Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
27/06/2024, 09:04
General
-
Target
7127e956fcc2072d9bf31055d31b2c95ef2a030720deb67f9fa886925a8cba91_NeikiAnalytics.exe
-
Size
161KB
-
MD5
954d8700c2d8d9eb9080ed06864959e0
-
SHA1
b3f85454d0521babc9e9327b5b5e1fe5e0c73b04
-
SHA256
7127e956fcc2072d9bf31055d31b2c95ef2a030720deb67f9fa886925a8cba91
-
SHA512
edef35b8b5c11c25e9139e1d133c15a5eb9859876d7524672b7440bc1cbb5acc91543e0ca89ffcf2e3f71fec4737883a99f05759bf9c00fbaca4fa93256b6993
-
SSDEEP
3072:chOmTsF93UYfwC6GIoutieyhC2lbgGi5yLd:ccm4FmowdHoSi9ES
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7127e956fcc2072d9bf31055d31b2c95ef2a030720deb67f9fa886925a8cba91_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7127e956fcc2072d9bf31055d31b2c95ef2a030720deb67f9fa886925a8cba91_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3htbtb.exec:\3htbtb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjdp.exec:\jdjdp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fffxff.exec:\1fffxff.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhttnh.exec:\hhttnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jddv.exec:\5jddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflxfl.exec:\fxflxfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtbhn.exec:\hbtbhn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjvvj.exec:\jjvvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frflll.exec:\3frflll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxfxfxx.exec:\lxfxfxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnbtb.exec:\hbnbtb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxllrxl.exec:\fxllrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhtn.exec:\ttnhtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdjd.exec:\vvdjd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxrl.exec:\xxxlxrl.exe17⤵
- Executes dropped EXE
-
\??\c:\5thnnt.exec:\5thnnt.exe18⤵
- Executes dropped EXE
-
\??\c:\httttb.exec:\httttb.exe19⤵
- Executes dropped EXE
-
\??\c:\jdvdp.exec:\jdvdp.exe20⤵
- Executes dropped EXE
-
\??\c:\1xlrxxl.exec:\1xlrxxl.exe21⤵
- Executes dropped EXE
-
\??\c:\3ntnnt.exec:\3ntnnt.exe22⤵
- Executes dropped EXE
-
\??\c:\pjvvv.exec:\pjvvv.exe23⤵
- Executes dropped EXE
-
\??\c:\rlfrxrl.exec:\rlfrxrl.exe24⤵
- Executes dropped EXE
-
\??\c:\lfrxfrl.exec:\lfrxfrl.exe25⤵
- Executes dropped EXE
-
\??\c:\bthhtb.exec:\bthhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe27⤵
- Executes dropped EXE
-
\??\c:\fflxrfl.exec:\fflxrfl.exe28⤵
- Executes dropped EXE
-
\??\c:\nhbttt.exec:\nhbttt.exe29⤵
- Executes dropped EXE
-
\??\c:\1vddj.exec:\1vddj.exe30⤵
- Executes dropped EXE
-
\??\c:\9pdjj.exec:\9pdjj.exe31⤵
- Executes dropped EXE
-
\??\c:\1fxxxff.exec:\1fxxxff.exe32⤵
- Executes dropped EXE
-
\??\c:\nbhhbb.exec:\nbhhbb.exe33⤵
- Executes dropped EXE
-
\??\c:\jvjvv.exec:\jvjvv.exe34⤵
- Executes dropped EXE
-
\??\c:\jjdjd.exec:\jjdjd.exe35⤵
- Executes dropped EXE
-
\??\c:\1xrlxfr.exec:\1xrlxfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xxrlxfl.exec:\xxrlxfl.exe37⤵
- Executes dropped EXE
-
\??\c:\nnbnnh.exec:\nnbnnh.exe38⤵
- Executes dropped EXE
-
\??\c:\pddvv.exec:\pddvv.exe39⤵
- Executes dropped EXE
-
\??\c:\dvjvj.exec:\dvjvj.exe40⤵
- Executes dropped EXE
-
\??\c:\xxfrxrf.exec:\xxfrxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\rfllrlf.exec:\rfllrlf.exe42⤵
- Executes dropped EXE
-
\??\c:\nbnnbt.exec:\nbnnbt.exe43⤵
- Executes dropped EXE
-
\??\c:\1ntbnt.exec:\1ntbnt.exe44⤵
- Executes dropped EXE
-
\??\c:\3jdjd.exec:\3jdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\ttbbnt.exec:\ttbbnt.exe46⤵
- Executes dropped EXE
-
\??\c:\9tbbbn.exec:\9tbbbn.exe47⤵
- Executes dropped EXE
-
\??\c:\pjddp.exec:\pjddp.exe48⤵
- Executes dropped EXE
-
\??\c:\1dpvj.exec:\1dpvj.exe49⤵
- Executes dropped EXE
-
\??\c:\rrlfllr.exec:\rrlfllr.exe50⤵
- Executes dropped EXE
-
\??\c:\frlflff.exec:\frlflff.exe51⤵
- Executes dropped EXE
-
\??\c:\nnbhtt.exec:\nnbhtt.exe52⤵
- Executes dropped EXE
-
\??\c:\3hbbnn.exec:\3hbbnn.exe53⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe54⤵
- Executes dropped EXE
-
\??\c:\1rrfllr.exec:\1rrfllr.exe55⤵
- Executes dropped EXE
-
\??\c:\lllxrrx.exec:\lllxrrx.exe56⤵
- Executes dropped EXE
-
\??\c:\7xllxxf.exec:\7xllxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\btbhnt.exec:\btbhnt.exe58⤵
- Executes dropped EXE
-
\??\c:\vpvdd.exec:\vpvdd.exe59⤵
- Executes dropped EXE
-
\??\c:\3rlrxlr.exec:\3rlrxlr.exe60⤵
- Executes dropped EXE
-
\??\c:\xrlrxfl.exec:\xrlrxfl.exe61⤵
- Executes dropped EXE
-
\??\c:\btnbnt.exec:\btnbnt.exe62⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe63⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe64⤵
- Executes dropped EXE
-
\??\c:\pppdd.exec:\pppdd.exe65⤵
- Executes dropped EXE
-
\??\c:\llrrlfl.exec:\llrrlfl.exe66⤵
-
\??\c:\rrlfxfr.exec:\rrlfxfr.exe67⤵
-
\??\c:\tnhnhn.exec:\tnhnhn.exe68⤵
-
\??\c:\btbnth.exec:\btbnth.exe69⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe70⤵
-
\??\c:\rrfxflx.exec:\rrfxflx.exe71⤵
-
\??\c:\9llrlll.exec:\9llrlll.exe72⤵
-
\??\c:\1hbtnt.exec:\1hbtnt.exe73⤵
-
\??\c:\jdddd.exec:\jdddd.exe74⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe75⤵
-
\??\c:\ffxxxxl.exec:\ffxxxxl.exe76⤵
-
\??\c:\rrffflf.exec:\rrffflf.exe77⤵
-
\??\c:\nnhtbh.exec:\nnhtbh.exe78⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe79⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe80⤵
-
\??\c:\ddpdp.exec:\ddpdp.exe81⤵
-
\??\c:\rllrlfr.exec:\rllrlfr.exe82⤵
-
\??\c:\9lllxxl.exec:\9lllxxl.exe83⤵
-
\??\c:\tntthh.exec:\tntthh.exe84⤵
-
\??\c:\tnthbt.exec:\tnthbt.exe85⤵
-
\??\c:\jdpjp.exec:\jdpjp.exe86⤵
-
\??\c:\3vjpv.exec:\3vjpv.exe87⤵
-
\??\c:\7lxfffr.exec:\7lxfffr.exe88⤵
-
\??\c:\xlllllx.exec:\xlllllx.exe89⤵
-
\??\c:\fxrfrlr.exec:\fxrfrlr.exe90⤵
-
\??\c:\hbthtb.exec:\hbthtb.exe91⤵
-
\??\c:\bbtbnt.exec:\bbtbnt.exe92⤵
-
\??\c:\dvddv.exec:\dvddv.exe93⤵
-
\??\c:\3xfxllx.exec:\3xfxllx.exe94⤵
-
\??\c:\5lflrfr.exec:\5lflrfr.exe95⤵
-
\??\c:\hhbnbn.exec:\hhbnbn.exe96⤵
-
\??\c:\bthnnn.exec:\bthnnn.exe97⤵
-
\??\c:\9jpvj.exec:\9jpvj.exe98⤵
-
\??\c:\jvjjd.exec:\jvjjd.exe99⤵
-
\??\c:\lfrflxf.exec:\lfrflxf.exe100⤵
-
\??\c:\5rrfrxl.exec:\5rrfrxl.exe101⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe102⤵
-
\??\c:\3bbhtb.exec:\3bbhtb.exe103⤵
-
\??\c:\1djvv.exec:\1djvv.exe104⤵
-
\??\c:\dpjjp.exec:\dpjjp.exe105⤵
-
\??\c:\rlxxlrf.exec:\rlxxlrf.exe106⤵
-
\??\c:\3frlfrx.exec:\3frlfrx.exe107⤵
-
\??\c:\bbbhnb.exec:\bbbhnb.exe108⤵
-
\??\c:\thbthh.exec:\thbthh.exe109⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe110⤵
-
\??\c:\5pjdj.exec:\5pjdj.exe111⤵
-
\??\c:\3rlrxfr.exec:\3rlrxfr.exe112⤵
-
\??\c:\fxlxrfr.exec:\fxlxrfr.exe113⤵
-
\??\c:\bnbbnh.exec:\bnbbnh.exe114⤵
-
\??\c:\hhbbhn.exec:\hhbbhn.exe115⤵
-
\??\c:\vvvdp.exec:\vvvdp.exe116⤵
-
\??\c:\lllflll.exec:\lllflll.exe117⤵
-
\??\c:\xfxlrll.exec:\xfxlrll.exe118⤵
-
\??\c:\1hthbh.exec:\1hthbh.exe119⤵
-
\??\c:\hhbbbn.exec:\hhbbbn.exe120⤵
-
\??\c:\jvjjp.exec:\jvjjp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-