Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
11/06/2024, 21:36
General
-
Target
057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe
-
Size
97KB
-
MD5
057896b0f30d41dffa75ed43f6d705c0
-
SHA1
6112cae62d31a700cb740fd6141024a1f16dcca7
-
SHA256
a5d605a6b1a15743a8e046db4c9686dc60972d130af93c9191ebc7360345140b
-
SHA512
4f3907e8308fc9ab6cc4698b521b24e459c2858a3446ab49fc13f3765cee5f7dfd8fe51ead891e802a458d42936e327e998554099aacd58716184c7c6db3869c
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dta:ymb3NkkiQ3mdBjFIWeFGyAsJAg2a
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\057896b0f30d41dffa75ed43f6d705c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnbhn.exec:\ttnbhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bnntb.exec:\7bnntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvjvj.exec:\vvjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jvvd.exec:\9jvvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxlxr.exec:\rlxxlxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrllxfr.exec:\xrllxfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnhbn.exec:\nnnhbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpdd.exec:\jdpdd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbhh.exec:\nhtbhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddp.exec:\pjddp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rflxrf.exec:\7rflxrf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbhh.exec:\bthbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5tnhhh.exec:\5tnhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjv.exec:\jdjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrxflr.exec:\9xrxflr.exe17⤵
- Executes dropped EXE
-
\??\c:\xrffllx.exec:\xrffllx.exe18⤵
- Executes dropped EXE
-
\??\c:\ththnn.exec:\ththnn.exe19⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe20⤵
- Executes dropped EXE
-
\??\c:\9dpdv.exec:\9dpdv.exe21⤵
- Executes dropped EXE
-
\??\c:\xrrxfrf.exec:\xrrxfrf.exe22⤵
- Executes dropped EXE
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe23⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe24⤵
- Executes dropped EXE
-
\??\c:\tntnbb.exec:\tntnbb.exe25⤵
- Executes dropped EXE
-
\??\c:\7vjjv.exec:\7vjjv.exe26⤵
- Executes dropped EXE
-
\??\c:\xrflxxl.exec:\xrflxxl.exe27⤵
- Executes dropped EXE
-
\??\c:\5htbth.exec:\5htbth.exe28⤵
- Executes dropped EXE
-
\??\c:\nhthtb.exec:\nhthtb.exe29⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe30⤵
- Executes dropped EXE
-
\??\c:\1ddjv.exec:\1ddjv.exe31⤵
- Executes dropped EXE
-
\??\c:\llfrffr.exec:\llfrffr.exe32⤵
- Executes dropped EXE
-
\??\c:\3btbtt.exec:\3btbtt.exe33⤵
- Executes dropped EXE
-
\??\c:\hbbnnt.exec:\hbbnnt.exe34⤵
- Executes dropped EXE
-
\??\c:\3jvvj.exec:\3jvvj.exe35⤵
- Executes dropped EXE
-
\??\c:\5jvdj.exec:\5jvdj.exe36⤵
- Executes dropped EXE
-
\??\c:\7rrrllx.exec:\7rrrllx.exe37⤵
- Executes dropped EXE
-
\??\c:\hhbnhh.exec:\hhbnhh.exe38⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe39⤵
- Executes dropped EXE
-
\??\c:\dvpvd.exec:\dvpvd.exe40⤵
- Executes dropped EXE
-
\??\c:\jdjdj.exec:\jdjdj.exe41⤵
- Executes dropped EXE
-
\??\c:\rlflrrl.exec:\rlflrrl.exe42⤵
- Executes dropped EXE
-
\??\c:\9xlflfr.exec:\9xlflfr.exe43⤵
- Executes dropped EXE
-
\??\c:\3hhntt.exec:\3hhntt.exe44⤵
- Executes dropped EXE
-
\??\c:\nhhntn.exec:\nhhntn.exe45⤵
- Executes dropped EXE
-
\??\c:\3pvvv.exec:\3pvvv.exe46⤵
- Executes dropped EXE
-
\??\c:\7dvdp.exec:\7dvdp.exe47⤵
- Executes dropped EXE
-
\??\c:\9pjdj.exec:\9pjdj.exe48⤵
- Executes dropped EXE
-
\??\c:\7xlxrxl.exec:\7xlxrxl.exe49⤵
- Executes dropped EXE
-
\??\c:\thbhtn.exec:\thbhtn.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnntt.exec:\nbnntt.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe52⤵
- Executes dropped EXE
-
\??\c:\vjdjj.exec:\vjdjj.exe53⤵
- Executes dropped EXE
-
\??\c:\fflrrxl.exec:\fflrrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\5rxffxl.exec:\5rxffxl.exe55⤵
- Executes dropped EXE
-
\??\c:\nnthnt.exec:\nnthnt.exe56⤵
- Executes dropped EXE
-
\??\c:\btntbb.exec:\btntbb.exe57⤵
- Executes dropped EXE
-
\??\c:\bthhnn.exec:\bthhnn.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvvv.exec:\vpvvv.exe59⤵
- Executes dropped EXE
-
\??\c:\9pddv.exec:\9pddv.exe60⤵
- Executes dropped EXE
-
\??\c:\7fxxlrx.exec:\7fxxlrx.exe61⤵
- Executes dropped EXE
-
\??\c:\1tnnnn.exec:\1tnnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe63⤵
- Executes dropped EXE
-
\??\c:\tnbbtt.exec:\tnbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\dvjjv.exec:\dvjjv.exe65⤵
- Executes dropped EXE
-
\??\c:\vpvpd.exec:\vpvpd.exe66⤵
-
\??\c:\9rflrfr.exec:\9rflrfr.exe67⤵
-
\??\c:\fxrxfrx.exec:\fxrxfrx.exe68⤵
-
\??\c:\hhtbnn.exec:\hhtbnn.exe69⤵
-
\??\c:\hhtttt.exec:\hhtttt.exe70⤵
-
\??\c:\ddvpj.exec:\ddvpj.exe71⤵
-
\??\c:\vjdvd.exec:\vjdvd.exe72⤵
-
\??\c:\9xlfflx.exec:\9xlfflx.exe73⤵
-
\??\c:\xxfxlrr.exec:\xxfxlrr.exe74⤵
-
\??\c:\bthbnt.exec:\bthbnt.exe75⤵
-
\??\c:\btntht.exec:\btntht.exe76⤵
-
\??\c:\9jvvd.exec:\9jvvd.exe77⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe78⤵
-
\??\c:\7rlxffr.exec:\7rlxffr.exe79⤵
-
\??\c:\5xrflrf.exec:\5xrflrf.exe80⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe81⤵
-
\??\c:\7tntbb.exec:\7tntbb.exe82⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe83⤵
-
\??\c:\jddvv.exec:\jddvv.exe84⤵
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe85⤵
-
\??\c:\rrflrxf.exec:\rrflrxf.exe86⤵
-
\??\c:\1bnntn.exec:\1bnntn.exe87⤵
-
\??\c:\nnhnnn.exec:\nnhnnn.exe88⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe89⤵
-
\??\c:\ppjjj.exec:\ppjjj.exe90⤵
-
\??\c:\frffllx.exec:\frffllx.exe91⤵
-
\??\c:\rlxxrxr.exec:\rlxxrxr.exe92⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe93⤵
-
\??\c:\pjvdd.exec:\pjvdd.exe94⤵
-
\??\c:\jvddd.exec:\jvddd.exe95⤵
-
\??\c:\3xffllx.exec:\3xffllx.exe96⤵
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe97⤵
-
\??\c:\7htttb.exec:\7htttb.exe98⤵
-
\??\c:\htbbtt.exec:\htbbtt.exe99⤵
-
\??\c:\1vvjp.exec:\1vvjp.exe100⤵
-
\??\c:\pjdjv.exec:\pjdjv.exe101⤵
-
\??\c:\xrllxrf.exec:\xrllxrf.exe102⤵
-
\??\c:\rfxlrxf.exec:\rfxlrxf.exe103⤵
-
\??\c:\hhtntb.exec:\hhtntb.exe104⤵
-
\??\c:\hbtbnt.exec:\hbtbnt.exe105⤵
-
\??\c:\vvvjj.exec:\vvvjj.exe106⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe107⤵
-
\??\c:\xrllrrf.exec:\xrllrrf.exe108⤵
-
\??\c:\xrfrlfl.exec:\xrfrlfl.exe109⤵
-
\??\c:\tbbnnn.exec:\tbbnnn.exe110⤵
-
\??\c:\3nnthh.exec:\3nnthh.exe111⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe112⤵
-
\??\c:\vvjpv.exec:\vvjpv.exe113⤵
-
\??\c:\rrllrff.exec:\rrllrff.exe114⤵
-
\??\c:\flrlrll.exec:\flrlrll.exe115⤵
-
\??\c:\ttnbnb.exec:\ttnbnb.exe116⤵
-
\??\c:\9nnnnn.exec:\9nnnnn.exe117⤵
-
\??\c:\vjvdd.exec:\vjvdd.exe118⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe119⤵
-
\??\c:\xrllflx.exec:\xrllflx.exe120⤵
-
\??\c:\rfrxxrx.exec:\rfrxxrx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-