Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 20:47
General
-
Target
37c573a93e73f632ae5123a798f80c40_NeikiAnalytics.exe
-
Size
340KB
-
MD5
37c573a93e73f632ae5123a798f80c40
-
SHA1
81a526a2211d721bf6516fd4161a65bda3d0bad5
-
SHA256
45a8b24df3346005928185943b40d68704f03768e3d8cfb81c7fdb61a1a3e564
-
SHA512
f9016ccc2ff8efacfb05dab099b5f84dbbfcb44b7c4f2de0d0f9190573d7d00535239782cad9293364d29f7e6c8cb062443dc4e570a1d2c1b849d9b961fd3b48
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBHNgu5ex1B2OkEv0KvmhNiYx2:9cm4FmowdHoS4BtguSPKyHYk
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\37c573a93e73f632ae5123a798f80c40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\37c573a93e73f632ae5123a798f80c40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\rdlnvf.exec:\rdlnvf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrrfbx.exec:\vrrfbx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffnhlj.exec:\ffnhlj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffbjbbf.exec:\ffbjbbf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plfvxtn.exec:\plfvxtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hlfrxdx.exec:\hlfrxdx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpvbpnf.exec:\hpvbpnf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vljrnh.exec:\vljrnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvxvl.exec:\fvxvl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pltjxn.exec:\pltjxn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xtprvvl.exec:\xtprvvl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpdhbb.exec:\lpdhbb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpxvjhp.exec:\hpxvjhp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbrrdd.exec:\nbrrdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tddxbvn.exec:\tddxbvn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdfjdd.exec:\vdfjdd.exe17⤵
- Executes dropped EXE
-
\??\c:\phntv.exec:\phntv.exe18⤵
- Executes dropped EXE
-
\??\c:\ddlfdtd.exec:\ddlfdtd.exe19⤵
- Executes dropped EXE
-
\??\c:\hftfd.exec:\hftfd.exe20⤵
- Executes dropped EXE
-
\??\c:\tffjnpx.exec:\tffjnpx.exe21⤵
- Executes dropped EXE
-
\??\c:\thlbf.exec:\thlbf.exe22⤵
- Executes dropped EXE
-
\??\c:\jnxdnln.exec:\jnxdnln.exe23⤵
- Executes dropped EXE
-
\??\c:\npfxx.exec:\npfxx.exe24⤵
- Executes dropped EXE
-
\??\c:\xrfhl.exec:\xrfhl.exe25⤵
- Executes dropped EXE
-
\??\c:\rdppr.exec:\rdppr.exe26⤵
- Executes dropped EXE
-
\??\c:\trbvdl.exec:\trbvdl.exe27⤵
- Executes dropped EXE
-
\??\c:\xltrpnb.exec:\xltrpnb.exe28⤵
- Executes dropped EXE
-
\??\c:\brdtfth.exec:\brdtfth.exe29⤵
- Executes dropped EXE
-
\??\c:\npldvd.exec:\npldvd.exe30⤵
- Executes dropped EXE
-
\??\c:\hbfbxl.exec:\hbfbxl.exe31⤵
- Executes dropped EXE
-
\??\c:\txxvjd.exec:\txxvjd.exe32⤵
- Executes dropped EXE
-
\??\c:\jlbhn.exec:\jlbhn.exe33⤵
- Executes dropped EXE
-
\??\c:\ffhrpjb.exec:\ffhrpjb.exe34⤵
- Executes dropped EXE
-
\??\c:\rtjvv.exec:\rtjvv.exe35⤵
- Executes dropped EXE
-
\??\c:\fvjlnn.exec:\fvjlnn.exe36⤵
- Executes dropped EXE
-
\??\c:\dvhjx.exec:\dvhjx.exe37⤵
- Executes dropped EXE
-
\??\c:\hrvnxd.exec:\hrvnxd.exe38⤵
- Executes dropped EXE
-
\??\c:\lbnlf.exec:\lbnlf.exe39⤵
- Executes dropped EXE
-
\??\c:\pthtlpt.exec:\pthtlpt.exe40⤵
- Executes dropped EXE
-
\??\c:\hnfljn.exec:\hnfljn.exe41⤵
- Executes dropped EXE
-
\??\c:\bvnvjnx.exec:\bvnvjnx.exe42⤵
- Executes dropped EXE
-
\??\c:\lfbbb.exec:\lfbbb.exe43⤵
- Executes dropped EXE
-
\??\c:\blrjtpj.exec:\blrjtpj.exe44⤵
- Executes dropped EXE
-
\??\c:\frllrdd.exec:\frllrdd.exe45⤵
- Executes dropped EXE
-
\??\c:\pftpffn.exec:\pftpffn.exe46⤵
- Executes dropped EXE
-
\??\c:\tnfrxh.exec:\tnfrxh.exe47⤵
- Executes dropped EXE
-
\??\c:\vjxfx.exec:\vjxfx.exe48⤵
- Executes dropped EXE
-
\??\c:\ftlvjlj.exec:\ftlvjlj.exe49⤵
- Executes dropped EXE
-
\??\c:\rbfbd.exec:\rbfbd.exe50⤵
- Executes dropped EXE
-
\??\c:\lrdrhvt.exec:\lrdrhvt.exe51⤵
- Executes dropped EXE
-
\??\c:\rxdfl.exec:\rxdfl.exe52⤵
- Executes dropped EXE
-
\??\c:\llrvtx.exec:\llrvtx.exe53⤵
- Executes dropped EXE
-
\??\c:\dpdfn.exec:\dpdfn.exe54⤵
- Executes dropped EXE
-
\??\c:\vdtjl.exec:\vdtjl.exe55⤵
- Executes dropped EXE
-
\??\c:\lblhnj.exec:\lblhnj.exe56⤵
- Executes dropped EXE
-
\??\c:\nlrrnv.exec:\nlrrnv.exe57⤵
- Executes dropped EXE
-
\??\c:\vpvrhj.exec:\vpvrhj.exe58⤵
- Executes dropped EXE
-
\??\c:\rlbpn.exec:\rlbpn.exe59⤵
- Executes dropped EXE
-
\??\c:\fjfjx.exec:\fjfjx.exe60⤵
- Executes dropped EXE
-
\??\c:\fjnvfnl.exec:\fjnvfnl.exe61⤵
- Executes dropped EXE
-
\??\c:\lnrjl.exec:\lnrjl.exe62⤵
- Executes dropped EXE
-
\??\c:\vlfbfdv.exec:\vlfbfdv.exe63⤵
- Executes dropped EXE
-
\??\c:\btfnx.exec:\btfnx.exe64⤵
- Executes dropped EXE
-
\??\c:\ntfhv.exec:\ntfhv.exe65⤵
- Executes dropped EXE
-
\??\c:\npffffj.exec:\npffffj.exe66⤵
-
\??\c:\frnnxjh.exec:\frnnxjh.exe67⤵
-
\??\c:\vbnhnxh.exec:\vbnhnxh.exe68⤵
-
\??\c:\jprvh.exec:\jprvh.exe69⤵
-
\??\c:\bnpthh.exec:\bnpthh.exe70⤵
-
\??\c:\bhpjv.exec:\bhpjv.exe71⤵
-
\??\c:\pdvxhv.exec:\pdvxhv.exe72⤵
-
\??\c:\tlbnnpb.exec:\tlbnnpb.exe73⤵
-
\??\c:\jxntt.exec:\jxntt.exe74⤵
-
\??\c:\nfnjn.exec:\nfnjn.exe75⤵
-
\??\c:\drlrnt.exec:\drlrnt.exe76⤵
-
\??\c:\ffpjjl.exec:\ffpjjl.exe77⤵
-
\??\c:\ffjrvfv.exec:\ffjrvfv.exe78⤵
-
\??\c:\vdnnrx.exec:\vdnnrx.exe79⤵
-
\??\c:\bfhvd.exec:\bfhvd.exe80⤵
-
\??\c:\dphtxfp.exec:\dphtxfp.exe81⤵
-
\??\c:\ptbxpd.exec:\ptbxpd.exe82⤵
-
\??\c:\ddjlnb.exec:\ddjlnb.exe83⤵
-
\??\c:\jlntvp.exec:\jlntvp.exe84⤵
-
\??\c:\vrphnl.exec:\vrphnl.exe85⤵
-
\??\c:\tvfdlj.exec:\tvfdlj.exe86⤵
-
\??\c:\nplvnhd.exec:\nplvnhd.exe87⤵
-
\??\c:\jvlnj.exec:\jvlnj.exe88⤵
-
\??\c:\ffllv.exec:\ffllv.exe89⤵
-
\??\c:\txrffr.exec:\txrffr.exe90⤵
-
\??\c:\jjrdvbx.exec:\jjrdvbx.exe91⤵
-
\??\c:\vdtdrj.exec:\vdtdrj.exe92⤵
-
\??\c:\rxxphn.exec:\rxxphn.exe93⤵
-
\??\c:\plfvh.exec:\plfvh.exe94⤵
-
\??\c:\rnbnjl.exec:\rnbnjl.exe95⤵
-
\??\c:\hflfp.exec:\hflfp.exe96⤵
-
\??\c:\ndlxj.exec:\ndlxj.exe97⤵
-
\??\c:\nvjpb.exec:\nvjpb.exe98⤵
-
\??\c:\tjfxfff.exec:\tjfxfff.exe99⤵
-
\??\c:\hnlxxt.exec:\hnlxxt.exe100⤵
-
\??\c:\tntfr.exec:\tntfr.exe101⤵
-
\??\c:\jtfjf.exec:\jtfjf.exe102⤵
-
\??\c:\nvfjdvp.exec:\nvfjdvp.exe103⤵
-
\??\c:\ldltf.exec:\ldltf.exe104⤵
-
\??\c:\tfpdpxd.exec:\tfpdpxd.exe105⤵
-
\??\c:\lxjhbr.exec:\lxjhbr.exe106⤵
-
\??\c:\xtdphf.exec:\xtdphf.exe107⤵
-
\??\c:\rxtbj.exec:\rxtbj.exe108⤵
-
\??\c:\thbnf.exec:\thbnf.exe109⤵
-
\??\c:\lpxrvtn.exec:\lpxrvtn.exe110⤵
-
\??\c:\nnvrtf.exec:\nnvrtf.exe111⤵
-
\??\c:\lbldjf.exec:\lbldjf.exe112⤵
-
\??\c:\txrhltv.exec:\txrhltv.exe113⤵
-
\??\c:\jrvjfnn.exec:\jrvjfnn.exe114⤵
-
\??\c:\bhxnxtb.exec:\bhxnxtb.exe115⤵
-
\??\c:\fpxpl.exec:\fpxpl.exe116⤵
-
\??\c:\xrjtf.exec:\xrjtf.exe117⤵
-
\??\c:\pjtbf.exec:\pjtbf.exe118⤵
-
\??\c:\vvnnjh.exec:\vvnnjh.exe119⤵
-
\??\c:\vvlfpn.exec:\vvlfpn.exe120⤵
-
\??\c:\nppvjtt.exec:\nppvjtt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-