Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
07/06/2024, 10:25
General
-
Target
4e3d7e49296907913ab82632ec311a20_NeikiAnalytics.exe
-
Size
62KB
-
MD5
4e3d7e49296907913ab82632ec311a20
-
SHA1
6a9c043ebc57a1d9830608a5e195d383406c8e73
-
SHA256
10b50da046ed2c8151669499690f51c5d24f38dcf67690ed10671118b7cc3c4f
-
SHA512
700cb70c1810a19c273912f8e576c017b6b4f1ccc611004b08527c064266b7ad5544addcdc637d831b3490ba156b8bed3b14e9c9ee1ef167649f851fbf421042
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bL6ZKE:ymb3NkkiQ3mdBjFIugpR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4e3d7e49296907913ab82632ec311a20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4e3d7e49296907913ab82632ec311a20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnh.exec:\nnbhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddpvj.exec:\ddpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrxfl.exec:\rrfrxfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbbb.exec:\htbbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpp.exec:\3pjpp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xlfllr.exec:\9xlfllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhnt.exec:\bthhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntn.exec:\bthntn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvv.exec:\pjpvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llfrxrr.exec:\llfrxrr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrrrf.exec:\7rxrrrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbnh.exec:\bbnbnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjpd.exec:\dvjpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdvj.exec:\vpdvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrrffl.exec:\9xrrffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbntbh.exec:\hbntbh.exe17⤵
- Executes dropped EXE
-
\??\c:\7pjpj.exec:\7pjpj.exe18⤵
- Executes dropped EXE
-
\??\c:\ddddd.exec:\ddddd.exe19⤵
- Executes dropped EXE
-
\??\c:\xlfxxrx.exec:\xlfxxrx.exe20⤵
- Executes dropped EXE
-
\??\c:\tnhhnn.exec:\tnhhnn.exe21⤵
- Executes dropped EXE
-
\??\c:\1nhnth.exec:\1nhnth.exe22⤵
- Executes dropped EXE
-
\??\c:\ppjpp.exec:\ppjpp.exe23⤵
- Executes dropped EXE
-
\??\c:\3xrrlfr.exec:\3xrrlfr.exe24⤵
- Executes dropped EXE
-
\??\c:\1xrrffr.exec:\1xrrffr.exe25⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe26⤵
- Executes dropped EXE
-
\??\c:\3jvpd.exec:\3jvpd.exe27⤵
- Executes dropped EXE
-
\??\c:\xrrrffr.exec:\xrrrffr.exe28⤵
- Executes dropped EXE
-
\??\c:\xlrfrxf.exec:\xlrfrxf.exe29⤵
- Executes dropped EXE
-
\??\c:\btnhnn.exec:\btnhnn.exe30⤵
- Executes dropped EXE
-
\??\c:\bnhntn.exec:\bnhntn.exe31⤵
- Executes dropped EXE
-
\??\c:\1vpdv.exec:\1vpdv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlxxfr.exec:\xrlxxfr.exe33⤵
- Executes dropped EXE
-
\??\c:\5bhhnn.exec:\5bhhnn.exe34⤵
- Executes dropped EXE
-
\??\c:\bthnhn.exec:\bthnhn.exe35⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe36⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe37⤵
- Executes dropped EXE
-
\??\c:\1lllrrf.exec:\1lllrrf.exe38⤵
- Executes dropped EXE
-
\??\c:\ntnnbb.exec:\ntnnbb.exe39⤵
- Executes dropped EXE
-
\??\c:\bntbhb.exec:\bntbhb.exe40⤵
- Executes dropped EXE
-
\??\c:\9vvjj.exec:\9vvjj.exe41⤵
- Executes dropped EXE
-
\??\c:\3jvvv.exec:\3jvvv.exe42⤵
- Executes dropped EXE
-
\??\c:\rlfrrxf.exec:\rlfrrxf.exe43⤵
- Executes dropped EXE
-
\??\c:\xrxlxff.exec:\xrxlxff.exe44⤵
- Executes dropped EXE
-
\??\c:\9hbbhh.exec:\9hbbhh.exe45⤵
- Executes dropped EXE
-
\??\c:\3hbhtt.exec:\3hbhtt.exe46⤵
- Executes dropped EXE
-
\??\c:\ddjdv.exec:\ddjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\dvpdd.exec:\dvpdd.exe48⤵
- Executes dropped EXE
-
\??\c:\llffrrr.exec:\llffrrr.exe49⤵
- Executes dropped EXE
-
\??\c:\3frllrf.exec:\3frllrf.exe50⤵
- Executes dropped EXE
-
\??\c:\9bbbnn.exec:\9bbbnn.exe51⤵
- Executes dropped EXE
-
\??\c:\htnhnt.exec:\htnhnt.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdjp.exec:\vjdjp.exe53⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe54⤵
- Executes dropped EXE
-
\??\c:\rfrxffx.exec:\rfrxffx.exe55⤵
- Executes dropped EXE
-
\??\c:\fxlxxfl.exec:\fxlxxfl.exe56⤵
- Executes dropped EXE
-
\??\c:\tnbntb.exec:\tnbntb.exe57⤵
- Executes dropped EXE
-
\??\c:\7nhbnn.exec:\7nhbnn.exe58⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\jdjjv.exec:\jdjjv.exe60⤵
- Executes dropped EXE
-
\??\c:\lfrllfl.exec:\lfrllfl.exe61⤵
- Executes dropped EXE
-
\??\c:\9tnthh.exec:\9tnthh.exe62⤵
- Executes dropped EXE
-
\??\c:\9httbb.exec:\9httbb.exe63⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe64⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\lxllllr.exec:\lxllllr.exe66⤵
-
\??\c:\rlxfrxx.exec:\rlxfrxx.exe67⤵
-
\??\c:\fxlxflr.exec:\fxlxflr.exe68⤵
-
\??\c:\btbnnn.exec:\btbnnn.exe69⤵
-
\??\c:\3nhbbb.exec:\3nhbbb.exe70⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe71⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe72⤵
-
\??\c:\lfxfrrx.exec:\lfxfrrx.exe73⤵
-
\??\c:\llffrxl.exec:\llffrxl.exe74⤵
-
\??\c:\thttbh.exec:\thttbh.exe75⤵
-
\??\c:\5tbbnn.exec:\5tbbnn.exe76⤵
-
\??\c:\dvdjv.exec:\dvdjv.exe77⤵
-
\??\c:\jvpvv.exec:\jvpvv.exe78⤵
-
\??\c:\9lflrlr.exec:\9lflrlr.exe79⤵
-
\??\c:\rfrxlfl.exec:\rfrxlfl.exe80⤵
-
\??\c:\hhbbnt.exec:\hhbbnt.exe81⤵
-
\??\c:\1nnntb.exec:\1nnntb.exe82⤵
-
\??\c:\7bnbhn.exec:\7bnbhn.exe83⤵
-
\??\c:\1jpvd.exec:\1jpvd.exe84⤵
-
\??\c:\vpddd.exec:\vpddd.exe85⤵
-
\??\c:\llfflxf.exec:\llfflxf.exe86⤵
-
\??\c:\1xrrrff.exec:\1xrrrff.exe87⤵
-
\??\c:\1hhthb.exec:\1hhthb.exe88⤵
-
\??\c:\bhhhhn.exec:\bhhhhn.exe89⤵
-
\??\c:\7jdpv.exec:\7jdpv.exe90⤵
-
\??\c:\vpvjv.exec:\vpvjv.exe91⤵
-
\??\c:\1lxfflx.exec:\1lxfflx.exe92⤵
-
\??\c:\lxflxxr.exec:\lxflxxr.exe93⤵
-
\??\c:\tntbbt.exec:\tntbbt.exe94⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe95⤵
-
\??\c:\pjpvv.exec:\pjpvv.exe96⤵
-
\??\c:\9pdpp.exec:\9pdpp.exe97⤵
-
\??\c:\3llxrxf.exec:\3llxrxf.exe98⤵
-
\??\c:\fxlflxx.exec:\fxlflxx.exe99⤵
-
\??\c:\hbtthh.exec:\hbtthh.exe100⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe101⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe102⤵
-
\??\c:\pjddd.exec:\pjddd.exe103⤵
-
\??\c:\fxllxxf.exec:\fxllxxf.exe104⤵
-
\??\c:\rlrflfl.exec:\rlrflfl.exe105⤵
-
\??\c:\tnbhnt.exec:\tnbhnt.exe106⤵
-
\??\c:\hbhnnb.exec:\hbhnnb.exe107⤵
-
\??\c:\9jvdd.exec:\9jvdd.exe108⤵
-
\??\c:\vpvdj.exec:\vpvdj.exe109⤵
-
\??\c:\lflflrr.exec:\lflflrr.exe110⤵
-
\??\c:\1lxxfff.exec:\1lxxfff.exe111⤵
-
\??\c:\xrlrffx.exec:\xrlrffx.exe112⤵
-
\??\c:\nhthtt.exec:\nhthtt.exe113⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe114⤵
-
\??\c:\ppjpp.exec:\ppjpp.exe115⤵
-
\??\c:\pjvjd.exec:\pjvjd.exe116⤵
-
\??\c:\7xxfrrf.exec:\7xxfrrf.exe117⤵
-
\??\c:\xlrxflr.exec:\xlrxflr.exe118⤵
-
\??\c:\thnnnn.exec:\thnnnn.exe119⤵
-
\??\c:\7tbntb.exec:\7tbntb.exe120⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-