Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
04/06/2024, 19:16
General
-
Target
8d1354813c4786fb75be21c6656ee240_NeikiAnalytics.exe
-
Size
414KB
-
MD5
8d1354813c4786fb75be21c6656ee240
-
SHA1
5dddb0a24af45992ad463a805de8b0aaeb916172
-
SHA256
7135dfa958ed5c5053a8ab269aabe85d2fd2f47caaea50a389e62dc299f3774d
-
SHA512
0c0dc203bc1fd4dbb968ca89956be0956911cfb37dc829db00540b2ea8785fc2378c84384a2721e9a370a66278a359063f265b186cbc735e13978f29b6de6778
-
SSDEEP
12288:n3C9ytvngQj4DtvnV9wLn9UTfC8eieJNBNIsYP9:SgdnJUdnV9d
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d1354813c4786fb75be21c6656ee240_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8d1354813c4786fb75be21c6656ee240_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxlrff.exec:\flxlrff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llfllx.exec:\1llfllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btbhnn.exec:\btbhnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffffxlx.exec:\ffffxlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hbnbn.exec:\1hbnbn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpdv.exec:\jvpdv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnbn.exec:\bnhnbn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djpvp.exec:\djpvp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrxf.exec:\fxflrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpdpp.exec:\jpdpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxlx.exec:\frflxlx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxrfx.exec:\xrfxrfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbnb.exec:\1tnbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffflxxl.exec:\ffflxxl.exe17⤵
- Executes dropped EXE
-
\??\c:\tthntb.exec:\tthntb.exe18⤵
- Executes dropped EXE
-
\??\c:\vvvpj.exec:\vvvpj.exe19⤵
- Executes dropped EXE
-
\??\c:\nnhnbb.exec:\nnhnbb.exe20⤵
- Executes dropped EXE
-
\??\c:\hthhbh.exec:\hthhbh.exe21⤵
- Executes dropped EXE
-
\??\c:\rlfrllf.exec:\rlfrllf.exe22⤵
- Executes dropped EXE
-
\??\c:\btnnhn.exec:\btnnhn.exe23⤵
- Executes dropped EXE
-
\??\c:\5rllrrl.exec:\5rllrrl.exe24⤵
- Executes dropped EXE
-
\??\c:\9thnbn.exec:\9thnbn.exe25⤵
- Executes dropped EXE
-
\??\c:\rrxlxfr.exec:\rrxlxfr.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtbhn.exec:\nhtbhn.exe27⤵
- Executes dropped EXE
-
\??\c:\rfxrflx.exec:\rfxrflx.exe28⤵
- Executes dropped EXE
-
\??\c:\1httbb.exec:\1httbb.exe29⤵
- Executes dropped EXE
-
\??\c:\lflrxxl.exec:\lflrxxl.exe30⤵
- Executes dropped EXE
-
\??\c:\nnbbnt.exec:\nnbbnt.exe31⤵
- Executes dropped EXE
-
\??\c:\pvppd.exec:\pvppd.exe32⤵
- Executes dropped EXE
-
\??\c:\lxflfxf.exec:\lxflfxf.exe33⤵
- Executes dropped EXE
-
\??\c:\ddvdp.exec:\ddvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\xxrrrxf.exec:\xxrrrxf.exe35⤵
- Executes dropped EXE
-
\??\c:\tnntnn.exec:\tnntnn.exe36⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\flrlflr.exec:\flrlflr.exe38⤵
- Executes dropped EXE
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe40⤵
- Executes dropped EXE
-
\??\c:\jjjpd.exec:\jjjpd.exe41⤵
- Executes dropped EXE
-
\??\c:\lrlxflr.exec:\lrlxflr.exe42⤵
- Executes dropped EXE
-
\??\c:\nnhhtt.exec:\nnhhtt.exe43⤵
- Executes dropped EXE
-
\??\c:\hthbht.exec:\hthbht.exe44⤵
- Executes dropped EXE
-
\??\c:\djpdd.exec:\djpdd.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrxxr.exec:\xrlrxxr.exe46⤵
- Executes dropped EXE
-
\??\c:\hhthnb.exec:\hhthnb.exe47⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe48⤵
- Executes dropped EXE
-
\??\c:\pvvdp.exec:\pvvdp.exe49⤵
- Executes dropped EXE
-
\??\c:\1lflxlx.exec:\1lflxlx.exe50⤵
- Executes dropped EXE
-
\??\c:\9nnnbb.exec:\9nnnbb.exe51⤵
- Executes dropped EXE
-
\??\c:\thnnnb.exec:\thnnnb.exe52⤵
- Executes dropped EXE
-
\??\c:\7dvdj.exec:\7dvdj.exe53⤵
- Executes dropped EXE
-
\??\c:\rrlrxfl.exec:\rrlrxfl.exe54⤵
- Executes dropped EXE
-
\??\c:\fxlllrf.exec:\fxlllrf.exe55⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe57⤵
- Executes dropped EXE
-
\??\c:\llxflrx.exec:\llxflrx.exe58⤵
- Executes dropped EXE
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\htnbhb.exec:\htnbhb.exe60⤵
- Executes dropped EXE
-
\??\c:\1ppdp.exec:\1ppdp.exe61⤵
- Executes dropped EXE
-
\??\c:\9pddj.exec:\9pddj.exe62⤵
- Executes dropped EXE
-
\??\c:\xxrflxf.exec:\xxrflxf.exe63⤵
- Executes dropped EXE
-
\??\c:\hhbhtb.exec:\hhbhtb.exe64⤵
- Executes dropped EXE
-
\??\c:\3hbhht.exec:\3hbhht.exe65⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe66⤵
-
\??\c:\lxrxffr.exec:\lxrxffr.exe67⤵
-
\??\c:\hntbnh.exec:\hntbnh.exe68⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe69⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe70⤵
-
\??\c:\llxfflr.exec:\llxfflr.exe71⤵
-
\??\c:\9tnhhn.exec:\9tnhhn.exe72⤵
-
\??\c:\nhbbbh.exec:\nhbbbh.exe73⤵
-
\??\c:\ddvjp.exec:\ddvjp.exe74⤵
-
\??\c:\fxxfllx.exec:\fxxfllx.exe75⤵
-
\??\c:\lxlxrrl.exec:\lxlxrrl.exe76⤵
-
\??\c:\5ttbth.exec:\5ttbth.exe77⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe78⤵
-
\??\c:\rrrrflx.exec:\rrrrflx.exe79⤵
-
\??\c:\lffxrrf.exec:\lffxrrf.exe80⤵
-
\??\c:\tbbnbb.exec:\tbbnbb.exe81⤵
-
\??\c:\jdvpv.exec:\jdvpv.exe82⤵
-
\??\c:\5jdjd.exec:\5jdjd.exe83⤵
-
\??\c:\3ffrflf.exec:\3ffrflf.exe84⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe85⤵
-
\??\c:\1hhtht.exec:\1hhtht.exe86⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe87⤵
-
\??\c:\xrfxflr.exec:\xrfxflr.exe88⤵
-
\??\c:\xrfllrr.exec:\xrfllrr.exe89⤵
-
\??\c:\9bnhhh.exec:\9bnhhh.exe90⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe91⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe92⤵
-
\??\c:\1rlrflf.exec:\1rlrflf.exe93⤵
-
\??\c:\tnbhtn.exec:\tnbhtn.exe94⤵
-
\??\c:\5nbhtb.exec:\5nbhtb.exe95⤵
-
\??\c:\djdjv.exec:\djdjv.exe96⤵
-
\??\c:\1lfrflf.exec:\1lfrflf.exe97⤵
-
\??\c:\lfrlrxl.exec:\lfrlrxl.exe98⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe99⤵
-
\??\c:\3dvvv.exec:\3dvvv.exe100⤵
-
\??\c:\fxxlrfr.exec:\fxxlrfr.exe101⤵
-
\??\c:\xlrrxrr.exec:\xlrrxrr.exe102⤵
-
\??\c:\1bbbnn.exec:\1bbbnn.exe103⤵
-
\??\c:\dvjvd.exec:\dvjvd.exe104⤵
-
\??\c:\vpjpd.exec:\vpjpd.exe105⤵
-
\??\c:\rlrxxxf.exec:\rlrxxxf.exe106⤵
-
\??\c:\9nbhtt.exec:\9nbhtt.exe107⤵
-
\??\c:\vpvjp.exec:\vpvjp.exe108⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe109⤵
-
\??\c:\1xllxxx.exec:\1xllxxx.exe110⤵
-
\??\c:\3hbthh.exec:\3hbthh.exe111⤵
-
\??\c:\tttbnt.exec:\tttbnt.exe112⤵
-
\??\c:\3vvjj.exec:\3vvjj.exe113⤵
-
\??\c:\rflrlxf.exec:\rflrlxf.exe114⤵
-
\??\c:\lffrllx.exec:\lffrllx.exe115⤵
-
\??\c:\tthntb.exec:\tthntb.exe116⤵
-
\??\c:\jjvpp.exec:\jjvpp.exe117⤵
-
\??\c:\jjdvv.exec:\jjdvv.exe118⤵
-
\??\c:\fxffllx.exec:\fxffllx.exe119⤵
-
\??\c:\5tntbh.exec:\5tntbh.exe120⤵
-
\??\c:\nnhnbn.exec:\nnhnbn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-