Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
28-06-2024 19:40
General
-
Target
a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe
-
Size
78KB
-
MD5
44fdb01ba49c8e6d31607de64921fae0
-
SHA1
c704f0a93f20e11bf368b4ebf370c3f59cebf2ff
-
SHA256
a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed
-
SHA512
67e0e17ed3a09ffef69a52e3b7fe588a723c4d80a3c62337ef5f411124ca43dede52b393bed1ecc407bd1446873a718cd9a988f8457a6f6110ef6e827486a01d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIIpIo60L9QrrA8v:ymb3NkkiQ3mdBjFIIp9L9QrrA8v
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a84001b3e407d21fa9334ecf2c360e41cadf0dfb9fca96c913b11703c467e9ed_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\o460600.exec:\o460600.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e66640.exec:\e66640.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82620.exec:\82620.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i640668.exec:\i640668.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k04422.exec:\k04422.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006288.exec:\006288.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ntbtbb.exec:\ntbtbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrxfllx.exec:\lrxfllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnh.exec:\hbthnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\268684.exec:\268684.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7htttb.exec:\7htttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjvj.exec:\dvjvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvj.exec:\ddjvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\448462.exec:\448462.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\806004.exec:\806004.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrlrxfr.exec:\lrlrxfr.exe17⤵
- Executes dropped EXE
-
\??\c:\208466.exec:\208466.exe18⤵
- Executes dropped EXE
-
\??\c:\rrxfflx.exec:\rrxfflx.exe19⤵
- Executes dropped EXE
-
\??\c:\86224.exec:\86224.exe20⤵
- Executes dropped EXE
-
\??\c:\tnnnhn.exec:\tnnnhn.exe21⤵
- Executes dropped EXE
-
\??\c:\26446.exec:\26446.exe22⤵
- Executes dropped EXE
-
\??\c:\4206224.exec:\4206224.exe23⤵
- Executes dropped EXE
-
\??\c:\fxflxrr.exec:\fxflxrr.exe24⤵
- Executes dropped EXE
-
\??\c:\04846.exec:\04846.exe25⤵
- Executes dropped EXE
-
\??\c:\666800.exec:\666800.exe26⤵
- Executes dropped EXE
-
\??\c:\20246.exec:\20246.exe27⤵
- Executes dropped EXE
-
\??\c:\00646.exec:\00646.exe28⤵
- Executes dropped EXE
-
\??\c:\462202.exec:\462202.exe29⤵
- Executes dropped EXE
-
\??\c:\0406862.exec:\0406862.exe30⤵
- Executes dropped EXE
-
\??\c:\7bhhhh.exec:\7bhhhh.exe31⤵
- Executes dropped EXE
-
\??\c:\82008.exec:\82008.exe32⤵
- Executes dropped EXE
-
\??\c:\lrfxlrx.exec:\lrfxlrx.exe33⤵
- Executes dropped EXE
-
\??\c:\4640628.exec:\4640628.exe34⤵
- Executes dropped EXE
-
\??\c:\frxxlff.exec:\frxxlff.exe35⤵
- Executes dropped EXE
-
\??\c:\jvddj.exec:\jvddj.exe36⤵
- Executes dropped EXE
-
\??\c:\i622040.exec:\i622040.exe37⤵
- Executes dropped EXE
-
\??\c:\jjppd.exec:\jjppd.exe38⤵
- Executes dropped EXE
-
\??\c:\a8488.exec:\a8488.exe39⤵
- Executes dropped EXE
-
\??\c:\246286.exec:\246286.exe40⤵
- Executes dropped EXE
-
\??\c:\2626666.exec:\2626666.exe41⤵
- Executes dropped EXE
-
\??\c:\208844.exec:\208844.exe42⤵
- Executes dropped EXE
-
\??\c:\422660.exec:\422660.exe43⤵
- Executes dropped EXE
-
\??\c:\7nbbbt.exec:\7nbbbt.exe44⤵
- Executes dropped EXE
-
\??\c:\202842.exec:\202842.exe45⤵
- Executes dropped EXE
-
\??\c:\llflxff.exec:\llflxff.exe46⤵
- Executes dropped EXE
-
\??\c:\s4440.exec:\s4440.exe47⤵
- Executes dropped EXE
-
\??\c:\1dppj.exec:\1dppj.exe48⤵
- Executes dropped EXE
-
\??\c:\24004.exec:\24004.exe49⤵
- Executes dropped EXE
-
\??\c:\0848822.exec:\0848822.exe50⤵
- Executes dropped EXE
-
\??\c:\86444.exec:\86444.exe51⤵
- Executes dropped EXE
-
\??\c:\pdvjj.exec:\pdvjj.exe52⤵
- Executes dropped EXE
-
\??\c:\02440.exec:\02440.exe53⤵
- Executes dropped EXE
-
\??\c:\0804604.exec:\0804604.exe54⤵
- Executes dropped EXE
-
\??\c:\vvdpj.exec:\vvdpj.exe55⤵
- Executes dropped EXE
-
\??\c:\nbtnhb.exec:\nbtnhb.exe56⤵
- Executes dropped EXE
-
\??\c:\m8028.exec:\m8028.exe57⤵
- Executes dropped EXE
-
\??\c:\u022484.exec:\u022484.exe58⤵
- Executes dropped EXE
-
\??\c:\q24422.exec:\q24422.exe59⤵
- Executes dropped EXE
-
\??\c:\6208602.exec:\6208602.exe60⤵
- Executes dropped EXE
-
\??\c:\jvvpv.exec:\jvvpv.exe61⤵
- Executes dropped EXE
-
\??\c:\04028.exec:\04028.exe62⤵
- Executes dropped EXE
-
\??\c:\24666.exec:\24666.exe63⤵
- Executes dropped EXE
-
\??\c:\rfffxrx.exec:\rfffxrx.exe64⤵
- Executes dropped EXE
-
\??\c:\ntbhnn.exec:\ntbhnn.exe65⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe66⤵
-
\??\c:\084448.exec:\084448.exe67⤵
-
\??\c:\lxxxxxr.exec:\lxxxxxr.exe68⤵
-
\??\c:\frrrxrr.exec:\frrrxrr.exe69⤵
-
\??\c:\7vddp.exec:\7vddp.exe70⤵
-
\??\c:\fxrllfl.exec:\fxrllfl.exe71⤵
-
\??\c:\7pddp.exec:\7pddp.exe72⤵
-
\??\c:\1dvdd.exec:\1dvdd.exe73⤵
-
\??\c:\dvpvv.exec:\dvpvv.exe74⤵
-
\??\c:\a6228.exec:\a6228.exe75⤵
-
\??\c:\2622606.exec:\2622606.exe76⤵
-
\??\c:\8060600.exec:\8060600.exe77⤵
-
\??\c:\3jvvd.exec:\3jvvd.exe78⤵
-
\??\c:\8686662.exec:\8686662.exe79⤵
-
\??\c:\m6400.exec:\m6400.exe80⤵
-
\??\c:\02822.exec:\02822.exe81⤵
-
\??\c:\e84044.exec:\e84044.exe82⤵
-
\??\c:\s8068.exec:\s8068.exe83⤵
-
\??\c:\xlrlrlr.exec:\xlrlrlr.exe84⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe85⤵
-
\??\c:\4622266.exec:\4622266.exe86⤵
-
\??\c:\vjvvd.exec:\vjvvd.exe87⤵
-
\??\c:\bnthnh.exec:\bnthnh.exe88⤵
-
\??\c:\868882.exec:\868882.exe89⤵
-
\??\c:\nttbbn.exec:\nttbbn.exe90⤵
-
\??\c:\9flrxxx.exec:\9flrxxx.exe91⤵
-
\??\c:\4228444.exec:\4228444.exe92⤵
-
\??\c:\c240004.exec:\c240004.exe93⤵
-
\??\c:\xrxxflx.exec:\xrxxflx.exe94⤵
-
\??\c:\fxlxxfx.exec:\fxlxxfx.exe95⤵
-
\??\c:\0844000.exec:\0844000.exe96⤵
-
\??\c:\602826.exec:\602826.exe97⤵
-
\??\c:\pdjjj.exec:\pdjjj.exe98⤵
-
\??\c:\864840.exec:\864840.exe99⤵
-
\??\c:\dppjv.exec:\dppjv.exe100⤵
-
\??\c:\bbnnhb.exec:\bbnnhb.exe101⤵
-
\??\c:\vjpvd.exec:\vjpvd.exe102⤵
-
\??\c:\xlflxlr.exec:\xlflxlr.exe103⤵
-
\??\c:\k02844.exec:\k02844.exe104⤵
-
\??\c:\hbnnbb.exec:\hbnnbb.exe105⤵
-
\??\c:\w22468.exec:\w22468.exe106⤵
-
\??\c:\u200062.exec:\u200062.exe107⤵
-
\??\c:\xrllflr.exec:\xrllflr.exe108⤵
-
\??\c:\2224662.exec:\2224662.exe109⤵
-
\??\c:\602882.exec:\602882.exe110⤵
-
\??\c:\g2408.exec:\g2408.exe111⤵
-
\??\c:\hbnhtt.exec:\hbnhtt.exe112⤵
-
\??\c:\pdpjp.exec:\pdpjp.exe113⤵
-
\??\c:\64684.exec:\64684.exe114⤵
-
\??\c:\ffxlxxl.exec:\ffxlxxl.exe115⤵
-
\??\c:\m0840.exec:\m0840.exe116⤵
-
\??\c:\04006.exec:\04006.exe117⤵
-
\??\c:\7dvvv.exec:\7dvvv.exe118⤵
-
\??\c:\7vpvp.exec:\7vpvp.exe119⤵
-
\??\c:\vjjdd.exec:\vjjdd.exe120⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-