Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/05/2024, 01:55
General
-
Target
5166950456179abc92150a26df2a3c40_NeikiAnalytics.exe
-
Size
334KB
-
MD5
5166950456179abc92150a26df2a3c40
-
SHA1
726b0d3589208e1154e22263be9dc54ef116734c
-
SHA256
c251c79d528bea1ddd089a0db712881c1bd2eceb13427a47678b5b76f7801ee5
-
SHA512
20db240cc080fe8d7ad8db22fbbe7d0d90aa3bb997317a99971a66a0e4e208132cdd58ddbb8f844a2189e4f650078186725f71e047e52317683e9250a01e86b6
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1i/x:x4wFHoS3eFaKHpv/VycgE8ox
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 41 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5166950456179abc92150a26df2a3c40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5166950456179abc92150a26df2a3c40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlbfj.exec:\lfxlbfj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\npdvhpj.exec:\npdvhpj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrbtb.exec:\jrbtb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxvrl.exec:\nxvrl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prfrt.exec:\prfrt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbjtb.exec:\nbjtb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trbdfd.exec:\trbdfd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrhlhvh.exec:\vrhlhvh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdxlnr.exec:\vdxlnr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppnjfp.exec:\ppnjfp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blpdhxd.exec:\blpdhxd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phxxl.exec:\phxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxhnbnb.exec:\lxhnbnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhjrx.exec:\bhjrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxlhfl.exec:\dxlhfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxntrh.exec:\xxntrh.exe17⤵
- Executes dropped EXE
-
\??\c:\hhxphxd.exec:\hhxphxd.exe18⤵
- Executes dropped EXE
-
\??\c:\bdttvd.exec:\bdttvd.exe19⤵
- Executes dropped EXE
-
\??\c:\pxpvdlj.exec:\pxpvdlj.exe20⤵
- Executes dropped EXE
-
\??\c:\ddblhdb.exec:\ddblhdb.exe21⤵
- Executes dropped EXE
-
\??\c:\hdrhxx.exec:\hdrhxx.exe22⤵
- Executes dropped EXE
-
\??\c:\jbhrpv.exec:\jbhrpv.exe23⤵
- Executes dropped EXE
-
\??\c:\rbjvfj.exec:\rbjvfj.exe24⤵
- Executes dropped EXE
-
\??\c:\nxxtdx.exec:\nxxtdx.exe25⤵
- Executes dropped EXE
-
\??\c:\bpjrfdt.exec:\bpjrfdt.exe26⤵
- Executes dropped EXE
-
\??\c:\vpfldbl.exec:\vpfldbl.exe27⤵
- Executes dropped EXE
-
\??\c:\fdhrlpv.exec:\fdhrlpv.exe28⤵
- Executes dropped EXE
-
\??\c:\bhdbdfp.exec:\bhdbdfp.exe29⤵
- Executes dropped EXE
-
\??\c:\dtxprl.exec:\dtxprl.exe30⤵
- Executes dropped EXE
-
\??\c:\xtdnbf.exec:\xtdnbf.exe31⤵
- Executes dropped EXE
-
\??\c:\nfphblh.exec:\nfphblh.exe32⤵
- Executes dropped EXE
-
\??\c:\rfpbr.exec:\rfpbr.exe33⤵
- Executes dropped EXE
-
\??\c:\lhrhxx.exec:\lhrhxx.exe34⤵
- Executes dropped EXE
-
\??\c:\pvlrfjn.exec:\pvlrfjn.exe35⤵
- Executes dropped EXE
-
\??\c:\vjjvftd.exec:\vjjvftd.exe36⤵
- Executes dropped EXE
-
\??\c:\nxhfnr.exec:\nxhfnr.exe37⤵
-
\??\c:\htvdbtn.exec:\htvdbtn.exe38⤵
- Executes dropped EXE
-
\??\c:\ffpnr.exec:\ffpnr.exe39⤵
- Executes dropped EXE
-
\??\c:\jthtlt.exec:\jthtlt.exe40⤵
- Executes dropped EXE
-
\??\c:\jfjptpt.exec:\jfjptpt.exe41⤵
- Executes dropped EXE
-
\??\c:\xxrxl.exec:\xxrxl.exe42⤵
- Executes dropped EXE
-
\??\c:\jnvvrv.exec:\jnvvrv.exe43⤵
- Executes dropped EXE
-
\??\c:\rjpdd.exec:\rjpdd.exe44⤵
- Executes dropped EXE
-
\??\c:\hxljll.exec:\hxljll.exe45⤵
- Executes dropped EXE
-
\??\c:\rlhbb.exec:\rlhbb.exe46⤵
- Executes dropped EXE
-
\??\c:\xxhrfph.exec:\xxhrfph.exe47⤵
- Executes dropped EXE
-
\??\c:\lhjtb.exec:\lhjtb.exe48⤵
- Executes dropped EXE
-
\??\c:\xdrhvv.exec:\xdrhvv.exe49⤵
- Executes dropped EXE
-
\??\c:\lvjhlnd.exec:\lvjhlnd.exe50⤵
- Executes dropped EXE
-
\??\c:\xptxhvp.exec:\xptxhvp.exe51⤵
- Executes dropped EXE
-
\??\c:\bpthrnd.exec:\bpthrnd.exe52⤵
- Executes dropped EXE
-
\??\c:\dbpdh.exec:\dbpdh.exe53⤵
- Executes dropped EXE
-
\??\c:\pnxhnd.exec:\pnxhnd.exe54⤵
- Executes dropped EXE
-
\??\c:\tbbnpth.exec:\tbbnpth.exe55⤵
- Executes dropped EXE
-
\??\c:\xphlj.exec:\xphlj.exe56⤵
- Executes dropped EXE
-
\??\c:\lvdll.exec:\lvdll.exe57⤵
- Executes dropped EXE
-
\??\c:\vrbnnf.exec:\vrbnnf.exe58⤵
- Executes dropped EXE
-
\??\c:\rxxrfl.exec:\rxxrfl.exe59⤵
- Executes dropped EXE
-
\??\c:\dhvdjdx.exec:\dhvdjdx.exe60⤵
- Executes dropped EXE
-
\??\c:\vtfjxj.exec:\vtfjxj.exe61⤵
- Executes dropped EXE
-
\??\c:\dhbpb.exec:\dhbpb.exe62⤵
- Executes dropped EXE
-
\??\c:\nxrjltl.exec:\nxrjltl.exe63⤵
- Executes dropped EXE
-
\??\c:\xxnvxh.exec:\xxnvxh.exe64⤵
- Executes dropped EXE
-
\??\c:\vnfhrt.exec:\vnfhrt.exe65⤵
- Executes dropped EXE
-
\??\c:\lvhjx.exec:\lvhjx.exe66⤵
- Executes dropped EXE
-
\??\c:\hhnhdt.exec:\hhnhdt.exe67⤵
-
\??\c:\nptdrb.exec:\nptdrb.exe68⤵
-
\??\c:\hptbfbf.exec:\hptbfbf.exe69⤵
-
\??\c:\blpjfll.exec:\blpjfll.exe70⤵
-
\??\c:\nlvnpdv.exec:\nlvnpdv.exe71⤵
-
\??\c:\vfrfvp.exec:\vfrfvp.exe72⤵
-
\??\c:\hdbbxht.exec:\hdbbxht.exe73⤵
-
\??\c:\nvxrrvj.exec:\nvxrrvj.exe74⤵
-
\??\c:\fjjxhdd.exec:\fjjxhdd.exe75⤵
-
\??\c:\lbvhb.exec:\lbvhb.exe76⤵
-
\??\c:\rhdxv.exec:\rhdxv.exe77⤵
-
\??\c:\nrthpp.exec:\nrthpp.exe78⤵
-
\??\c:\txplddj.exec:\txplddj.exe79⤵
-
\??\c:\blrtrb.exec:\blrtrb.exe80⤵
-
\??\c:\prxvxtf.exec:\prxvxtf.exe81⤵
-
\??\c:\plxnrp.exec:\plxnrp.exe82⤵
-
\??\c:\lxjtv.exec:\lxjtv.exe83⤵
-
\??\c:\bjdbl.exec:\bjdbl.exe84⤵
-
\??\c:\pbtnf.exec:\pbtnf.exe85⤵
-
\??\c:\llpxhp.exec:\llpxhp.exe86⤵
-
\??\c:\tlrdbvl.exec:\tlrdbvl.exe87⤵
-
\??\c:\nrprnlj.exec:\nrprnlj.exe88⤵
-
\??\c:\vfbvfh.exec:\vfbvfh.exe89⤵
-
\??\c:\vxfbph.exec:\vxfbph.exe90⤵
-
\??\c:\xtndhbn.exec:\xtndhbn.exe91⤵
-
\??\c:\dxrjvj.exec:\dxrjvj.exe92⤵
-
\??\c:\jrthbpb.exec:\jrthbpb.exe93⤵
-
\??\c:\hhrdbl.exec:\hhrdbl.exe94⤵
-
\??\c:\dpbffb.exec:\dpbffb.exe95⤵
-
\??\c:\xvlfl.exec:\xvlfl.exe96⤵
-
\??\c:\npdxfht.exec:\npdxfht.exe97⤵
-
\??\c:\jdjffp.exec:\jdjffp.exe98⤵
-
\??\c:\jrrpttf.exec:\jrrpttf.exe99⤵
-
\??\c:\lxhlv.exec:\lxhlv.exe100⤵
-
\??\c:\thxptx.exec:\thxptx.exe101⤵
-
\??\c:\hnljfdd.exec:\hnljfdd.exe102⤵
-
\??\c:\dvdhtd.exec:\dvdhtd.exe103⤵
-
\??\c:\njvjdrh.exec:\njvjdrh.exe104⤵
-
\??\c:\ldrdjtj.exec:\ldrdjtj.exe105⤵
-
\??\c:\jhvvxdh.exec:\jhvvxdh.exe106⤵
-
\??\c:\xjlll.exec:\xjlll.exe107⤵
-
\??\c:\blxvvd.exec:\blxvvd.exe108⤵
-
\??\c:\dhbvbtj.exec:\dhbvbtj.exe109⤵
-
\??\c:\tttrj.exec:\tttrj.exe110⤵
-
\??\c:\jdlhd.exec:\jdlhd.exe111⤵
-
\??\c:\hffpx.exec:\hffpx.exe112⤵
-
\??\c:\hpbnjt.exec:\hpbnjt.exe113⤵
-
\??\c:\dvjtvph.exec:\dvjtvph.exe114⤵
-
\??\c:\hdnvxdh.exec:\hdnvxdh.exe115⤵
-
\??\c:\xnbbbh.exec:\xnbbbh.exe116⤵
-
\??\c:\xrfjd.exec:\xrfjd.exe117⤵
-
\??\c:\blhhh.exec:\blhhh.exe118⤵
-
\??\c:\vhlljt.exec:\vhlljt.exe119⤵
-
\??\c:\njfbdfh.exec:\njfbdfh.exe120⤵
-
\??\c:\hddhld.exec:\hddhld.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-