Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14-06-2024 10:12
General
-
Target
b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe
-
Size
966KB
-
MD5
b716963946e2f99989a6f17de94f25e0
-
SHA1
0426d4d8bb38f8b4196f82c7b9cf433470153007
-
SHA256
22f3dcfa88dd3d383c587f562a1cadc08a00fac24d794f51cf4f1921fdba9e5d
-
SHA512
6f4cf78cc82e8a5a98222b3f9e5b546d36133c728963c7067e1335af04ba5b1d54228ca3fa68a543a93db0ef9e41bb09e8db07f34cbb158783a0c3ee66fb94c9
-
SSDEEP
12288:n3C9ytvngQjy3C9I3YEWpYe+GalTLfOX+I3C9S3C9ytvngQj65syLr9fuWpw:SgdnJVwLgdnJq9fu3
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 32 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b716963946e2f99989a6f17de94f25e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdjp.exec:\djdjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtb.exec:\tnbhtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jppv.exec:\9jppv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpdp.exec:\pjpdp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrlxf.exec:\lrfrlxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlrfrr.exec:\rrlrfrr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnhbh.exec:\bbnhbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxfrxx.exec:\rxxfrxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tthnth.exec:\tthnth.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthnhh.exec:\hthnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnbhn.exec:\bbnbhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhnhb.exec:\bnhnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjjpd.exec:\pjjpd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjv.exec:\jdpjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntn.exec:\nhnntn.exe17⤵
- Executes dropped EXE
-
\??\c:\frxflrr.exec:\frxflrr.exe18⤵
- Executes dropped EXE
-
\??\c:\7ttttn.exec:\7ttttn.exe19⤵
- Executes dropped EXE
-
\??\c:\dvvdp.exec:\dvvdp.exe20⤵
- Executes dropped EXE
-
\??\c:\tnnbtn.exec:\tnnbtn.exe21⤵
- Executes dropped EXE
-
\??\c:\5jpjd.exec:\5jpjd.exe22⤵
- Executes dropped EXE
-
\??\c:\xxxlflr.exec:\xxxlflr.exe23⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe24⤵
- Executes dropped EXE
-
\??\c:\xxxfxxx.exec:\xxxfxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\vpjvv.exec:\vpjvv.exe26⤵
- Executes dropped EXE
-
\??\c:\rxxxlrx.exec:\rxxxlrx.exe27⤵
- Executes dropped EXE
-
\??\c:\lflrfxl.exec:\lflrfxl.exe28⤵
- Executes dropped EXE
-
\??\c:\9nnbbb.exec:\9nnbbb.exe29⤵
- Executes dropped EXE
-
\??\c:\lfxrffx.exec:\lfxrffx.exe30⤵
- Executes dropped EXE
-
\??\c:\9tnbbn.exec:\9tnbbn.exe31⤵
- Executes dropped EXE
-
\??\c:\hthhbt.exec:\hthhbt.exe32⤵
- Executes dropped EXE
-
\??\c:\rlffxlx.exec:\rlffxlx.exe33⤵
- Executes dropped EXE
-
\??\c:\bhbnht.exec:\bhbnht.exe34⤵
- Executes dropped EXE
-
\??\c:\9xrxflr.exec:\9xrxflr.exe35⤵
-
\??\c:\xrlrlrf.exec:\xrlrlrf.exe36⤵
- Executes dropped EXE
-
\??\c:\5btthh.exec:\5btthh.exe37⤵
- Executes dropped EXE
-
\??\c:\jpppd.exec:\jpppd.exe38⤵
- Executes dropped EXE
-
\??\c:\5rrlxlr.exec:\5rrlxlr.exe39⤵
- Executes dropped EXE
-
\??\c:\7ttntt.exec:\7ttntt.exe40⤵
- Executes dropped EXE
-
\??\c:\1dddv.exec:\1dddv.exe41⤵
- Executes dropped EXE
-
\??\c:\7rffxlr.exec:\7rffxlr.exe42⤵
- Executes dropped EXE
-
\??\c:\bntntt.exec:\bntntt.exe43⤵
- Executes dropped EXE
-
\??\c:\dvjdp.exec:\dvjdp.exe44⤵
- Executes dropped EXE
-
\??\c:\llfflxl.exec:\llfflxl.exe45⤵
- Executes dropped EXE
-
\??\c:\nnhttb.exec:\nnhttb.exe46⤵
- Executes dropped EXE
-
\??\c:\1vjdp.exec:\1vjdp.exe47⤵
- Executes dropped EXE
-
\??\c:\rllrllx.exec:\rllrllx.exe48⤵
- Executes dropped EXE
-
\??\c:\3nhntb.exec:\3nhntb.exe49⤵
- Executes dropped EXE
-
\??\c:\djddj.exec:\djddj.exe50⤵
- Executes dropped EXE
-
\??\c:\flflxlx.exec:\flflxlx.exe51⤵
- Executes dropped EXE
-
\??\c:\tnntbb.exec:\tnntbb.exe52⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe53⤵
- Executes dropped EXE
-
\??\c:\rfrlllr.exec:\rfrlllr.exe54⤵
- Executes dropped EXE
-
\??\c:\tnbhbh.exec:\tnbhbh.exe55⤵
- Executes dropped EXE
-
\??\c:\nhhntn.exec:\nhhntn.exe56⤵
- Executes dropped EXE
-
\??\c:\lfflxfr.exec:\lfflxfr.exe57⤵
- Executes dropped EXE
-
\??\c:\5lxrxxx.exec:\5lxrxxx.exe58⤵
- Executes dropped EXE
-
\??\c:\nbthtb.exec:\nbthtb.exe59⤵
- Executes dropped EXE
-
\??\c:\5dvdd.exec:\5dvdd.exe60⤵
- Executes dropped EXE
-
\??\c:\llrrxfr.exec:\llrrxfr.exe61⤵
- Executes dropped EXE
-
\??\c:\nnnttb.exec:\nnnttb.exe62⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe63⤵
- Executes dropped EXE
-
\??\c:\rrrxflr.exec:\rrrxflr.exe64⤵
- Executes dropped EXE
-
\??\c:\tthtth.exec:\tthtth.exe65⤵
- Executes dropped EXE
-
\??\c:\ddvdj.exec:\ddvdj.exe66⤵
- Executes dropped EXE
-
\??\c:\5rrxllx.exec:\5rrxllx.exe67⤵
-
\??\c:\ttbnth.exec:\ttbnth.exe68⤵
-
\??\c:\dvdjp.exec:\dvdjp.exe69⤵
-
\??\c:\3frxrrx.exec:\3frxrrx.exe70⤵
-
\??\c:\lllxffx.exec:\lllxffx.exe71⤵
-
\??\c:\nnnbth.exec:\nnnbth.exe72⤵
-
\??\c:\pdppp.exec:\pdppp.exe73⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe74⤵
-
\??\c:\nntbnt.exec:\nntbnt.exe75⤵
-
\??\c:\djjvj.exec:\djjvj.exe76⤵
-
\??\c:\xrxxflr.exec:\xrxxflr.exe77⤵
-
\??\c:\ttntnt.exec:\ttntnt.exe78⤵
-
\??\c:\1jdjv.exec:\1jdjv.exe79⤵
-
\??\c:\rlflrxr.exec:\rlflrxr.exe80⤵
-
\??\c:\nnttnb.exec:\nnttnb.exe81⤵
-
\??\c:\vppvd.exec:\vppvd.exe82⤵
-
\??\c:\5rrrflr.exec:\5rrrflr.exe83⤵
-
\??\c:\1hbbtn.exec:\1hbbtn.exe84⤵
-
\??\c:\5vpjj.exec:\5vpjj.exe85⤵
-
\??\c:\rlfffxx.exec:\rlfffxx.exe86⤵
-
\??\c:\hbtbbn.exec:\hbtbbn.exe87⤵
-
\??\c:\9jvdp.exec:\9jvdp.exe88⤵
-
\??\c:\3xlrlrf.exec:\3xlrlrf.exe89⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe90⤵
-
\??\c:\vpddd.exec:\vpddd.exe91⤵
-
\??\c:\lrffrrl.exec:\lrffrrl.exe92⤵
-
\??\c:\tnnnbh.exec:\tnnnbh.exe93⤵
-
\??\c:\dvjpj.exec:\dvjpj.exe94⤵
-
\??\c:\7rxxllr.exec:\7rxxllr.exe95⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe96⤵
-
\??\c:\ddvpd.exec:\ddvpd.exe97⤵
-
\??\c:\1frxxfr.exec:\1frxxfr.exe98⤵
-
\??\c:\1hnnhb.exec:\1hnnhb.exe99⤵
-
\??\c:\pvppj.exec:\pvppj.exe100⤵
-
\??\c:\3frlrxf.exec:\3frlrxf.exe101⤵
-
\??\c:\bhbhnb.exec:\bhbhnb.exe102⤵
-
\??\c:\pdjdj.exec:\pdjdj.exe103⤵
-
\??\c:\fxffffr.exec:\fxffffr.exe104⤵
-
\??\c:\btnhbt.exec:\btnhbt.exe105⤵
-
\??\c:\vppjp.exec:\vppjp.exe106⤵
-
\??\c:\xrlrrlx.exec:\xrlrrlx.exe107⤵
-
\??\c:\bnbtnb.exec:\bnbtnb.exe108⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe109⤵
-
\??\c:\5xxxxxf.exec:\5xxxxxf.exe110⤵
-
\??\c:\nnhnbb.exec:\nnhnbb.exe111⤵
-
\??\c:\ddppj.exec:\ddppj.exe112⤵
-
\??\c:\xrrrxfr.exec:\xrrrxfr.exe113⤵
-
\??\c:\tbttbt.exec:\tbttbt.exe114⤵
-
\??\c:\dpvpv.exec:\dpvpv.exe115⤵
-
\??\c:\rfrxrxl.exec:\rfrxrxl.exe116⤵
-
\??\c:\5rllrrf.exec:\5rllrrf.exe117⤵
-
\??\c:\5hbntb.exec:\5hbntb.exe118⤵
-
\??\c:\pdvvv.exec:\pdvvv.exe119⤵
-
\??\c:\fxllxxx.exec:\fxllxxx.exe120⤵
-
\??\c:\hhtnbt.exec:\hhtnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-