Analysis
-
max time kernel
145s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
21-05-2024 09:57
General
-
Target
314df789054f9db9dd75b6174ff56e108d9fb3ed6b1684dfee8fef7c2fe82b67_NeikiAnalytics.exe
-
Size
90KB
-
MD5
9eec38a58b9981977df232ca070c7fb0
-
SHA1
16507f41d86b8f69ab40c8119f6cdafd0545dde5
-
SHA256
314df789054f9db9dd75b6174ff56e108d9fb3ed6b1684dfee8fef7c2fe82b67
-
SHA512
06009097369a47115480acd6e8c0e26797cd2460fb6ae3357940b1635632c0f8f8d2cdf24059dc693e0c759d90e755de1da46cd4b17a78d40ddf8be5e4703047
-
SSDEEP
1536:cvQBeOGtrYS3srx93UBWfwC6Ggnouy8mVeygryFU2li0gx4EBbhnyLFW+d:chOmTsF93UYfwC6GIoutieyhC2lbgGiI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 45 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\314df789054f9db9dd75b6174ff56e108d9fb3ed6b1684dfee8fef7c2fe82b67_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\314df789054f9db9dd75b6174ff56e108d9fb3ed6b1684dfee8fef7c2fe82b67_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pbttvr.exec:\pbttvr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dnvxn.exec:\dnvxn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xjppd.exec:\xjppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrpjt.exec:\fxrpjt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vnvftn.exec:\vnvftn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fhpvpt.exec:\fhpvpt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tfrxdbt.exec:\tfrxdbt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdjllh.exec:\vdjllh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtjhvr.exec:\vtjhvr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xbbvxtn.exec:\xbbvxtn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhhxr.exec:\jhhxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jpvbr.exec:\jpvbr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hphprht.exec:\hphprht.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhxbnv.exec:\bhxbnv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjfvrd.exec:\hjfvrd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhxvjjd.exec:\nhxvjjd.exe17⤵
- Executes dropped EXE
-
\??\c:\rntpjdd.exec:\rntpjdd.exe18⤵
- Executes dropped EXE
-
\??\c:\rfhfff.exec:\rfhfff.exe19⤵
- Executes dropped EXE
-
\??\c:\vvlhtrf.exec:\vvlhtrf.exe20⤵
- Executes dropped EXE
-
\??\c:\ldpvff.exec:\ldpvff.exe21⤵
- Executes dropped EXE
-
\??\c:\dtllt.exec:\dtllt.exe22⤵
- Executes dropped EXE
-
\??\c:\rtdtf.exec:\rtdtf.exe23⤵
- Executes dropped EXE
-
\??\c:\txptpt.exec:\txptpt.exe24⤵
- Executes dropped EXE
-
\??\c:\ljnrrr.exec:\ljnrrr.exe25⤵
- Executes dropped EXE
-
\??\c:\blpvxn.exec:\blpvxn.exe26⤵
- Executes dropped EXE
-
\??\c:\rnrbr.exec:\rnrbr.exe27⤵
- Executes dropped EXE
-
\??\c:\pvpnb.exec:\pvpnb.exe28⤵
- Executes dropped EXE
-
\??\c:\jjvvnl.exec:\jjvvnl.exe29⤵
- Executes dropped EXE
-
\??\c:\bthplb.exec:\bthplb.exe30⤵
- Executes dropped EXE
-
\??\c:\prrxn.exec:\prrxn.exe31⤵
- Executes dropped EXE
-
\??\c:\njdfl.exec:\njdfl.exe32⤵
- Executes dropped EXE
-
\??\c:\pbnnn.exec:\pbnnn.exe33⤵
- Executes dropped EXE
-
\??\c:\rpdxnb.exec:\rpdxnb.exe34⤵
- Executes dropped EXE
-
\??\c:\xxjrj.exec:\xxjrj.exe35⤵
- Executes dropped EXE
-
\??\c:\xlphhj.exec:\xlphhj.exe36⤵
- Executes dropped EXE
-
\??\c:\bdhrlhh.exec:\bdhrlhh.exe37⤵
- Executes dropped EXE
-
\??\c:\llpbp.exec:\llpbp.exe38⤵
- Executes dropped EXE
-
\??\c:\nhdrtff.exec:\nhdrtff.exe39⤵
- Executes dropped EXE
-
\??\c:\jblvvv.exec:\jblvvv.exe40⤵
- Executes dropped EXE
-
\??\c:\hhtprf.exec:\hhtprf.exe41⤵
- Executes dropped EXE
-
\??\c:\xxhjd.exec:\xxhjd.exe42⤵
- Executes dropped EXE
-
\??\c:\pflthh.exec:\pflthh.exe43⤵
- Executes dropped EXE
-
\??\c:\pvnhnf.exec:\pvnhnf.exe44⤵
- Executes dropped EXE
-
\??\c:\nvfhbx.exec:\nvfhbx.exe45⤵
- Executes dropped EXE
-
\??\c:\phtvdt.exec:\phtvdt.exe46⤵
- Executes dropped EXE
-
\??\c:\nvtvj.exec:\nvtvj.exe47⤵
- Executes dropped EXE
-
\??\c:\rfnrd.exec:\rfnrd.exe48⤵
- Executes dropped EXE
-
\??\c:\bjplxh.exec:\bjplxh.exe49⤵
- Executes dropped EXE
-
\??\c:\hjrnndn.exec:\hjrnndn.exe50⤵
- Executes dropped EXE
-
\??\c:\tdlff.exec:\tdlff.exe51⤵
- Executes dropped EXE
-
\??\c:\hrffdn.exec:\hrffdn.exe52⤵
- Executes dropped EXE
-
\??\c:\rxhvl.exec:\rxhvl.exe53⤵
- Executes dropped EXE
-
\??\c:\vxtll.exec:\vxtll.exe54⤵
- Executes dropped EXE
-
\??\c:\pjnvjxp.exec:\pjnvjxp.exe55⤵
- Executes dropped EXE
-
\??\c:\xxpbj.exec:\xxpbj.exe56⤵
- Executes dropped EXE
-
\??\c:\vjrjrff.exec:\vjrjrff.exe57⤵
- Executes dropped EXE
-
\??\c:\hxppr.exec:\hxppr.exe58⤵
- Executes dropped EXE
-
\??\c:\tnttpxt.exec:\tnttpxt.exe59⤵
- Executes dropped EXE
-
\??\c:\jpjnjn.exec:\jpjnjn.exe60⤵
- Executes dropped EXE
-
\??\c:\hvrrdbt.exec:\hvrrdbt.exe61⤵
- Executes dropped EXE
-
\??\c:\rldrtjx.exec:\rldrtjx.exe62⤵
- Executes dropped EXE
-
\??\c:\nbrvrvr.exec:\nbrvrvr.exe63⤵
- Executes dropped EXE
-
\??\c:\rrhnbr.exec:\rrhnbr.exe64⤵
- Executes dropped EXE
-
\??\c:\nhnfxjh.exec:\nhnfxjh.exe65⤵
- Executes dropped EXE
-
\??\c:\fxbvd.exec:\fxbvd.exe66⤵
-
\??\c:\xbpvft.exec:\xbpvft.exe67⤵
-
\??\c:\hjdjt.exec:\hjdjt.exe68⤵
-
\??\c:\xfhfxbl.exec:\xfhfxbl.exe69⤵
-
\??\c:\djfhxbb.exec:\djfhxbb.exe70⤵
-
\??\c:\tfxtf.exec:\tfxtf.exe71⤵
-
\??\c:\blnvlhd.exec:\blnvlhd.exe72⤵
-
\??\c:\jjpvftj.exec:\jjpvftj.exe73⤵
-
\??\c:\ltrprj.exec:\ltrprj.exe74⤵
-
\??\c:\rlbppv.exec:\rlbppv.exe75⤵
-
\??\c:\tnhld.exec:\tnhld.exe76⤵
-
\??\c:\fvrhn.exec:\fvrhn.exe77⤵
-
\??\c:\bvnltnn.exec:\bvnltnn.exe78⤵
-
\??\c:\xpdhrr.exec:\xpdhrr.exe79⤵
-
\??\c:\fdjxxdn.exec:\fdjxxdn.exe80⤵
-
\??\c:\nhntn.exec:\nhntn.exe81⤵
-
\??\c:\vldnhfb.exec:\vldnhfb.exe82⤵
-
\??\c:\lbvnx.exec:\lbvnx.exe83⤵
-
\??\c:\hdtplpp.exec:\hdtplpp.exe84⤵
-
\??\c:\hbdvp.exec:\hbdvp.exe85⤵
-
\??\c:\bfjdnl.exec:\bfjdnl.exe86⤵
-
\??\c:\brtrv.exec:\brtrv.exe87⤵
-
\??\c:\bxtndx.exec:\bxtndx.exe88⤵
-
\??\c:\hjplln.exec:\hjplln.exe89⤵
-
\??\c:\jtrhnx.exec:\jtrhnx.exe90⤵
-
\??\c:\xffrlv.exec:\xffrlv.exe91⤵
-
\??\c:\rldtxjp.exec:\rldtxjp.exe92⤵
-
\??\c:\ttjvr.exec:\ttjvr.exe93⤵
-
\??\c:\prxtnht.exec:\prxtnht.exe94⤵
-
\??\c:\nhrrdx.exec:\nhrrdx.exe95⤵
-
\??\c:\fhfdd.exec:\fhfdd.exe96⤵
-
\??\c:\vdbfttx.exec:\vdbfttx.exe97⤵
-
\??\c:\jtxfpvv.exec:\jtxfpvv.exe98⤵
-
\??\c:\hlhlf.exec:\hlhlf.exe99⤵
-
\??\c:\pjxnll.exec:\pjxnll.exe100⤵
-
\??\c:\htvdddn.exec:\htvdddn.exe101⤵
-
\??\c:\vdpvnhr.exec:\vdpvnhr.exe102⤵
-
\??\c:\txxjxbt.exec:\txxjxbt.exe103⤵
-
\??\c:\xrtxdv.exec:\xrtxdv.exe104⤵
-
\??\c:\vfhrlf.exec:\vfhrlf.exe105⤵
-
\??\c:\lbpnxr.exec:\lbpnxr.exe106⤵
-
\??\c:\xxhpvd.exec:\xxhpvd.exe107⤵
-
\??\c:\pdtxvlp.exec:\pdtxvlp.exe108⤵
-
\??\c:\dhldpx.exec:\dhldpx.exe109⤵
-
\??\c:\xjbbdh.exec:\xjbbdh.exe110⤵
-
\??\c:\njhtrdr.exec:\njhtrdr.exe111⤵
-
\??\c:\vhjxbb.exec:\vhjxbb.exe112⤵
-
\??\c:\vlhrt.exec:\vlhrt.exe113⤵
-
\??\c:\hxhvlvl.exec:\hxhvlvl.exe114⤵
-
\??\c:\jrbfvxd.exec:\jrbfvxd.exe115⤵
-
\??\c:\rrrjxnr.exec:\rrrjxnr.exe116⤵
-
\??\c:\bxdrr.exec:\bxdrr.exe117⤵
-
\??\c:\rhtnj.exec:\rhtnj.exe118⤵
-
\??\c:\xbltj.exec:\xbltj.exe119⤵
-
\??\c:\rnhhp.exec:\rnhhp.exe120⤵
-
\??\c:\djfpj.exec:\djfpj.exe121⤵
-
\??\c:\ppnblf.exec:\ppnblf.exe122⤵
-
\??\c:\fbltvp.exec:\fbltvp.exe123⤵
-
\??\c:\bnxfb.exec:\bnxfb.exe124⤵
-
\??\c:\vjdvvf.exec:\vjdvvf.exe125⤵
-
\??\c:\blvnldx.exec:\blvnldx.exe126⤵
-
\??\c:\dbfjn.exec:\dbfjn.exe127⤵
-
\??\c:\hxxhfx.exec:\hxxhfx.exe128⤵
-
\??\c:\ltvpxj.exec:\ltvpxj.exe129⤵
-
\??\c:\xfdhjt.exec:\xfdhjt.exe130⤵
-
\??\c:\xjtthxb.exec:\xjtthxb.exe131⤵
-
\??\c:\ldplnbn.exec:\ldplnbn.exe132⤵
-
\??\c:\ndrjx.exec:\ndrjx.exe133⤵
-
\??\c:\jjjtxhx.exec:\jjjtxhx.exe134⤵
-
\??\c:\pxrjdtf.exec:\pxrjdtf.exe135⤵
-
\??\c:\vttfv.exec:\vttfv.exe136⤵
-
\??\c:\hflvj.exec:\hflvj.exe137⤵
-
\??\c:\dnhjdrd.exec:\dnhjdrd.exe138⤵
-
\??\c:\pppfffb.exec:\pppfffb.exe139⤵
-
\??\c:\djrxxx.exec:\djrxxx.exe140⤵
-
\??\c:\hbvjnxb.exec:\hbvjnxb.exe141⤵
-
\??\c:\lblbx.exec:\lblbx.exe142⤵
-
\??\c:\dpftjd.exec:\dpftjd.exe143⤵
-
\??\c:\tdrbn.exec:\tdrbn.exe144⤵
-
\??\c:\bxnxdr.exec:\bxnxdr.exe145⤵
-
\??\c:\blfnx.exec:\blfnx.exe146⤵
-
\??\c:\hvfxhdv.exec:\hvfxhdv.exe147⤵
-
\??\c:\xfblbx.exec:\xfblbx.exe148⤵
-
\??\c:\ntljh.exec:\ntljh.exe149⤵
-
\??\c:\fvrjb.exec:\fvrjb.exe150⤵
-
\??\c:\tbnpfxt.exec:\tbnpfxt.exe151⤵
-
\??\c:\njxvttd.exec:\njxvttd.exe152⤵
-
\??\c:\xdrnnhp.exec:\xdrnnhp.exe153⤵
-
\??\c:\bxltb.exec:\bxltb.exe154⤵
-
\??\c:\dxxxx.exec:\dxxxx.exe155⤵
-
\??\c:\fnhlx.exec:\fnhlx.exe156⤵
-
\??\c:\bnjxrn.exec:\bnjxrn.exe157⤵
-
\??\c:\fphdjr.exec:\fphdjr.exe158⤵
-
\??\c:\nxxdr.exec:\nxxdr.exe159⤵
-
\??\c:\ththdpn.exec:\ththdpn.exe160⤵
-
\??\c:\dbxndrf.exec:\dbxndrf.exe161⤵
-
\??\c:\bnbvlfx.exec:\bnbvlfx.exe162⤵
-
\??\c:\jbftlt.exec:\jbftlt.exe163⤵
-
\??\c:\drvhj.exec:\drvhj.exe164⤵
-
\??\c:\pnvdnp.exec:\pnvdnp.exe165⤵
-
\??\c:\bfdlf.exec:\bfdlf.exe166⤵
-
\??\c:\ntvntpj.exec:\ntvntpj.exe167⤵
-
\??\c:\nxpbdh.exec:\nxpbdh.exe168⤵
-
\??\c:\bhvnxd.exec:\bhvnxd.exe169⤵
-
\??\c:\dphffd.exec:\dphffd.exe170⤵
-
\??\c:\xfjld.exec:\xfjld.exe171⤵
-
\??\c:\pjpvnn.exec:\pjpvnn.exe172⤵
-
\??\c:\jlnvrlp.exec:\jlnvrlp.exe173⤵
-
\??\c:\vnjbnx.exec:\vnjbnx.exe174⤵
-
\??\c:\vrvjj.exec:\vrvjj.exe175⤵
-
\??\c:\xbftflj.exec:\xbftflj.exe176⤵
-
\??\c:\rpbrdd.exec:\rpbrdd.exe177⤵
-
\??\c:\hffvr.exec:\hffvr.exe178⤵
-
\??\c:\hpdvr.exec:\hpdvr.exe179⤵
-
\??\c:\jtbhpxj.exec:\jtbhpxj.exe180⤵
-
\??\c:\pnfjn.exec:\pnfjn.exe181⤵
-
\??\c:\vxnbplx.exec:\vxnbplx.exe182⤵
-
\??\c:\bpdrld.exec:\bpdrld.exe183⤵
-
\??\c:\jlbtrlf.exec:\jlbtrlf.exe184⤵
-
\??\c:\vjxhtf.exec:\vjxhtf.exe185⤵
-
\??\c:\pfxfv.exec:\pfxfv.exe186⤵
-
\??\c:\nttrj.exec:\nttrj.exe187⤵
-
\??\c:\hnrbnph.exec:\hnrbnph.exe188⤵
-
\??\c:\ptvhft.exec:\ptvhft.exe189⤵
-
\??\c:\trnpfxn.exec:\trnpfxn.exe190⤵
-
\??\c:\pbhnb.exec:\pbhnb.exe191⤵
-
\??\c:\djnxtfb.exec:\djnxtfb.exe192⤵
-
\??\c:\nlpph.exec:\nlpph.exe193⤵
-
\??\c:\fxvrt.exec:\fxvrt.exe194⤵
-
\??\c:\jtbxn.exec:\jtbxn.exe195⤵
-
\??\c:\pnptjbn.exec:\pnptjbn.exe196⤵
-
\??\c:\pfhlldx.exec:\pfhlldx.exe197⤵
-
\??\c:\dflvvx.exec:\dflvvx.exe198⤵
-
\??\c:\flfhpnp.exec:\flfhpnp.exe199⤵
-
\??\c:\vlxjpjp.exec:\vlxjpjp.exe200⤵
-
\??\c:\vplfb.exec:\vplfb.exe201⤵
-
\??\c:\hpdjvh.exec:\hpdjvh.exe202⤵
-
\??\c:\txfbd.exec:\txfbd.exe203⤵
-
\??\c:\dbbnpdf.exec:\dbbnpdf.exe204⤵
-
\??\c:\xnxdnp.exec:\xnxdnp.exe205⤵
-
\??\c:\bxvbbbx.exec:\bxvbbbx.exe206⤵
-
\??\c:\lhnbtvb.exec:\lhnbtvb.exe207⤵
-
\??\c:\bhtjb.exec:\bhtjb.exe208⤵
-
\??\c:\xffff.exec:\xffff.exe209⤵
-
\??\c:\tvjbb.exec:\tvjbb.exe210⤵
-
\??\c:\xbhlhlj.exec:\xbhlhlj.exe211⤵
-
\??\c:\rtdxv.exec:\rtdxv.exe212⤵
-
\??\c:\hlhfdd.exec:\hlhfdd.exe213⤵
-
\??\c:\dtxvhtp.exec:\dtxvhtp.exe214⤵
-
\??\c:\nxdnd.exec:\nxdnd.exe215⤵
-
\??\c:\npppn.exec:\npppn.exe216⤵
-
\??\c:\xndxj.exec:\xndxj.exe217⤵
-
\??\c:\dxrnvlr.exec:\dxrnvlr.exe218⤵
-
\??\c:\nlvbv.exec:\nlvbv.exe219⤵
-
\??\c:\tldddl.exec:\tldddl.exe220⤵
-
\??\c:\bvphv.exec:\bvphv.exe221⤵
-
\??\c:\lhtfhj.exec:\lhtfhj.exe222⤵
-
\??\c:\nrpdrp.exec:\nrpdrp.exe223⤵
-
\??\c:\lfbhptl.exec:\lfbhptl.exe224⤵
-
\??\c:\fjrhp.exec:\fjrhp.exe225⤵
-
\??\c:\xnjrv.exec:\xnjrv.exe226⤵
-
\??\c:\fhptnbt.exec:\fhptnbt.exe227⤵
-
\??\c:\jljlj.exec:\jljlj.exe228⤵
-
\??\c:\ffpxj.exec:\ffpxj.exe229⤵
-
\??\c:\xthnll.exec:\xthnll.exe230⤵
-
\??\c:\nnjrx.exec:\nnjrx.exe231⤵
-
\??\c:\jlpjd.exec:\jlpjd.exe232⤵
-
\??\c:\jrdvrh.exec:\jrdvrh.exe233⤵
-
\??\c:\ltvrjb.exec:\ltvrjb.exe234⤵
-
\??\c:\rrdjp.exec:\rrdjp.exe235⤵
-
\??\c:\jrxlp.exec:\jrxlp.exe236⤵
-
\??\c:\vhnxd.exec:\vhnxd.exe237⤵
-
\??\c:\nxbnj.exec:\nxbnj.exe238⤵
-
\??\c:\xlnnhp.exec:\xlnnhp.exe239⤵
-
\??\c:\ffftxh.exec:\ffftxh.exe240⤵
-
\??\c:\jjdrtph.exec:\jjdrtph.exe241⤵