Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03/06/2024, 15:54
General
-
Target
43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe
-
Size
64KB
-
MD5
43e4b1e7f3c60a1d63ad81c65210cfd0
-
SHA1
9df315a64de32e61e5c2efb9f9068840d075b4c6
-
SHA256
d5f2bd91ab8e41fee17f3bc66849168b684607b3875be32da111cbd97e1a9157
-
SHA512
19cdf939cd69bad90d736be913243e75114bbf8dbdabadc8dbe1a017f0c469cb6a5459987d0cb76a5b6045804df66f8627e3a3623f6b24a10781b967b7dc614b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIhJm/wL:ymb3NkkiQ3mdBjFILmu
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43e4b1e7f3c60a1d63ad81c65210cfd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhhb.exec:\ttbhhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ppvp.exec:\9ppvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrxr.exec:\xlflrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbh.exec:\nhntbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfffxx.exec:\frfffxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrfxll.exec:\lrrfxll.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhthnh.exec:\nhthnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxrfrf.exec:\flxrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlff.exec:\lfrxlff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnbhh.exec:\5tnbhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dpdj.exec:\3dpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdpv.exec:\dvdpv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlfllfl.exec:\xlfllfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnh.exec:\nnbhnh.exe17⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe18⤵
- Executes dropped EXE
-
\??\c:\pvvjv.exec:\pvvjv.exe19⤵
- Executes dropped EXE
-
\??\c:\frlxxlr.exec:\frlxxlr.exe20⤵
- Executes dropped EXE
-
\??\c:\xlrxlxl.exec:\xlrxlxl.exe21⤵
- Executes dropped EXE
-
\??\c:\tbhnhn.exec:\tbhnhn.exe22⤵
- Executes dropped EXE
-
\??\c:\7vpjd.exec:\7vpjd.exe23⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe24⤵
- Executes dropped EXE
-
\??\c:\xrlrxff.exec:\xrlrxff.exe25⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe26⤵
- Executes dropped EXE
-
\??\c:\bbtthh.exec:\bbtthh.exe27⤵
- Executes dropped EXE
-
\??\c:\vvjdv.exec:\vvjdv.exe28⤵
- Executes dropped EXE
-
\??\c:\rllrffr.exec:\rllrffr.exe29⤵
- Executes dropped EXE
-
\??\c:\bnthbh.exec:\bnthbh.exe30⤵
- Executes dropped EXE
-
\??\c:\nhnnbn.exec:\nhnnbn.exe31⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe32⤵
- Executes dropped EXE
-
\??\c:\lfffrxx.exec:\lfffrxx.exe33⤵
- Executes dropped EXE
-
\??\c:\3htbbh.exec:\3htbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\jdvvd.exec:\jdvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe36⤵
- Executes dropped EXE
-
\??\c:\1xrllxx.exec:\1xrllxx.exe37⤵
- Executes dropped EXE
-
\??\c:\3rllrrl.exec:\3rllrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe39⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\7djvj.exec:\7djvj.exe41⤵
- Executes dropped EXE
-
\??\c:\9pdpv.exec:\9pdpv.exe42⤵
- Executes dropped EXE
-
\??\c:\rrffllr.exec:\rrffllr.exe43⤵
- Executes dropped EXE
-
\??\c:\rxlrflr.exec:\rxlrflr.exe44⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe45⤵
- Executes dropped EXE
-
\??\c:\nhnnbn.exec:\nhnnbn.exe46⤵
- Executes dropped EXE
-
\??\c:\pdpjd.exec:\pdpjd.exe47⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe48⤵
- Executes dropped EXE
-
\??\c:\xrflrrx.exec:\xrflrrx.exe49⤵
- Executes dropped EXE
-
\??\c:\lxxxflx.exec:\lxxxflx.exe50⤵
- Executes dropped EXE
-
\??\c:\btbtbb.exec:\btbtbb.exe51⤵
- Executes dropped EXE
-
\??\c:\nthnnb.exec:\nthnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\vppjj.exec:\vppjj.exe53⤵
- Executes dropped EXE
-
\??\c:\jjddd.exec:\jjddd.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrlfff.exec:\rfrlfff.exe55⤵
- Executes dropped EXE
-
\??\c:\xrllrlx.exec:\xrllrlx.exe56⤵
- Executes dropped EXE
-
\??\c:\ntnttt.exec:\ntnttt.exe57⤵
- Executes dropped EXE
-
\??\c:\hhnhhh.exec:\hhnhhh.exe58⤵
- Executes dropped EXE
-
\??\c:\pjdjv.exec:\pjdjv.exe59⤵
- Executes dropped EXE
-
\??\c:\vvvdj.exec:\vvvdj.exe60⤵
- Executes dropped EXE
-
\??\c:\xxrxfrr.exec:\xxrxfrr.exe61⤵
- Executes dropped EXE
-
\??\c:\3fllxxr.exec:\3fllxxr.exe62⤵
- Executes dropped EXE
-
\??\c:\7bhnbb.exec:\7bhnbb.exe63⤵
- Executes dropped EXE
-
\??\c:\7nntbh.exec:\7nntbh.exe64⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe65⤵
- Executes dropped EXE
-
\??\c:\jppvj.exec:\jppvj.exe66⤵
-
\??\c:\rfflflf.exec:\rfflflf.exe67⤵
-
\??\c:\xrfrllx.exec:\xrfrllx.exe68⤵
-
\??\c:\tbhbhn.exec:\tbhbhn.exe69⤵
-
\??\c:\nhhhhn.exec:\nhhhhn.exe70⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe71⤵
-
\??\c:\pjjdp.exec:\pjjdp.exe72⤵
-
\??\c:\lflrlll.exec:\lflrlll.exe73⤵
-
\??\c:\ttnnhn.exec:\ttnnhn.exe74⤵
-
\??\c:\tnnbbh.exec:\tnnbbh.exe75⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe76⤵
-
\??\c:\5vpdd.exec:\5vpdd.exe77⤵
-
\??\c:\lrflfll.exec:\lrflfll.exe78⤵
-
\??\c:\5hbnnb.exec:\5hbnnb.exe79⤵
-
\??\c:\tbhttn.exec:\tbhttn.exe80⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe81⤵
-
\??\c:\pjppj.exec:\pjppj.exe82⤵
-
\??\c:\fxllrrf.exec:\fxllrrf.exe83⤵
-
\??\c:\rrxflxr.exec:\rrxflxr.exe84⤵
-
\??\c:\3nbhhh.exec:\3nbhhh.exe85⤵
-
\??\c:\hnthbn.exec:\hnthbn.exe86⤵
-
\??\c:\jjdjd.exec:\jjdjd.exe87⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe88⤵
-
\??\c:\frffxfl.exec:\frffxfl.exe89⤵
-
\??\c:\9bntbh.exec:\9bntbh.exe90⤵
-
\??\c:\nhnttt.exec:\nhnttt.exe91⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe92⤵
-
\??\c:\3vdjd.exec:\3vdjd.exe93⤵
-
\??\c:\dpjpd.exec:\dpjpd.exe94⤵
-
\??\c:\lflrxxr.exec:\lflrxxr.exe95⤵
-
\??\c:\xrflrrx.exec:\xrflrrx.exe96⤵
-
\??\c:\tnhnbb.exec:\tnhnbb.exe97⤵
-
\??\c:\vjjdv.exec:\vjjdv.exe98⤵
-
\??\c:\jdppv.exec:\jdppv.exe99⤵
-
\??\c:\7lffflr.exec:\7lffflr.exe100⤵
-
\??\c:\lxfffxf.exec:\lxfffxf.exe101⤵
-
\??\c:\bhnhnt.exec:\bhnhnt.exe102⤵
-
\??\c:\nhhhtt.exec:\nhhhtt.exe103⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe104⤵
-
\??\c:\9jdpv.exec:\9jdpv.exe105⤵
-
\??\c:\lfrxxrf.exec:\lfrxxrf.exe106⤵
-
\??\c:\nhtbtt.exec:\nhtbtt.exe107⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe108⤵
-
\??\c:\3dppp.exec:\3dppp.exe109⤵
-
\??\c:\pdjdd.exec:\pdjdd.exe110⤵
-
\??\c:\rfllrxf.exec:\rfllrxf.exe111⤵
-
\??\c:\fflxlfx.exec:\fflxlfx.exe112⤵
-
\??\c:\htntbb.exec:\htntbb.exe113⤵
-
\??\c:\7htnnn.exec:\7htnnn.exe114⤵
-
\??\c:\ppddj.exec:\ppddj.exe115⤵
-
\??\c:\pvdpj.exec:\pvdpj.exe116⤵
-
\??\c:\1htbtt.exec:\1htbtt.exe117⤵
-
\??\c:\5bnbbn.exec:\5bnbbn.exe118⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe119⤵
-
\??\c:\dvddj.exec:\dvddj.exe120⤵
-
\??\c:\5xxxffl.exec:\5xxxffl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-