Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-05-2024 22:21
General
-
Target
458597d33fbc72dd9b520564a9574d40_NeikiAnalytics.exe
-
Size
273KB
-
MD5
458597d33fbc72dd9b520564a9574d40
-
SHA1
f57f9553332e332b3775abc32f7fb0094cc2e85f
-
SHA256
4fdddef09db6255cb0b777b5cf0f2659223ebd5ff366eee3cf8fa898d5872be6
-
SHA512
664eefde4210f5a36a8f08577307f3cc5ea016919ea8bcf8bf7ec16422712102a63232dd7e4ab7e5e3b8daf8a20ab42608c1a4812e3513fedf89e9d6960e950c
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFK:8cm7ImGddXmNt251UriZFK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 53 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\458597d33fbc72dd9b520564a9574d40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\458597d33fbc72dd9b520564a9574d40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tffhpdx.exec:\tffhpdx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvpjjnb.exec:\hvpjjnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnvdt.exec:\pnvdt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjhnx.exec:\vjhnx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbfjvfv.exec:\jbfjvfv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdxjrbd.exec:\fdxjrbd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ljxjln.exec:\ljxjln.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlrlnnx.exec:\tlrlnnx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phtlpx.exec:\phtlpx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fvflj.exec:\fvflj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddvj.exec:\jddvj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htxhp.exec:\htxhp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prnblht.exec:\prnblht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djtxxf.exec:\djtxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tltrfr.exec:\tltrfr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrlrbd.exec:\vrlrbd.exe17⤵
- Executes dropped EXE
-
\??\c:\hhljplx.exec:\hhljplx.exe18⤵
- Executes dropped EXE
-
\??\c:\lrpdf.exec:\lrpdf.exe19⤵
- Executes dropped EXE
-
\??\c:\rdfbf.exec:\rdfbf.exe20⤵
- Executes dropped EXE
-
\??\c:\xrdbjrx.exec:\xrdbjrx.exe21⤵
- Executes dropped EXE
-
\??\c:\tfxnrl.exec:\tfxnrl.exe22⤵
- Executes dropped EXE
-
\??\c:\nbnhpd.exec:\nbnhpd.exe23⤵
- Executes dropped EXE
-
\??\c:\ppfvpf.exec:\ppfvpf.exe24⤵
- Executes dropped EXE
-
\??\c:\dpdhp.exec:\dpdhp.exe25⤵
- Executes dropped EXE
-
\??\c:\xvbbpnr.exec:\xvbbpnr.exe26⤵
- Executes dropped EXE
-
\??\c:\jbjvrf.exec:\jbjvrf.exe27⤵
- Executes dropped EXE
-
\??\c:\jprbrh.exec:\jprbrh.exe28⤵
- Executes dropped EXE
-
\??\c:\rvxjfp.exec:\rvxjfp.exe29⤵
- Executes dropped EXE
-
\??\c:\lhpdv.exec:\lhpdv.exe30⤵
- Executes dropped EXE
-
\??\c:\ndvrrtt.exec:\ndvrrtt.exe31⤵
- Executes dropped EXE
-
\??\c:\xpxdf.exec:\xpxdf.exe32⤵
- Executes dropped EXE
-
\??\c:\fdrhjb.exec:\fdrhjb.exe33⤵
- Executes dropped EXE
-
\??\c:\lrrbtxv.exec:\lrrbtxv.exe34⤵
- Executes dropped EXE
-
\??\c:\bxxtf.exec:\bxxtf.exe35⤵
- Executes dropped EXE
-
\??\c:\hlfpj.exec:\hlfpj.exe36⤵
- Executes dropped EXE
-
\??\c:\htrprnp.exec:\htrprnp.exe37⤵
- Executes dropped EXE
-
\??\c:\lntjh.exec:\lntjh.exe38⤵
- Executes dropped EXE
-
\??\c:\jpdtxtl.exec:\jpdtxtl.exe39⤵
- Executes dropped EXE
-
\??\c:\nfrjv.exec:\nfrjv.exe40⤵
- Executes dropped EXE
-
\??\c:\hbfpr.exec:\hbfpr.exe41⤵
- Executes dropped EXE
-
\??\c:\pfvph.exec:\pfvph.exe42⤵
- Executes dropped EXE
-
\??\c:\jnnjlf.exec:\jnnjlf.exe43⤵
- Executes dropped EXE
-
\??\c:\vbvdvdr.exec:\vbvdvdr.exe44⤵
- Executes dropped EXE
-
\??\c:\pbrffb.exec:\pbrffb.exe45⤵
- Executes dropped EXE
-
\??\c:\lljxjx.exec:\lljxjx.exe46⤵
- Executes dropped EXE
-
\??\c:\lpbpr.exec:\lpbpr.exe47⤵
- Executes dropped EXE
-
\??\c:\tnvnf.exec:\tnvnf.exe48⤵
- Executes dropped EXE
-
\??\c:\pdfhfx.exec:\pdfhfx.exe49⤵
- Executes dropped EXE
-
\??\c:\lvbpbbt.exec:\lvbpbbt.exe50⤵
- Executes dropped EXE
-
\??\c:\hprbbln.exec:\hprbbln.exe51⤵
- Executes dropped EXE
-
\??\c:\xxthjjp.exec:\xxthjjp.exe52⤵
- Executes dropped EXE
-
\??\c:\rbfdrf.exec:\rbfdrf.exe53⤵
- Executes dropped EXE
-
\??\c:\dvblvt.exec:\dvblvt.exe54⤵
- Executes dropped EXE
-
\??\c:\pptld.exec:\pptld.exe55⤵
- Executes dropped EXE
-
\??\c:\phtdr.exec:\phtdr.exe56⤵
- Executes dropped EXE
-
\??\c:\xrhfl.exec:\xrhfl.exe57⤵
- Executes dropped EXE
-
\??\c:\dtjbtxv.exec:\dtjbtxv.exe58⤵
- Executes dropped EXE
-
\??\c:\nhdbd.exec:\nhdbd.exe59⤵
- Executes dropped EXE
-
\??\c:\rhnthfv.exec:\rhnthfv.exe60⤵
- Executes dropped EXE
-
\??\c:\lnxhrv.exec:\lnxhrv.exe61⤵
- Executes dropped EXE
-
\??\c:\hbjvpph.exec:\hbjvpph.exe62⤵
- Executes dropped EXE
-
\??\c:\pxtpfv.exec:\pxtpfv.exe63⤵
- Executes dropped EXE
-
\??\c:\tlrvllr.exec:\tlrvllr.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlltv.exec:\xrlltv.exe65⤵
- Executes dropped EXE
-
\??\c:\jprrdj.exec:\jprrdj.exe66⤵
-
\??\c:\ttfrh.exec:\ttfrh.exe67⤵
-
\??\c:\bpbpxdt.exec:\bpbpxdt.exe68⤵
-
\??\c:\lprlx.exec:\lprlx.exe69⤵
-
\??\c:\nbvjnrb.exec:\nbvjnrb.exe70⤵
-
\??\c:\lxdhf.exec:\lxdhf.exe71⤵
-
\??\c:\ftvtnpf.exec:\ftvtnpf.exe72⤵
-
\??\c:\hfjrfll.exec:\hfjrfll.exe73⤵
-
\??\c:\jrhpjd.exec:\jrhpjd.exe74⤵
-
\??\c:\vpnvt.exec:\vpnvt.exe75⤵
-
\??\c:\nbrtlrr.exec:\nbrtlrr.exe76⤵
-
\??\c:\hvhtxl.exec:\hvhtxl.exe77⤵
-
\??\c:\xhhttpn.exec:\xhhttpn.exe78⤵
-
\??\c:\rjvtnh.exec:\rjvtnh.exe79⤵
-
\??\c:\frfdd.exec:\frfdd.exe80⤵
-
\??\c:\dbjdnbp.exec:\dbjdnbp.exe81⤵
-
\??\c:\ftthd.exec:\ftthd.exe82⤵
-
\??\c:\tphjbx.exec:\tphjbx.exe83⤵
-
\??\c:\bvjfdnp.exec:\bvjfdnp.exe84⤵
-
\??\c:\hpbpltj.exec:\hpbpltj.exe85⤵
-
\??\c:\tfhhxtf.exec:\tfhhxtf.exe86⤵
-
\??\c:\thlth.exec:\thlth.exe87⤵
-
\??\c:\dbxxlbx.exec:\dbxxlbx.exe88⤵
-
\??\c:\tfljnj.exec:\tfljnj.exe89⤵
-
\??\c:\fjrpvtn.exec:\fjrpvtn.exe90⤵
-
\??\c:\flpdjht.exec:\flpdjht.exe91⤵
-
\??\c:\jtthl.exec:\jtthl.exe92⤵
-
\??\c:\jjtbp.exec:\jjtbp.exe93⤵
-
\??\c:\xlvhxdd.exec:\xlvhxdd.exe94⤵
-
\??\c:\pxnjrfp.exec:\pxnjrfp.exe95⤵
-
\??\c:\rttnx.exec:\rttnx.exe96⤵
-
\??\c:\trjrr.exec:\trjrr.exe97⤵
-
\??\c:\bjfdhjl.exec:\bjfdhjl.exe98⤵
-
\??\c:\dhxhv.exec:\dhxhv.exe99⤵
-
\??\c:\lppbrjf.exec:\lppbrjf.exe100⤵
-
\??\c:\lpxbpvj.exec:\lpxbpvj.exe101⤵
-
\??\c:\bbtxtx.exec:\bbtxtx.exe102⤵
-
\??\c:\flbxrjb.exec:\flbxrjb.exe103⤵
-
\??\c:\dtbrd.exec:\dtbrd.exe104⤵
-
\??\c:\hnnhr.exec:\hnnhr.exe105⤵
-
\??\c:\tnfhlt.exec:\tnfhlt.exe106⤵
-
\??\c:\fnrff.exec:\fnrff.exe107⤵
-
\??\c:\xptbphd.exec:\xptbphd.exe108⤵
-
\??\c:\fjxxr.exec:\fjxxr.exe109⤵
-
\??\c:\htltdhp.exec:\htltdhp.exe110⤵
-
\??\c:\flvbxn.exec:\flvbxn.exe111⤵
-
\??\c:\xbtnxb.exec:\xbtnxb.exe112⤵
-
\??\c:\dtnnxnh.exec:\dtnnxnh.exe113⤵
-
\??\c:\thtxbv.exec:\thtxbv.exe114⤵
-
\??\c:\xhjbxpv.exec:\xhjbxpv.exe115⤵
-
\??\c:\jvdtnb.exec:\jvdtnb.exe116⤵
-
\??\c:\rjtjb.exec:\rjtjb.exe117⤵
-
\??\c:\hrdnvx.exec:\hrdnvx.exe118⤵
-
\??\c:\xvptld.exec:\xvptld.exe119⤵
-
\??\c:\xddlp.exec:\xddlp.exe120⤵
-
\??\c:\hljdff.exec:\hljdff.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-