Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
29/06/2024, 09:23
General
-
Target
94999846a30f1bd5243761fa3c24299ff646b91c27352cf4df02249b5aa176ef_NeikiAnalytics.exe
-
Size
192KB
-
MD5
5de02d80ceb5145cea521d80baf85a60
-
SHA1
543a2545e4e89132166e10bc420e20ddb7c10f08
-
SHA256
94999846a30f1bd5243761fa3c24299ff646b91c27352cf4df02249b5aa176ef
-
SHA512
2d6da6504ea834fccfccd1cf20041260105ea98d0fc5c9b33a4af319fb3b2d3961c14ba8c8591cc65c7b426996350721773581bda84e726e83618b00439ba41f
-
SSDEEP
3072:FhOmTsF93UYfwC6GIoutrVCfMoh52waAyiJ8mqtbfUVKty16hDsI/tSR:Fcm4FmowdHoS8fMoSVAHubPtyYxfk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 32 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\94999846a30f1bd5243761fa3c24299ff646b91c27352cf4df02249b5aa176ef_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\94999846a30f1bd5243761fa3c24299ff646b91c27352cf4df02249b5aa176ef_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9htthb.exec:\9htthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpvv.exec:\vjpvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfffrf.exec:\fxfffrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddj.exec:\jvddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrllfx.exec:\xlrllfx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nbbbb.exec:\3nbbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpj.exec:\ddjpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfrl.exec:\xxrxfrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxffxx.exec:\9lxffxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpv.exec:\jddpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvd.exec:\dvdvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxxfxl.exec:\lfxxfxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhnh.exec:\tbbhnh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dppj.exec:\7dppj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdjvv.exec:\pdjvv.exe17⤵
- Executes dropped EXE
-
\??\c:\bnbntt.exec:\bnbntt.exe18⤵
- Executes dropped EXE
-
\??\c:\hbhtnb.exec:\hbhtnb.exe19⤵
- Executes dropped EXE
-
\??\c:\vpdvd.exec:\vpdvd.exe20⤵
- Executes dropped EXE
-
\??\c:\xlrxxff.exec:\xlrxxff.exe21⤵
- Executes dropped EXE
-
\??\c:\rfrlrlr.exec:\rfrlrlr.exe22⤵
- Executes dropped EXE
-
\??\c:\1btbhb.exec:\1btbhb.exe23⤵
- Executes dropped EXE
-
\??\c:\9pjvd.exec:\9pjvd.exe24⤵
- Executes dropped EXE
-
\??\c:\lfxflrr.exec:\lfxflrr.exe25⤵
- Executes dropped EXE
-
\??\c:\ttbtth.exec:\ttbtth.exe26⤵
- Executes dropped EXE
-
\??\c:\ththnh.exec:\ththnh.exe27⤵
- Executes dropped EXE
-
\??\c:\7lflrxf.exec:\7lflrxf.exe28⤵
- Executes dropped EXE
-
\??\c:\xrflxrx.exec:\xrflxrx.exe29⤵
- Executes dropped EXE
-
\??\c:\thtnnt.exec:\thtnnt.exe30⤵
- Executes dropped EXE
-
\??\c:\vdjjj.exec:\vdjjj.exe31⤵
- Executes dropped EXE
-
\??\c:\rrxfxxf.exec:\rrxfxxf.exe32⤵
- Executes dropped EXE
-
\??\c:\tnnnnn.exec:\tnnnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\dpddd.exec:\dpddd.exe34⤵
- Executes dropped EXE
-
\??\c:\jvvvv.exec:\jvvvv.exe35⤵
- Executes dropped EXE
-
\??\c:\xlxllfr.exec:\xlxllfr.exe36⤵
- Executes dropped EXE
-
\??\c:\bnbhhb.exec:\bnbhhb.exe37⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe38⤵
- Executes dropped EXE
-
\??\c:\jdpjj.exec:\jdpjj.exe39⤵
- Executes dropped EXE
-
\??\c:\lfxxxxl.exec:\lfxxxxl.exe40⤵
- Executes dropped EXE
-
\??\c:\bntnnn.exec:\bntnnn.exe41⤵
- Executes dropped EXE
-
\??\c:\tbnbbt.exec:\tbnbbt.exe42⤵
- Executes dropped EXE
-
\??\c:\jvppj.exec:\jvppj.exe43⤵
- Executes dropped EXE
-
\??\c:\9jvdj.exec:\9jvdj.exe44⤵
- Executes dropped EXE
-
\??\c:\xxllrrx.exec:\xxllrrx.exe45⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe46⤵
- Executes dropped EXE
-
\??\c:\dvpvj.exec:\dvpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rflffxf.exec:\rflffxf.exe49⤵
- Executes dropped EXE
-
\??\c:\htbntt.exec:\htbntt.exe50⤵
- Executes dropped EXE
-
\??\c:\dpppv.exec:\dpppv.exe51⤵
- Executes dropped EXE
-
\??\c:\vjvdp.exec:\vjvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\xflffxx.exec:\xflffxx.exe53⤵
- Executes dropped EXE
-
\??\c:\rfllrrf.exec:\rfllrrf.exe54⤵
- Executes dropped EXE
-
\??\c:\thtttt.exec:\thtttt.exe55⤵
- Executes dropped EXE
-
\??\c:\9pddj.exec:\9pddj.exe56⤵
- Executes dropped EXE
-
\??\c:\dvvvj.exec:\dvvvj.exe57⤵
- Executes dropped EXE
-
\??\c:\5rflrlr.exec:\5rflrlr.exe58⤵
- Executes dropped EXE
-
\??\c:\rlrxlrr.exec:\rlrxlrr.exe59⤵
- Executes dropped EXE
-
\??\c:\hnbbhh.exec:\hnbbhh.exe60⤵
- Executes dropped EXE
-
\??\c:\vdjpd.exec:\vdjpd.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxlrxl.exec:\lfxlrxl.exe62⤵
- Executes dropped EXE
-
\??\c:\rfrxlll.exec:\rfrxlll.exe63⤵
- Executes dropped EXE
-
\??\c:\nntttt.exec:\nntttt.exe64⤵
- Executes dropped EXE
-
\??\c:\hhhhtn.exec:\hhhhtn.exe65⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe66⤵
-
\??\c:\lfllrlr.exec:\lfllrlr.exe67⤵
-
\??\c:\rfrfrrx.exec:\rfrfrrx.exe68⤵
-
\??\c:\ttnntt.exec:\ttnntt.exe69⤵
-
\??\c:\bntbbh.exec:\bntbbh.exe70⤵
-
\??\c:\ddppp.exec:\ddppp.exe71⤵
-
\??\c:\xxrrxfr.exec:\xxrrxfr.exe72⤵
-
\??\c:\rfxxlff.exec:\rfxxlff.exe73⤵
-
\??\c:\bnhnhh.exec:\bnhnhh.exe74⤵
-
\??\c:\bthhnh.exec:\bthhnh.exe75⤵
-
\??\c:\jvpdj.exec:\jvpdj.exe76⤵
-
\??\c:\xrlrllr.exec:\xrlrllr.exe77⤵
-
\??\c:\xrxrxxx.exec:\xrxrxxx.exe78⤵
-
\??\c:\ntbbtt.exec:\ntbbtt.exe79⤵
-
\??\c:\1hnhnh.exec:\1hnhnh.exe80⤵
-
\??\c:\dvddd.exec:\dvddd.exe81⤵
-
\??\c:\rxrllfr.exec:\rxrllfr.exe82⤵
-
\??\c:\frxfrlr.exec:\frxfrlr.exe83⤵
-
\??\c:\hbhhtt.exec:\hbhhtt.exe84⤵
-
\??\c:\vjvjj.exec:\vjvjj.exe85⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe86⤵
-
\??\c:\lrffxff.exec:\lrffxff.exe87⤵
-
\??\c:\ntnhnt.exec:\ntnhnt.exe88⤵
-
\??\c:\1nbhhn.exec:\1nbhhn.exe89⤵
-
\??\c:\jjddp.exec:\jjddp.exe90⤵
-
\??\c:\9pjdv.exec:\9pjdv.exe91⤵
-
\??\c:\frxxflr.exec:\frxxflr.exe92⤵
-
\??\c:\3hthtn.exec:\3hthtn.exe93⤵
-
\??\c:\nnbhnb.exec:\nnbhnb.exe94⤵
-
\??\c:\vvdpd.exec:\vvdpd.exe95⤵
-
\??\c:\jdpjd.exec:\jdpjd.exe96⤵
-
\??\c:\xrfxxxf.exec:\xrfxxxf.exe97⤵
-
\??\c:\7fxxfxf.exec:\7fxxfxf.exe98⤵
-
\??\c:\bhnnhh.exec:\bhnnhh.exe99⤵
-
\??\c:\tbbtbt.exec:\tbbtbt.exe100⤵
-
\??\c:\jvppp.exec:\jvppp.exe101⤵
-
\??\c:\pdjjp.exec:\pdjjp.exe102⤵
-
\??\c:\llxlrfl.exec:\llxlrfl.exe103⤵
-
\??\c:\tntnnt.exec:\tntnnt.exe104⤵
-
\??\c:\bthhth.exec:\bthhth.exe105⤵
-
\??\c:\pdpvj.exec:\pdpvj.exe106⤵
-
\??\c:\dvjjv.exec:\dvjjv.exe107⤵
-
\??\c:\lfrrxrr.exec:\lfrrxrr.exe108⤵
-
\??\c:\hthntn.exec:\hthntn.exe109⤵
-
\??\c:\thhntt.exec:\thhntt.exe110⤵
-
\??\c:\pdpjv.exec:\pdpjv.exe111⤵
-
\??\c:\dddjv.exec:\dddjv.exe112⤵
-
\??\c:\7rfxxrr.exec:\7rfxxrr.exe113⤵
-
\??\c:\ffxllxx.exec:\ffxllxx.exe114⤵
-
\??\c:\ttbhtb.exec:\ttbhtb.exe115⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe116⤵
-
\??\c:\5vddj.exec:\5vddj.exe117⤵
-
\??\c:\lxrrffr.exec:\lxrrffr.exe118⤵
-
\??\c:\nhtntn.exec:\nhtntn.exe119⤵
-
\??\c:\9bbbnb.exec:\9bbbnb.exe120⤵
-
\??\c:\7vppp.exec:\7vppp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-