Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27/06/2024, 03:35
General
-
Target
4619606bc01fd6c0e01def9f244cec54fb3222b6898d7e74832dc63aea9a4ebb_NeikiAnalytics.exe
-
Size
134KB
-
MD5
df75f2f7b76e9d30b9ae01f960224a10
-
SHA1
b29ca4c0a88811c53424d23e9607a156c2acd460
-
SHA256
4619606bc01fd6c0e01def9f244cec54fb3222b6898d7e74832dc63aea9a4ebb
-
SHA512
8c19d0b62304fcea9862b374d86815d5393da7e0cc586f71e2eb4f835c6b39d28f8bec0951f9ec668f3d06ac1b48f5979391091fbd4d36ecb5c891db16b839fb
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHVpx+dGorp+:n3C9BRW0j/1px+dG8+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4619606bc01fd6c0e01def9f244cec54fb3222b6898d7e74832dc63aea9a4ebb_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4619606bc01fd6c0e01def9f244cec54fb3222b6898d7e74832dc63aea9a4ebb_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtt.exec:\tnhhtt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnb.exec:\nhtbnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxxllx.exec:\llxxllx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhbhh.exec:\5bhbhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vppvp.exec:\vppvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xxfrrx.exec:\5xxfrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9tbhnt.exec:\9tbhnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvj.exec:\dvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpddp.exec:\dpddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrrx.exec:\fxxrrrx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthntb.exec:\bthntb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhhhn.exec:\1bhhhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpdvv.exec:\dpdvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjjv.exec:\dvjjv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxflx.exec:\fxfxflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrfxf.exec:\fflrfxf.exe17⤵
- Executes dropped EXE
-
\??\c:\nhtbhh.exec:\nhtbhh.exe18⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe19⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe20⤵
- Executes dropped EXE
-
\??\c:\lfrxffr.exec:\lfrxffr.exe21⤵
- Executes dropped EXE
-
\??\c:\hthnnn.exec:\hthnnn.exe22⤵
- Executes dropped EXE
-
\??\c:\tnhtht.exec:\tnhtht.exe23⤵
- Executes dropped EXE
-
\??\c:\pjvjv.exec:\pjvjv.exe24⤵
- Executes dropped EXE
-
\??\c:\lflrrrf.exec:\lflrrrf.exe25⤵
- Executes dropped EXE
-
\??\c:\xlrrfxx.exec:\xlrrfxx.exe26⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe27⤵
- Executes dropped EXE
-
\??\c:\jvjjj.exec:\jvjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\vpdvj.exec:\vpdvj.exe29⤵
- Executes dropped EXE
-
\??\c:\7llllrf.exec:\7llllrf.exe30⤵
- Executes dropped EXE
-
\??\c:\nnnthb.exec:\nnnthb.exe31⤵
- Executes dropped EXE
-
\??\c:\nhtbnt.exec:\nhtbnt.exe32⤵
- Executes dropped EXE
-
\??\c:\vjddp.exec:\vjddp.exe33⤵
- Executes dropped EXE
-
\??\c:\xrrrlrf.exec:\xrrrlrf.exe34⤵
- Executes dropped EXE
-
\??\c:\lfflxxf.exec:\lfflxxf.exe35⤵
- Executes dropped EXE
-
\??\c:\9tnbtt.exec:\9tnbtt.exe36⤵
- Executes dropped EXE
-
\??\c:\5bhhnn.exec:\5bhhnn.exe37⤵
- Executes dropped EXE
-
\??\c:\dvppd.exec:\dvppd.exe38⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe39⤵
- Executes dropped EXE
-
\??\c:\7xrllrx.exec:\7xrllrx.exe40⤵
- Executes dropped EXE
-
\??\c:\lfflllr.exec:\lfflllr.exe41⤵
- Executes dropped EXE
-
\??\c:\bnttbb.exec:\bnttbb.exe42⤵
- Executes dropped EXE
-
\??\c:\5thbhn.exec:\5thbhn.exe43⤵
- Executes dropped EXE
-
\??\c:\5vpjp.exec:\5vpjp.exe44⤵
- Executes dropped EXE
-
\??\c:\7dvjj.exec:\7dvjj.exe45⤵
- Executes dropped EXE
-
\??\c:\lllffxx.exec:\lllffxx.exe46⤵
- Executes dropped EXE
-
\??\c:\tththh.exec:\tththh.exe47⤵
- Executes dropped EXE
-
\??\c:\hbnntb.exec:\hbnntb.exe48⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe49⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe50⤵
- Executes dropped EXE
-
\??\c:\7frfllx.exec:\7frfllx.exe51⤵
- Executes dropped EXE
-
\??\c:\frlrxff.exec:\frlrxff.exe52⤵
- Executes dropped EXE
-
\??\c:\bnbhnn.exec:\bnbhnn.exe53⤵
- Executes dropped EXE
-
\??\c:\hthbhb.exec:\hthbhb.exe54⤵
- Executes dropped EXE
-
\??\c:\pvppv.exec:\pvppv.exe55⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe56⤵
- Executes dropped EXE
-
\??\c:\rlflxfl.exec:\rlflxfl.exe57⤵
- Executes dropped EXE
-
\??\c:\9xllxrf.exec:\9xllxrf.exe58⤵
- Executes dropped EXE
-
\??\c:\bthbnt.exec:\bthbnt.exe59⤵
- Executes dropped EXE
-
\??\c:\hhbnnb.exec:\hhbnnb.exe60⤵
- Executes dropped EXE
-
\??\c:\dpvjd.exec:\dpvjd.exe61⤵
- Executes dropped EXE
-
\??\c:\rrlxxxf.exec:\rrlxxxf.exe62⤵
- Executes dropped EXE
-
\??\c:\thnnnh.exec:\thnnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\tnhnhh.exec:\tnhnhh.exe64⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\1jvvd.exec:\1jvvd.exe66⤵
-
\??\c:\rflxxxl.exec:\rflxxxl.exe67⤵
-
\??\c:\xlrxlff.exec:\xlrxlff.exe68⤵
-
\??\c:\9bntbn.exec:\9bntbn.exe69⤵
-
\??\c:\1nhhhh.exec:\1nhhhh.exe70⤵
-
\??\c:\jvjpv.exec:\jvjpv.exe71⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe72⤵
-
\??\c:\xrlrfxf.exec:\xrlrfxf.exe73⤵
-
\??\c:\lfxxffl.exec:\lfxxffl.exe74⤵
-
\??\c:\tbttnn.exec:\tbttnn.exe75⤵
-
\??\c:\hthnnh.exec:\hthnnh.exe76⤵
-
\??\c:\1vjjp.exec:\1vjjp.exe77⤵
-
\??\c:\jvjvd.exec:\jvjvd.exe78⤵
-
\??\c:\xrllrrx.exec:\xrllrrx.exe79⤵
-
\??\c:\lfxrxrx.exec:\lfxrxrx.exe80⤵
-
\??\c:\7tnhnn.exec:\7tnhnn.exe81⤵
-
\??\c:\thbbtb.exec:\thbbtb.exe82⤵
-
\??\c:\1pjjp.exec:\1pjjp.exe83⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe84⤵
-
\??\c:\3djpv.exec:\3djpv.exe85⤵
-
\??\c:\lfrfrrf.exec:\lfrfrrf.exe86⤵
-
\??\c:\xrlrflr.exec:\xrlrflr.exe87⤵
-
\??\c:\1thntt.exec:\1thntt.exe88⤵
-
\??\c:\5bnnnn.exec:\5bnnnn.exe89⤵
-
\??\c:\3jdvv.exec:\3jdvv.exe90⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe91⤵
-
\??\c:\llflxxf.exec:\llflxxf.exe92⤵
-
\??\c:\xlxrfll.exec:\xlxrfll.exe93⤵
-
\??\c:\tnbhbh.exec:\tnbhbh.exe94⤵
-
\??\c:\bthnnt.exec:\bthnnt.exe95⤵
-
\??\c:\7jvvv.exec:\7jvvv.exe96⤵
-
\??\c:\3dpjp.exec:\3dpjp.exe97⤵
-
\??\c:\xxlxfrr.exec:\xxlxfrr.exe98⤵
-
\??\c:\fxrlllx.exec:\fxrlllx.exe99⤵
-
\??\c:\3tntnn.exec:\3tntnn.exe100⤵
-
\??\c:\1thhnt.exec:\1thhnt.exe101⤵
-
\??\c:\ppvvd.exec:\ppvvd.exe102⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe103⤵
-
\??\c:\rlffrll.exec:\rlffrll.exe104⤵
-
\??\c:\1frflll.exec:\1frflll.exe105⤵
-
\??\c:\nbhntt.exec:\nbhntt.exe106⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe107⤵
-
\??\c:\dvjvj.exec:\dvjvj.exe108⤵
-
\??\c:\dpdjp.exec:\dpdjp.exe109⤵
-
\??\c:\frffxxf.exec:\frffxxf.exe110⤵
-
\??\c:\7frrffl.exec:\7frrffl.exe111⤵
-
\??\c:\hbbbnh.exec:\hbbbnh.exe112⤵
-
\??\c:\9nbntt.exec:\9nbntt.exe113⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe114⤵
-
\??\c:\vpvvv.exec:\vpvvv.exe115⤵
-
\??\c:\lxfffrr.exec:\lxfffrr.exe116⤵
-
\??\c:\fxrfrxf.exec:\fxrfrxf.exe117⤵
-
\??\c:\htbbbn.exec:\htbbbn.exe118⤵
-
\??\c:\ttttbt.exec:\ttttbt.exe119⤵
-
\??\c:\vjpvp.exec:\vjpvp.exe120⤵
-
\??\c:\dvjjd.exec:\dvjjd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-