Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09/05/2024, 14:19
General
-
Target
59c3c5d1e02ece2a51a51bcbfd150f20_NeikiAnalytics.exe
-
Size
467KB
-
MD5
59c3c5d1e02ece2a51a51bcbfd150f20
-
SHA1
93db7cf039e13452bf0850645a0123433f01c062
-
SHA256
8966dfba3b7116eb9b2fd6d0812940d604be70c5436c6ec1b4d61a86139de204
-
SHA512
b2dd728b3ca91cd2196aff073a55c050f0a59cf570044db69dd627346c7f6b6a48619581fbd548983cf0f88445a06b6c87dfce598ac3610529f7cfcb1b622322
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sEqkeGLedW0A8hho:n3C9yMo+S0L9xRnoq7H9xqYLed35hG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\59c3c5d1e02ece2a51a51bcbfd150f20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\59c3c5d1e02ece2a51a51bcbfd150f20_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dxpltj.exec:\dxpltj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxhrttj.exec:\jxhrttj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxnnt.exec:\jxnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhlntl.exec:\bhlntl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbpnn.exec:\xbpnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnjnxx.exec:\hnjnxx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfbnb.exec:\xfbnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbbdntl.exec:\bbbdntl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrjlbjd.exec:\hrjlbjd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvbvtpv.exec:\hvbvtpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjbrj.exec:\fjbrj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brxxb.exec:\brxxb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nlfxlv.exec:\nlfxlv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rhvpr.exec:\rhvpr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trxjfl.exec:\trxjfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llxbvl.exec:\llxbvl.exe17⤵
- Executes dropped EXE
-
\??\c:\pxbdht.exec:\pxbdht.exe18⤵
- Executes dropped EXE
-
\??\c:\djrtlp.exec:\djrtlp.exe19⤵
- Executes dropped EXE
-
\??\c:\xtxbn.exec:\xtxbn.exe20⤵
- Executes dropped EXE
-
\??\c:\htfpj.exec:\htfpj.exe21⤵
- Executes dropped EXE
-
\??\c:\ljxhv.exec:\ljxhv.exe22⤵
- Executes dropped EXE
-
\??\c:\pbnpljf.exec:\pbnpljf.exe23⤵
- Executes dropped EXE
-
\??\c:\thpdrx.exec:\thpdrx.exe24⤵
- Executes dropped EXE
-
\??\c:\vvphvdv.exec:\vvphvdv.exe25⤵
- Executes dropped EXE
-
\??\c:\plfvbhh.exec:\plfvbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\hddpvf.exec:\hddpvf.exe27⤵
- Executes dropped EXE
-
\??\c:\rtbjv.exec:\rtbjv.exe28⤵
- Executes dropped EXE
-
\??\c:\jlnbrhd.exec:\jlnbrhd.exe29⤵
- Executes dropped EXE
-
\??\c:\jttjrft.exec:\jttjrft.exe30⤵
- Executes dropped EXE
-
\??\c:\lpfhjt.exec:\lpfhjt.exe31⤵
- Executes dropped EXE
-
\??\c:\rvfhxpn.exec:\rvfhxpn.exe32⤵
- Executes dropped EXE
-
\??\c:\tdnnbn.exec:\tdnnbn.exe33⤵
- Executes dropped EXE
-
\??\c:\rrxrx.exec:\rrxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\fftll.exec:\fftll.exe35⤵
- Executes dropped EXE
-
\??\c:\lpjjp.exec:\lpjjp.exe36⤵
- Executes dropped EXE
-
\??\c:\lvjvnrx.exec:\lvjvnrx.exe37⤵
- Executes dropped EXE
-
\??\c:\frfxn.exec:\frfxn.exe38⤵
- Executes dropped EXE
-
\??\c:\nrptr.exec:\nrptr.exe39⤵
- Executes dropped EXE
-
\??\c:\fhfdn.exec:\fhfdn.exe40⤵
- Executes dropped EXE
-
\??\c:\thlxlj.exec:\thlxlj.exe41⤵
- Executes dropped EXE
-
\??\c:\ltljtp.exec:\ltljtp.exe42⤵
- Executes dropped EXE
-
\??\c:\bdjddf.exec:\bdjddf.exe43⤵
- Executes dropped EXE
-
\??\c:\phlxhnh.exec:\phlxhnh.exe44⤵
- Executes dropped EXE
-
\??\c:\dxfhvx.exec:\dxfhvx.exe45⤵
- Executes dropped EXE
-
\??\c:\xldbbh.exec:\xldbbh.exe46⤵
- Executes dropped EXE
-
\??\c:\bdfpdfx.exec:\bdfpdfx.exe47⤵
- Executes dropped EXE
-
\??\c:\dbfxxfd.exec:\dbfxxfd.exe48⤵
- Executes dropped EXE
-
\??\c:\fbnnl.exec:\fbnnl.exe49⤵
- Executes dropped EXE
-
\??\c:\tjljhb.exec:\tjljhb.exe50⤵
- Executes dropped EXE
-
\??\c:\hhfhb.exec:\hhfhb.exe51⤵
- Executes dropped EXE
-
\??\c:\dfllpt.exec:\dfllpt.exe52⤵
- Executes dropped EXE
-
\??\c:\plbbx.exec:\plbbx.exe53⤵
- Executes dropped EXE
-
\??\c:\tldfdd.exec:\tldfdd.exe54⤵
- Executes dropped EXE
-
\??\c:\lrptx.exec:\lrptx.exe55⤵
- Executes dropped EXE
-
\??\c:\xtrfnxb.exec:\xtrfnxb.exe56⤵
- Executes dropped EXE
-
\??\c:\flfdp.exec:\flfdp.exe57⤵
- Executes dropped EXE
-
\??\c:\xrbhpb.exec:\xrbhpb.exe58⤵
- Executes dropped EXE
-
\??\c:\vlbnf.exec:\vlbnf.exe59⤵
- Executes dropped EXE
-
\??\c:\dntnlv.exec:\dntnlv.exe60⤵
- Executes dropped EXE
-
\??\c:\bprxlj.exec:\bprxlj.exe61⤵
- Executes dropped EXE
-
\??\c:\lphjbx.exec:\lphjbx.exe62⤵
- Executes dropped EXE
-
\??\c:\tvjllv.exec:\tvjllv.exe63⤵
- Executes dropped EXE
-
\??\c:\dtxnt.exec:\dtxnt.exe64⤵
- Executes dropped EXE
-
\??\c:\rjjpvrp.exec:\rjjpvrp.exe65⤵
- Executes dropped EXE
-
\??\c:\ldhtdnt.exec:\ldhtdnt.exe66⤵
-
\??\c:\ttbtl.exec:\ttbtl.exe67⤵
-
\??\c:\xdlrt.exec:\xdlrt.exe68⤵
-
\??\c:\pxrxbj.exec:\pxrxbj.exe69⤵
-
\??\c:\pxhjrbj.exec:\pxhjrbj.exe70⤵
-
\??\c:\vfjhxxv.exec:\vfjhxxv.exe71⤵
-
\??\c:\ltdxjbj.exec:\ltdxjbj.exe72⤵
-
\??\c:\dldtl.exec:\dldtl.exe73⤵
-
\??\c:\vbtjx.exec:\vbtjx.exe74⤵
-
\??\c:\nlhtvpv.exec:\nlhtvpv.exe75⤵
-
\??\c:\njhvhbp.exec:\njhvhbp.exe76⤵
-
\??\c:\dxnjtl.exec:\dxnjtl.exe77⤵
-
\??\c:\pdtrv.exec:\pdtrv.exe78⤵
-
\??\c:\htflhtj.exec:\htflhtj.exe79⤵
-
\??\c:\dtftx.exec:\dtftx.exe80⤵
-
\??\c:\rllxnxf.exec:\rllxnxf.exe81⤵
-
\??\c:\fpbrbj.exec:\fpbrbj.exe82⤵
-
\??\c:\nxrpt.exec:\nxrpt.exe83⤵
-
\??\c:\tnnxh.exec:\tnnxh.exe84⤵
-
\??\c:\xhjlb.exec:\xhjlb.exe85⤵
-
\??\c:\xnbxhjl.exec:\xnbxhjl.exe86⤵
-
\??\c:\hnltpl.exec:\hnltpl.exe87⤵
-
\??\c:\jvfvt.exec:\jvfvt.exe88⤵
-
\??\c:\bdbxnn.exec:\bdbxnn.exe89⤵
-
\??\c:\hjxbbtx.exec:\hjxbbtx.exe90⤵
-
\??\c:\bvtjvnd.exec:\bvtjvnd.exe91⤵
-
\??\c:\hpvrlrh.exec:\hpvrlrh.exe92⤵
-
\??\c:\rjjtf.exec:\rjjtf.exe93⤵
-
\??\c:\xjnhnb.exec:\xjnhnb.exe94⤵
-
\??\c:\hbdtxtl.exec:\hbdtxtl.exe95⤵
-
\??\c:\xrfjdjr.exec:\xrfjdjr.exe96⤵
-
\??\c:\hrvvd.exec:\hrvvd.exe97⤵
-
\??\c:\pjlnf.exec:\pjlnf.exe98⤵
-
\??\c:\ddtrxf.exec:\ddtrxf.exe99⤵
-
\??\c:\hbhxjnj.exec:\hbhxjnj.exe100⤵
-
\??\c:\vrbrtjl.exec:\vrbrtjl.exe101⤵
-
\??\c:\djnvdd.exec:\djnvdd.exe102⤵
-
\??\c:\vtlfh.exec:\vtlfh.exe103⤵
-
\??\c:\trhhtrb.exec:\trhhtrb.exe104⤵
-
\??\c:\hfjnbnf.exec:\hfjnbnf.exe105⤵
-
\??\c:\jhfhj.exec:\jhfhj.exe106⤵
-
\??\c:\fnvhfnd.exec:\fnvhfnd.exe107⤵
-
\??\c:\rjrvlvd.exec:\rjrvlvd.exe108⤵
-
\??\c:\rdptxd.exec:\rdptxd.exe109⤵
-
\??\c:\rffjvh.exec:\rffjvh.exe110⤵
-
\??\c:\xpdntjt.exec:\xpdntjt.exe111⤵
-
\??\c:\nhrvxpn.exec:\nhrvxpn.exe112⤵
-
\??\c:\lfjlt.exec:\lfjlt.exe113⤵
-
\??\c:\xrnbxd.exec:\xrnbxd.exe114⤵
-
\??\c:\bvbhntr.exec:\bvbhntr.exe115⤵
-
\??\c:\pvbxth.exec:\pvbxth.exe116⤵
-
\??\c:\fjlnft.exec:\fjlnft.exe117⤵
-
\??\c:\dfdvv.exec:\dfdvv.exe118⤵
-
\??\c:\nrvtx.exec:\nrvtx.exe119⤵
-
\??\c:\bfhrt.exec:\bfhrt.exe120⤵
-
\??\c:\fjnfd.exec:\fjnfd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-