Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/05/2024, 19:13
General
-
Target
1b909bd0543d876655325fa8d8f0b360_NeikiAnalytics.exe
-
Size
92KB
-
MD5
1b909bd0543d876655325fa8d8f0b360
-
SHA1
cb179b172fb79f7eef527b0e6478266f13f6b6da
-
SHA256
9710ba39ee9caf04303008da0d232fcd60d64692a392d420539dc7c89b14ae6b
-
SHA512
6cea63a695af7acf78c09fc68e3d3c8d0b49b373c2a493716303c8132ab91441dd199208844c64a99b08a073d8da91898036bc7fab61c9d0175d1766b75b8414
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWprCT:8hOmTsF93UYfwC6GIout0fmCiiiXA6ma
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 58 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b909bd0543d876655325fa8d8f0b360_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1b909bd0543d876655325fa8d8f0b360_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xtbhnh.exec:\xtbhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njphjvx.exec:\njphjvx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfljhbn.exec:\lfljhbn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hdltjr.exec:\hdltjr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\plthbph.exec:\plthbph.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrxnr.exec:\vrxnr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dprhxld.exec:\dprhxld.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvvddrh.exec:\tvvddrh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfttj.exec:\tfttj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrhj.exec:\xrfrhj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njpbfnf.exec:\njpbfnf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhhrvx.exec:\jhhrvx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxbrbvb.exec:\fxbrbvb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlbtf.exec:\xlbtf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tvfhb.exec:\tvfhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tffdvlx.exec:\tffdvlx.exe17⤵
- Executes dropped EXE
-
\??\c:\jhjpd.exec:\jhjpd.exe18⤵
- Executes dropped EXE
-
\??\c:\nptxbl.exec:\nptxbl.exe19⤵
- Executes dropped EXE
-
\??\c:\rflbt.exec:\rflbt.exe20⤵
- Executes dropped EXE
-
\??\c:\fjvtlb.exec:\fjvtlb.exe21⤵
- Executes dropped EXE
-
\??\c:\ptvvll.exec:\ptvvll.exe22⤵
- Executes dropped EXE
-
\??\c:\vhdxbf.exec:\vhdxbf.exe23⤵
- Executes dropped EXE
-
\??\c:\ljrlh.exec:\ljrlh.exe24⤵
- Executes dropped EXE
-
\??\c:\xlbrnp.exec:\xlbrnp.exe25⤵
- Executes dropped EXE
-
\??\c:\ptnrbrt.exec:\ptnrbrt.exe26⤵
- Executes dropped EXE
-
\??\c:\bbfjd.exec:\bbfjd.exe27⤵
- Executes dropped EXE
-
\??\c:\lrjdttn.exec:\lrjdttn.exe28⤵
- Executes dropped EXE
-
\??\c:\jltnlt.exec:\jltnlt.exe29⤵
- Executes dropped EXE
-
\??\c:\pnrhxf.exec:\pnrhxf.exe30⤵
- Executes dropped EXE
-
\??\c:\nhdhtnr.exec:\nhdhtnr.exe31⤵
- Executes dropped EXE
-
\??\c:\fjdfrhf.exec:\fjdfrhf.exe32⤵
- Executes dropped EXE
-
\??\c:\fjvjf.exec:\fjvjf.exe33⤵
- Executes dropped EXE
-
\??\c:\lfvddf.exec:\lfvddf.exe34⤵
- Executes dropped EXE
-
\??\c:\hlnfphp.exec:\hlnfphp.exe35⤵
- Executes dropped EXE
-
\??\c:\njhtl.exec:\njhtl.exe36⤵
- Executes dropped EXE
-
\??\c:\bvfxp.exec:\bvfxp.exe37⤵
- Executes dropped EXE
-
\??\c:\xrdhrjr.exec:\xrdhrjr.exe38⤵
- Executes dropped EXE
-
\??\c:\xnbpd.exec:\xnbpd.exe39⤵
- Executes dropped EXE
-
\??\c:\dtjnj.exec:\dtjnj.exe40⤵
- Executes dropped EXE
-
\??\c:\vlnxvf.exec:\vlnxvf.exe41⤵
- Executes dropped EXE
-
\??\c:\vrdrnx.exec:\vrdrnx.exe42⤵
- Executes dropped EXE
-
\??\c:\pbbhfjv.exec:\pbbhfjv.exe43⤵
- Executes dropped EXE
-
\??\c:\hxrpf.exec:\hxrpf.exe44⤵
- Executes dropped EXE
-
\??\c:\plnvf.exec:\plnvf.exe45⤵
- Executes dropped EXE
-
\??\c:\nvrdhv.exec:\nvrdhv.exe46⤵
- Executes dropped EXE
-
\??\c:\hpbfhl.exec:\hpbfhl.exe47⤵
- Executes dropped EXE
-
\??\c:\vxrbn.exec:\vxrbn.exe48⤵
- Executes dropped EXE
-
\??\c:\rnxdt.exec:\rnxdt.exe49⤵
- Executes dropped EXE
-
\??\c:\jndrdtt.exec:\jndrdtt.exe50⤵
- Executes dropped EXE
-
\??\c:\tntfv.exec:\tntfv.exe51⤵
- Executes dropped EXE
-
\??\c:\jbxjp.exec:\jbxjp.exe52⤵
- Executes dropped EXE
-
\??\c:\vhxxv.exec:\vhxxv.exe53⤵
- Executes dropped EXE
-
\??\c:\ljdhhn.exec:\ljdhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\bphddxt.exec:\bphddxt.exe55⤵
- Executes dropped EXE
-
\??\c:\tdjhltt.exec:\tdjhltt.exe56⤵
- Executes dropped EXE
-
\??\c:\tdbldnv.exec:\tdbldnv.exe57⤵
- Executes dropped EXE
-
\??\c:\fjdxdn.exec:\fjdxdn.exe58⤵
- Executes dropped EXE
-
\??\c:\jdtblr.exec:\jdtblr.exe59⤵
- Executes dropped EXE
-
\??\c:\dpvtflx.exec:\dpvtflx.exe60⤵
- Executes dropped EXE
-
\??\c:\tlhvt.exec:\tlhvt.exe61⤵
- Executes dropped EXE
-
\??\c:\ndfrv.exec:\ndfrv.exe62⤵
- Executes dropped EXE
-
\??\c:\txxrdbb.exec:\txxrdbb.exe63⤵
- Executes dropped EXE
-
\??\c:\lxxbbd.exec:\lxxbbd.exe64⤵
- Executes dropped EXE
-
\??\c:\tfrxl.exec:\tfrxl.exe65⤵
- Executes dropped EXE
-
\??\c:\bbtfrjd.exec:\bbtfrjd.exe66⤵
-
\??\c:\vnrlt.exec:\vnrlt.exe67⤵
-
\??\c:\jnpdxb.exec:\jnpdxb.exe68⤵
-
\??\c:\lhtfht.exec:\lhtfht.exe69⤵
-
\??\c:\rhlpp.exec:\rhlpp.exe70⤵
-
\??\c:\nhfhbt.exec:\nhfhbt.exe71⤵
-
\??\c:\dnptdlt.exec:\dnptdlt.exe72⤵
-
\??\c:\vldrnp.exec:\vldrnp.exe73⤵
-
\??\c:\lfvjlt.exec:\lfvjlt.exe74⤵
-
\??\c:\jtbxvxp.exec:\jtbxvxp.exe75⤵
-
\??\c:\pvxlbxp.exec:\pvxlbxp.exe76⤵
-
\??\c:\ftjhtd.exec:\ftjhtd.exe77⤵
-
\??\c:\pbbhlb.exec:\pbbhlb.exe78⤵
-
\??\c:\hftbt.exec:\hftbt.exe79⤵
-
\??\c:\lptrdxd.exec:\lptrdxd.exe80⤵
-
\??\c:\ddhff.exec:\ddhff.exe81⤵
-
\??\c:\hlbbx.exec:\hlbbx.exe82⤵
-
\??\c:\drnhf.exec:\drnhf.exe83⤵
-
\??\c:\bjjbv.exec:\bjjbv.exe84⤵
-
\??\c:\rdbtpv.exec:\rdbtpv.exe85⤵
-
\??\c:\rrxtl.exec:\rrxtl.exe86⤵
-
\??\c:\blndbb.exec:\blndbb.exe87⤵
-
\??\c:\jhvnnnl.exec:\jhvnnnl.exe88⤵
-
\??\c:\rttxjlt.exec:\rttxjlt.exe89⤵
-
\??\c:\rdbfl.exec:\rdbfl.exe90⤵
-
\??\c:\pxpxrfb.exec:\pxpxrfb.exe91⤵
-
\??\c:\tnbnnll.exec:\tnbnnll.exe92⤵
-
\??\c:\lljfvx.exec:\lljfvx.exe93⤵
-
\??\c:\vvpdxjb.exec:\vvpdxjb.exe94⤵
-
\??\c:\bxtpnvl.exec:\bxtpnvl.exe95⤵
-
\??\c:\bbbrjl.exec:\bbbrjl.exe96⤵
-
\??\c:\phjvbxj.exec:\phjvbxj.exe97⤵
-
\??\c:\bhfhf.exec:\bhfhf.exe98⤵
-
\??\c:\dprjt.exec:\dprjt.exe99⤵
-
\??\c:\hdnft.exec:\hdnft.exe100⤵
-
\??\c:\hljtrtx.exec:\hljtrtx.exe101⤵
-
\??\c:\lxlpvpl.exec:\lxlpvpl.exe102⤵
-
\??\c:\dptvhj.exec:\dptvhj.exe103⤵
-
\??\c:\dnhrj.exec:\dnhrj.exe104⤵
-
\??\c:\jjtvhp.exec:\jjtvhp.exe105⤵
-
\??\c:\vfptf.exec:\vfptf.exe106⤵
-
\??\c:\pjntlt.exec:\pjntlt.exe107⤵
-
\??\c:\pxldrlh.exec:\pxldrlh.exe108⤵
-
\??\c:\dhljhv.exec:\dhljhv.exe109⤵
-
\??\c:\pdjprxb.exec:\pdjprxb.exe110⤵
-
\??\c:\nhjtx.exec:\nhjtx.exe111⤵
-
\??\c:\fhtjvl.exec:\fhtjvl.exe112⤵
-
\??\c:\ttbvbx.exec:\ttbvbx.exe113⤵
-
\??\c:\tdfdht.exec:\tdfdht.exe114⤵
-
\??\c:\jnxxr.exec:\jnxxr.exe115⤵
-
\??\c:\jxjphbd.exec:\jxjphbd.exe116⤵
-
\??\c:\rhdltrx.exec:\rhdltrx.exe117⤵
-
\??\c:\prjbrnt.exec:\prjbrnt.exe118⤵
-
\??\c:\htbxhfl.exec:\htbxhfl.exe119⤵
-
\??\c:\bplrx.exec:\bplrx.exe120⤵
-
\??\c:\jlvhhf.exec:\jlvhhf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-