Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30/05/2024, 13:46
General
-
Target
fff1a7f0fb125a75c84bc2ab6dc418d0_NeikiAnalytics.exe
-
Size
366KB
-
MD5
fff1a7f0fb125a75c84bc2ab6dc418d0
-
SHA1
a6039cf66d2b80404c59d080f69a867a8cbdb1c3
-
SHA256
3d8f2d8fe716643635ffdd15b40b6b050157d200277e969d22b4f68c8348ea2f
-
SHA512
ac78d35ab88a27cc4031a6e3be2a6bee38beb1305307337dec4c7b873fe65d5b786201ea108bf8d8fc92f13616550584a959333fa84092f7f389e48b89335d0e
-
SSDEEP
6144:n3C9BRo7tvnJ99T/KZEL3RUXownfWQkyCpxwJz9e0pQowLh3EhToK9cT085mnFhw:n3C9ytvnVXFUXoSWlnwJv90aKToFqwfe
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fff1a7f0fb125a75c84bc2ab6dc418d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\fff1a7f0fb125a75c84bc2ab6dc418d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hlplpvh.exec:\hlplpvh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfx.exec:\fxrfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drbhdp.exec:\drbhdp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbftbvd.exec:\dbftbvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vhfdrjf.exec:\vhfdrjf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjldnhr.exec:\fjldnhr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnjbbb.exec:\tnjbbb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pntdtbx.exec:\pntdtbx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dplfrn.exec:\dplfrn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdbdbvn.exec:\fdbdbvn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hvffjhn.exec:\hvffjhn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxftf.exec:\pxftf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nxvfxnr.exec:\nxvfxnr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djvdrh.exec:\djvdrh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrplbbx.exec:\lrplbbx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bpfbn.exec:\bpfbn.exe17⤵
- Executes dropped EXE
-
\??\c:\bdjffhv.exec:\bdjffhv.exe18⤵
- Executes dropped EXE
-
\??\c:\hpfnxtt.exec:\hpfnxtt.exe19⤵
- Executes dropped EXE
-
\??\c:\jlxhbv.exec:\jlxhbv.exe20⤵
- Executes dropped EXE
-
\??\c:\pdrvrv.exec:\pdrvrv.exe21⤵
- Executes dropped EXE
-
\??\c:\bppvb.exec:\bppvb.exe22⤵
- Executes dropped EXE
-
\??\c:\rrjdbbj.exec:\rrjdbbj.exe23⤵
- Executes dropped EXE
-
\??\c:\brbpfph.exec:\brbpfph.exe24⤵
- Executes dropped EXE
-
\??\c:\vfvnvjn.exec:\vfvnvjn.exe25⤵
- Executes dropped EXE
-
\??\c:\tpdrdjp.exec:\tpdrdjp.exe26⤵
- Executes dropped EXE
-
\??\c:\fbjpn.exec:\fbjpn.exe27⤵
- Executes dropped EXE
-
\??\c:\pppjjjj.exec:\pppjjjj.exe28⤵
- Executes dropped EXE
-
\??\c:\dlfnjd.exec:\dlfnjd.exe29⤵
- Executes dropped EXE
-
\??\c:\vnbbx.exec:\vnbbx.exe30⤵
- Executes dropped EXE
-
\??\c:\xdhjnp.exec:\xdhjnp.exe31⤵
- Executes dropped EXE
-
\??\c:\nfbprvp.exec:\nfbprvp.exe32⤵
- Executes dropped EXE
-
\??\c:\ldjffjr.exec:\ldjffjr.exe33⤵
- Executes dropped EXE
-
\??\c:\lrnhx.exec:\lrnhx.exe34⤵
- Executes dropped EXE
-
\??\c:\bthlfvt.exec:\bthlfvt.exe35⤵
- Executes dropped EXE
-
\??\c:\bdfvxpl.exec:\bdfvxpl.exe36⤵
- Executes dropped EXE
-
\??\c:\rhjvn.exec:\rhjvn.exe37⤵
- Executes dropped EXE
-
\??\c:\fnhxhb.exec:\fnhxhb.exe38⤵
- Executes dropped EXE
-
\??\c:\tjbjhhn.exec:\tjbjhhn.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbvdj.exec:\hhbvdj.exe40⤵
- Executes dropped EXE
-
\??\c:\fnptnb.exec:\fnptnb.exe41⤵
- Executes dropped EXE
-
\??\c:\dflpfb.exec:\dflpfb.exe42⤵
- Executes dropped EXE
-
\??\c:\jjxjjtn.exec:\jjxjjtn.exe43⤵
- Executes dropped EXE
-
\??\c:\brrvfbf.exec:\brrvfbf.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxlbv.exec:\xxxlbv.exe45⤵
- Executes dropped EXE
-
\??\c:\rjfpfv.exec:\rjfpfv.exe46⤵
- Executes dropped EXE
-
\??\c:\xpnbrfv.exec:\xpnbrfv.exe47⤵
- Executes dropped EXE
-
\??\c:\bnjjxpv.exec:\bnjjxpv.exe48⤵
- Executes dropped EXE
-
\??\c:\tfxvrnh.exec:\tfxvrnh.exe49⤵
- Executes dropped EXE
-
\??\c:\vrhhr.exec:\vrhhr.exe50⤵
- Executes dropped EXE
-
\??\c:\phxfhhb.exec:\phxfhhb.exe51⤵
- Executes dropped EXE
-
\??\c:\fnvhf.exec:\fnvhf.exe52⤵
- Executes dropped EXE
-
\??\c:\fltbdjx.exec:\fltbdjx.exe53⤵
- Executes dropped EXE
-
\??\c:\pjphft.exec:\pjphft.exe54⤵
- Executes dropped EXE
-
\??\c:\pjvrjvv.exec:\pjvrjvv.exe55⤵
- Executes dropped EXE
-
\??\c:\vrbxd.exec:\vrbxd.exe56⤵
- Executes dropped EXE
-
\??\c:\jjvfnnl.exec:\jjvfnnl.exe57⤵
- Executes dropped EXE
-
\??\c:\xjlxh.exec:\xjlxh.exe58⤵
- Executes dropped EXE
-
\??\c:\bdjvplv.exec:\bdjvplv.exe59⤵
- Executes dropped EXE
-
\??\c:\nffnnfj.exec:\nffnnfj.exe60⤵
- Executes dropped EXE
-
\??\c:\vdhpp.exec:\vdhpp.exe61⤵
- Executes dropped EXE
-
\??\c:\rnvpjtb.exec:\rnvpjtb.exe62⤵
- Executes dropped EXE
-
\??\c:\dhbhpdd.exec:\dhbhpdd.exe63⤵
- Executes dropped EXE
-
\??\c:\jpfnvb.exec:\jpfnvb.exe64⤵
- Executes dropped EXE
-
\??\c:\vvdpv.exec:\vvdpv.exe65⤵
- Executes dropped EXE
-
\??\c:\hhxxp.exec:\hhxxp.exe66⤵
-
\??\c:\bpdjndv.exec:\bpdjndv.exe67⤵
-
\??\c:\lnrxdv.exec:\lnrxdv.exe68⤵
-
\??\c:\jtrln.exec:\jtrln.exe69⤵
-
\??\c:\fhjlfth.exec:\fhjlfth.exe70⤵
-
\??\c:\pjflpp.exec:\pjflpp.exe71⤵
-
\??\c:\jbdhhfj.exec:\jbdhhfj.exe72⤵
-
\??\c:\fjxxdj.exec:\fjxxdj.exe73⤵
-
\??\c:\bjrlrlp.exec:\bjrlrlp.exe74⤵
-
\??\c:\ptjvxr.exec:\ptjvxr.exe75⤵
-
\??\c:\hxnlhf.exec:\hxnlhf.exe76⤵
-
\??\c:\ppjlr.exec:\ppjlr.exe77⤵
-
\??\c:\bjvdhj.exec:\bjvdhj.exe78⤵
-
\??\c:\rdtnl.exec:\rdtnl.exe79⤵
-
\??\c:\hhjprv.exec:\hhjprv.exe80⤵
-
\??\c:\tdxvjj.exec:\tdxvjj.exe81⤵
-
\??\c:\bvlbjb.exec:\bvlbjb.exe82⤵
-
\??\c:\nbjpb.exec:\nbjpb.exe83⤵
-
\??\c:\dlxddh.exec:\dlxddh.exe84⤵
-
\??\c:\vtppfbf.exec:\vtppfbf.exe85⤵
-
\??\c:\jvxpn.exec:\jvxpn.exe86⤵
-
\??\c:\dhbrh.exec:\dhbrh.exe87⤵
-
\??\c:\xlvtx.exec:\xlvtx.exe88⤵
-
\??\c:\htvhd.exec:\htvhd.exe89⤵
-
\??\c:\vjnvnr.exec:\vjnvnr.exe90⤵
-
\??\c:\bhprb.exec:\bhprb.exe91⤵
-
\??\c:\jxtjf.exec:\jxtjf.exe92⤵
-
\??\c:\hxpbr.exec:\hxpbr.exe93⤵
-
\??\c:\rjnnrx.exec:\rjnnrx.exe94⤵
-
\??\c:\rnhfrv.exec:\rnhfrv.exe95⤵
-
\??\c:\fftrf.exec:\fftrf.exe96⤵
-
\??\c:\nrxdx.exec:\nrxdx.exe97⤵
-
\??\c:\vndrp.exec:\vndrp.exe98⤵
-
\??\c:\bhlfvx.exec:\bhlfvx.exe99⤵
-
\??\c:\ljxrpd.exec:\ljxrpd.exe100⤵
-
\??\c:\lxrbr.exec:\lxrbr.exe101⤵
-
\??\c:\blttj.exec:\blttj.exe102⤵
-
\??\c:\ndfjb.exec:\ndfjb.exe103⤵
-
\??\c:\blpbbdh.exec:\blpbbdh.exe104⤵
-
\??\c:\tbjtlbn.exec:\tbjtlbn.exe105⤵
-
\??\c:\bvblj.exec:\bvblj.exe106⤵
-
\??\c:\tjvtpf.exec:\tjvtpf.exe107⤵
-
\??\c:\bprlv.exec:\bprlv.exe108⤵
-
\??\c:\ttllt.exec:\ttllt.exe109⤵
-
\??\c:\xnfxft.exec:\xnfxft.exe110⤵
-
\??\c:\vdrtpl.exec:\vdrtpl.exe111⤵
-
\??\c:\jjvvvbl.exec:\jjvvvbl.exe112⤵
-
\??\c:\lxfrx.exec:\lxfrx.exe113⤵
-
\??\c:\njvtpb.exec:\njvtpb.exe114⤵
-
\??\c:\lhlrrn.exec:\lhlrrn.exe115⤵
-
\??\c:\jjrblbb.exec:\jjrblbb.exe116⤵
-
\??\c:\jrxxvh.exec:\jrxxvh.exe117⤵
-
\??\c:\pbhbjj.exec:\pbhbjj.exe118⤵
-
\??\c:\prdhx.exec:\prdhx.exe119⤵
-
\??\c:\dvbrv.exec:\dvbrv.exe120⤵
-
\??\c:\tffjdl.exec:\tffjdl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-