Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
06-06-2024 21:23
General
-
Target
1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe
-
Size
63KB
-
MD5
1bbfd0ca0a3151322a6522498592de10
-
SHA1
095759eeaebfcacc4e81c481d89de1fc127b28c8
-
SHA256
e863add68e6d290408035c6363bef0c9a4f2070ddc6d8f93fcc41ed306528bf9
-
SHA512
b74a4b257899ca31138070d4c1d09856c6cb60a106a58975574313ea7923e5e7573d76544473397f2f017e715e6f1a78670aa00cc49b8ebd77388f297b029b58
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bL6Nf:ymb3NkkiQ3mdBjFIugph
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1bbfd0ca0a3151322a6522498592de10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7bttbh.exec:\7bttbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbth.exec:\tnhbth.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnt.exec:\btnbnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjpd.exec:\jdjpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrflrf.exec:\ffrflrf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnbnb.exec:\btnbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntnn.exec:\hbntnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpv.exec:\vpjpv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrffl.exec:\llfrffl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9llxrrf.exec:\9llxrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhnht.exec:\9nhnht.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppd.exec:\jvppd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrlffr.exec:\flrlffr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhttbh.exec:\nhttbh.exe17⤵
- Executes dropped EXE
-
\??\c:\nhntth.exec:\nhntth.exe18⤵
- Executes dropped EXE
-
\??\c:\vjjjv.exec:\vjjjv.exe19⤵
- Executes dropped EXE
-
\??\c:\lfxfrrf.exec:\lfxfrrf.exe20⤵
- Executes dropped EXE
-
\??\c:\rrrrllx.exec:\rrrrllx.exe21⤵
- Executes dropped EXE
-
\??\c:\htntnb.exec:\htntnb.exe22⤵
- Executes dropped EXE
-
\??\c:\7nhbnn.exec:\7nhbnn.exe23⤵
- Executes dropped EXE
-
\??\c:\djjvv.exec:\djjvv.exe24⤵
- Executes dropped EXE
-
\??\c:\9xfflrr.exec:\9xfflrr.exe25⤵
- Executes dropped EXE
-
\??\c:\9nbhht.exec:\9nbhht.exe26⤵
- Executes dropped EXE
-
\??\c:\1bbnnn.exec:\1bbnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe28⤵
- Executes dropped EXE
-
\??\c:\1jpvj.exec:\1jpvj.exe29⤵
- Executes dropped EXE
-
\??\c:\lrlrflx.exec:\lrlrflx.exe30⤵
- Executes dropped EXE
-
\??\c:\thnhnh.exec:\thnhnh.exe31⤵
- Executes dropped EXE
-
\??\c:\dvjpv.exec:\dvjpv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrlrrl.exec:\xrrlrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbhbt.exec:\bhbhbt.exe34⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe35⤵
- Executes dropped EXE
-
\??\c:\1vjdp.exec:\1vjdp.exe36⤵
- Executes dropped EXE
-
\??\c:\vjvjv.exec:\vjvjv.exe37⤵
- Executes dropped EXE
-
\??\c:\5rffrrx.exec:\5rffrrx.exe38⤵
- Executes dropped EXE
-
\??\c:\nbnbth.exec:\nbnbth.exe39⤵
- Executes dropped EXE
-
\??\c:\5hbhtb.exec:\5hbhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\tnhhnt.exec:\tnhhnt.exe41⤵
- Executes dropped EXE
-
\??\c:\vvdjv.exec:\vvdjv.exe42⤵
- Executes dropped EXE
-
\??\c:\xxlllrf.exec:\xxlllrf.exe43⤵
- Executes dropped EXE
-
\??\c:\rllxxff.exec:\rllxxff.exe44⤵
- Executes dropped EXE
-
\??\c:\bnthtb.exec:\bnthtb.exe45⤵
- Executes dropped EXE
-
\??\c:\nbhtth.exec:\nbhtth.exe46⤵
- Executes dropped EXE
-
\??\c:\3jpvd.exec:\3jpvd.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\5xfrlrl.exec:\5xfrlrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe50⤵
- Executes dropped EXE
-
\??\c:\hhthbh.exec:\hhthbh.exe51⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe52⤵
- Executes dropped EXE
-
\??\c:\5dpjv.exec:\5dpjv.exe53⤵
- Executes dropped EXE
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe54⤵
- Executes dropped EXE
-
\??\c:\1rflrrx.exec:\1rflrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\hhthtb.exec:\hhthtb.exe56⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe57⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\pdvvj.exec:\pdvvj.exe59⤵
- Executes dropped EXE
-
\??\c:\fxxfffl.exec:\fxxfffl.exe60⤵
- Executes dropped EXE
-
\??\c:\xxflrxl.exec:\xxflrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\1tthnt.exec:\1tthnt.exe62⤵
- Executes dropped EXE
-
\??\c:\vjvvd.exec:\vjvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\1jdjv.exec:\1jdjv.exe64⤵
- Executes dropped EXE
-
\??\c:\rlflffr.exec:\rlflffr.exe65⤵
- Executes dropped EXE
-
\??\c:\bbhnbt.exec:\bbhnbt.exe66⤵
-
\??\c:\1nhnhn.exec:\1nhnhn.exe67⤵
-
\??\c:\9dvjv.exec:\9dvjv.exe68⤵
-
\??\c:\9xxxffr.exec:\9xxxffr.exe69⤵
-
\??\c:\rxffllf.exec:\rxffllf.exe70⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe71⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe72⤵
-
\??\c:\ddpdj.exec:\ddpdj.exe73⤵
-
\??\c:\1dvpp.exec:\1dvpp.exe74⤵
-
\??\c:\lfflflr.exec:\lfflflr.exe75⤵
-
\??\c:\5xlrflr.exec:\5xlrflr.exe76⤵
-
\??\c:\9hbtnb.exec:\9hbtnb.exe77⤵
-
\??\c:\bbhbnb.exec:\bbhbnb.exe78⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe79⤵
-
\??\c:\fxrxrxf.exec:\fxrxrxf.exe80⤵
-
\??\c:\xrrrrrr.exec:\xrrrrrr.exe81⤵
-
\??\c:\hhthbh.exec:\hhthbh.exe82⤵
-
\??\c:\htbnhn.exec:\htbnhn.exe83⤵
-
\??\c:\vdvpv.exec:\vdvpv.exe84⤵
-
\??\c:\fxrxxrf.exec:\fxrxxrf.exe85⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe86⤵
-
\??\c:\tnbhnn.exec:\tnbhnn.exe87⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe88⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe89⤵
-
\??\c:\fxrxxfr.exec:\fxrxxfr.exe90⤵
-
\??\c:\nhbhbb.exec:\nhbhbb.exe91⤵
-
\??\c:\jjvjd.exec:\jjvjd.exe92⤵
-
\??\c:\vjdpj.exec:\vjdpj.exe93⤵
-
\??\c:\lfrxfll.exec:\lfrxfll.exe94⤵
-
\??\c:\9nnbnt.exec:\9nnbnt.exe95⤵
-
\??\c:\hhbhbh.exec:\hhbhbh.exe96⤵
-
\??\c:\1dppp.exec:\1dppp.exe97⤵
-
\??\c:\dvdjj.exec:\dvdjj.exe98⤵
-
\??\c:\rlxflxl.exec:\rlxflxl.exe99⤵
-
\??\c:\7htbhb.exec:\7htbhb.exe100⤵
-
\??\c:\5tbhbb.exec:\5tbhbb.exe101⤵
-
\??\c:\7jjdv.exec:\7jjdv.exe102⤵
-
\??\c:\5pjvj.exec:\5pjvj.exe103⤵
-
\??\c:\rrffffr.exec:\rrffffr.exe104⤵
-
\??\c:\xxrlrrl.exec:\xxrlrrl.exe105⤵
-
\??\c:\htbhtt.exec:\htbhtt.exe106⤵
-
\??\c:\bbthtt.exec:\bbthtt.exe107⤵
-
\??\c:\1djpj.exec:\1djpj.exe108⤵
-
\??\c:\3pjpv.exec:\3pjpv.exe109⤵
-
\??\c:\fxrlxxf.exec:\fxrlxxf.exe110⤵
-
\??\c:\bbnttb.exec:\bbnttb.exe111⤵
-
\??\c:\tnnthn.exec:\tnnthn.exe112⤵
-
\??\c:\djvdv.exec:\djvdv.exe113⤵
-
\??\c:\pdvdj.exec:\pdvdj.exe114⤵
-
\??\c:\ffxlllx.exec:\ffxlllx.exe115⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe116⤵
-
\??\c:\5hbhbh.exec:\5hbhbh.exe117⤵
-
\??\c:\9ttntb.exec:\9ttntb.exe118⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe119⤵
-
\??\c:\vpdjp.exec:\vpdjp.exe120⤵
-
\??\c:\7rrrxxl.exec:\7rrrxxl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-