Analysis
-
max time kernel
151s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
31/05/2024, 22:57
General
-
Target
832fa94d0295471aa27c9de0920dcad0_NeikiAnalytics.exe
-
Size
71KB
-
MD5
832fa94d0295471aa27c9de0920dcad0
-
SHA1
14f22152dd6f12d8976efb957cccd61f030c09da
-
SHA256
be7fc41357a7cce1659f787a9d17bac9a5a7290eaca2d3b779fa1ee9947445d6
-
SHA512
c499a68a8780d97b042b222322d176efb8460007829d703d4e31df749fee2f8fcda53ab3a8e9bfb4b51e3f16a8bb3b6208f5585dcb0582b759164c5ebc6976dd
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb7GTi3ldf:ymb3NkkiQ3mdBjFIWY1
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 21 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\832fa94d0295471aa27c9de0920dcad0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\832fa94d0295471aa27c9de0920dcad0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\phjbjb.exec:\phjbjb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nrbpnhr.exec:\nrbpnhr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\blpvtn.exec:\blpvtn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drvrpn.exec:\drvrpn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjxjlbd.exec:\pjxjlbd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrtjt.exec:\hrtjt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jlhbpd.exec:\jlhbpd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhphbfb.exec:\nhphbfb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbvrfrj.exec:\tbvrfrj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\njlnj.exec:\njlnj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfjnt.exec:\dfjnt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfhtdjj.exec:\bfhtdjj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnbjtvt.exec:\bnbjtvt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dfrllbd.exec:\dfrllbd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtpxh.exec:\vtpxh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjbjnbb.exec:\jjbjnbb.exe17⤵
- Executes dropped EXE
-
\??\c:\nnftlb.exec:\nnftlb.exe18⤵
- Executes dropped EXE
-
\??\c:\xhlvjtr.exec:\xhlvjtr.exe19⤵
- Executes dropped EXE
-
\??\c:\rdbll.exec:\rdbll.exe20⤵
- Executes dropped EXE
-
\??\c:\vbvjpf.exec:\vbvjpf.exe21⤵
- Executes dropped EXE
-
\??\c:\nrndbn.exec:\nrndbn.exe22⤵
- Executes dropped EXE
-
\??\c:\vbhph.exec:\vbhph.exe23⤵
- Executes dropped EXE
-
\??\c:\fbhlnrl.exec:\fbhlnrl.exe24⤵
- Executes dropped EXE
-
\??\c:\rtplhrp.exec:\rtplhrp.exe25⤵
- Executes dropped EXE
-
\??\c:\brdfp.exec:\brdfp.exe26⤵
- Executes dropped EXE
-
\??\c:\xfbhjl.exec:\xfbhjl.exe27⤵
- Executes dropped EXE
-
\??\c:\ffhfdln.exec:\ffhfdln.exe28⤵
- Executes dropped EXE
-
\??\c:\bnhtnx.exec:\bnhtnx.exe29⤵
- Executes dropped EXE
-
\??\c:\jljbdr.exec:\jljbdr.exe30⤵
- Executes dropped EXE
-
\??\c:\vlbpj.exec:\vlbpj.exe31⤵
- Executes dropped EXE
-
\??\c:\vpjtdnr.exec:\vpjtdnr.exe32⤵
- Executes dropped EXE
-
\??\c:\lhljjrf.exec:\lhljjrf.exe33⤵
- Executes dropped EXE
-
\??\c:\vpnvn.exec:\vpnvn.exe34⤵
- Executes dropped EXE
-
\??\c:\frnxjvb.exec:\frnxjvb.exe35⤵
- Executes dropped EXE
-
\??\c:\plxvdfj.exec:\plxvdfj.exe36⤵
- Executes dropped EXE
-
\??\c:\dxpxj.exec:\dxpxj.exe37⤵
- Executes dropped EXE
-
\??\c:\rvttlh.exec:\rvttlh.exe38⤵
- Executes dropped EXE
-
\??\c:\fpvxv.exec:\fpvxv.exe39⤵
- Executes dropped EXE
-
\??\c:\rbfrbf.exec:\rbfrbf.exe40⤵
- Executes dropped EXE
-
\??\c:\jthtvfl.exec:\jthtvfl.exe41⤵
- Executes dropped EXE
-
\??\c:\xdfxpb.exec:\xdfxpb.exe42⤵
- Executes dropped EXE
-
\??\c:\brrdb.exec:\brrdb.exe43⤵
- Executes dropped EXE
-
\??\c:\dxhfj.exec:\dxhfj.exe44⤵
- Executes dropped EXE
-
\??\c:\jvvxn.exec:\jvvxn.exe45⤵
- Executes dropped EXE
-
\??\c:\lplvp.exec:\lplvp.exe46⤵
- Executes dropped EXE
-
\??\c:\jftbv.exec:\jftbv.exe47⤵
- Executes dropped EXE
-
\??\c:\nbrbfv.exec:\nbrbfv.exe48⤵
- Executes dropped EXE
-
\??\c:\dxfrtrn.exec:\dxfrtrn.exe49⤵
- Executes dropped EXE
-
\??\c:\ffxvf.exec:\ffxvf.exe50⤵
- Executes dropped EXE
-
\??\c:\jlptv.exec:\jlptv.exe51⤵
- Executes dropped EXE
-
\??\c:\fvllvdx.exec:\fvllvdx.exe52⤵
- Executes dropped EXE
-
\??\c:\jpbtldp.exec:\jpbtldp.exe53⤵
- Executes dropped EXE
-
\??\c:\hbxbtv.exec:\hbxbtv.exe54⤵
- Executes dropped EXE
-
\??\c:\bljbdn.exec:\bljbdn.exe55⤵
- Executes dropped EXE
-
\??\c:\bxndn.exec:\bxndn.exe56⤵
- Executes dropped EXE
-
\??\c:\rxtlfj.exec:\rxtlfj.exe57⤵
- Executes dropped EXE
-
\??\c:\npthd.exec:\npthd.exe58⤵
- Executes dropped EXE
-
\??\c:\hpnhrxx.exec:\hpnhrxx.exe59⤵
- Executes dropped EXE
-
\??\c:\blvvfx.exec:\blvvfx.exe60⤵
- Executes dropped EXE
-
\??\c:\hljhvbv.exec:\hljhvbv.exe61⤵
- Executes dropped EXE
-
\??\c:\ftdxflt.exec:\ftdxflt.exe62⤵
- Executes dropped EXE
-
\??\c:\fdlhl.exec:\fdlhl.exe63⤵
- Executes dropped EXE
-
\??\c:\ljpjd.exec:\ljpjd.exe64⤵
- Executes dropped EXE
-
\??\c:\xttxjd.exec:\xttxjd.exe65⤵
- Executes dropped EXE
-
\??\c:\rthbdd.exec:\rthbdd.exe66⤵
-
\??\c:\pnnfht.exec:\pnnfht.exe67⤵
-
\??\c:\pvhtr.exec:\pvhtr.exe68⤵
-
\??\c:\hxtnf.exec:\hxtnf.exe69⤵
-
\??\c:\tjxxprn.exec:\tjxxprn.exe70⤵
-
\??\c:\rlhlxbh.exec:\rlhlxbh.exe71⤵
-
\??\c:\fdhjxjn.exec:\fdhjxjn.exe72⤵
-
\??\c:\ttdvb.exec:\ttdvb.exe73⤵
-
\??\c:\dtrnn.exec:\dtrnn.exe74⤵
-
\??\c:\fndrh.exec:\fndrh.exe75⤵
-
\??\c:\nvtlbj.exec:\nvtlbj.exe76⤵
-
\??\c:\hvhpnpl.exec:\hvhpnpl.exe77⤵
-
\??\c:\vlpxfb.exec:\vlpxfb.exe78⤵
-
\??\c:\fjbpx.exec:\fjbpx.exe79⤵
-
\??\c:\rhxdxd.exec:\rhxdxd.exe80⤵
-
\??\c:\hjffr.exec:\hjffr.exe81⤵
-
\??\c:\pdjbrj.exec:\pdjbrj.exe82⤵
-
\??\c:\nvpfdv.exec:\nvpfdv.exe83⤵
-
\??\c:\hrvlhjp.exec:\hrvlhjp.exe84⤵
-
\??\c:\nvjbb.exec:\nvjbb.exe85⤵
-
\??\c:\lbjfbrn.exec:\lbjfbrn.exe86⤵
-
\??\c:\vbxvx.exec:\vbxvx.exe87⤵
-
\??\c:\vrjbpr.exec:\vrjbpr.exe88⤵
-
\??\c:\txpjn.exec:\txpjn.exe89⤵
-
\??\c:\prfxf.exec:\prfxf.exe90⤵
-
\??\c:\ftdhrpv.exec:\ftdhrpv.exe91⤵
-
\??\c:\bbvbrjl.exec:\bbvbrjl.exe92⤵
-
\??\c:\hfttrx.exec:\hfttrx.exe93⤵
-
\??\c:\vpvrpjv.exec:\vpvrpjv.exe94⤵
-
\??\c:\nfjxrvf.exec:\nfjxrvf.exe95⤵
-
\??\c:\xtphpb.exec:\xtphpb.exe96⤵
-
\??\c:\xjrrxf.exec:\xjrrxf.exe97⤵
-
\??\c:\fpdhnvb.exec:\fpdhnvb.exe98⤵
-
\??\c:\fnxnv.exec:\fnxnv.exe99⤵
-
\??\c:\pxljb.exec:\pxljb.exe100⤵
-
\??\c:\ltbnlp.exec:\ltbnlp.exe101⤵
-
\??\c:\pxbdhj.exec:\pxbdhj.exe102⤵
-
\??\c:\jjxbvr.exec:\jjxbvr.exe103⤵
-
\??\c:\vvvrjxj.exec:\vvvrjxj.exe104⤵
-
\??\c:\pjvvvdd.exec:\pjvvvdd.exe105⤵
-
\??\c:\xpxjx.exec:\xpxjx.exe106⤵
-
\??\c:\xnfjbxd.exec:\xnfjbxd.exe107⤵
-
\??\c:\prrvrjv.exec:\prrvrjv.exe108⤵
-
\??\c:\dvhjd.exec:\dvhjd.exe109⤵
-
\??\c:\fxrnfv.exec:\fxrnfv.exe110⤵
-
\??\c:\jlbpd.exec:\jlbpd.exe111⤵
-
\??\c:\nvrnnl.exec:\nvrnnl.exe112⤵
-
\??\c:\hrpnhn.exec:\hrpnhn.exe113⤵
-
\??\c:\vpbtr.exec:\vpbtr.exe114⤵
-
\??\c:\thrxp.exec:\thrxp.exe115⤵
-
\??\c:\rpvxblh.exec:\rpvxblh.exe116⤵
-
\??\c:\npnldpn.exec:\npnldpn.exe117⤵
-
\??\c:\fjtfft.exec:\fjtfft.exe118⤵
-
\??\c:\rlhlhjr.exec:\rlhlhjr.exe119⤵
-
\??\c:\xlvvnt.exec:\xlvvnt.exe120⤵
-
\??\c:\frbdtv.exec:\frbdtv.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-