Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
04/06/2024, 19:55
General
-
Target
b6ffb41ff2018092ea09d33099504370_NeikiAnalytics.exe
-
Size
97KB
-
MD5
b6ffb41ff2018092ea09d33099504370
-
SHA1
2dffae3112a34293708cf2eaefe07b595bbbd6bc
-
SHA256
cfc8de022b5f77eb20b8fbdf5776fb37d31502bf9a29880ddf0bc5521f4a1e06
-
SHA512
0550acdcef6c254a7c22e2388ba267e94245bec4947240984cc6080596df82568d87a1d932d925643aafd6b5bc2e53626f5c47dcf87bcd2e82b20ca716c0a069
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73XH/YP1HFrJximAAxS1rj/2Cn:ymb3NkkiQ3mdBjFo73PYP1lri3K8Gwyg
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6ffb41ff2018092ea09d33099504370_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b6ffb41ff2018092ea09d33099504370_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrflr.exec:\xrfrflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthth.exec:\hbthth.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntnbn.exec:\tntnbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvjp.exec:\vjvjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfllx.exec:\rlxfllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxfllr.exec:\flxfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntbb.exec:\tbntbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthh.exec:\nhnthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjd.exec:\vpjjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjp.exec:\vjdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxlrf.exec:\xxrxlrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhhhtt.exec:\hhhhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbtbb.exec:\bnbtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjp.exec:\jdpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdj.exec:\jdpdj.exe17⤵
- Executes dropped EXE
-
\??\c:\xxlrxfl.exec:\xxlrxfl.exe18⤵
- Executes dropped EXE
-
\??\c:\fffflrl.exec:\fffflrl.exe19⤵
- Executes dropped EXE
-
\??\c:\hhtbnt.exec:\hhtbnt.exe20⤵
- Executes dropped EXE
-
\??\c:\9nhhtb.exec:\9nhhtb.exe21⤵
- Executes dropped EXE
-
\??\c:\pdjpd.exec:\pdjpd.exe22⤵
- Executes dropped EXE
-
\??\c:\vpvjd.exec:\vpvjd.exe23⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe24⤵
- Executes dropped EXE
-
\??\c:\llfflrf.exec:\llfflrf.exe25⤵
- Executes dropped EXE
-
\??\c:\xlflrxl.exec:\xlflrxl.exe26⤵
- Executes dropped EXE
-
\??\c:\9hbhtt.exec:\9hbhtt.exe27⤵
- Executes dropped EXE
-
\??\c:\1tnnbh.exec:\1tnnbh.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpjj.exec:\dvpjj.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\llflrfr.exec:\llflrfr.exe31⤵
- Executes dropped EXE
-
\??\c:\7frflrf.exec:\7frflrf.exe32⤵
- Executes dropped EXE
-
\??\c:\ttthbb.exec:\ttthbb.exe33⤵
- Executes dropped EXE
-
\??\c:\bbttbn.exec:\bbttbn.exe34⤵
- Executes dropped EXE
-
\??\c:\pdvjp.exec:\pdvjp.exe35⤵
- Executes dropped EXE
-
\??\c:\ddvdv.exec:\ddvdv.exe36⤵
- Executes dropped EXE
-
\??\c:\rlxfxlr.exec:\rlxfxlr.exe37⤵
- Executes dropped EXE
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe38⤵
- Executes dropped EXE
-
\??\c:\1frllxl.exec:\1frllxl.exe39⤵
- Executes dropped EXE
-
\??\c:\dddjp.exec:\dddjp.exe40⤵
- Executes dropped EXE
-
\??\c:\llrfrrl.exec:\llrfrrl.exe41⤵
- Executes dropped EXE
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\bntbnn.exec:\bntbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\3xxxllr.exec:\3xxxllr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhtbht.exec:\nhtbht.exe45⤵
- Executes dropped EXE
-
\??\c:\btbbbb.exec:\btbbbb.exe46⤵
- Executes dropped EXE
-
\??\c:\1hnbhh.exec:\1hnbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe48⤵
- Executes dropped EXE
-
\??\c:\3pddd.exec:\3pddd.exe49⤵
- Executes dropped EXE
-
\??\c:\vjppd.exec:\vjppd.exe50⤵
- Executes dropped EXE
-
\??\c:\3vjjp.exec:\3vjjp.exe51⤵
- Executes dropped EXE
-
\??\c:\3xxfrrx.exec:\3xxfrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\thnnbt.exec:\thnnbt.exe53⤵
- Executes dropped EXE
-
\??\c:\7bnnbt.exec:\7bnnbt.exe54⤵
- Executes dropped EXE
-
\??\c:\hthnhh.exec:\hthnhh.exe55⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe56⤵
- Executes dropped EXE
-
\??\c:\5jvpv.exec:\5jvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\rlxflrl.exec:\rlxflrl.exe58⤵
- Executes dropped EXE
-
\??\c:\rfrxllr.exec:\rfrxllr.exe59⤵
- Executes dropped EXE
-
\??\c:\bnttbt.exec:\bnttbt.exe60⤵
- Executes dropped EXE
-
\??\c:\9nthhh.exec:\9nthhh.exe61⤵
- Executes dropped EXE
-
\??\c:\vpjdp.exec:\vpjdp.exe62⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe63⤵
- Executes dropped EXE
-
\??\c:\rfrlrrr.exec:\rfrlrrr.exe64⤵
- Executes dropped EXE
-
\??\c:\rrfrflf.exec:\rrfrflf.exe65⤵
- Executes dropped EXE
-
\??\c:\tbtnht.exec:\tbtnht.exe66⤵
-
\??\c:\5hbbbb.exec:\5hbbbb.exe67⤵
-
\??\c:\7nbbbb.exec:\7nbbbb.exe68⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe69⤵
-
\??\c:\vjppv.exec:\vjppv.exe70⤵
-
\??\c:\rxrrfxr.exec:\rxrrfxr.exe71⤵
-
\??\c:\3frrrrx.exec:\3frrrrx.exe72⤵
-
\??\c:\3htthn.exec:\3htthn.exe73⤵
-
\??\c:\3hnnbb.exec:\3hnnbb.exe74⤵
-
\??\c:\djddd.exec:\djddd.exe75⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe76⤵
-
\??\c:\llfxflx.exec:\llfxflx.exe77⤵
-
\??\c:\rrfxrrx.exec:\rrfxrrx.exe78⤵
-
\??\c:\9tnthn.exec:\9tnthn.exe79⤵
-
\??\c:\hhttbh.exec:\hhttbh.exe80⤵
-
\??\c:\nbnthh.exec:\nbnthh.exe81⤵
-
\??\c:\1pdpv.exec:\1pdpv.exe82⤵
-
\??\c:\pjpvj.exec:\pjpvj.exe83⤵
-
\??\c:\rrfrlxf.exec:\rrfrlxf.exe84⤵
-
\??\c:\lflrflx.exec:\lflrflx.exe85⤵
-
\??\c:\nhtbhh.exec:\nhtbhh.exe86⤵
-
\??\c:\ttthnh.exec:\ttthnh.exe87⤵
-
\??\c:\tnbtbb.exec:\tnbtbb.exe88⤵
-
\??\c:\vppvp.exec:\vppvp.exe89⤵
-
\??\c:\llrxrxl.exec:\llrxrxl.exe90⤵
-
\??\c:\9lrlxfr.exec:\9lrlxfr.exe91⤵
-
\??\c:\rfffrrx.exec:\rfffrrx.exe92⤵
-
\??\c:\nhhbhn.exec:\nhhbhn.exe93⤵
-
\??\c:\bthhnt.exec:\bthhnt.exe94⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe95⤵
-
\??\c:\jpdpd.exec:\jpdpd.exe96⤵
-
\??\c:\9lllxlf.exec:\9lllxlf.exe97⤵
-
\??\c:\ffflxfl.exec:\ffflxfl.exe98⤵
-
\??\c:\7thhnn.exec:\7thhnn.exe99⤵
-
\??\c:\5bnnhh.exec:\5bnnhh.exe100⤵
-
\??\c:\7vppv.exec:\7vppv.exe101⤵
-
\??\c:\vjvdj.exec:\vjvdj.exe102⤵
-
\??\c:\rfllrrx.exec:\rfllrrx.exe103⤵
-
\??\c:\fxrflrf.exec:\fxrflrf.exe104⤵
-
\??\c:\1htbbb.exec:\1htbbb.exe105⤵
-
\??\c:\bthbhn.exec:\bthbhn.exe106⤵
-
\??\c:\5htntn.exec:\5htntn.exe107⤵
-
\??\c:\3jppv.exec:\3jppv.exe108⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe109⤵
-
\??\c:\rlxxffx.exec:\rlxxffx.exe110⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe111⤵
-
\??\c:\nthhtt.exec:\nthhtt.exe112⤵
-
\??\c:\jjvvv.exec:\jjvvv.exe113⤵
-
\??\c:\7vvvv.exec:\7vvvv.exe114⤵
-
\??\c:\frrlffr.exec:\frrlffr.exe115⤵
-
\??\c:\xlfrlxl.exec:\xlfrlxl.exe116⤵
-
\??\c:\hthtbb.exec:\hthtbb.exe117⤵
-
\??\c:\nhnnht.exec:\nhnnht.exe118⤵
-
\??\c:\jjjpd.exec:\jjjpd.exe119⤵
-
\??\c:\pdpdj.exec:\pdpdj.exe120⤵
-
\??\c:\rllxfrr.exec:\rllxfrr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-