Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/06/2024, 20:09
General
-
Target
01389d44edcd5fa16126e0deab6345c0_NeikiAnalytics.exe
-
Size
106KB
-
MD5
01389d44edcd5fa16126e0deab6345c0
-
SHA1
b86140ef3d95e3dd5b3c83c708c72e534816bc6f
-
SHA256
def989f027784c9de06ee757552e6cc0a94b4be1e7efe0c85b559012e563e467
-
SHA512
b50a6a347d699bf30077e665f1af9a8b075a9465aa997e9991162c4b0297b761a771f4c12011dde8bc623c80c8b1e5819b496b2f3176ed227c9739b409a39bdc
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoTNKDeS98hPUdHV7RNzfJN7u:ymb3NkkiQ3mdBjFo5KDe88g1fD7u
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\01389d44edcd5fa16126e0deab6345c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\01389d44edcd5fa16126e0deab6345c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrlll.exec:\xlrrlll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtbbb.exec:\tbtbbb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhttbn.exec:\bhttbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pvjpv.exec:\pvjpv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhh.exec:\bbhbhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhhb.exec:\thnhhb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvvp.exec:\ppvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxlfffl.exec:\xxlfffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnht.exec:\nnbnht.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvpv.exec:\jjvpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfflrfl.exec:\rfflrfl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhthn.exec:\bbhthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppdvv.exec:\ppdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvjd.exec:\pdvjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1htbbb.exec:\1htbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbnthn.exec:\bbnthn.exe17⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxfllr.exec:\rrxfllr.exe19⤵
- Executes dropped EXE
-
\??\c:\hntbhh.exec:\hntbhh.exe20⤵
- Executes dropped EXE
-
\??\c:\tbhbnh.exec:\tbhbnh.exe21⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe22⤵
- Executes dropped EXE
-
\??\c:\ffxfrxf.exec:\ffxfrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\rrrrfxx.exec:\rrrrfxx.exe24⤵
- Executes dropped EXE
-
\??\c:\nthbhn.exec:\nthbhn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe26⤵
- Executes dropped EXE
-
\??\c:\xlxlrrf.exec:\xlxlrrf.exe27⤵
- Executes dropped EXE
-
\??\c:\nnhbnb.exec:\nnhbnb.exe28⤵
- Executes dropped EXE
-
\??\c:\9nnntt.exec:\9nnntt.exe29⤵
- Executes dropped EXE
-
\??\c:\ppjpj.exec:\ppjpj.exe30⤵
- Executes dropped EXE
-
\??\c:\xrlrxlf.exec:\xrlrxlf.exe31⤵
- Executes dropped EXE
-
\??\c:\hthbbn.exec:\hthbbn.exe32⤵
- Executes dropped EXE
-
\??\c:\htbhnb.exec:\htbhnb.exe33⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe34⤵
- Executes dropped EXE
-
\??\c:\3rxrrfx.exec:\3rxrrfx.exe35⤵
- Executes dropped EXE
-
\??\c:\hnbtbb.exec:\hnbtbb.exe36⤵
- Executes dropped EXE
-
\??\c:\djdjp.exec:\djdjp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlllrf.exec:\xrlllrf.exe38⤵
- Executes dropped EXE
-
\??\c:\thhttn.exec:\thhttn.exe39⤵
- Executes dropped EXE
-
\??\c:\hntnbb.exec:\hntnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\5pjvv.exec:\5pjvv.exe41⤵
- Executes dropped EXE
-
\??\c:\1rrlfrl.exec:\1rrlfrl.exe42⤵
- Executes dropped EXE
-
\??\c:\llxflxl.exec:\llxflxl.exe43⤵
- Executes dropped EXE
-
\??\c:\ntttnt.exec:\ntttnt.exe44⤵
- Executes dropped EXE
-
\??\c:\hbtbnn.exec:\hbtbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe46⤵
- Executes dropped EXE
-
\??\c:\5fxxlrx.exec:\5fxxlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\ffrlrrx.exec:\ffrlrrx.exe48⤵
- Executes dropped EXE
-
\??\c:\llflxlx.exec:\llflxlx.exe49⤵
- Executes dropped EXE
-
\??\c:\tnhnbh.exec:\tnhnbh.exe50⤵
- Executes dropped EXE
-
\??\c:\7bbbtb.exec:\7bbbtb.exe51⤵
- Executes dropped EXE
-
\??\c:\ppvdd.exec:\ppvdd.exe52⤵
- Executes dropped EXE
-
\??\c:\9pjjv.exec:\9pjjv.exe53⤵
- Executes dropped EXE
-
\??\c:\rfxxxxf.exec:\rfxxxxf.exe54⤵
- Executes dropped EXE
-
\??\c:\thnbbn.exec:\thnbbn.exe55⤵
- Executes dropped EXE
-
\??\c:\bthnbb.exec:\bthnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\vdpdj.exec:\vdpdj.exe57⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe58⤵
- Executes dropped EXE
-
\??\c:\lrxxrrx.exec:\lrxxrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\1nnnnn.exec:\1nnnnn.exe60⤵
- Executes dropped EXE
-
\??\c:\hhtbbh.exec:\hhtbbh.exe61⤵
- Executes dropped EXE
-
\??\c:\jpvpd.exec:\jpvpd.exe62⤵
- Executes dropped EXE
-
\??\c:\xxrxfrx.exec:\xxrxfrx.exe63⤵
- Executes dropped EXE
-
\??\c:\xxflxxx.exec:\xxflxxx.exe64⤵
- Executes dropped EXE
-
\??\c:\hthhnt.exec:\hthhnt.exe65⤵
- Executes dropped EXE
-
\??\c:\vpdjp.exec:\vpdjp.exe66⤵
-
\??\c:\jjvdp.exec:\jjvdp.exe67⤵
-
\??\c:\rxllrfx.exec:\rxllrfx.exe68⤵
-
\??\c:\ffrxfrx.exec:\ffrxfrx.exe69⤵
-
\??\c:\ttnbhn.exec:\ttnbhn.exe70⤵
-
\??\c:\hhtthh.exec:\hhtthh.exe71⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe72⤵
-
\??\c:\jpdvd.exec:\jpdvd.exe73⤵
-
\??\c:\rffxrfl.exec:\rffxrfl.exe74⤵
-
\??\c:\xlrxlrf.exec:\xlrxlrf.exe75⤵
-
\??\c:\hhbttt.exec:\hhbttt.exe76⤵
-
\??\c:\vjvjp.exec:\vjvjp.exe77⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe78⤵
-
\??\c:\lflxlff.exec:\lflxlff.exe79⤵
-
\??\c:\lrxfrxx.exec:\lrxfrxx.exe80⤵
-
\??\c:\ttnbnt.exec:\ttnbnt.exe81⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe82⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe83⤵
-
\??\c:\flrlrrl.exec:\flrlrrl.exe84⤵
-
\??\c:\nbbhht.exec:\nbbhht.exe85⤵
-
\??\c:\djdvd.exec:\djdvd.exe86⤵
-
\??\c:\ppddp.exec:\ppddp.exe87⤵
-
\??\c:\1lrlfxl.exec:\1lrlfxl.exe88⤵
-
\??\c:\rxlllxf.exec:\rxlllxf.exe89⤵
-
\??\c:\nnbhnb.exec:\nnbhnb.exe90⤵
-
\??\c:\dpdpj.exec:\dpdpj.exe91⤵
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe92⤵
-
\??\c:\bbttnt.exec:\bbttnt.exe93⤵
-
\??\c:\5bhnnh.exec:\5bhnnh.exe94⤵
-
\??\c:\pjvjv.exec:\pjvjv.exe95⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe96⤵
-
\??\c:\rxlllfl.exec:\rxlllfl.exe97⤵
-
\??\c:\lxlffff.exec:\lxlffff.exe98⤵
-
\??\c:\tbtthh.exec:\tbtthh.exe99⤵
-
\??\c:\thhbhb.exec:\thhbhb.exe100⤵
-
\??\c:\vpvpv.exec:\vpvpv.exe101⤵
-
\??\c:\xrfllrf.exec:\xrfllrf.exe102⤵
-
\??\c:\xrxfflf.exec:\xrxfflf.exe103⤵
-
\??\c:\bthntb.exec:\bthntb.exe104⤵
-
\??\c:\jdppj.exec:\jdppj.exe105⤵
-
\??\c:\lxrxlrf.exec:\lxrxlrf.exe106⤵
-
\??\c:\tbnhnh.exec:\tbnhnh.exe107⤵
-
\??\c:\jdjdv.exec:\jdjdv.exe108⤵
-
\??\c:\jjdvp.exec:\jjdvp.exe109⤵
-
\??\c:\9xxxxlf.exec:\9xxxxlf.exe110⤵
-
\??\c:\bnnhnn.exec:\bnnhnn.exe111⤵
-
\??\c:\hbbhnb.exec:\hbbhnb.exe112⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe113⤵
-
\??\c:\djjvd.exec:\djjvd.exe114⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe115⤵
-
\??\c:\nhtbnb.exec:\nhtbnb.exe116⤵
-
\??\c:\hbbnth.exec:\hbbnth.exe117⤵
-
\??\c:\9dvjj.exec:\9dvjj.exe118⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe119⤵
-
\??\c:\xxrfxlr.exec:\xxrfxlr.exe120⤵
-
\??\c:\xlxxlff.exec:\xlxxlff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-