Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
07/06/2024, 21:21
General
-
Target
6d7110d1c3a480c33ae4da35d2963d30_NeikiAnalytics.exe
-
Size
387KB
-
MD5
6d7110d1c3a480c33ae4da35d2963d30
-
SHA1
784eec1aa5be81b6f426d8a34d71b788a55768af
-
SHA256
7b45a7c79e23dafa99936e4bc34aa24f96cd210724a2759aa20d326f298fc548
-
SHA512
471353f67da6f6ebcb176d346c9a44be6f0f091b8f4586f00bf759e92094dfe5749b4449f21f8c8a740d98bba28978d53ee066a5eb9176a6d9bfb16c6e5b5a68
-
SSDEEP
12288:n3C9ytvngQjpUXoSWlnwJv90aKToFqwfm:SgdnJVU4TlnwJ6GoD
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d7110d1c3a480c33ae4da35d2963d30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6d7110d1c3a480c33ae4da35d2963d30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxxxxx.exec:\xrxxxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpvvd.exec:\vpvvd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxxxf.exec:\lfrxxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thntnh.exec:\thntnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxflrr.exec:\frxflrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffxrffl.exec:\ffxrffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttbhbh.exec:\ttbhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvdp.exec:\jdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5flrlxl.exec:\5flrlxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnthht.exec:\tnthht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppp.exec:\dvppp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxll.exec:\rllfxll.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvj.exec:\ppvvj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdv.exec:\jdjdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxlfl.exec:\lfxxlfl.exe17⤵
- Executes dropped EXE
-
\??\c:\hhnhbn.exec:\hhnhbn.exe18⤵
- Executes dropped EXE
-
\??\c:\vjppv.exec:\vjppv.exe19⤵
- Executes dropped EXE
-
\??\c:\nbnnhh.exec:\nbnnhh.exe20⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe21⤵
- Executes dropped EXE
-
\??\c:\9flllfx.exec:\9flllfx.exe22⤵
- Executes dropped EXE
-
\??\c:\9htbhh.exec:\9htbhh.exe23⤵
- Executes dropped EXE
-
\??\c:\7pvpp.exec:\7pvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\7llxfxr.exec:\7llxfxr.exe25⤵
- Executes dropped EXE
-
\??\c:\1hhbhn.exec:\1hhbhn.exe26⤵
- Executes dropped EXE
-
\??\c:\9httbh.exec:\9httbh.exe27⤵
- Executes dropped EXE
-
\??\c:\9fxxxxf.exec:\9fxxxxf.exe28⤵
- Executes dropped EXE
-
\??\c:\3nhntt.exec:\3nhntt.exe29⤵
- Executes dropped EXE
-
\??\c:\jvvpd.exec:\jvvpd.exe30⤵
- Executes dropped EXE
-
\??\c:\hbbhbt.exec:\hbbhbt.exe31⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe32⤵
- Executes dropped EXE
-
\??\c:\xfrfffl.exec:\xfrfffl.exe33⤵
- Executes dropped EXE
-
\??\c:\btbntt.exec:\btbntt.exe34⤵
- Executes dropped EXE
-
\??\c:\jjpdj.exec:\jjpdj.exe35⤵
- Executes dropped EXE
-
\??\c:\frflllx.exec:\frflllx.exe36⤵
- Executes dropped EXE
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe37⤵
- Executes dropped EXE
-
\??\c:\5ntnnh.exec:\5ntnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\9pvpv.exec:\9pvpv.exe39⤵
- Executes dropped EXE
-
\??\c:\7xflxrf.exec:\7xflxrf.exe40⤵
- Executes dropped EXE
-
\??\c:\rlflxxl.exec:\rlflxxl.exe41⤵
- Executes dropped EXE
-
\??\c:\hbthnn.exec:\hbthnn.exe42⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe43⤵
- Executes dropped EXE
-
\??\c:\jjjjp.exec:\jjjjp.exe44⤵
- Executes dropped EXE
-
\??\c:\lfxfxxl.exec:\lfxfxxl.exe45⤵
- Executes dropped EXE
-
\??\c:\hbttbt.exec:\hbttbt.exe46⤵
- Executes dropped EXE
-
\??\c:\hbbbhh.exec:\hbbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\jdpdp.exec:\jdpdp.exe48⤵
- Executes dropped EXE
-
\??\c:\pjjjv.exec:\pjjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\xxrxflf.exec:\xxrxflf.exe50⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe51⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe52⤵
- Executes dropped EXE
-
\??\c:\3vppd.exec:\3vppd.exe53⤵
- Executes dropped EXE
-
\??\c:\fxrrrrf.exec:\fxrrrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhnhn.exec:\nhhnhn.exe55⤵
- Executes dropped EXE
-
\??\c:\hbtbhb.exec:\hbtbhb.exe56⤵
- Executes dropped EXE
-
\??\c:\9vjjd.exec:\9vjjd.exe57⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe58⤵
- Executes dropped EXE
-
\??\c:\rlffllr.exec:\rlffllr.exe59⤵
- Executes dropped EXE
-
\??\c:\bthbnh.exec:\bthbnh.exe60⤵
- Executes dropped EXE
-
\??\c:\3tnbhn.exec:\3tnbhn.exe61⤵
- Executes dropped EXE
-
\??\c:\jdpdj.exec:\jdpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\lfrrfff.exec:\lfrrfff.exe63⤵
- Executes dropped EXE
-
\??\c:\1xllrxx.exec:\1xllrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hhthhb.exec:\hhthhb.exe65⤵
- Executes dropped EXE
-
\??\c:\jvppd.exec:\jvppd.exe66⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe67⤵
-
\??\c:\xrffxff.exec:\xrffxff.exe68⤵
-
\??\c:\nnhthn.exec:\nnhthn.exe69⤵
-
\??\c:\ntnntt.exec:\ntnntt.exe70⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe71⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe72⤵
-
\??\c:\rlxxrrr.exec:\rlxxrrr.exe73⤵
-
\??\c:\7bnhtn.exec:\7bnhtn.exe74⤵
-
\??\c:\5tnntt.exec:\5tnntt.exe75⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe76⤵
-
\??\c:\fxrflrl.exec:\fxrflrl.exe77⤵
-
\??\c:\xrlrlrx.exec:\xrlrlrx.exe78⤵
-
\??\c:\nbttbh.exec:\nbttbh.exe79⤵
-
\??\c:\bbbhbb.exec:\bbbhbb.exe80⤵
-
\??\c:\jpjpd.exec:\jpjpd.exe81⤵
-
\??\c:\xrflffl.exec:\xrflffl.exe82⤵
-
\??\c:\xxrxllf.exec:\xxrxllf.exe83⤵
-
\??\c:\nhtthh.exec:\nhtthh.exe84⤵
-
\??\c:\dvvvd.exec:\dvvvd.exe85⤵
-
\??\c:\9pjpd.exec:\9pjpd.exe86⤵
-
\??\c:\rrlxlrl.exec:\rrlxlrl.exe87⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe88⤵
-
\??\c:\ttttnb.exec:\ttttnb.exe89⤵
-
\??\c:\vdvdp.exec:\vdvdp.exe90⤵
-
\??\c:\9vppv.exec:\9vppv.exe91⤵
-
\??\c:\xlffrxf.exec:\xlffrxf.exe92⤵
-
\??\c:\1tthtb.exec:\1tthtb.exe93⤵
-
\??\c:\nntbtb.exec:\nntbtb.exe94⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe95⤵
-
\??\c:\rlfflrf.exec:\rlfflrf.exe96⤵
-
\??\c:\ffrfllr.exec:\ffrfllr.exe97⤵
-
\??\c:\btnbbn.exec:\btnbbn.exe98⤵
-
\??\c:\jjvpd.exec:\jjvpd.exe99⤵
-
\??\c:\7ppvv.exec:\7ppvv.exe100⤵
-
\??\c:\xfxlrrf.exec:\xfxlrrf.exe101⤵
-
\??\c:\fxrrffx.exec:\fxrrffx.exe102⤵
-
\??\c:\3hbhth.exec:\3hbhth.exe103⤵
-
\??\c:\5pddp.exec:\5pddp.exe104⤵
-
\??\c:\dvjdj.exec:\dvjdj.exe105⤵
-
\??\c:\1frrxff.exec:\1frrxff.exe106⤵
-
\??\c:\3lrrxfr.exec:\3lrrxfr.exe107⤵
-
\??\c:\tnbnth.exec:\tnbnth.exe108⤵
-
\??\c:\1dpdp.exec:\1dpdp.exe109⤵
-
\??\c:\5vjdj.exec:\5vjdj.exe110⤵
-
\??\c:\llrrxxf.exec:\llrrxxf.exe111⤵
-
\??\c:\rlfflrl.exec:\rlfflrl.exe112⤵
-
\??\c:\btntbh.exec:\btntbh.exe113⤵
-
\??\c:\pvpvj.exec:\pvpvj.exe114⤵
-
\??\c:\jjddj.exec:\jjddj.exe115⤵
-
\??\c:\xlffllx.exec:\xlffllx.exe116⤵
-
\??\c:\1lfflrx.exec:\1lfflrx.exe117⤵
-
\??\c:\9htbbh.exec:\9htbbh.exe118⤵
-
\??\c:\bbnntt.exec:\bbnntt.exe119⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe120⤵
-
\??\c:\lfxfxfx.exec:\lfxfxfx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-