Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/06/2024, 04:50
General
-
Target
282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe
-
Size
213KB
-
MD5
282e4aa73ec2168ee75b4a71261b2dd0
-
SHA1
12b5509d7feb5644fa039ac9db93cdd24172db95
-
SHA256
682c6424ab9a6f9e38b1d152a68b687cf1556f0319312c02bb2a7f2604a54999
-
SHA512
97ac75f68e61eef0f10760b85a005adf77f2961af1b61513f4d9104da15aa826e585fed18c9e523fa7cb3652e79e18d7acd59e8108ea9e48d087c279c8c3ed58
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmc51+GqekBJCvr6zJBUmABvW:n3C9BRIG0asYFm71m8+GdkB9EBe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\282e4aa73ec2168ee75b4a71261b2dd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jvppv.exec:\jvppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbbnb.exec:\bnbbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djjpv.exec:\djjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllxrfr.exec:\lllxrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbtth.exec:\nnbtth.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pddj.exec:\5pddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtntn.exec:\thtntn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjp.exec:\dvjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7lxflxl.exec:\7lxflxl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nntnhb.exec:\nntnhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjjp.exec:\ddjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfxl.exec:\lfxxfxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnnbtb.exec:\nnnbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ppjv.exec:\7ppjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflfrf.exec:\rlflfrf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhbbht.exec:\bhbbht.exe17⤵
- Executes dropped EXE
-
\??\c:\pddjv.exec:\pddjv.exe18⤵
- Executes dropped EXE
-
\??\c:\ppvdj.exec:\ppvdj.exe19⤵
- Executes dropped EXE
-
\??\c:\bhnhhb.exec:\bhnhhb.exe20⤵
- Executes dropped EXE
-
\??\c:\bnnbht.exec:\bnnbht.exe21⤵
- Executes dropped EXE
-
\??\c:\fxrfrrx.exec:\fxrfrrx.exe22⤵
- Executes dropped EXE
-
\??\c:\3xxlllr.exec:\3xxlllr.exe23⤵
- Executes dropped EXE
-
\??\c:\btbbtt.exec:\btbbtt.exe24⤵
- Executes dropped EXE
-
\??\c:\dppjj.exec:\dppjj.exe25⤵
- Executes dropped EXE
-
\??\c:\xxxlxxx.exec:\xxxlxxx.exe26⤵
- Executes dropped EXE
-
\??\c:\9hntnb.exec:\9hntnb.exe27⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe28⤵
- Executes dropped EXE
-
\??\c:\lflrxrf.exec:\lflrxrf.exe29⤵
- Executes dropped EXE
-
\??\c:\tthnbt.exec:\tthnbt.exe30⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe31⤵
- Executes dropped EXE
-
\??\c:\5rrrllx.exec:\5rrrllx.exe32⤵
- Executes dropped EXE
-
\??\c:\ntbbhb.exec:\ntbbhb.exe33⤵
- Executes dropped EXE
-
\??\c:\vjjpj.exec:\vjjpj.exe34⤵
- Executes dropped EXE
-
\??\c:\flxlxfx.exec:\flxlxfx.exe35⤵
- Executes dropped EXE
-
\??\c:\1bbbnb.exec:\1bbbnb.exe36⤵
- Executes dropped EXE
-
\??\c:\djdjj.exec:\djdjj.exe37⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe38⤵
- Executes dropped EXE
-
\??\c:\lxlflll.exec:\lxlflll.exe39⤵
- Executes dropped EXE
-
\??\c:\3hhbbh.exec:\3hhbbh.exe40⤵
- Executes dropped EXE
-
\??\c:\pvdvp.exec:\pvdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\7pddv.exec:\7pddv.exe42⤵
- Executes dropped EXE
-
\??\c:\1lxfllr.exec:\1lxfllr.exe43⤵
- Executes dropped EXE
-
\??\c:\9tnhtb.exec:\9tnhtb.exe44⤵
- Executes dropped EXE
-
\??\c:\vvjvd.exec:\vvjvd.exe45⤵
- Executes dropped EXE
-
\??\c:\3pdjv.exec:\3pdjv.exe46⤵
- Executes dropped EXE
-
\??\c:\fxxfllr.exec:\fxxfllr.exe47⤵
- Executes dropped EXE
-
\??\c:\3tnnbt.exec:\3tnnbt.exe48⤵
- Executes dropped EXE
-
\??\c:\7nbtbh.exec:\7nbtbh.exe49⤵
- Executes dropped EXE
-
\??\c:\vvjvv.exec:\vvjvv.exe50⤵
- Executes dropped EXE
-
\??\c:\rflxrxf.exec:\rflxrxf.exe51⤵
- Executes dropped EXE
-
\??\c:\bnntbb.exec:\bnntbb.exe52⤵
- Executes dropped EXE
-
\??\c:\thnthn.exec:\thnthn.exe53⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe54⤵
- Executes dropped EXE
-
\??\c:\3frxlrx.exec:\3frxlrx.exe55⤵
- Executes dropped EXE
-
\??\c:\9hthth.exec:\9hthth.exe56⤵
- Executes dropped EXE
-
\??\c:\hhbbht.exec:\hhbbht.exe57⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\lrfffxl.exec:\lrfffxl.exe59⤵
- Executes dropped EXE
-
\??\c:\9bnthh.exec:\9bnthh.exe60⤵
- Executes dropped EXE
-
\??\c:\7bbbbb.exec:\7bbbbb.exe61⤵
- Executes dropped EXE
-
\??\c:\djjjd.exec:\djjjd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxxrfrl.exec:\xxxrfrl.exe63⤵
- Executes dropped EXE
-
\??\c:\fxfrrxx.exec:\fxfrrxx.exe64⤵
- Executes dropped EXE
-
\??\c:\nnthbh.exec:\nnthbh.exe65⤵
- Executes dropped EXE
-
\??\c:\vppdj.exec:\vppdj.exe66⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe67⤵
-
\??\c:\xxxxflr.exec:\xxxxflr.exe68⤵
-
\??\c:\hhhttt.exec:\hhhttt.exe69⤵
-
\??\c:\vjpdj.exec:\vjpdj.exe70⤵
-
\??\c:\dpppj.exec:\dpppj.exe71⤵
-
\??\c:\lfrxflr.exec:\lfrxflr.exe72⤵
-
\??\c:\btnbnt.exec:\btnbnt.exe73⤵
-
\??\c:\btnhtb.exec:\btnhtb.exe74⤵
-
\??\c:\dvddv.exec:\dvddv.exe75⤵
-
\??\c:\frrlflx.exec:\frrlflx.exe76⤵
-
\??\c:\fxrrxll.exec:\fxrrxll.exe77⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe78⤵
-
\??\c:\bthtbn.exec:\bthtbn.exe79⤵
-
\??\c:\7vpvv.exec:\7vpvv.exe80⤵
-
\??\c:\9xrxlrr.exec:\9xrxlrr.exe81⤵
-
\??\c:\lllfffl.exec:\lllfffl.exe82⤵
-
\??\c:\3tbhnn.exec:\3tbhnn.exe83⤵
-
\??\c:\dvvvp.exec:\dvvvp.exe84⤵
-
\??\c:\dpdpd.exec:\dpdpd.exe85⤵
-
\??\c:\xrflrxx.exec:\xrflrxx.exe86⤵
-
\??\c:\btthnh.exec:\btthnh.exe87⤵
-
\??\c:\tbhhhb.exec:\tbhhhb.exe88⤵
-
\??\c:\dpdvd.exec:\dpdvd.exe89⤵
-
\??\c:\7fxfrfr.exec:\7fxfrfr.exe90⤵
-
\??\c:\xxxxlrr.exec:\xxxxlrr.exe91⤵
-
\??\c:\nnthbh.exec:\nnthbh.exe92⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe93⤵
-
\??\c:\jpjdv.exec:\jpjdv.exe94⤵
-
\??\c:\9lffxrf.exec:\9lffxrf.exe95⤵
-
\??\c:\tthttb.exec:\tthttb.exe96⤵
-
\??\c:\ntnbnt.exec:\ntnbnt.exe97⤵
-
\??\c:\3pjjd.exec:\3pjjd.exe98⤵
-
\??\c:\rfxxffl.exec:\rfxxffl.exe99⤵
-
\??\c:\lrllflr.exec:\lrllflr.exe100⤵
-
\??\c:\bthnbb.exec:\bthnbb.exe101⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe102⤵
-
\??\c:\xrrrxll.exec:\xrrrxll.exe103⤵
-
\??\c:\lxxlrrf.exec:\lxxlrrf.exe104⤵
-
\??\c:\3thnbn.exec:\3thnbn.exe105⤵
-
\??\c:\ppppj.exec:\ppppj.exe106⤵
-
\??\c:\rrlxlxl.exec:\rrlxlxl.exe107⤵
-
\??\c:\xxrxrxx.exec:\xxrxrxx.exe108⤵
-
\??\c:\tnhhht.exec:\tnhhht.exe109⤵
-
\??\c:\pppvj.exec:\pppvj.exe110⤵
-
\??\c:\dpvjj.exec:\dpvjj.exe111⤵
-
\??\c:\rlrxxxl.exec:\rlrxxxl.exe112⤵
-
\??\c:\tbnbht.exec:\tbnbht.exe113⤵
-
\??\c:\nhtbnt.exec:\nhtbnt.exe114⤵
-
\??\c:\dvpdv.exec:\dvpdv.exe115⤵
-
\??\c:\7lfrxlx.exec:\7lfrxlx.exe116⤵
-
\??\c:\rxfxlff.exec:\rxfxlff.exe117⤵
-
\??\c:\bthhhb.exec:\bthhhb.exe118⤵
-
\??\c:\vvdjp.exec:\vvdjp.exe119⤵
-
\??\c:\xlxfxxf.exec:\xlxfxxf.exe120⤵
-
\??\c:\htbntb.exec:\htbntb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-