Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
29/06/2024, 17:36
General
-
Target
b54dda49a473910eaf8a39e808f500baadaa308bbd9408d17fcfc516bca6e40a_NeikiAnalytics.exe
-
Size
91KB
-
MD5
16ae94277796c64ad2ecd25b1d6d34c0
-
SHA1
b83e291170dcc213aff6efcbd804d53f6b687158
-
SHA256
b54dda49a473910eaf8a39e808f500baadaa308bbd9408d17fcfc516bca6e40a
-
SHA512
b7ddc55408498c0535e937a9e46c4cd0b20c3198a1d09cad232a327012cd6a2f418a7d916f5c60d3cc8022b5011d4cc1e6446b92e4dd181b35015a3d1ee28094
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIQIDyviFxx2hCtgIMLP9rBZaRBV:ymb3NkkiQ3mdBjFIVLd2hWZGreRCYBx
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 20 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 22 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b54dda49a473910eaf8a39e808f500baadaa308bbd9408d17fcfc516bca6e40a_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b54dda49a473910eaf8a39e808f500baadaa308bbd9408d17fcfc516bca6e40a_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ddpd.exec:\5ddpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhbbhn.exec:\hhbbhn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjjp.exec:\vpjjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxfxfl.exec:\1fxfxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfxlr.exec:\rfxfxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1thbhh.exec:\1thbhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvvj.exec:\vvvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvvjv.exec:\vvvjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlffrxr.exec:\rlffrxr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bttbnb.exec:\bttbnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vdjd.exec:\1vdjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vpvp.exec:\9vpvp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxfrrx.exec:\rlxfrrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhttb.exec:\hbhttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhnt.exec:\thbhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pppvd.exec:\pppvd.exe17⤵
- Executes dropped EXE
-
\??\c:\rrrrffr.exec:\rrrrffr.exe18⤵
- Executes dropped EXE
-
\??\c:\xxlxrxf.exec:\xxlxrxf.exe19⤵
- Executes dropped EXE
-
\??\c:\5hbhhh.exec:\5hbhhh.exe20⤵
- Executes dropped EXE
-
\??\c:\tnttnn.exec:\tnttnn.exe21⤵
- Executes dropped EXE
-
\??\c:\1vjjv.exec:\1vjjv.exe22⤵
- Executes dropped EXE
-
\??\c:\xrxlrxf.exec:\xrxlrxf.exe23⤵
- Executes dropped EXE
-
\??\c:\fxlxflx.exec:\fxlxflx.exe24⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe25⤵
- Executes dropped EXE
-
\??\c:\vpddp.exec:\vpddp.exe26⤵
- Executes dropped EXE
-
\??\c:\5dpdj.exec:\5dpdj.exe27⤵
- Executes dropped EXE
-
\??\c:\ffflrrf.exec:\ffflrrf.exe28⤵
- Executes dropped EXE
-
\??\c:\7ffxfrx.exec:\7ffxfrx.exe29⤵
- Executes dropped EXE
-
\??\c:\bthbnn.exec:\bthbnn.exe30⤵
- Executes dropped EXE
-
\??\c:\ttntbb.exec:\ttntbb.exe31⤵
- Executes dropped EXE
-
\??\c:\jdppv.exec:\jdppv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrrrrxx.exec:\xrrrrxx.exe33⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe34⤵
- Executes dropped EXE
-
\??\c:\tnhthn.exec:\tnhthn.exe35⤵
- Executes dropped EXE
-
\??\c:\jppjd.exec:\jppjd.exe36⤵
- Executes dropped EXE
-
\??\c:\jjppv.exec:\jjppv.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrxflf.exec:\fxrxflf.exe38⤵
- Executes dropped EXE
-
\??\c:\lxllrxl.exec:\lxllrxl.exe39⤵
- Executes dropped EXE
-
\??\c:\hbnnbb.exec:\hbnnbb.exe40⤵
- Executes dropped EXE
-
\??\c:\hhbnbh.exec:\hhbnbh.exe41⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\9vjvj.exec:\9vjvj.exe43⤵
- Executes dropped EXE
-
\??\c:\xrlxxfx.exec:\xrlxxfx.exe44⤵
- Executes dropped EXE
-
\??\c:\fxlrxrx.exec:\fxlrxrx.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnthn.exec:\tnnthn.exe46⤵
- Executes dropped EXE
-
\??\c:\nhbhnt.exec:\nhbhnt.exe47⤵
- Executes dropped EXE
-
\??\c:\ddpvd.exec:\ddpvd.exe48⤵
- Executes dropped EXE
-
\??\c:\vpjjv.exec:\vpjjv.exe49⤵
- Executes dropped EXE
-
\??\c:\lfrxlrf.exec:\lfrxlrf.exe50⤵
- Executes dropped EXE
-
\??\c:\5lxxlrx.exec:\5lxxlrx.exe51⤵
- Executes dropped EXE
-
\??\c:\nbtthh.exec:\nbtthh.exe52⤵
- Executes dropped EXE
-
\??\c:\nnbttn.exec:\nnbttn.exe53⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\5jjdd.exec:\5jjdd.exe55⤵
- Executes dropped EXE
-
\??\c:\xrxxllx.exec:\xrxxllx.exe56⤵
- Executes dropped EXE
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe57⤵
- Executes dropped EXE
-
\??\c:\hbbnhh.exec:\hbbnhh.exe58⤵
- Executes dropped EXE
-
\??\c:\3tnnbh.exec:\3tnnbh.exe59⤵
- Executes dropped EXE
-
\??\c:\5pddj.exec:\5pddj.exe60⤵
- Executes dropped EXE
-
\??\c:\vpddd.exec:\vpddd.exe61⤵
- Executes dropped EXE
-
\??\c:\xlrxrll.exec:\xlrxrll.exe62⤵
- Executes dropped EXE
-
\??\c:\rlfxxxf.exec:\rlfxxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe64⤵
- Executes dropped EXE
-
\??\c:\9jvvj.exec:\9jvvj.exe65⤵
- Executes dropped EXE
-
\??\c:\rlxrffl.exec:\rlxrffl.exe66⤵
-
\??\c:\1frxllx.exec:\1frxllx.exe67⤵
-
\??\c:\nbhtnt.exec:\nbhtnt.exe68⤵
-
\??\c:\tthtnt.exec:\tthtnt.exe69⤵
-
\??\c:\jvvvd.exec:\jvvvd.exe70⤵
-
\??\c:\ppdpv.exec:\ppdpv.exe71⤵
-
\??\c:\ddpvj.exec:\ddpvj.exe72⤵
-
\??\c:\rrflrfx.exec:\rrflrfx.exe73⤵
-
\??\c:\ffxrxxf.exec:\ffxrxxf.exe74⤵
-
\??\c:\bbhhtt.exec:\bbhhtt.exe75⤵
-
\??\c:\hthntn.exec:\hthntn.exe76⤵
-
\??\c:\ppjpj.exec:\ppjpj.exe77⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe78⤵
-
\??\c:\flfflrx.exec:\flfflrx.exe79⤵
-
\??\c:\xrxfllx.exec:\xrxfllx.exe80⤵
-
\??\c:\tththh.exec:\tththh.exe81⤵
-
\??\c:\5tnntn.exec:\5tnntn.exe82⤵
-
\??\c:\1pdjp.exec:\1pdjp.exe83⤵
-
\??\c:\9pvpd.exec:\9pvpd.exe84⤵
-
\??\c:\lxfxfxf.exec:\lxfxfxf.exe85⤵
-
\??\c:\fxlrflr.exec:\fxlrflr.exe86⤵
-
\??\c:\7ththn.exec:\7ththn.exe87⤵
-
\??\c:\nbbbnn.exec:\nbbbnn.exe88⤵
-
\??\c:\jjvjv.exec:\jjvjv.exe89⤵
-
\??\c:\dvjdd.exec:\dvjdd.exe90⤵
-
\??\c:\lfllffl.exec:\lfllffl.exe91⤵
-
\??\c:\3fxrllf.exec:\3fxrllf.exe92⤵
-
\??\c:\llfllrf.exec:\llfllrf.exe93⤵
-
\??\c:\hthnth.exec:\hthnth.exe94⤵
-
\??\c:\nnnhbn.exec:\nnnhbn.exe95⤵
-
\??\c:\dpjpp.exec:\dpjpp.exe96⤵
-
\??\c:\vpdpd.exec:\vpdpd.exe97⤵
-
\??\c:\7lfxrrr.exec:\7lfxrrr.exe98⤵
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe99⤵
-
\??\c:\thhbnn.exec:\thhbnn.exe100⤵
-
\??\c:\3hntbb.exec:\3hntbb.exe101⤵
-
\??\c:\thttbt.exec:\thttbt.exe102⤵
-
\??\c:\3pdjv.exec:\3pdjv.exe103⤵
-
\??\c:\pjvvj.exec:\pjvvj.exe104⤵
-
\??\c:\xlrrrrr.exec:\xlrrrrr.exe105⤵
-
\??\c:\5frrfff.exec:\5frrfff.exe106⤵
-
\??\c:\nhnntt.exec:\nhnntt.exe107⤵
-
\??\c:\1btntb.exec:\1btntb.exe108⤵
-
\??\c:\vpddd.exec:\vpddd.exe109⤵
-
\??\c:\jjvvj.exec:\jjvvj.exe110⤵
-
\??\c:\lfxflfl.exec:\lfxflfl.exe111⤵
-
\??\c:\lxfrrxl.exec:\lxfrrxl.exe112⤵
-
\??\c:\bntbnn.exec:\bntbnn.exe113⤵
-
\??\c:\7tnntb.exec:\7tnntb.exe114⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe115⤵
-
\??\c:\pjdjj.exec:\pjdjj.exe116⤵
-
\??\c:\xrxfrrf.exec:\xrxfrrf.exe117⤵
-
\??\c:\9rrfrxl.exec:\9rrfrxl.exe118⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe119⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe120⤵
-
\??\c:\1pvpp.exec:\1pvpp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-