Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
17-06-2024 11:24
General
-
Target
83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe
-
Size
88KB
-
MD5
83f2ab36bda595afc10c03efe3400420
-
SHA1
c3f454876a76344883a5efad875b5c3c520d12c4
-
SHA256
6ea5a337cabc1b7a86eae78b72878ff7be68a3a6d7417d0fdd5f0dbf9fb33966
-
SHA512
b9eb92ca686769bd6c946065bc0bdfadb79ad40cc10758f921e4ec30d871d6b99864b95aac10909cf1ecba767fbc3bf98bdf0daa5c3b51ec041741653700d4e9
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+C2iJvRirE0DmmdL2jqWkB9:ymb3NkkiQ3mdBjF+3TU2iBRioSumWS1P
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\83f2ab36bda595afc10c03efe3400420_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\604462.exec:\604462.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u428064.exec:\u428064.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pjpv.exec:\3pjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w08462.exec:\w08462.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbbh.exec:\tnbbbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvd.exec:\vppvd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pppv.exec:\1pppv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0008808.exec:\0008808.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtnbb.exec:\tbtnbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxrrlrf.exec:\rxrrlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\08002.exec:\08002.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\028462.exec:\028462.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjp.exec:\vvvjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbntn.exec:\nhbntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhtb.exec:\tnbhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3rlfxxr.exec:\3rlfxxr.exe17⤵
- Executes dropped EXE
-
\??\c:\fxlfrxf.exec:\fxlfrxf.exe18⤵
- Executes dropped EXE
-
\??\c:\btbhtb.exec:\btbhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\ddjjp.exec:\ddjjp.exe20⤵
- Executes dropped EXE
-
\??\c:\5jvpp.exec:\5jvpp.exe21⤵
- Executes dropped EXE
-
\??\c:\04620.exec:\04620.exe22⤵
- Executes dropped EXE
-
\??\c:\jdjvv.exec:\jdjvv.exe23⤵
- Executes dropped EXE
-
\??\c:\bttttb.exec:\bttttb.exe24⤵
- Executes dropped EXE
-
\??\c:\ddvjj.exec:\ddvjj.exe25⤵
- Executes dropped EXE
-
\??\c:\60266.exec:\60266.exe26⤵
- Executes dropped EXE
-
\??\c:\1dppp.exec:\1dppp.exe27⤵
- Executes dropped EXE
-
\??\c:\hhnbhb.exec:\hhnbhb.exe28⤵
- Executes dropped EXE
-
\??\c:\u240662.exec:\u240662.exe29⤵
- Executes dropped EXE
-
\??\c:\084028.exec:\084028.exe30⤵
- Executes dropped EXE
-
\??\c:\bnbbnh.exec:\bnbbnh.exe31⤵
- Executes dropped EXE
-
\??\c:\806842.exec:\806842.exe32⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe33⤵
- Executes dropped EXE
-
\??\c:\s6464.exec:\s6464.exe34⤵
- Executes dropped EXE
-
\??\c:\4844046.exec:\4844046.exe35⤵
- Executes dropped EXE
-
\??\c:\dppdd.exec:\dppdd.exe36⤵
- Executes dropped EXE
-
\??\c:\m4628.exec:\m4628.exe37⤵
- Executes dropped EXE
-
\??\c:\a4268.exec:\a4268.exe38⤵
- Executes dropped EXE
-
\??\c:\26808.exec:\26808.exe39⤵
- Executes dropped EXE
-
\??\c:\i866684.exec:\i866684.exe40⤵
- Executes dropped EXE
-
\??\c:\6400062.exec:\6400062.exe41⤵
- Executes dropped EXE
-
\??\c:\jddjj.exec:\jddjj.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhhnt.exec:\hbhhnt.exe43⤵
- Executes dropped EXE
-
\??\c:\3hhbtt.exec:\3hhbtt.exe44⤵
- Executes dropped EXE
-
\??\c:\08006.exec:\08006.exe45⤵
- Executes dropped EXE
-
\??\c:\0840062.exec:\0840062.exe46⤵
- Executes dropped EXE
-
\??\c:\fxrfrxr.exec:\fxrfrxr.exe47⤵
- Executes dropped EXE
-
\??\c:\8680062.exec:\8680062.exe48⤵
- Executes dropped EXE
-
\??\c:\0028420.exec:\0028420.exe49⤵
- Executes dropped EXE
-
\??\c:\824628.exec:\824628.exe50⤵
- Executes dropped EXE
-
\??\c:\48246.exec:\48246.exe51⤵
- Executes dropped EXE
-
\??\c:\fxlrflx.exec:\fxlrflx.exe52⤵
- Executes dropped EXE
-
\??\c:\408080.exec:\408080.exe53⤵
- Executes dropped EXE
-
\??\c:\3lrxrrf.exec:\3lrxrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\i868068.exec:\i868068.exe55⤵
- Executes dropped EXE
-
\??\c:\i240228.exec:\i240228.exe56⤵
- Executes dropped EXE
-
\??\c:\a2288.exec:\a2288.exe57⤵
- Executes dropped EXE
-
\??\c:\040066.exec:\040066.exe58⤵
- Executes dropped EXE
-
\??\c:\nhntbh.exec:\nhntbh.exe59⤵
- Executes dropped EXE
-
\??\c:\484066.exec:\484066.exe60⤵
- Executes dropped EXE
-
\??\c:\602622.exec:\602622.exe61⤵
- Executes dropped EXE
-
\??\c:\8880686.exec:\8880686.exe62⤵
- Executes dropped EXE
-
\??\c:\04224.exec:\04224.exe63⤵
- Executes dropped EXE
-
\??\c:\02642.exec:\02642.exe64⤵
- Executes dropped EXE
-
\??\c:\86884.exec:\86884.exe65⤵
- Executes dropped EXE
-
\??\c:\rfrxflx.exec:\rfrxflx.exe66⤵
-
\??\c:\48684.exec:\48684.exe67⤵
-
\??\c:\7nnnnt.exec:\7nnnnt.exe68⤵
-
\??\c:\ttbbnh.exec:\ttbbnh.exe69⤵
-
\??\c:\jdpdp.exec:\jdpdp.exe70⤵
-
\??\c:\k02840.exec:\k02840.exe71⤵
-
\??\c:\nhbhhb.exec:\nhbhhb.exe72⤵
-
\??\c:\048400.exec:\048400.exe73⤵
-
\??\c:\264488.exec:\264488.exe74⤵
-
\??\c:\7xxxfrl.exec:\7xxxfrl.exe75⤵
-
\??\c:\3pjjj.exec:\3pjjj.exe76⤵
-
\??\c:\btnhnb.exec:\btnhnb.exe77⤵
-
\??\c:\llflrxr.exec:\llflrxr.exe78⤵
-
\??\c:\tthtnn.exec:\tthtnn.exe79⤵
-
\??\c:\s0462.exec:\s0462.exe80⤵
-
\??\c:\426662.exec:\426662.exe81⤵
-
\??\c:\7dvdp.exec:\7dvdp.exe82⤵
-
\??\c:\0000280.exec:\0000280.exe83⤵
-
\??\c:\084682.exec:\084682.exe84⤵
-
\??\c:\002842.exec:\002842.exe85⤵
-
\??\c:\42648.exec:\42648.exe86⤵
-
\??\c:\08000.exec:\08000.exe87⤵
-
\??\c:\ppjvj.exec:\ppjvj.exe88⤵
-
\??\c:\k24022.exec:\k24022.exe89⤵
-
\??\c:\e42888.exec:\e42888.exe90⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe91⤵
-
\??\c:\48426.exec:\48426.exe92⤵
-
\??\c:\hbhntn.exec:\hbhntn.exe93⤵
-
\??\c:\1jdjd.exec:\1jdjd.exe94⤵
-
\??\c:\vpddj.exec:\vpddj.exe95⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe96⤵
-
\??\c:\66404.exec:\66404.exe97⤵
-
\??\c:\jjdvj.exec:\jjdvj.exe98⤵
-
\??\c:\48642.exec:\48642.exe99⤵
-
\??\c:\420224.exec:\420224.exe100⤵
-
\??\c:\260684.exec:\260684.exe101⤵
-
\??\c:\6480662.exec:\6480662.exe102⤵
-
\??\c:\xrxxllx.exec:\xrxxllx.exe103⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe104⤵
-
\??\c:\0866442.exec:\0866442.exe105⤵
-
\??\c:\60284.exec:\60284.exe106⤵
-
\??\c:\hnhnbh.exec:\hnhnbh.exe107⤵
-
\??\c:\60222.exec:\60222.exe108⤵
-
\??\c:\a8042.exec:\a8042.exe109⤵
-
\??\c:\tnbntt.exec:\tnbntt.exe110⤵
-
\??\c:\c862628.exec:\c862628.exe111⤵
-
\??\c:\bnbbbh.exec:\bnbbbh.exe112⤵
-
\??\c:\fllxxrx.exec:\fllxxrx.exe113⤵
-
\??\c:\ppvjp.exec:\ppvjp.exe114⤵
-
\??\c:\6086280.exec:\6086280.exe115⤵
-
\??\c:\6086262.exec:\6086262.exe116⤵
-
\??\c:\0424440.exec:\0424440.exe117⤵
-
\??\c:\8228002.exec:\8228002.exe118⤵
-
\??\c:\00802.exec:\00802.exe119⤵
-
\??\c:\frrrffr.exec:\frrrffr.exe120⤵
-
\??\c:\c268068.exec:\c268068.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-