes dropped EXE
-
\??\c:\7bthbn.exec:\7bthbn.exe38⤵
- Executes dropped EXE
-
\??\c:\pjvdj.exec:\pjvdj.exe39⤵
- Executes dropped EXE
-
\??\c:\5pjpv.exec:\5pjpv.exe40⤵
- Executes dropped EXE
-
\??\c:\fllxxrr.exec:\fllxxrr.exe41⤵
- Executes dropped EXE
-
\??\c:\080240.exec:\080240.exe42⤵
- Executes dropped EXE
-
\??\c:\3tnnnt.exec:\3tnnnt.exe43⤵
- Executes dropped EXE
-
\??\c:\5jvpj.exec:\5jvpj.exe44⤵
- Executes dropped EXE
-
\??\c:\84286.exec:\84286.exe45⤵
- Executes dropped EXE
-
\??\c:\268266.exec:\268266.exe46⤵
- Executes dropped EXE
-
\??\c:\hhntbn.exec:\hhntbn.exe47⤵
- Executes dropped EXE
-
\??\c:\2420662.exec:\2420662.exe48⤵
- Executes dropped EXE
-
\??\c:\4840880.exec:\4840880.exe49⤵
- Executes dropped EXE
-
\??\c:\486426.exec:\486426.exe50⤵
- Executes dropped EXE
-
\??\c:\9vdpj.exec:\9vdpj.exe51⤵
- Executes dropped EXE
-
\??\c:\tthhbb.exec:\tthhbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vvvpd.exec:\vvvpd.exe53⤵
- Executes dropped EXE
-
\??\c:\806846.exec:\806846.exe54⤵
- Executes dropped EXE
-
\??\c:\86240.exec:\86240.exe55⤵
- Executes dropped EXE
-
\??\c:\886244.exec:\886244.exe56⤵
- Executes dropped EXE
-
\??\c:\rfrflrl.exec:\rfrflrl.exe57⤵
- Executes dropped EXE
-
\??\c:\26468.exec:\26468.exe58⤵
- Executes dropped EXE
-
\??\c:\820688.exec:\820688.exe59⤵
- Executes dropped EXE
-
\??\c:\66606.exec:\66606.exe60⤵
- Executes dropped EXE
-
\??\c:\00042.exec:\00042.exe61⤵
- Executes dropped EXE
-
\??\c:\444222.exec:\444222.exe62⤵
- Executes dropped EXE
-
\??\c:\044608.exec:\044608.exe63⤵
- Executes dropped EXE
-
\??\c:\2626648.exec:\2626648.exe64⤵
- Executes dropped EXE
-
\??\c:\0244666.exec:\0244666.exe65⤵
- Executes dropped EXE
-
\??\c:\4868408.exec:\4868408.exe66⤵
-
\??\c:\086606.exec:\086606.exe67⤵
-
\??\c:\tnnthh.exec:\tnnthh.exe68⤵
-
\??\c:\04628.exec:\04628.exe69⤵
-
\??\c:\lrlffxr.exec:\lrlffxr.exe70⤵
-
\??\c:\xrrxfll.exec:\xrrxfll.exe71⤵
-
\??\c:\pjvvp.exec:\pjvvp.exe72⤵
-
\??\c:\2206466.exec:\2206466.exe73⤵
-
\??\c:\4426000.exec:\4426000.exe74⤵
-
\??\c:\4846080.exec:\4846080.exe75⤵
-
\??\c:\8482020.exec:\8482020.exe76⤵
-
\??\c:\826206.exec:\826206.exe77⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe78⤵
-
\??\c:\bthnbt.exec:\bthnbt.exe79⤵
-
\??\c:\u828624.exec:\u828624.exe80⤵
-
\??\c:\rrflxff.exec:\rrflxff.exe81⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe82⤵
-
\??\c:\rfxfrll.exec:\rfxfrll.exe83⤵
-
\??\c:\g0404.exec:\g0404.exe84⤵
-
\??\c:\808244.exec:\808244.exe85⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe86⤵
-
\??\c:\8880808.exec:\8880808.exe87⤵
-
\??\c:\2402084.exec:\2402084.exe88⤵
-
\??\c:\04848.exec:\04848.exe89⤵
-
\??\c:\60248.exec:\60248.exe90⤵
-
\??\c:\hbbhnt.exec:\hbbhnt.exe91⤵
-
\??\c:\fflrlxr.exec:\fflrlxr.exe92⤵
-
\??\c:\hhnnbt.exec:\hhnnbt.exe93⤵
-
\??\c:\68062.exec:\68062.exe94⤵
-
\??\c:\fxlrflx.exec:\fxlrflx.exe95⤵
-
\??\c:\84284.exec:\84284.exe96⤵
-
\??\c:\20024.exec:\20024.exe97⤵
-
\??\c:\w00222.exec:\w00222.exe98⤵
-
\??\c:\688660.exec:\688660.exe99⤵
-
\??\c:\thbbhn.exec:\thbbhn.exe100⤵
-
\??\c:\jvpvj.exec:\jvpvj.exe101⤵
-
\??\c:\420062.exec:\420062.exe102⤵
-
\??\c:\3bhntt.exec:\3bhntt.exe103⤵
-
\??\c:\88206.exec:\88206.exe104⤵
-
\??\c:\jjjvd.exec:\jjjvd.exe105⤵
-
\??\c:\8284068.exec:\8284068.exe106⤵
-
\??\c:\220028.exec:\220028.exe107⤵
-
\??\c:\q48028.exec:\q48028.exe108⤵
-
\??\c:\088846.exec:\088846.exe109⤵
-
\??\c:\htnttt.exec:\htnttt.exe110⤵
-
\??\c:\fxrrflx.exec:\fxrrflx.exe111⤵
-
\??\c:\0424484.exec:\0424484.exe112⤵
-
\??\c:\llffxlx.exec:\llffxlx.exe113⤵
-
\??\c:\k80640.exec:\k80640.exe114⤵
-
\??\c:\xrllxxx.exec:\xrllxxx.exe115⤵
-
\??\c:\xllrffl.exec:\xllrffl.exe116⤵
-
\??\c:\886006.exec:\886006.exe117⤵
-
\??\c:\lllflrx.exec:\lllflrx.exe118⤵
-
\??\c:\8844262.exec:\8844262.exe119⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe120⤵
-
\??\c:\8484220.exec:\8484220.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-