Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/05/2024, 20:22
General
-
Target
011b8cdb25e85ea6efce0efdd83e7890_NeikiAnalytics.exe
-
Size
68KB
-
MD5
011b8cdb25e85ea6efce0efdd83e7890
-
SHA1
7a34c4f3782121274953d04dbf44cd1ece395871
-
SHA256
78ccee4dcf732c616fc707ed30ca20a8f0a5d0a36c8f49bbaaf6d91ba6dab386
-
SHA512
1ca4b19f25ca31f29265b6b4e36504b0addae2ae98615487a4322c3df01d1013fc4bd2244a31eb804777184c1f209588aaf4359ac16c059b0778c7eb633bc2f3
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIJ/RWPqBjfjW:ymb3NkkiQ3mdBjFIqsjC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\011b8cdb25e85ea6efce0efdd83e7890_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\011b8cdb25e85ea6efce0efdd83e7890_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jxjbjhf.exec:\jxjbjhf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfxfbjx.exec:\rfxfbjx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lpvvvbh.exec:\lpvvvbh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hftjfnv.exec:\hftjfnv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brbjphl.exec:\brbjphl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrvdfb.exec:\hrvdfb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jnlflnf.exec:\jnlflnf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfjfl.exec:\rfjfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdhdjj.exec:\xdhdjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtbntt.exec:\dtbntt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrtbvvp.exec:\nrtbvvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tdtnb.exec:\tdtnb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrxdjnj.exec:\xrxdjnj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlnlxj.exec:\rlnlxj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lbllljp.exec:\lbllljp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pnbbrdd.exec:\pnbbrdd.exe17⤵
- Executes dropped EXE
-
\??\c:\rxxttj.exec:\rxxttj.exe18⤵
- Executes dropped EXE
-
\??\c:\frrlr.exec:\frrlr.exe19⤵
- Executes dropped EXE
-
\??\c:\tnntdpp.exec:\tnntdpp.exe20⤵
- Executes dropped EXE
-
\??\c:\rrbnx.exec:\rrbnx.exe21⤵
- Executes dropped EXE
-
\??\c:\fdptdtv.exec:\fdptdtv.exe22⤵
- Executes dropped EXE
-
\??\c:\bjrjrbr.exec:\bjrjrbr.exe23⤵
- Executes dropped EXE
-
\??\c:\tdjrrbj.exec:\tdjrrbj.exe24⤵
- Executes dropped EXE
-
\??\c:\jbxhjxv.exec:\jbxhjxv.exe25⤵
- Executes dropped EXE
-
\??\c:\fjxlj.exec:\fjxlj.exe26⤵
- Executes dropped EXE
-
\??\c:\fbfvn.exec:\fbfvn.exe27⤵
- Executes dropped EXE
-
\??\c:\nxjlrl.exec:\nxjlrl.exe28⤵
- Executes dropped EXE
-
\??\c:\vxhtrbr.exec:\vxhtrbr.exe29⤵
- Executes dropped EXE
-
\??\c:\pvjtd.exec:\pvjtd.exe30⤵
- Executes dropped EXE
-
\??\c:\ndtdfxj.exec:\ndtdfxj.exe31⤵
- Executes dropped EXE
-
\??\c:\nhdvl.exec:\nhdvl.exe32⤵
- Executes dropped EXE
-
\??\c:\lhxhd.exec:\lhxhd.exe33⤵
- Executes dropped EXE
-
\??\c:\blpbl.exec:\blpbl.exe34⤵
- Executes dropped EXE
-
\??\c:\xfbrjv.exec:\xfbrjv.exe35⤵
- Executes dropped EXE
-
\??\c:\tpdvtr.exec:\tpdvtr.exe36⤵
- Executes dropped EXE
-
\??\c:\prrrl.exec:\prrrl.exe37⤵
- Executes dropped EXE
-
\??\c:\vvrnbnh.exec:\vvrnbnh.exe38⤵
- Executes dropped EXE
-
\??\c:\rxjtfd.exec:\rxjtfd.exe39⤵
- Executes dropped EXE
-
\??\c:\fnvpnrx.exec:\fnvpnrx.exe40⤵
- Executes dropped EXE
-
\??\c:\dfhfvdf.exec:\dfhfvdf.exe41⤵
- Executes dropped EXE
-
\??\c:\hjndvd.exec:\hjndvd.exe42⤵
- Executes dropped EXE
-
\??\c:\prxvnv.exec:\prxvnv.exe43⤵
- Executes dropped EXE
-
\??\c:\brhjf.exec:\brhjf.exe44⤵
- Executes dropped EXE
-
\??\c:\hnbtx.exec:\hnbtx.exe45⤵
- Executes dropped EXE
-
\??\c:\lrptxn.exec:\lrptxn.exe46⤵
- Executes dropped EXE
-
\??\c:\xnxxtl.exec:\xnxxtl.exe47⤵
- Executes dropped EXE
-
\??\c:\jfnxll.exec:\jfnxll.exe48⤵
- Executes dropped EXE
-
\??\c:\nfvnjb.exec:\nfvnjb.exe49⤵
- Executes dropped EXE
-
\??\c:\ltrdrrn.exec:\ltrdrrn.exe50⤵
- Executes dropped EXE
-
\??\c:\nlvxl.exec:\nlvxl.exe51⤵
- Executes dropped EXE
-
\??\c:\btrhrf.exec:\btrhrf.exe52⤵
- Executes dropped EXE
-
\??\c:\nxlnr.exec:\nxlnr.exe53⤵
- Executes dropped EXE
-
\??\c:\bndtdh.exec:\bndtdh.exe54⤵
- Executes dropped EXE
-
\??\c:\nhhbj.exec:\nhhbj.exe55⤵
- Executes dropped EXE
-
\??\c:\vphrtlj.exec:\vphrtlj.exe56⤵
- Executes dropped EXE
-
\??\c:\thtltjj.exec:\thtltjj.exe57⤵
- Executes dropped EXE
-
\??\c:\djvhj.exec:\djvhj.exe58⤵
- Executes dropped EXE
-
\??\c:\lxdbnhf.exec:\lxdbnhf.exe59⤵
- Executes dropped EXE
-
\??\c:\pfjnbtp.exec:\pfjnbtp.exe60⤵
- Executes dropped EXE
-
\??\c:\hlpnnj.exec:\hlpnnj.exe61⤵
- Executes dropped EXE
-
\??\c:\nllhrvv.exec:\nllhrvv.exe62⤵
- Executes dropped EXE
-
\??\c:\jrbntd.exec:\jrbntd.exe63⤵
- Executes dropped EXE
-
\??\c:\lhllnv.exec:\lhllnv.exe64⤵
- Executes dropped EXE
-
\??\c:\xxddn.exec:\xxddn.exe65⤵
- Executes dropped EXE
-
\??\c:\lnbbfvj.exec:\lnbbfvj.exe66⤵
-
\??\c:\tfjnhhj.exec:\tfjnhhj.exe67⤵
-
\??\c:\hxpnr.exec:\hxpnr.exe68⤵
-
\??\c:\bhnrjv.exec:\bhnrjv.exe69⤵
-
\??\c:\xlptb.exec:\xlptb.exe70⤵
-
\??\c:\jbnbp.exec:\jbnbp.exe71⤵
-
\??\c:\jbjvprn.exec:\jbjvprn.exe72⤵
-
\??\c:\nxvrhx.exec:\nxvrhx.exe73⤵
-
\??\c:\pvrjj.exec:\pvrjj.exe74⤵
-
\??\c:\tvrhl.exec:\tvrhl.exe75⤵
-
\??\c:\prfbv.exec:\prfbv.exe76⤵
-
\??\c:\lxdhfx.exec:\lxdhfx.exe77⤵
-
\??\c:\hrrxjb.exec:\hrrxjb.exe78⤵
-
\??\c:\hjhxj.exec:\hjhxj.exe79⤵
-
\??\c:\dlpxjt.exec:\dlpxjt.exe80⤵
-
\??\c:\lxbvv.exec:\lxbvv.exe81⤵
-
\??\c:\hnjtdt.exec:\hnjtdt.exe82⤵
-
\??\c:\rplxl.exec:\rplxl.exe83⤵
-
\??\c:\fljhj.exec:\fljhj.exe84⤵
-
\??\c:\vlfrtld.exec:\vlfrtld.exe85⤵
-
\??\c:\blbbht.exec:\blbbht.exe86⤵
-
\??\c:\rjfjn.exec:\rjfjn.exe87⤵
-
\??\c:\xrpbjrb.exec:\xrpbjrb.exe88⤵
-
\??\c:\pjnxtrv.exec:\pjnxtrv.exe89⤵
-
\??\c:\blnlpb.exec:\blnlpb.exe90⤵
-
\??\c:\pfrpnl.exec:\pfrpnl.exe91⤵
-
\??\c:\jlrjvt.exec:\jlrjvt.exe92⤵
-
\??\c:\vvjlht.exec:\vvjlht.exe93⤵
-
\??\c:\ndhjl.exec:\ndhjl.exe94⤵
-
\??\c:\brxfn.exec:\brxfn.exe95⤵
-
\??\c:\dtxrvv.exec:\dtxrvv.exe96⤵
-
\??\c:\nrthjpt.exec:\nrthjpt.exe97⤵
-
\??\c:\vxtnjt.exec:\vxtnjt.exe98⤵
-
\??\c:\rrfbdf.exec:\rrfbdf.exe99⤵
-
\??\c:\rvfllt.exec:\rvfllt.exe100⤵
-
\??\c:\vdljhj.exec:\vdljhj.exe101⤵
-
\??\c:\ldvdh.exec:\ldvdh.exe102⤵
-
\??\c:\nnrnnrb.exec:\nnrnnrb.exe103⤵
-
\??\c:\bftlvn.exec:\bftlvn.exe104⤵
-
\??\c:\xxhjtpb.exec:\xxhjtpb.exe105⤵
-
\??\c:\rhjxjnh.exec:\rhjxjnh.exe106⤵
-
\??\c:\xrnnjbl.exec:\xrnnjbl.exe107⤵
-
\??\c:\jrjrf.exec:\jrjrf.exe108⤵
-
\??\c:\vjxdtj.exec:\vjxdtj.exe109⤵
-
\??\c:\trfjflp.exec:\trfjflp.exe110⤵
-
\??\c:\lxhxpj.exec:\lxhxpj.exe111⤵
-
\??\c:\dnxtd.exec:\dnxtd.exe112⤵
-
\??\c:\fxblfvt.exec:\fxblfvt.exe113⤵
-
\??\c:\fjdjp.exec:\fjdjp.exe114⤵
-
\??\c:\ttjhphn.exec:\ttjhphn.exe115⤵
-
\??\c:\thhvhdr.exec:\thhvhdr.exe116⤵
-
\??\c:\jjrtx.exec:\jjrtx.exe117⤵
-
\??\c:\flftlxx.exec:\flftlxx.exe118⤵
-
\??\c:\vdvrjvr.exec:\vdvrjvr.exe119⤵
-
\??\c:\hffphd.exec:\hffphd.exe120⤵
-
\??\c:\fptjlrn.exec:\fptjlrn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-