Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
16/05/2024, 14:10
General
-
Target
e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe
-
Size
498KB
-
MD5
e177a4a09161a9fae3b6f5179c564990
-
SHA1
faa3d2a710c6cc66d55ae9e356ea820c6ac9f0b0
-
SHA256
aaa7f20634fa7025e7a418049d989d53475e1b20ff83c4da3dcd4a30e331ef00
-
SHA512
e7ac6ec6e657f75be5b910add5c029dcd335c541fc3297b5e5f9f5542e109bbf7b32a2ff10877f7df170b2cf7e22b6f8e45744fa08a9b7de10801428bccd3b35
-
SSDEEP
12288:S4wFHoSyoS3ebeFmFVvlrmwcT4wpteFmFTxS:0KFmFVtrRcFEFmFs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e177a4a09161a9fae3b6f5179c564990_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nfrfdxf.exec:\nfrfdxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrpdxp.exec:\vrpdxp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hxhjn.exec:\hxhjn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnpd.exec:\hhnpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnxdd.exec:\nnxdd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htxtv.exec:\htxtv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dhffr.exec:\dhffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hpphht.exec:\hpphht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbph.exec:\tbbph.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhfdp.exec:\nhhfdp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhhnjrh.exec:\vhhnjrh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjfh.exec:\dpjfh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpbvlf.exec:\dpbvlf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxvjdh.exec:\rxvjdh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjrbhn.exec:\pjrbhn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxxxt.exec:\vxxxt.exe17⤵
- Executes dropped EXE
-
\??\c:\dfdldrv.exec:\dfdldrv.exe18⤵
- Executes dropped EXE
-
\??\c:\jptfdtn.exec:\jptfdtn.exe19⤵
- Executes dropped EXE
-
\??\c:\jfhjjxb.exec:\jfhjjxb.exe20⤵
- Executes dropped EXE
-
\??\c:\bbxfddl.exec:\bbxfddl.exe21⤵
- Executes dropped EXE
-
\??\c:\fxdbhxb.exec:\fxdbhxb.exe22⤵
- Executes dropped EXE
-
\??\c:\jnvhhp.exec:\jnvhhp.exe23⤵
- Executes dropped EXE
-
\??\c:\pdrfxf.exec:\pdrfxf.exe24⤵
- Executes dropped EXE
-
\??\c:\fjhvrrb.exec:\fjhvrrb.exe25⤵
- Executes dropped EXE
-
\??\c:\hbfdx.exec:\hbfdx.exe26⤵
- Executes dropped EXE
-
\??\c:\nxjlpnv.exec:\nxjlpnv.exe27⤵
- Executes dropped EXE
-
\??\c:\lhfxvt.exec:\lhfxvt.exe28⤵
- Executes dropped EXE
-
\??\c:\xxxrd.exec:\xxxrd.exe29⤵
- Executes dropped EXE
-
\??\c:\tdvtxlj.exec:\tdvtxlj.exe30⤵
- Executes dropped EXE
-
\??\c:\jhbrl.exec:\jhbrl.exe31⤵
- Executes dropped EXE
-
\??\c:\rnbrf.exec:\rnbrf.exe32⤵
- Executes dropped EXE
-
\??\c:\vvxfp.exec:\vvxfp.exe33⤵
- Executes dropped EXE
-
\??\c:\pvxxvr.exec:\pvxxvr.exe34⤵
- Executes dropped EXE
-
\??\c:\lvflpl.exec:\lvflpl.exe35⤵
- Executes dropped EXE
-
\??\c:\tfndpfh.exec:\tfndpfh.exe36⤵
- Executes dropped EXE
-
\??\c:\dprhf.exec:\dprhf.exe37⤵
- Executes dropped EXE
-
\??\c:\dbfvbx.exec:\dbfvbx.exe38⤵
- Executes dropped EXE
-
\??\c:\rjtvxx.exec:\rjtvxx.exe39⤵
- Executes dropped EXE
-
\??\c:\vrvpffp.exec:\vrvpffp.exe40⤵
- Executes dropped EXE
-
\??\c:\xdxppbd.exec:\xdxppbd.exe41⤵
- Executes dropped EXE
-
\??\c:\xnrftrl.exec:\xnrftrl.exe42⤵
- Executes dropped EXE
-
\??\c:\nvpfxl.exec:\nvpfxl.exe43⤵
- Executes dropped EXE
-
\??\c:\nhdnldv.exec:\nhdnldv.exe44⤵
- Executes dropped EXE
-
\??\c:\hlhxt.exec:\hlhxt.exe45⤵
- Executes dropped EXE
-
\??\c:\tptfpt.exec:\tptfpt.exe46⤵
- Executes dropped EXE
-
\??\c:\tnjxtt.exec:\tnjxtt.exe47⤵
- Executes dropped EXE
-
\??\c:\drfft.exec:\drfft.exe48⤵
- Executes dropped EXE
-
\??\c:\pjptd.exec:\pjptd.exe49⤵
- Executes dropped EXE
-
\??\c:\pdljd.exec:\pdljd.exe50⤵
- Executes dropped EXE
-
\??\c:\rbhtfxh.exec:\rbhtfxh.exe51⤵
- Executes dropped EXE
-
\??\c:\rhlrp.exec:\rhlrp.exe52⤵
- Executes dropped EXE
-
\??\c:\rhrtbv.exec:\rhrtbv.exe53⤵
- Executes dropped EXE
-
\??\c:\hnvtvxn.exec:\hnvtvxn.exe54⤵
- Executes dropped EXE
-
\??\c:\hnrlh.exec:\hnrlh.exe55⤵
- Executes dropped EXE
-
\??\c:\tljttjt.exec:\tljttjt.exe56⤵
- Executes dropped EXE
-
\??\c:\xjhbx.exec:\xjhbx.exe57⤵
- Executes dropped EXE
-
\??\c:\nnprhxl.exec:\nnprhxl.exe58⤵
- Executes dropped EXE
-
\??\c:\dltrh.exec:\dltrh.exe59⤵
- Executes dropped EXE
-
\??\c:\hhhrx.exec:\hhhrx.exe60⤵
- Executes dropped EXE
-
\??\c:\hxbpl.exec:\hxbpl.exe61⤵
- Executes dropped EXE
-
\??\c:\jljthv.exec:\jljthv.exe62⤵
- Executes dropped EXE
-
\??\c:\hvrfrjj.exec:\hvrfrjj.exe63⤵
- Executes dropped EXE
-
\??\c:\bvhlj.exec:\bvhlj.exe64⤵
- Executes dropped EXE
-
\??\c:\ppbhxff.exec:\ppbhxff.exe65⤵
- Executes dropped EXE
-
\??\c:\ftplht.exec:\ftplht.exe66⤵
-
\??\c:\jbrfh.exec:\jbrfh.exe67⤵
-
\??\c:\plhrdfj.exec:\plhrdfj.exe68⤵
-
\??\c:\hfbvl.exec:\hfbvl.exe69⤵
-
\??\c:\dvxrr.exec:\dvxrr.exe70⤵
-
\??\c:\fdfxnvf.exec:\fdfxnvf.exe71⤵
-
\??\c:\hjjxx.exec:\hjjxx.exe72⤵
-
\??\c:\djflfrl.exec:\djflfrl.exe73⤵
-
\??\c:\ftxnpxp.exec:\ftxnpxp.exe74⤵
-
\??\c:\hfdtx.exec:\hfdtx.exe75⤵
-
\??\c:\nrfpftf.exec:\nrfpftf.exe76⤵
-
\??\c:\jhxjntl.exec:\jhxjntl.exe77⤵
-
\??\c:\rrjjhtv.exec:\rrjjhtv.exe78⤵
-
\??\c:\xljnr.exec:\xljnr.exe79⤵
-
\??\c:\hrtbxrx.exec:\hrtbxrx.exe80⤵
-
\??\c:\xlttv.exec:\xlttv.exe81⤵
-
\??\c:\vvrhxpv.exec:\vvrhxpv.exe82⤵
-
\??\c:\thpxf.exec:\thpxf.exe83⤵
-
\??\c:\rhbvd.exec:\rhbvd.exe84⤵
-
\??\c:\rvtrhb.exec:\rvtrhb.exe85⤵
-
\??\c:\xjlbh.exec:\xjlbh.exe86⤵
-
\??\c:\dvbrpb.exec:\dvbrpb.exe87⤵
-
\??\c:\jtjtv.exec:\jtjtv.exe88⤵
-
\??\c:\ntfthft.exec:\ntfthft.exe89⤵
-
\??\c:\fnbbx.exec:\fnbbx.exe90⤵
-
\??\c:\btpvp.exec:\btpvp.exe91⤵
-
\??\c:\fddfhf.exec:\fddfhf.exe92⤵
-
\??\c:\ftdxvn.exec:\ftdxvn.exe93⤵
-
\??\c:\vtbfl.exec:\vtbfl.exe94⤵
-
\??\c:\lxjrv.exec:\lxjrv.exe95⤵
-
\??\c:\vvnbrh.exec:\vvnbrh.exe96⤵
-
\??\c:\djppp.exec:\djppp.exe97⤵
-
\??\c:\rtnvnpd.exec:\rtnvnpd.exe98⤵
-
\??\c:\lvdfhbf.exec:\lvdfhbf.exe99⤵
-
\??\c:\vdlnt.exec:\vdlnt.exe100⤵
-
\??\c:\rxnrjx.exec:\rxnrjx.exe101⤵
-
\??\c:\rpfvp.exec:\rpfvp.exe102⤵
-
\??\c:\rhppv.exec:\rhppv.exe103⤵
-
\??\c:\vhdffhb.exec:\vhdffhb.exe104⤵
-
\??\c:\lbvbhn.exec:\lbvbhn.exe105⤵
-
\??\c:\tpjdvf.exec:\tpjdvf.exe106⤵
-
\??\c:\dxlpjnd.exec:\dxlpjnd.exe107⤵
-
\??\c:\bxvbhp.exec:\bxvbhp.exe108⤵
-
\??\c:\nxfnvdb.exec:\nxfnvdb.exe109⤵
-
\??\c:\lhrlnh.exec:\lhrlnh.exe110⤵
-
\??\c:\tlvlt.exec:\tlvlt.exe111⤵
-
\??\c:\hvvtxv.exec:\hvvtxv.exe112⤵
-
\??\c:\bvjrtrd.exec:\bvjrtrd.exe113⤵
-
\??\c:\hjdlv.exec:\hjdlv.exe114⤵
-
\??\c:\hvfbvtx.exec:\hvfbvtx.exe115⤵
-
\??\c:\ldvhdpx.exec:\ldvhdpx.exe116⤵
-
\??\c:\fvhtvxd.exec:\fvhtvxd.exe117⤵
-
\??\c:\fdptl.exec:\fdptl.exe118⤵
-
\??\c:\dxtxdhf.exec:\dxtxdhf.exe119⤵
-
\??\c:\tnlvnn.exec:\tnlvnn.exe120⤵
-
\??\c:\pxddt.exec:\pxddt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-