Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
13/06/2024, 08:59
General
-
Target
6ec85bac33d430f780a45bc821c95630_NeikiAnalytics.exe
-
Size
100KB
-
MD5
6ec85bac33d430f780a45bc821c95630
-
SHA1
54795fcb6355d8043307a2a19064246098334ecd
-
SHA256
6748ea4d0b92457d40b89e76575151658f4461fcbcc4d0ef907142a831af699b
-
SHA512
f0c8361451d4119cdda7e9cd1db2b2d628a83091e1b0433fd5b6c21795deaef52de6b97796c0feca5c097a4f11919340ed8303a4a92d86bed0ae384bdd16f882
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzn6zDaE0R5p:ymb3NkkiQ3mdBjFodt2zE3p
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6ec85bac33d430f780a45bc821c95630_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6ec85bac33d430f780a45bc821c95630_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvjd.exec:\dpvjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frlrlr.exec:\3frlrlr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbthn.exec:\9tbthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjvj.exec:\jvjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xllrrlr.exec:\xllrrlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhnhh.exec:\3nhnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pddvd.exec:\pddvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlrrfxf.exec:\rlrrfxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflxfr.exec:\rrflxfr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhntb.exec:\3nhntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dddp.exec:\5dddp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvpp.exec:\1vvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lxflrx.exec:\5lxflrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hnntt.exec:\5hnntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3jpjd.exec:\3jpjd.exe17⤵
- Executes dropped EXE
-
\??\c:\pjpdd.exec:\pjpdd.exe18⤵
- Executes dropped EXE
-
\??\c:\5fxxllr.exec:\5fxxllr.exe19⤵
- Executes dropped EXE
-
\??\c:\xlrrrrl.exec:\xlrrrrl.exe20⤵
- Executes dropped EXE
-
\??\c:\1thnbb.exec:\1thnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\pdddp.exec:\pdddp.exe22⤵
- Executes dropped EXE
-
\??\c:\7rllrrx.exec:\7rllrrx.exe23⤵
- Executes dropped EXE
-
\??\c:\lflrxlx.exec:\lflrxlx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhhtnn.exec:\nhhtnn.exe25⤵
- Executes dropped EXE
-
\??\c:\nnthnt.exec:\nnthnt.exe26⤵
- Executes dropped EXE
-
\??\c:\jdjjj.exec:\jdjjj.exe27⤵
- Executes dropped EXE
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\nbntbh.exec:\nbntbh.exe30⤵
- Executes dropped EXE
-
\??\c:\vdvjj.exec:\vdvjj.exe31⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe32⤵
- Executes dropped EXE
-
\??\c:\1rxlllf.exec:\1rxlllf.exe33⤵
- Executes dropped EXE
-
\??\c:\nbtbtn.exec:\nbtbtn.exe34⤵
- Executes dropped EXE
-
\??\c:\3bttth.exec:\3bttth.exe35⤵
- Executes dropped EXE
-
\??\c:\nbnbtt.exec:\nbnbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdjd.exec:\vpdjd.exe37⤵
- Executes dropped EXE
-
\??\c:\vjpdj.exec:\vjpdj.exe38⤵
- Executes dropped EXE
-
\??\c:\rllrflf.exec:\rllrflf.exe39⤵
- Executes dropped EXE
-
\??\c:\lfrxxff.exec:\lfrxxff.exe40⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe41⤵
- Executes dropped EXE
-
\??\c:\hbbbbb.exec:\hbbbbb.exe42⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe43⤵
- Executes dropped EXE
-
\??\c:\ddvpd.exec:\ddvpd.exe44⤵
- Executes dropped EXE
-
\??\c:\lrllrrf.exec:\lrllrrf.exe45⤵
- Executes dropped EXE
-
\??\c:\3lxfflx.exec:\3lxfflx.exe46⤵
- Executes dropped EXE
-
\??\c:\tnbbhh.exec:\tnbbhh.exe47⤵
- Executes dropped EXE
-
\??\c:\btnbtt.exec:\btnbtt.exe48⤵
- Executes dropped EXE
-
\??\c:\ppddp.exec:\ppddp.exe49⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe50⤵
- Executes dropped EXE
-
\??\c:\3rllllx.exec:\3rllllx.exe51⤵
- Executes dropped EXE
-
\??\c:\xlllrrx.exec:\xlllrrx.exe52⤵
- Executes dropped EXE
-
\??\c:\rlflffr.exec:\rlflffr.exe53⤵
- Executes dropped EXE
-
\??\c:\htbhhh.exec:\htbhhh.exe54⤵
- Executes dropped EXE
-
\??\c:\1tntbt.exec:\1tntbt.exe55⤵
- Executes dropped EXE
-
\??\c:\vjjvv.exec:\vjjvv.exe56⤵
- Executes dropped EXE
-
\??\c:\pjdvd.exec:\pjdvd.exe57⤵
- Executes dropped EXE
-
\??\c:\9pdjv.exec:\9pdjv.exe58⤵
- Executes dropped EXE
-
\??\c:\xrfxfxl.exec:\xrfxfxl.exe59⤵
- Executes dropped EXE
-
\??\c:\xrxxflr.exec:\xrxxflr.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhntb.exec:\tnhntb.exe61⤵
- Executes dropped EXE
-
\??\c:\bhntbb.exec:\bhntbb.exe62⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\5pjpj.exec:\5pjpj.exe64⤵
- Executes dropped EXE
-
\??\c:\3flrlrx.exec:\3flrlrx.exe65⤵
- Executes dropped EXE
-
\??\c:\xrxrflr.exec:\xrxrflr.exe66⤵
-
\??\c:\htnntt.exec:\htnntt.exe67⤵
-
\??\c:\1btnnn.exec:\1btnnn.exe68⤵
-
\??\c:\pjvdj.exec:\pjvdj.exe69⤵
-
\??\c:\pvjjj.exec:\pvjjj.exe70⤵
-
\??\c:\xrrrllr.exec:\xrrrllr.exe71⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe72⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe73⤵
-
\??\c:\5thhnn.exec:\5thhnn.exe74⤵
-
\??\c:\5tbbhb.exec:\5tbbhb.exe75⤵
-
\??\c:\pjdvv.exec:\pjdvv.exe76⤵
-
\??\c:\7jjpd.exec:\7jjpd.exe77⤵
-
\??\c:\3lrlrrr.exec:\3lrlrrr.exe78⤵
-
\??\c:\lxrrxxf.exec:\lxrrxxf.exe79⤵
-
\??\c:\bnttbt.exec:\bnttbt.exe80⤵
-
\??\c:\nhbbhh.exec:\nhbbhh.exe81⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe82⤵
-
\??\c:\5jpvj.exec:\5jpvj.exe83⤵
-
\??\c:\5rxxffl.exec:\5rxxffl.exe84⤵
-
\??\c:\rlxfffl.exec:\rlxfffl.exe85⤵
-
\??\c:\thntbh.exec:\thntbh.exe86⤵
-
\??\c:\ttbhnn.exec:\ttbhnn.exe87⤵
-
\??\c:\nbnnbb.exec:\nbnnbb.exe88⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe89⤵
-
\??\c:\3vdvd.exec:\3vdvd.exe90⤵
-
\??\c:\9flllrx.exec:\9flllrx.exe91⤵
-
\??\c:\fflfllr.exec:\fflfllr.exe92⤵
-
\??\c:\3tnnbt.exec:\3tnnbt.exe93⤵
-
\??\c:\btnnnn.exec:\btnnnn.exe94⤵
-
\??\c:\5jvjp.exec:\5jvjp.exe95⤵
-
\??\c:\vpvvj.exec:\vpvvj.exe96⤵
-
\??\c:\pdpjj.exec:\pdpjj.exe97⤵
-
\??\c:\xrffllr.exec:\xrffllr.exe98⤵
-
\??\c:\3nhhnt.exec:\3nhhnt.exe99⤵
-
\??\c:\htbntt.exec:\htbntt.exe100⤵
-
\??\c:\nbnnnn.exec:\nbnnnn.exe101⤵
-
\??\c:\9ppvv.exec:\9ppvv.exe102⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe103⤵
-
\??\c:\xrxxfff.exec:\xrxxfff.exe104⤵
-
\??\c:\xrxxlrf.exec:\xrxxlrf.exe105⤵
-
\??\c:\nhnhtn.exec:\nhnhtn.exe106⤵
-
\??\c:\9tbbbb.exec:\9tbbbb.exe107⤵
-
\??\c:\jvvpp.exec:\jvvpp.exe108⤵
-
\??\c:\pjdjp.exec:\pjdjp.exe109⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe110⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe111⤵
-
\??\c:\3lxxlfl.exec:\3lxxlfl.exe112⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe113⤵
-
\??\c:\htttnn.exec:\htttnn.exe114⤵
-
\??\c:\tthhtn.exec:\tthhtn.exe115⤵
-
\??\c:\vpddj.exec:\vpddj.exe116⤵
-
\??\c:\7pjjj.exec:\7pjjj.exe117⤵
-
\??\c:\xlrlrfl.exec:\xlrlrfl.exe118⤵
-
\??\c:\lflrxrf.exec:\lflrxrf.exe119⤵
-
\??\c:\thnnbt.exec:\thnnbt.exe120⤵
-
\??\c:\5tntbb.exec:\5tntbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-