Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11-06-2024 02:29
General
-
Target
24237c1bd743aa179b0c88080e8862c0_NeikiAnalytics.exe
-
Size
351KB
-
MD5
24237c1bd743aa179b0c88080e8862c0
-
SHA1
249f1c7eae874bfd3a2e0b4155950e176b431b2f
-
SHA256
43e3eb45ab67e21ce85e775c3d9fc4b85de5a5f366d6d446040da06da16cd711
-
SHA512
886cef713bc4c044399f763768ee9cc56d2c4b063c8f1ad7088fd1341a967d56fa410baeb9870a6bfe919ed7756cd5e15599523f3ffe9b36ef46a947f034553f
-
SSDEEP
6144:4cm7ImGddXvJuzyy/SfVFKpU/sien7NuOpo0HmtDKe0wKyKqiOfm8RCfDK4TrHHO:+7TcBuGy/Sa+/sie0OpncKe/KFBOfmzm
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 44 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\24237c1bd743aa179b0c88080e8862c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\24237c1bd743aa179b0c88080e8862c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfrxfr.exec:\rrfrxfr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdjv.exec:\dvdjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pdpd.exec:\5pdpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tnttb.exec:\3tnttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpp.exec:\pjdpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lffrxlr.exec:\lffrxlr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhnh.exec:\nhhhnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjdd.exec:\vdjdd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxlfxfr.exec:\rxlfxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbnn.exec:\hbtbnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvj.exec:\jvvvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnnbh.exec:\3bnnbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvdvd.exec:\pvdvd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lflllrf.exec:\lflllrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhtnhn.exec:\bhtnhn.exe17⤵
- Executes dropped EXE
-
\??\c:\jpvpp.exec:\jpvpp.exe18⤵
- Executes dropped EXE
-
\??\c:\lxflxxx.exec:\lxflxxx.exe19⤵
- Executes dropped EXE
-
\??\c:\dpjpd.exec:\dpjpd.exe20⤵
- Executes dropped EXE
-
\??\c:\1fflxxf.exec:\1fflxxf.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe22⤵
- Executes dropped EXE
-
\??\c:\ddpvv.exec:\ddpvv.exe23⤵
- Executes dropped EXE
-
\??\c:\hhtbnn.exec:\hhtbnn.exe24⤵
- Executes dropped EXE
-
\??\c:\9htbht.exec:\9htbht.exe25⤵
- Executes dropped EXE
-
\??\c:\lxxrllx.exec:\lxxrllx.exe26⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe27⤵
- Executes dropped EXE
-
\??\c:\pvdjd.exec:\pvdjd.exe28⤵
- Executes dropped EXE
-
\??\c:\nbnbht.exec:\nbnbht.exe29⤵
- Executes dropped EXE
-
\??\c:\vvpjp.exec:\vvpjp.exe30⤵
- Executes dropped EXE
-
\??\c:\xllfrrf.exec:\xllfrrf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbhhh.exec:\tnbhhh.exe32⤵
- Executes dropped EXE
-
\??\c:\pjppv.exec:\pjppv.exe33⤵
- Executes dropped EXE
-
\??\c:\xrlxrlx.exec:\xrlxrlx.exe34⤵
- Executes dropped EXE
-
\??\c:\nhbbhn.exec:\nhbbhn.exe35⤵
- Executes dropped EXE
-
\??\c:\1tnbht.exec:\1tnbht.exe36⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\lxlffll.exec:\lxlffll.exe38⤵
- Executes dropped EXE
-
\??\c:\nntthh.exec:\nntthh.exe39⤵
- Executes dropped EXE
-
\??\c:\bbbhtb.exec:\bbbhtb.exe40⤵
- Executes dropped EXE
-
\??\c:\ppdpd.exec:\ppdpd.exe41⤵
- Executes dropped EXE
-
\??\c:\rfxrfxf.exec:\rfxrfxf.exe42⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe43⤵
- Executes dropped EXE
-
\??\c:\tnbhnt.exec:\tnbhnt.exe44⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe45⤵
- Executes dropped EXE
-
\??\c:\xxrrrxf.exec:\xxrrrxf.exe46⤵
- Executes dropped EXE
-
\??\c:\tthtth.exec:\tthtth.exe47⤵
- Executes dropped EXE
-
\??\c:\bnnhnh.exec:\bnnhnh.exe48⤵
- Executes dropped EXE
-
\??\c:\5pdjp.exec:\5pdjp.exe49⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe50⤵
- Executes dropped EXE
-
\??\c:\rlflfll.exec:\rlflfll.exe51⤵
- Executes dropped EXE
-
\??\c:\5ntntt.exec:\5ntntt.exe52⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe53⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe54⤵
- Executes dropped EXE
-
\??\c:\ffrrxfr.exec:\ffrrxfr.exe55⤵
- Executes dropped EXE
-
\??\c:\bbhhnt.exec:\bbhhnt.exe56⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe57⤵
- Executes dropped EXE
-
\??\c:\dddpv.exec:\dddpv.exe58⤵
- Executes dropped EXE
-
\??\c:\9frxxlx.exec:\9frxxlx.exe59⤵
- Executes dropped EXE
-
\??\c:\lfrrflr.exec:\lfrrflr.exe60⤵
- Executes dropped EXE
-
\??\c:\hbntbh.exec:\hbntbh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe62⤵
- Executes dropped EXE
-
\??\c:\1jjvj.exec:\1jjvj.exe63⤵
- Executes dropped EXE
-
\??\c:\xxllrrf.exec:\xxllrrf.exe64⤵
- Executes dropped EXE
-
\??\c:\5xllxxl.exec:\5xllxxl.exe65⤵
- Executes dropped EXE
-
\??\c:\bthntb.exec:\bthntb.exe66⤵
-
\??\c:\jjdjv.exec:\jjdjv.exe67⤵
-
\??\c:\lfrrllr.exec:\lfrrllr.exe68⤵
-
\??\c:\3xllxxf.exec:\3xllxxf.exe69⤵
-
\??\c:\btbbnt.exec:\btbbnt.exe70⤵
-
\??\c:\pjpjj.exec:\pjpjj.exe71⤵
-
\??\c:\vdvvd.exec:\vdvvd.exe72⤵
-
\??\c:\rrlxfrl.exec:\rrlxfrl.exe73⤵
-
\??\c:\1bhnhn.exec:\1bhnhn.exe74⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe75⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe76⤵
-
\??\c:\1rxfflr.exec:\1rxfflr.exe77⤵
-
\??\c:\bhnhbb.exec:\bhnhbb.exe78⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe79⤵
-
\??\c:\jdppv.exec:\jdppv.exe80⤵
-
\??\c:\5rffllf.exec:\5rffllf.exe81⤵
-
\??\c:\ffrflfl.exec:\ffrflfl.exe82⤵
-
\??\c:\tnttbt.exec:\tnttbt.exe83⤵
-
\??\c:\jjjvj.exec:\jjjvj.exe84⤵
-
\??\c:\djppv.exec:\djppv.exe85⤵
-
\??\c:\lflfrxr.exec:\lflfrxr.exe86⤵
-
\??\c:\ttnthb.exec:\ttnthb.exe87⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe88⤵
-
\??\c:\5jppp.exec:\5jppp.exe89⤵
-
\??\c:\llfxfrl.exec:\llfxfrl.exe90⤵
-
\??\c:\fxfxxrx.exec:\fxfxxrx.exe91⤵
-
\??\c:\nnhbbh.exec:\nnhbbh.exe92⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe93⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe94⤵
-
\??\c:\lflfllx.exec:\lflfllx.exe95⤵
-
\??\c:\7tnthn.exec:\7tnthn.exe96⤵
-
\??\c:\pjvjp.exec:\pjvjp.exe97⤵
-
\??\c:\jjdpp.exec:\jjdpp.exe98⤵
-
\??\c:\xfrrrxl.exec:\xfrrrxl.exe99⤵
-
\??\c:\5bthnb.exec:\5bthnb.exe100⤵
-
\??\c:\bbhbbn.exec:\bbhbbn.exe101⤵
-
\??\c:\ddvvd.exec:\ddvvd.exe102⤵
-
\??\c:\xrxrrll.exec:\xrxrrll.exe103⤵
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe104⤵
-
\??\c:\1thnbb.exec:\1thnbb.exe105⤵
-
\??\c:\bntnbt.exec:\bntnbt.exe106⤵
-
\??\c:\pppjp.exec:\pppjp.exe107⤵
-
\??\c:\3xlrxrx.exec:\3xlrxrx.exe108⤵
-
\??\c:\5fxrfxl.exec:\5fxrfxl.exe109⤵
-
\??\c:\ththtt.exec:\ththtt.exe110⤵
-
\??\c:\ttnbbb.exec:\ttnbbb.exe111⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe112⤵
-
\??\c:\fxrrxfr.exec:\fxrrxfr.exe113⤵
-
\??\c:\lrrrlfx.exec:\lrrrlfx.exe114⤵
-
\??\c:\nhttnn.exec:\nhttnn.exe115⤵
-
\??\c:\jdvdp.exec:\jdvdp.exe116⤵
-
\??\c:\jddvp.exec:\jddvp.exe117⤵
-
\??\c:\1xxxrrf.exec:\1xxxrrf.exe118⤵
-
\??\c:\tnbhhh.exec:\tnbhhh.exe119⤵
-
\??\c:\5nbhnb.exec:\5nbhnb.exe120⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-