Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-06-2024 17:21
General
-
Target
a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe
-
Size
64KB
-
MD5
25b3b471fe7c1d29f0d45f0288e0a830
-
SHA1
d9371469e1b5ef5e7abe739399f0c82c216593c4
-
SHA256
a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9
-
SHA512
e150eb45a0ebeb1ff5aa403599fa36557c64a848d53fdf9027b8e851994ca7b93169e91652a4f2a92c8f8485af4856960fac030d297b1178f2a6ddb93987f035
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIug6bL6Nl1H:ymb3NkkiQ3mdBjFIugptH
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2e64a738ccb99cd4a1a684bf8d815c4690d03f9d91746886eb9d05a2d39a6b9_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9bhnbb.exec:\9bhnbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxllx.exec:\lfxxllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbhnt.exec:\bbbhnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbbhn.exec:\nhbbhn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5jjjj.exec:\5jjjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrfxf.exec:\xrfrfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxfr.exec:\frlrxfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnnbh.exec:\tnnnbh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vddp.exec:\3vddp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jdjp.exec:\7jdjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxffrxf.exec:\xxffrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnthh.exec:\nhnthh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnnhhb.exec:\tnnhhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vjvv.exec:\1vjvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrxlrx.exec:\lfrxlrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe17⤵
- Executes dropped EXE
-
\??\c:\7btttt.exec:\7btttt.exe18⤵
- Executes dropped EXE
-
\??\c:\jvdpj.exec:\jvdpj.exe19⤵
- Executes dropped EXE
-
\??\c:\5vjpv.exec:\5vjpv.exe20⤵
- Executes dropped EXE
-
\??\c:\rlfllrx.exec:\rlfllrx.exe21⤵
- Executes dropped EXE
-
\??\c:\1hnnhh.exec:\1hnnhh.exe22⤵
- Executes dropped EXE
-
\??\c:\btnthh.exec:\btnthh.exe23⤵
- Executes dropped EXE
-
\??\c:\3vjjp.exec:\3vjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\xxxfllx.exec:\xxxfllx.exe25⤵
- Executes dropped EXE
-
\??\c:\xrrlxrx.exec:\xrrlxrx.exe26⤵
- Executes dropped EXE
-
\??\c:\xxrfxfr.exec:\xxrfxfr.exe27⤵
- Executes dropped EXE
-
\??\c:\btbbhn.exec:\btbbhn.exe28⤵
- Executes dropped EXE
-
\??\c:\jddjv.exec:\jddjv.exe29⤵
- Executes dropped EXE
-
\??\c:\llfrffl.exec:\llfrffl.exe30⤵
- Executes dropped EXE
-
\??\c:\fxrlrxf.exec:\fxrlrxf.exe31⤵
- Executes dropped EXE
-
\??\c:\1bnnhh.exec:\1bnnhh.exe32⤵
- Executes dropped EXE
-
\??\c:\7jjpv.exec:\7jjpv.exe33⤵
- Executes dropped EXE
-
\??\c:\dvddp.exec:\dvddp.exe34⤵
- Executes dropped EXE
-
\??\c:\xlrxffl.exec:\xlrxffl.exe35⤵
- Executes dropped EXE
-
\??\c:\rlrflrx.exec:\rlrflrx.exe36⤵
- Executes dropped EXE
-
\??\c:\hbnbnn.exec:\hbnbnn.exe37⤵
- Executes dropped EXE
-
\??\c:\thnhbt.exec:\thnhbt.exe38⤵
- Executes dropped EXE
-
\??\c:\vjjdp.exec:\vjjdp.exe39⤵
- Executes dropped EXE
-
\??\c:\pjjjp.exec:\pjjjp.exe40⤵
- Executes dropped EXE
-
\??\c:\frxxfxf.exec:\frxxfxf.exe41⤵
- Executes dropped EXE
-
\??\c:\lxflxlx.exec:\lxflxlx.exe42⤵
- Executes dropped EXE
-
\??\c:\tntthb.exec:\tntthb.exe43⤵
- Executes dropped EXE
-
\??\c:\thhtbb.exec:\thhtbb.exe44⤵
- Executes dropped EXE
-
\??\c:\jvdjd.exec:\jvdjd.exe45⤵
- Executes dropped EXE
-
\??\c:\vjjpd.exec:\vjjpd.exe46⤵
- Executes dropped EXE
-
\??\c:\7xlrxxf.exec:\7xlrxxf.exe47⤵
- Executes dropped EXE
-
\??\c:\9xxflff.exec:\9xxflff.exe48⤵
- Executes dropped EXE
-
\??\c:\htbhtb.exec:\htbhtb.exe49⤵
- Executes dropped EXE
-
\??\c:\ntbthn.exec:\ntbthn.exe50⤵
- Executes dropped EXE
-
\??\c:\jjvjp.exec:\jjvjp.exe51⤵
- Executes dropped EXE
-
\??\c:\jjvpd.exec:\jjvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\xrrrfxl.exec:\xrrrfxl.exe53⤵
- Executes dropped EXE
-
\??\c:\rrlfxlf.exec:\rrlfxlf.exe54⤵
- Executes dropped EXE
-
\??\c:\nhtnnh.exec:\nhtnnh.exe55⤵
- Executes dropped EXE
-
\??\c:\hthnbh.exec:\hthnbh.exe56⤵
- Executes dropped EXE
-
\??\c:\vjjpp.exec:\vjjpp.exe57⤵
- Executes dropped EXE
-
\??\c:\7jpvj.exec:\7jpvj.exe58⤵
- Executes dropped EXE
-
\??\c:\fxlfxfr.exec:\fxlfxfr.exe59⤵
- Executes dropped EXE
-
\??\c:\fxrxxxl.exec:\fxrxxxl.exe60⤵
- Executes dropped EXE
-
\??\c:\tthnbh.exec:\tthnbh.exe61⤵
- Executes dropped EXE
-
\??\c:\5ntnnn.exec:\5ntnnn.exe62⤵
- Executes dropped EXE
-
\??\c:\jvvvj.exec:\jvvvj.exe63⤵
- Executes dropped EXE
-
\??\c:\pjdpp.exec:\pjdpp.exe64⤵
- Executes dropped EXE
-
\??\c:\xrxllll.exec:\xrxllll.exe65⤵
- Executes dropped EXE
-
\??\c:\xxlxfrx.exec:\xxlxfrx.exe66⤵
-
\??\c:\hbhhnn.exec:\hbhhnn.exe67⤵
-
\??\c:\1nbhnn.exec:\1nbhnn.exe68⤵
-
\??\c:\nbnbnn.exec:\nbnbnn.exe69⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe70⤵
-
\??\c:\pjppv.exec:\pjppv.exe71⤵
-
\??\c:\rflrflr.exec:\rflrflr.exe72⤵
-
\??\c:\tththn.exec:\tththn.exe73⤵
-
\??\c:\tnbbtt.exec:\tnbbtt.exe74⤵
-
\??\c:\7pdjv.exec:\7pdjv.exe75⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe76⤵
-
\??\c:\rlxxxff.exec:\rlxxxff.exe77⤵
-
\??\c:\1fxxflx.exec:\1fxxflx.exe78⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe79⤵
-
\??\c:\7ththn.exec:\7ththn.exe80⤵
-
\??\c:\tnhhtt.exec:\tnhhtt.exe81⤵
-
\??\c:\pjvdp.exec:\pjvdp.exe82⤵
-
\??\c:\dppdp.exec:\dppdp.exe83⤵
-
\??\c:\lxfxflx.exec:\lxfxflx.exe84⤵
-
\??\c:\lflrffl.exec:\lflrffl.exe85⤵
-
\??\c:\3hbhnt.exec:\3hbhnt.exe86⤵
-
\??\c:\nbttnt.exec:\nbttnt.exe87⤵
-
\??\c:\jdpvj.exec:\jdpvj.exe88⤵
-
\??\c:\ddpjd.exec:\ddpjd.exe89⤵
-
\??\c:\rfffffl.exec:\rfffffl.exe90⤵
-
\??\c:\lllrffl.exec:\lllrffl.exe91⤵
-
\??\c:\hhthnb.exec:\hhthnb.exe92⤵
-
\??\c:\nbhhnt.exec:\nbhhnt.exe93⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe94⤵
-
\??\c:\9vddj.exec:\9vddj.exe95⤵
-
\??\c:\1pdvv.exec:\1pdvv.exe96⤵
-
\??\c:\fxffxxf.exec:\fxffxxf.exe97⤵
-
\??\c:\xrfffff.exec:\xrfffff.exe98⤵
-
\??\c:\9nhntn.exec:\9nhntn.exe99⤵
-
\??\c:\hbnbtn.exec:\hbnbtn.exe100⤵
-
\??\c:\3bhhhh.exec:\3bhhhh.exe101⤵
-
\??\c:\pdppv.exec:\pdppv.exe102⤵
-
\??\c:\pdjjv.exec:\pdjjv.exe103⤵
-
\??\c:\5llxfxx.exec:\5llxfxx.exe104⤵
-
\??\c:\ffrxrlr.exec:\ffrxrlr.exe105⤵
-
\??\c:\9bnbnt.exec:\9bnbnt.exe106⤵
-
\??\c:\bhbbtn.exec:\bhbbtn.exe107⤵
-
\??\c:\nhttbb.exec:\nhttbb.exe108⤵
-
\??\c:\3jpvd.exec:\3jpvd.exe109⤵
-
\??\c:\pjddv.exec:\pjddv.exe110⤵
-
\??\c:\rlrxllr.exec:\rlrxllr.exe111⤵
-
\??\c:\7fllxxf.exec:\7fllxxf.exe112⤵
-
\??\c:\hbbntb.exec:\hbbntb.exe113⤵
-
\??\c:\hhhtth.exec:\hhhtth.exe114⤵
-
\??\c:\9vddv.exec:\9vddv.exe115⤵
-
\??\c:\jdppv.exec:\jdppv.exe116⤵
-
\??\c:\lfrxfff.exec:\lfrxfff.exe117⤵
-
\??\c:\9lxlrxf.exec:\9lxlrxf.exe118⤵
-
\??\c:\lfrfrrl.exec:\lfrfrrl.exe119⤵
-
\??\c:\nhnbnt.exec:\nhnbnt.exe120⤵
-
\??\c:\tnhhhn.exec:\tnhhhn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-