Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/05/2024, 20:57
General
-
Target
01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe
-
Size
392KB
-
MD5
01fc11a317e4ff7f6c1bb9522739d310
-
SHA1
2fa3a3b38f0448850425f6bdeac401d7150c4a1a
-
SHA256
27cec1de18331ab45a1176542d437d9fe9ea60412e3bc57c4c6ef1997d733acb
-
SHA512
3f2710e9e5e04623c9889b037c4dd9d7f505e6b723440721c2de489ab363305dfde405c45b4ac05ac864b6b8ee689cc995d8eff6ddfffa25e83875c1ba4e751e
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkIfzBgZJmAhc:n3C9ytvngQj1fz6ZJmAW
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\01fc11a317e4ff7f6c1bb9522739d310_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nljrjfx.exec:\nljrjfx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxjdlpv.exec:\lxjdlpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxphntj.exec:\xxphntj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjjjx.exec:\fjjjx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xhtlldx.exec:\xhtlldx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjlfh.exec:\hjlfh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxdlp.exec:\rxdlp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjbbrtr.exec:\xjbbrtr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtndn.exec:\dtndn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfpjp.exec:\xfpjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flpbb.exec:\flpbb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbtrrtv.exec:\rbtrrtv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldhtt.exec:\ldhtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brxbpfx.exec:\brxbpfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lttvx.exec:\lttvx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phtjbx.exec:\phtjbx.exe17⤵
- Executes dropped EXE
-
\??\c:\jtlvvvj.exec:\jtlvvvj.exe18⤵
- Executes dropped EXE
-
\??\c:\ltjbrd.exec:\ltjbrd.exe19⤵
- Executes dropped EXE
-
\??\c:\jtvfhx.exec:\jtvfhx.exe20⤵
- Executes dropped EXE
-
\??\c:\nlpdh.exec:\nlpdh.exe21⤵
- Executes dropped EXE
-
\??\c:\bvvbdtt.exec:\bvvbdtt.exe22⤵
- Executes dropped EXE
-
\??\c:\bddtpt.exec:\bddtpt.exe23⤵
- Executes dropped EXE
-
\??\c:\dbvdv.exec:\dbvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\rvbbb.exec:\rvbbb.exe25⤵
- Executes dropped EXE
-
\??\c:\vjtltpb.exec:\vjtltpb.exe26⤵
- Executes dropped EXE
-
\??\c:\dhldnfl.exec:\dhldnfl.exe27⤵
- Executes dropped EXE
-
\??\c:\lfvrd.exec:\lfvrd.exe28⤵
- Executes dropped EXE
-
\??\c:\tbfrbnt.exec:\tbfrbnt.exe29⤵
- Executes dropped EXE
-
\??\c:\dlvrhlb.exec:\dlvrhlb.exe30⤵
- Executes dropped EXE
-
\??\c:\jddfd.exec:\jddfd.exe31⤵
- Executes dropped EXE
-
\??\c:\fnxpj.exec:\fnxpj.exe32⤵
- Executes dropped EXE
-
\??\c:\tjfdl.exec:\tjfdl.exe33⤵
- Executes dropped EXE
-
\??\c:\pbtfdx.exec:\pbtfdx.exe34⤵
- Executes dropped EXE
-
\??\c:\fblhd.exec:\fblhd.exe35⤵
- Executes dropped EXE
-
\??\c:\ltjvd.exec:\ltjvd.exe36⤵
- Executes dropped EXE
-
\??\c:\rljnp.exec:\rljnp.exe37⤵
- Executes dropped EXE
-
\??\c:\rbrhtf.exec:\rbrhtf.exe38⤵
- Executes dropped EXE
-
\??\c:\xflfjjn.exec:\xflfjjn.exe39⤵
- Executes dropped EXE
-
\??\c:\jlbtjf.exec:\jlbtjf.exe40⤵
- Executes dropped EXE
-
\??\c:\nptthbt.exec:\nptthbt.exe41⤵
- Executes dropped EXE
-
\??\c:\nlbjvpp.exec:\nlbjvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\pnxfvnx.exec:\pnxfvnx.exe43⤵
- Executes dropped EXE
-
\??\c:\rntxjpj.exec:\rntxjpj.exe44⤵
- Executes dropped EXE
-
\??\c:\xdjxdf.exec:\xdjxdf.exe45⤵
- Executes dropped EXE
-
\??\c:\ddddttt.exec:\ddddttt.exe46⤵
- Executes dropped EXE
-
\??\c:\nvbfltt.exec:\nvbfltt.exe47⤵
- Executes dropped EXE
-
\??\c:\fxlpnhj.exec:\fxlpnhj.exe48⤵
- Executes dropped EXE
-
\??\c:\hfbvp.exec:\hfbvp.exe49⤵
- Executes dropped EXE
-
\??\c:\btnnvl.exec:\btnnvl.exe50⤵
- Executes dropped EXE
-
\??\c:\tpxxfdt.exec:\tpxxfdt.exe51⤵
- Executes dropped EXE
-
\??\c:\tvtxdn.exec:\tvtxdn.exe52⤵
- Executes dropped EXE
-
\??\c:\tdtxtvl.exec:\tdtxtvl.exe53⤵
- Executes dropped EXE
-
\??\c:\rthpr.exec:\rthpr.exe54⤵
- Executes dropped EXE
-
\??\c:\lthbftr.exec:\lthbftr.exe55⤵
- Executes dropped EXE
-
\??\c:\pxvxpn.exec:\pxvxpn.exe56⤵
- Executes dropped EXE
-
\??\c:\nplnp.exec:\nplnp.exe57⤵
- Executes dropped EXE
-
\??\c:\lvpfphh.exec:\lvpfphh.exe58⤵
- Executes dropped EXE
-
\??\c:\lpdlrdp.exec:\lpdlrdp.exe59⤵
- Executes dropped EXE
-
\??\c:\dttlf.exec:\dttlf.exe60⤵
- Executes dropped EXE
-
\??\c:\dlnjrtb.exec:\dlnjrtb.exe61⤵
- Executes dropped EXE
-
\??\c:\rdjnr.exec:\rdjnr.exe62⤵
- Executes dropped EXE
-
\??\c:\lxplt.exec:\lxplt.exe63⤵
- Executes dropped EXE
-
\??\c:\pxbfpj.exec:\pxbfpj.exe64⤵
- Executes dropped EXE
-
\??\c:\plbttd.exec:\plbttd.exe65⤵
- Executes dropped EXE
-
\??\c:\rldlj.exec:\rldlj.exe66⤵
-
\??\c:\rbtfrv.exec:\rbtfrv.exe67⤵
-
\??\c:\hnhtbdv.exec:\hnhtbdv.exe68⤵
-
\??\c:\bbpdp.exec:\bbpdp.exe69⤵
-
\??\c:\bbdvlv.exec:\bbdvlv.exe70⤵
-
\??\c:\xxtnx.exec:\xxtnx.exe71⤵
-
\??\c:\bdxbbpp.exec:\bdxbbpp.exe72⤵
-
\??\c:\xfvddf.exec:\xfvddf.exe73⤵
-
\??\c:\rptdf.exec:\rptdf.exe74⤵
-
\??\c:\bpnhr.exec:\bpnhr.exe75⤵
-
\??\c:\bvfhv.exec:\bvfhv.exe76⤵
-
\??\c:\jxvbfdd.exec:\jxvbfdd.exe77⤵
-
\??\c:\blfjdxx.exec:\blfjdxx.exe78⤵
-
\??\c:\fjhlphn.exec:\fjhlphn.exe79⤵
-
\??\c:\rbrvv.exec:\rbrvv.exe80⤵
-
\??\c:\bpnfdtx.exec:\bpnfdtx.exe81⤵
-
\??\c:\lfpdtjn.exec:\lfpdtjn.exe82⤵
-
\??\c:\vxxjfj.exec:\vxxjfj.exe83⤵
-
\??\c:\hdfvfnb.exec:\hdfvfnb.exe84⤵
-
\??\c:\jbhnp.exec:\jbhnp.exe85⤵
-
\??\c:\jdffxfx.exec:\jdffxfx.exe86⤵
-
\??\c:\vjbhdtj.exec:\vjbhdtj.exe87⤵
-
\??\c:\hthbbr.exec:\hthbbr.exe88⤵
-
\??\c:\pdnblrl.exec:\pdnblrl.exe89⤵
-
\??\c:\ljdbb.exec:\ljdbb.exe90⤵
-
\??\c:\dxtvx.exec:\dxtvx.exe91⤵
-
\??\c:\lffbp.exec:\lffbp.exe92⤵
-
\??\c:\xtrhjl.exec:\xtrhjl.exe93⤵
-
\??\c:\jhxthl.exec:\jhxthl.exe94⤵
-
\??\c:\fnvhxdh.exec:\fnvhxdh.exe95⤵
-
\??\c:\hlrvb.exec:\hlrvb.exe96⤵
-
\??\c:\vjxpl.exec:\vjxpl.exe97⤵
-
\??\c:\djxvtp.exec:\djxvtp.exe98⤵
-
\??\c:\xrnpr.exec:\xrnpr.exe99⤵
-
\??\c:\jllbd.exec:\jllbd.exe100⤵
-
\??\c:\hjtbvv.exec:\hjtbvv.exe101⤵
-
\??\c:\htblv.exec:\htblv.exe102⤵
-
\??\c:\tbrvxbf.exec:\tbrvxbf.exe103⤵
-
\??\c:\dlxlh.exec:\dlxlh.exe104⤵
-
\??\c:\rdfbxdt.exec:\rdfbxdt.exe105⤵
-
\??\c:\ftbfjrf.exec:\ftbfjrf.exe106⤵
-
\??\c:\bpxjlxr.exec:\bpxjlxr.exe107⤵
-
\??\c:\xdrjlp.exec:\xdrjlp.exe108⤵
-
\??\c:\rnrtllp.exec:\rnrtllp.exe109⤵
-
\??\c:\djrjhvr.exec:\djrjhvr.exe110⤵
-
\??\c:\tpjdfb.exec:\tpjdfb.exe111⤵
-
\??\c:\vbnfxxp.exec:\vbnfxxp.exe112⤵
-
\??\c:\xbjlj.exec:\xbjlj.exe113⤵
-
\??\c:\dpbbld.exec:\dpbbld.exe114⤵
-
\??\c:\rvfdlj.exec:\rvfdlj.exe115⤵
-
\??\c:\djbft.exec:\djbft.exe116⤵
-
\??\c:\jdrpld.exec:\jdrpld.exe117⤵
-
\??\c:\nfrnlx.exec:\nfrnlx.exe118⤵
-
\??\c:\lnfdxnr.exec:\lnfdxnr.exe119⤵
-
\??\c:\vxltr.exec:\vxltr.exe120⤵
-
\??\c:\vxhftbh.exec:\vxhftbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-