Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29/06/2024, 03:51
General
-
Target
5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe
-
Size
465KB
-
MD5
12950b59c16ce652fc5b168008fc81e0
-
SHA1
c115b09ee0ce25a3e0ad86952f78c2c8eb77af65
-
SHA256
5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae
-
SHA512
2156898a66d94bcb9543849d0de78c380d8948cc276ed0e4ab96be125ce8d7b1cf21f40f95d910952c51b1ba39891f7dda985d70fd29fd6a22b6aa8b83dc4777
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1Vj:VeR0oykayRFp3lztP+OKaf1Vj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 38 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5d32304d13907824c2e32dc2dae7cb3ced90b51e787a143d8b7e09971ceefeae_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxlffl.exec:\1rxlffl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjp.exec:\jvpjp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvjjv.exec:\jvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrxfl.exec:\frlrxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7btttb.exec:\7btttb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrlxllr.exec:\rrlxllr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttntbh.exec:\ttntbh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrrffl.exec:\xlrrffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppvv.exec:\5ppvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxxlrf.exec:\fxxxlrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthhtt.exec:\bthhtt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdd.exec:\dvjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhnt.exec:\hbbhnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hhhhh.exec:\1hhhhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpjvp.exec:\jpjvp.exe17⤵
- Executes dropped EXE
-
\??\c:\9nhntn.exec:\9nhntn.exe18⤵
- Executes dropped EXE
-
\??\c:\jdjjd.exec:\jdjjd.exe19⤵
- Executes dropped EXE
-
\??\c:\tnnntt.exec:\tnnntt.exe20⤵
- Executes dropped EXE
-
\??\c:\3vddp.exec:\3vddp.exe21⤵
- Executes dropped EXE
-
\??\c:\7hbntt.exec:\7hbntt.exe22⤵
- Executes dropped EXE
-
\??\c:\7ppdj.exec:\7ppdj.exe23⤵
- Executes dropped EXE
-
\??\c:\nnhnbh.exec:\nnhnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\5bntbh.exec:\5bntbh.exe26⤵
- Executes dropped EXE
-
\??\c:\vvvjv.exec:\vvvjv.exe27⤵
- Executes dropped EXE
-
\??\c:\nbtntn.exec:\nbtntn.exe28⤵
- Executes dropped EXE
-
\??\c:\vjvvv.exec:\vjvvv.exe29⤵
- Executes dropped EXE
-
\??\c:\xrlxflx.exec:\xrlxflx.exe30⤵
- Executes dropped EXE
-
\??\c:\bttbnn.exec:\bttbnn.exe31⤵
- Executes dropped EXE
-
\??\c:\fxxflrx.exec:\fxxflrx.exe32⤵
- Executes dropped EXE
-
\??\c:\fxxfrrf.exec:\fxxfrrf.exe33⤵
- Executes dropped EXE
-
\??\c:\pjvdp.exec:\pjvdp.exe34⤵
- Executes dropped EXE
-
\??\c:\frlxfrl.exec:\frlxfrl.exe35⤵
- Executes dropped EXE
-
\??\c:\9hbthn.exec:\9hbthn.exe36⤵
- Executes dropped EXE
-
\??\c:\1tthtt.exec:\1tthtt.exe37⤵
- Executes dropped EXE
-
\??\c:\dvjpp.exec:\dvjpp.exe38⤵
- Executes dropped EXE
-
\??\c:\rfxrffl.exec:\rfxrffl.exe39⤵
- Executes dropped EXE
-
\??\c:\tnbnbh.exec:\tnbnbh.exe40⤵
- Executes dropped EXE
-
\??\c:\nhnthn.exec:\nhnthn.exe41⤵
- Executes dropped EXE
-
\??\c:\vvpdp.exec:\vvpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\9ffxffr.exec:\9ffxffr.exe43⤵
- Executes dropped EXE
-
\??\c:\btttnb.exec:\btttnb.exe44⤵
- Executes dropped EXE
-
\??\c:\7tnnnn.exec:\7tnnnn.exe45⤵
- Executes dropped EXE
-
\??\c:\5dddp.exec:\5dddp.exe46⤵
- Executes dropped EXE
-
\??\c:\3lxxfrr.exec:\3lxxfrr.exe47⤵
- Executes dropped EXE
-
\??\c:\5ntbhn.exec:\5ntbhn.exe48⤵
- Executes dropped EXE
-
\??\c:\vddjv.exec:\vddjv.exe49⤵
- Executes dropped EXE
-
\??\c:\lflfllr.exec:\lflfllr.exe50⤵
- Executes dropped EXE
-
\??\c:\1fxflrr.exec:\1fxflrr.exe51⤵
- Executes dropped EXE
-
\??\c:\9htbnn.exec:\9htbnn.exe52⤵
- Executes dropped EXE
-
\??\c:\7jddj.exec:\7jddj.exe53⤵
- Executes dropped EXE
-
\??\c:\1rllrxl.exec:\1rllrxl.exe54⤵
- Executes dropped EXE
-
\??\c:\3lflrrx.exec:\3lflrrx.exe55⤵
- Executes dropped EXE
-
\??\c:\thttbb.exec:\thttbb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjvpv.exec:\pjvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\lfxflrx.exec:\lfxflrx.exe58⤵
- Executes dropped EXE
-
\??\c:\7tbbhh.exec:\7tbbhh.exe59⤵
- Executes dropped EXE
-
\??\c:\bhbhnn.exec:\bhbhnn.exe60⤵
- Executes dropped EXE
-
\??\c:\pppvp.exec:\pppvp.exe61⤵
- Executes dropped EXE
-
\??\c:\fffxxfr.exec:\fffxxfr.exe62⤵
- Executes dropped EXE
-
\??\c:\1xrlrxr.exec:\1xrlrxr.exe63⤵
- Executes dropped EXE
-
\??\c:\nnbnbb.exec:\nnbnbb.exe64⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe65⤵
- Executes dropped EXE
-
\??\c:\fxrlxxl.exec:\fxrlxxl.exe66⤵
-
\??\c:\lfllrrx.exec:\lfllrrx.exe67⤵
-
\??\c:\7bbbbt.exec:\7bbbbt.exe68⤵
-
\??\c:\9ddjv.exec:\9ddjv.exe69⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe70⤵
-
\??\c:\xrrxlrf.exec:\xrrxlrf.exe71⤵
-
\??\c:\ttnttt.exec:\ttnttt.exe72⤵
-
\??\c:\bttthh.exec:\bttthh.exe73⤵
-
\??\c:\vppdp.exec:\vppdp.exe74⤵
-
\??\c:\rrrrrxl.exec:\rrrrrxl.exe75⤵
-
\??\c:\bbbntt.exec:\bbbntt.exe76⤵
-
\??\c:\nhnnhn.exec:\nhnnhn.exe77⤵
-
\??\c:\3jvvv.exec:\3jvvv.exe78⤵
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe79⤵
-
\??\c:\5btbnn.exec:\5btbnn.exe80⤵
-
\??\c:\hbtttb.exec:\hbtttb.exe81⤵
-
\??\c:\5vpdj.exec:\5vpdj.exe82⤵
-
\??\c:\9rfxxxf.exec:\9rfxxxf.exe83⤵
-
\??\c:\lxrxlrf.exec:\lxrxlrf.exe84⤵
-
\??\c:\9nbbhb.exec:\9nbbhb.exe85⤵
-
\??\c:\5dvjv.exec:\5dvjv.exe86⤵
-
\??\c:\ddjvd.exec:\ddjvd.exe87⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe88⤵
-
\??\c:\nhtbhn.exec:\nhtbhn.exe89⤵
-
\??\c:\tbnthn.exec:\tbnthn.exe90⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe91⤵
-
\??\c:\lrlrlrx.exec:\lrlrlrx.exe92⤵
-
\??\c:\fxllrrx.exec:\fxllrrx.exe93⤵
-
\??\c:\bbbhnt.exec:\bbbhnt.exe94⤵
-
\??\c:\3jdpv.exec:\3jdpv.exe95⤵
-
\??\c:\rlllxrx.exec:\rlllxrx.exe96⤵
-
\??\c:\xrlflrf.exec:\xrlflrf.exe97⤵
-
\??\c:\3bntbb.exec:\3bntbb.exe98⤵
-
\??\c:\3jvdd.exec:\3jvdd.exe99⤵
-
\??\c:\djdjv.exec:\djdjv.exe100⤵
-
\??\c:\9ffxffr.exec:\9ffxffr.exe101⤵
-
\??\c:\hbtbhh.exec:\hbtbhh.exe102⤵
-
\??\c:\bbbnbh.exec:\bbbnbh.exe103⤵
-
\??\c:\pjddp.exec:\pjddp.exe104⤵
-
\??\c:\dvpvd.exec:\dvpvd.exe105⤵
-
\??\c:\3lfrrxf.exec:\3lfrrxf.exe106⤵
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe107⤵
-
\??\c:\1hbbbn.exec:\1hbbbn.exe108⤵
-
\??\c:\jjpdp.exec:\jjpdp.exe109⤵
-
\??\c:\xrflrxf.exec:\xrflrxf.exe110⤵
-
\??\c:\rllrrxf.exec:\rllrrxf.exe111⤵
-
\??\c:\5hbbhn.exec:\5hbbhn.exe112⤵
-
\??\c:\dvpvj.exec:\dvpvj.exe113⤵
-
\??\c:\5xxxllx.exec:\5xxxllx.exe114⤵
-
\??\c:\llllrxl.exec:\llllrxl.exe115⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe116⤵
-
\??\c:\9vvdv.exec:\9vvdv.exe117⤵
-
\??\c:\rfrrxxf.exec:\rfrrxxf.exe118⤵
-
\??\c:\lflrxfl.exec:\lflrxfl.exe119⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe120⤵
-
\??\c:\1dvvj.exec:\1dvvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-