Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 21:33
General
-
Target
3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe
-
Size
79KB
-
MD5
3cd22027ffacbd5314c1cfc65c654930
-
SHA1
fc165859ee79d09e83d4e9a98b294e5048da7c80
-
SHA256
ec65aea2d1c57d693cc39b9658f44fa3e507f5099ce2d7a5ae63aa8648707ca8
-
SHA512
c288659a13c57065a62cab294740f715aaae9aa7c5ee6edd74dc7d3cd48b67889484d36a4f138e867adedb22f27a1c189c02692f5fd25eed74a7588ac6e055b8
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDWiekja1br3GGBxfot3e2ke:ymb3NkkiQ3mdBjFWXkj7afoI2r
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 22 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3cd22027ffacbd5314c1cfc65c654930_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vffht.exec:\vffht.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptptdd.exec:\ptptdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phfdxhl.exec:\phfdxhl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbpnnt.exec:\tbpnnt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tldnnpv.exec:\tldnnpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhffxdp.exec:\dhffxdp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rjlnpd.exec:\rjlnpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfpxjb.exec:\vfpxjb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ftxvnt.exec:\ftxvnt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pflvrbt.exec:\pflvrbt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blbrb.exec:\blbrb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrdth.exec:\lrdth.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nvlrhp.exec:\nvlrhp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxltl.exec:\vxltl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pltbdvj.exec:\pltbdvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlbvt.exec:\xlbvt.exe17⤵
- Executes dropped EXE
-
\??\c:\xvrnv.exec:\xvrnv.exe18⤵
- Executes dropped EXE
-
\??\c:\jlhtp.exec:\jlhtp.exe19⤵
- Executes dropped EXE
-
\??\c:\xfhthnn.exec:\xfhthnn.exe20⤵
- Executes dropped EXE
-
\??\c:\jnjjj.exec:\jnjjj.exe21⤵
- Executes dropped EXE
-
\??\c:\pnndt.exec:\pnndt.exe22⤵
- Executes dropped EXE
-
\??\c:\pthtxb.exec:\pthtxb.exe23⤵
- Executes dropped EXE
-
\??\c:\vjrflp.exec:\vjrflp.exe24⤵
- Executes dropped EXE
-
\??\c:\tppth.exec:\tppth.exe25⤵
- Executes dropped EXE
-
\??\c:\lpbxvb.exec:\lpbxvb.exe26⤵
- Executes dropped EXE
-
\??\c:\prnffpn.exec:\prnffpn.exe27⤵
- Executes dropped EXE
-
\??\c:\vjhhlj.exec:\vjhhlj.exe28⤵
- Executes dropped EXE
-
\??\c:\jdxfnb.exec:\jdxfnb.exe29⤵
- Executes dropped EXE
-
\??\c:\bhtrlfp.exec:\bhtrlfp.exe30⤵
- Executes dropped EXE
-
\??\c:\nppxhr.exec:\nppxhr.exe31⤵
- Executes dropped EXE
-
\??\c:\fdddht.exec:\fdddht.exe32⤵
- Executes dropped EXE
-
\??\c:\fnrrhj.exec:\fnrrhj.exe33⤵
- Executes dropped EXE
-
\??\c:\fjhvppv.exec:\fjhvppv.exe34⤵
- Executes dropped EXE
-
\??\c:\dbnpdjn.exec:\dbnpdjn.exe35⤵
- Executes dropped EXE
-
\??\c:\dnxrpp.exec:\dnxrpp.exe36⤵
- Executes dropped EXE
-
\??\c:\lvxfv.exec:\lvxfv.exe37⤵
- Executes dropped EXE
-
\??\c:\tphlnn.exec:\tphlnn.exe38⤵
- Executes dropped EXE
-
\??\c:\fhvxnxp.exec:\fhvxnxp.exe39⤵
- Executes dropped EXE
-
\??\c:\fdlfrbh.exec:\fdlfrbh.exe40⤵
- Executes dropped EXE
-
\??\c:\hpxrlb.exec:\hpxrlb.exe41⤵
- Executes dropped EXE
-
\??\c:\rxbxf.exec:\rxbxf.exe42⤵
- Executes dropped EXE
-
\??\c:\plfxbl.exec:\plfxbl.exe43⤵
- Executes dropped EXE
-
\??\c:\ddhjlp.exec:\ddhjlp.exe44⤵
- Executes dropped EXE
-
\??\c:\vlxvn.exec:\vlxvn.exe45⤵
- Executes dropped EXE
-
\??\c:\lxrdjd.exec:\lxrdjd.exe46⤵
- Executes dropped EXE
-
\??\c:\vfltjx.exec:\vfltjx.exe47⤵
- Executes dropped EXE
-
\??\c:\pvfnbl.exec:\pvfnbl.exe48⤵
- Executes dropped EXE
-
\??\c:\bnxrhnj.exec:\bnxrhnj.exe49⤵
- Executes dropped EXE
-
\??\c:\hpnpxj.exec:\hpnpxj.exe50⤵
- Executes dropped EXE
-
\??\c:\jprdp.exec:\jprdp.exe51⤵
- Executes dropped EXE
-
\??\c:\vrdtvld.exec:\vrdtvld.exe52⤵
- Executes dropped EXE
-
\??\c:\bpjxl.exec:\bpjxl.exe53⤵
- Executes dropped EXE
-
\??\c:\hnhlt.exec:\hnhlt.exe54⤵
- Executes dropped EXE
-
\??\c:\bvfjt.exec:\bvfjt.exe55⤵
- Executes dropped EXE
-
\??\c:\bhbph.exec:\bhbph.exe56⤵
- Executes dropped EXE
-
\??\c:\dftttdx.exec:\dftttdx.exe57⤵
- Executes dropped EXE
-
\??\c:\flpptp.exec:\flpptp.exe58⤵
- Executes dropped EXE
-
\??\c:\dxtvthx.exec:\dxtvthx.exe59⤵
- Executes dropped EXE
-
\??\c:\nxtnjxn.exec:\nxtnjxn.exe60⤵
- Executes dropped EXE
-
\??\c:\vxfpprf.exec:\vxfpprf.exe61⤵
- Executes dropped EXE
-
\??\c:\ddnln.exec:\ddnln.exe62⤵
- Executes dropped EXE
-
\??\c:\hdxbvnn.exec:\hdxbvnn.exe63⤵
- Executes dropped EXE
-
\??\c:\nldxtlp.exec:\nldxtlp.exe64⤵
- Executes dropped EXE
-
\??\c:\tpxdhx.exec:\tpxdhx.exe65⤵
- Executes dropped EXE
-
\??\c:\nddtnx.exec:\nddtnx.exe66⤵
-
\??\c:\hvbpvx.exec:\hvbpvx.exe67⤵
-
\??\c:\ddbjx.exec:\ddbjx.exe68⤵
-
\??\c:\rfrlf.exec:\rfrlf.exe69⤵
-
\??\c:\tdpdrrl.exec:\tdpdrrl.exe70⤵
-
\??\c:\phfthf.exec:\phfthf.exe71⤵
-
\??\c:\tnlnbfj.exec:\tnlnbfj.exe72⤵
-
\??\c:\rbjnbj.exec:\rbjnbj.exe73⤵
-
\??\c:\lvbld.exec:\lvbld.exe74⤵
-
\??\c:\hvbvdf.exec:\hvbvdf.exe75⤵
-
\??\c:\plxfxvh.exec:\plxfxvh.exe76⤵
-
\??\c:\jhphlhl.exec:\jhphlhl.exe77⤵
-
\??\c:\lptxfjn.exec:\lptxfjn.exe78⤵
-
\??\c:\vpvrnjn.exec:\vpvrnjn.exe79⤵
-
\??\c:\vxfftjn.exec:\vxfftjn.exe80⤵
-
\??\c:\nlfpbrp.exec:\nlfpbrp.exe81⤵
-
\??\c:\hhfbhv.exec:\hhfbhv.exe82⤵
-
\??\c:\jdhbd.exec:\jdhbd.exe83⤵
-
\??\c:\hvndpt.exec:\hvndpt.exe84⤵
-
\??\c:\prntjnd.exec:\prntjnd.exe85⤵
-
\??\c:\htlpnd.exec:\htlpnd.exe86⤵
-
\??\c:\pnbbnrp.exec:\pnbbnrp.exe87⤵
-
\??\c:\llhhh.exec:\llhhh.exe88⤵
-
\??\c:\fflrb.exec:\fflrb.exe89⤵
-
\??\c:\dxlttbb.exec:\dxlttbb.exe90⤵
-
\??\c:\nhvpxvn.exec:\nhvpxvn.exe91⤵
-
\??\c:\vppxdh.exec:\vppxdh.exe92⤵
-
\??\c:\jtdbj.exec:\jtdbj.exe93⤵
-
\??\c:\rtnxpj.exec:\rtnxpj.exe94⤵
-
\??\c:\rbbfx.exec:\rbbfx.exe95⤵
-
\??\c:\hnxftf.exec:\hnxftf.exe96⤵
-
\??\c:\thpdbh.exec:\thpdbh.exe97⤵
-
\??\c:\jnnjxnr.exec:\jnnjxnr.exe98⤵
-
\??\c:\frlfnf.exec:\frlfnf.exe99⤵
-
\??\c:\ptxdpl.exec:\ptxdpl.exe100⤵
-
\??\c:\dpfbl.exec:\dpfbl.exe101⤵
-
\??\c:\lxlrjnt.exec:\lxlrjnt.exe102⤵
-
\??\c:\jvhrjl.exec:\jvhrjl.exe103⤵
-
\??\c:\hpttt.exec:\hpttt.exe104⤵
-
\??\c:\vtlll.exec:\vtlll.exe105⤵
-
\??\c:\nhdfhrp.exec:\nhdfhrp.exe106⤵
-
\??\c:\xpdfrft.exec:\xpdfrft.exe107⤵
-
\??\c:\rxlhddl.exec:\rxlhddl.exe108⤵
-
\??\c:\blnnn.exec:\blnnn.exe109⤵
-
\??\c:\vhbhjrj.exec:\vhbhjrj.exe110⤵
-
\??\c:\dnndt.exec:\dnndt.exe111⤵
-
\??\c:\jxhtvfp.exec:\jxhtvfp.exe112⤵
-
\??\c:\lxxrbjl.exec:\lxxrbjl.exe113⤵
-
\??\c:\jhvvtd.exec:\jhvvtd.exe114⤵
-
\??\c:\nfthtft.exec:\nfthtft.exe115⤵
-
\??\c:\hdltj.exec:\hdltj.exe116⤵
-
\??\c:\bfrtdf.exec:\bfrtdf.exe117⤵
-
\??\c:\vlhpt.exec:\vlhpt.exe118⤵
-
\??\c:\hfbxxl.exec:\hfbxxl.exe119⤵
-
\??\c:\bfjdpx.exec:\bfjdpx.exe120⤵
-
\??\c:\nthjdpt.exec:\nthjdpt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-