Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
04-06-2024 22:33
General
-
Target
0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe
-
Size
206KB
-
MD5
0f94d45ab5800f079ea8e6e1e4db5500
-
SHA1
0f00c10756732e71d0aaedefcb2cf0f6367426f9
-
SHA256
e451fda26406ceef6f017b3e414317049e478002b9a58604a7272a083dd96ac9
-
SHA512
dd6853f08208c72b0d580b8e7319949bcc31fe402129f94367effb4c8ef27b900027f53b028ea9d0698b4691e522d9d52d295745044526cfd5d14cc2d58372ef
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVM1p6TQpCihyo:PhOm2sI93UufdC67ciJTU2HVS64hyo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f94d45ab5800f079ea8e6e1e4db5500_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hhtbnn.exec:\hhtbnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpv.exec:\jdjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxlffx.exec:\llxlffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3fxrxfl.exec:\3fxrxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnnn.exec:\tbtnnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrflxr.exec:\rxrflxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnt.exec:\bbnbnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llffrxr.exec:\llffrxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rrlxlr.exec:\7rrlxlr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvjp.exec:\jvvjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbnhn.exec:\btbnhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtb.exec:\hhhhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvvd.exec:\dvvvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfxxl.exec:\xxrfxxl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjppv.exec:\jjppv.exe17⤵
- Executes dropped EXE
-
\??\c:\lrlxffx.exec:\lrlxffx.exe18⤵
- Executes dropped EXE
-
\??\c:\htnttb.exec:\htnttb.exe19⤵
- Executes dropped EXE
-
\??\c:\hbhbhn.exec:\hbhbhn.exe20⤵
- Executes dropped EXE
-
\??\c:\1rllrxl.exec:\1rllrxl.exe21⤵
- Executes dropped EXE
-
\??\c:\frlrrxx.exec:\frlrrxx.exe22⤵
- Executes dropped EXE
-
\??\c:\bhhhnn.exec:\bhhhnn.exe23⤵
- Executes dropped EXE
-
\??\c:\1rfrxxf.exec:\1rfrxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\ntnhbh.exec:\ntnhbh.exe25⤵
- Executes dropped EXE
-
\??\c:\hhbtht.exec:\hhbtht.exe26⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe27⤵
- Executes dropped EXE
-
\??\c:\lxfrrrr.exec:\lxfrrrr.exe28⤵
- Executes dropped EXE
-
\??\c:\3jvdj.exec:\3jvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\vpdjj.exec:\vpdjj.exe30⤵
- Executes dropped EXE
-
\??\c:\hhhhbb.exec:\hhhhbb.exe31⤵
- Executes dropped EXE
-
\??\c:\3djvd.exec:\3djvd.exe32⤵
- Executes dropped EXE
-
\??\c:\7xrrfff.exec:\7xrrfff.exe33⤵
- Executes dropped EXE
-
\??\c:\nnhbnt.exec:\nnhbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\pjjpj.exec:\pjjpj.exe35⤵
- Executes dropped EXE
-
\??\c:\7ppjp.exec:\7ppjp.exe36⤵
- Executes dropped EXE
-
\??\c:\1rffxxf.exec:\1rffxxf.exe37⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhnb.exec:\nhhhnb.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjvd.exec:\dvjvd.exe40⤵
- Executes dropped EXE
-
\??\c:\rxlflrx.exec:\rxlflrx.exe41⤵
- Executes dropped EXE
-
\??\c:\rflllff.exec:\rflllff.exe42⤵
- Executes dropped EXE
-
\??\c:\btbhtt.exec:\btbhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\bnbbhb.exec:\bnbbhb.exe44⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe45⤵
- Executes dropped EXE
-
\??\c:\jjjvp.exec:\jjjvp.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrxllr.exec:\fxrxllr.exe47⤵
- Executes dropped EXE
-
\??\c:\nnhtnb.exec:\nnhtnb.exe48⤵
- Executes dropped EXE
-
\??\c:\hbthhh.exec:\hbthhh.exe49⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe50⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe51⤵
- Executes dropped EXE
-
\??\c:\lrlffrr.exec:\lrlffrr.exe52⤵
- Executes dropped EXE
-
\??\c:\3hbtbt.exec:\3hbtbt.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvjv.exec:\jdvjv.exe54⤵
- Executes dropped EXE
-
\??\c:\djvvv.exec:\djvvv.exe55⤵
- Executes dropped EXE
-
\??\c:\rrlxrxl.exec:\rrlxrxl.exe56⤵
- Executes dropped EXE
-
\??\c:\hthbtt.exec:\hthbtt.exe57⤵
- Executes dropped EXE
-
\??\c:\bhhbbn.exec:\bhhbbn.exe58⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe59⤵
- Executes dropped EXE
-
\??\c:\jjpjd.exec:\jjpjd.exe60⤵
- Executes dropped EXE
-
\??\c:\fxflrxl.exec:\fxflrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\hbthnb.exec:\hbthnb.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdjv.exec:\dvdjv.exe63⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe64⤵
- Executes dropped EXE
-
\??\c:\rrrrllx.exec:\rrrrllx.exe65⤵
- Executes dropped EXE
-
\??\c:\3bttnn.exec:\3bttnn.exe66⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe67⤵
-
\??\c:\ddvdv.exec:\ddvdv.exe68⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe69⤵
-
\??\c:\xrflfff.exec:\xrflfff.exe70⤵
-
\??\c:\bnnttt.exec:\bnnttt.exe71⤵
-
\??\c:\btnttn.exec:\btnttn.exe72⤵
-
\??\c:\jddvv.exec:\jddvv.exe73⤵
-
\??\c:\rrllflx.exec:\rrllflx.exe74⤵
-
\??\c:\rrflxxx.exec:\rrflxxx.exe75⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe76⤵
-
\??\c:\tntbnt.exec:\tntbnt.exe77⤵
-
\??\c:\dvppd.exec:\dvppd.exe78⤵
-
\??\c:\rfxflxf.exec:\rfxflxf.exe79⤵
-
\??\c:\lfrxrrf.exec:\lfrxrrf.exe80⤵
-
\??\c:\hbnnbt.exec:\hbnnbt.exe81⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe82⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe83⤵
-
\??\c:\xrxxllf.exec:\xrxxllf.exe84⤵
-
\??\c:\lflfxxf.exec:\lflfxxf.exe85⤵
-
\??\c:\tnnbtt.exec:\tnnbtt.exe86⤵
-
\??\c:\bbthbh.exec:\bbthbh.exe87⤵
-
\??\c:\vvvjv.exec:\vvvjv.exe88⤵
-
\??\c:\vpjvv.exec:\vpjvv.exe89⤵
-
\??\c:\1rrxlrx.exec:\1rrxlrx.exe90⤵
-
\??\c:\rlfrxfl.exec:\rlfrxfl.exe91⤵
-
\??\c:\nhntbh.exec:\nhntbh.exe92⤵
-
\??\c:\3ddpv.exec:\3ddpv.exe93⤵
-
\??\c:\vpjjd.exec:\vpjjd.exe94⤵
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe95⤵
-
\??\c:\fxllllr.exec:\fxllllr.exe96⤵
-
\??\c:\nhbnbh.exec:\nhbnbh.exe97⤵
-
\??\c:\tnthbh.exec:\tnthbh.exe98⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe99⤵
-
\??\c:\ddvdd.exec:\ddvdd.exe100⤵
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe101⤵
-
\??\c:\lfrxfrf.exec:\lfrxfrf.exe102⤵
-
\??\c:\ttbhnb.exec:\ttbhnb.exe103⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe104⤵
-
\??\c:\pjdvd.exec:\pjdvd.exe105⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe106⤵
-
\??\c:\fffrfrf.exec:\fffrfrf.exe107⤵
-
\??\c:\hhhtht.exec:\hhhtht.exe108⤵
-
\??\c:\7bhbnt.exec:\7bhbnt.exe109⤵
-
\??\c:\9ddjd.exec:\9ddjd.exe110⤵
-
\??\c:\llxxxrx.exec:\llxxxrx.exe111⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe112⤵
-
\??\c:\5hbhtt.exec:\5hbhtt.exe113⤵
-
\??\c:\btnthh.exec:\btnthh.exe114⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe115⤵
-
\??\c:\9jpvj.exec:\9jpvj.exe116⤵
-
\??\c:\rlxlffl.exec:\rlxlffl.exe117⤵
-
\??\c:\tthtbb.exec:\tthtbb.exe118⤵
-
\??\c:\bnbtnt.exec:\bnbtnt.exe119⤵
-
\??\c:\vpvdp.exec:\vpvdp.exe120⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-