Analysis
-
max time kernel
148s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
02/06/2024, 01:33
General
-
Target
1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
1d0953d05efec3e53c3fb8ffbd3a8cd0
-
SHA1
5dcaed28bf86dbe8a84341e4409e4b1e921a1168
-
SHA256
314b32a30e4c2f5619c10e323343c6cd1d30042a7a5480f7c74e3cbf5f49c221
-
SHA512
b63c8537f82245e71aae1612043b7832e966d0412600c17509782ece9cc32754ed1f0088d3666d7a936f41896b34a9cd5b0c14c4a8186070465a63d90d7e00a9
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7QV:zhOmTsF93UYfwC6GIoutiTU2HVS63QV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 48 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jrppbvl.exec:\jrppbvl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfbrftd.exec:\pfbrftd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldnxx.exec:\ldnxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fdbld.exec:\fdbld.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjljlbt.exec:\bjljlbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptlnp.exec:\ptlnp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dbnrb.exec:\dbnrb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vxxxp.exec:\vxxxp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvfbjj.exec:\xvfbjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxbpft.exec:\lxbpft.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fbtxnv.exec:\fbtxnv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrjjbf.exec:\vrjjbf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btrnvt.exec:\btrnvt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jldrdbt.exec:\jldrdbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jbddv.exec:\jbddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlblrt.exec:\rlblrt.exe17⤵
- Executes dropped EXE
-
\??\c:\rbdtjv.exec:\rbdtjv.exe18⤵
- Executes dropped EXE
-
\??\c:\rxlvb.exec:\rxlvb.exe19⤵
- Executes dropped EXE
-
\??\c:\jjtpltx.exec:\jjtpltx.exe20⤵
- Executes dropped EXE
-
\??\c:\hdldtjx.exec:\hdldtjx.exe21⤵
- Executes dropped EXE
-
\??\c:\dfhntxb.exec:\dfhntxb.exe22⤵
- Executes dropped EXE
-
\??\c:\ljxbpb.exec:\ljxbpb.exe23⤵
- Executes dropped EXE
-
\??\c:\jpvpt.exec:\jpvpt.exe24⤵
- Executes dropped EXE
-
\??\c:\xvfjbr.exec:\xvfjbr.exe25⤵
- Executes dropped EXE
-
\??\c:\ndtdbff.exec:\ndtdbff.exe26⤵
- Executes dropped EXE
-
\??\c:\ljrrb.exec:\ljrrb.exe27⤵
- Executes dropped EXE
-
\??\c:\njjndb.exec:\njjndb.exe28⤵
- Executes dropped EXE
-
\??\c:\pdxll.exec:\pdxll.exe29⤵
- Executes dropped EXE
-
\??\c:\hffxtnl.exec:\hffxtnl.exe30⤵
- Executes dropped EXE
-
\??\c:\fnpppvh.exec:\fnpppvh.exe31⤵
- Executes dropped EXE
-
\??\c:\xdnphb.exec:\xdnphb.exe32⤵
- Executes dropped EXE
-
\??\c:\ddxbx.exec:\ddxbx.exe33⤵
- Executes dropped EXE
-
\??\c:\jhrdrf.exec:\jhrdrf.exe34⤵
- Executes dropped EXE
-
\??\c:\hbvnhl.exec:\hbvnhl.exe35⤵
- Executes dropped EXE
-
\??\c:\rrlvlfr.exec:\rrlvlfr.exe36⤵
- Executes dropped EXE
-
\??\c:\xtdxp.exec:\xtdxp.exe37⤵
- Executes dropped EXE
-
\??\c:\fbtjrdf.exec:\fbtjrdf.exe38⤵
- Executes dropped EXE
-
\??\c:\vnfpvv.exec:\vnfpvv.exe39⤵
- Executes dropped EXE
-
\??\c:\xrtbld.exec:\xrtbld.exe40⤵
- Executes dropped EXE
-
\??\c:\hnrhrn.exec:\hnrhrn.exe41⤵
- Executes dropped EXE
-
\??\c:\jbpnj.exec:\jbpnj.exe42⤵
- Executes dropped EXE
-
\??\c:\tfldrnl.exec:\tfldrnl.exe43⤵
- Executes dropped EXE
-
\??\c:\fvpvxn.exec:\fvpvxn.exe44⤵
- Executes dropped EXE
-
\??\c:\njtjrnj.exec:\njtjrnj.exe45⤵
- Executes dropped EXE
-
\??\c:\fhlvptf.exec:\fhlvptf.exe46⤵
- Executes dropped EXE
-
\??\c:\nlttbj.exec:\nlttbj.exe47⤵
- Executes dropped EXE
-
\??\c:\pnxrhp.exec:\pnxrhp.exe48⤵
- Executes dropped EXE
-
\??\c:\lbnxp.exec:\lbnxp.exe49⤵
- Executes dropped EXE
-
\??\c:\lhjhtp.exec:\lhjhtp.exe50⤵
- Executes dropped EXE
-
\??\c:\txxrdj.exec:\txxrdj.exe51⤵
- Executes dropped EXE
-
\??\c:\vnxxv.exec:\vnxxv.exe52⤵
- Executes dropped EXE
-
\??\c:\ptplb.exec:\ptplb.exe53⤵
- Executes dropped EXE
-
\??\c:\bnbbd.exec:\bnbbd.exe54⤵
- Executes dropped EXE
-
\??\c:\hxxrhj.exec:\hxxrhj.exe55⤵
- Executes dropped EXE
-
\??\c:\xlnnd.exec:\xlnnd.exe56⤵
- Executes dropped EXE
-
\??\c:\pvpvtx.exec:\pvpvtx.exe57⤵
- Executes dropped EXE
-
\??\c:\dlrffr.exec:\dlrffr.exe58⤵
- Executes dropped EXE
-
\??\c:\xjbpp.exec:\xjbpp.exe59⤵
- Executes dropped EXE
-
\??\c:\xhlbf.exec:\xhlbf.exe60⤵
- Executes dropped EXE
-
\??\c:\thfvd.exec:\thfvd.exe61⤵
- Executes dropped EXE
-
\??\c:\tltnbxd.exec:\tltnbxd.exe62⤵
- Executes dropped EXE
-
\??\c:\pbfhxx.exec:\pbfhxx.exe63⤵
- Executes dropped EXE
-
\??\c:\prbtdt.exec:\prbtdt.exe64⤵
- Executes dropped EXE
-
\??\c:\hhjlbpt.exec:\hhjlbpt.exe65⤵
- Executes dropped EXE
-
\??\c:\hvbrpxv.exec:\hvbrpxv.exe66⤵
-
\??\c:\tnfxvrl.exec:\tnfxvrl.exe67⤵
-
\??\c:\vhttvbb.exec:\vhttvbb.exe68⤵
-
\??\c:\vppjrtj.exec:\vppjrtj.exe69⤵
-
\??\c:\txvftrj.exec:\txvftrj.exe70⤵
-
\??\c:\lvltn.exec:\lvltn.exe71⤵
-
\??\c:\trvnl.exec:\trvnl.exe72⤵
-
\??\c:\fvxdlrb.exec:\fvxdlrb.exe73⤵
-
\??\c:\xlvjrfr.exec:\xlvjrfr.exe74⤵
-
\??\c:\lrndr.exec:\lrndr.exe75⤵
-
\??\c:\dbtrtf.exec:\dbtrtf.exe76⤵
-
\??\c:\hvtxh.exec:\hvtxh.exe77⤵
-
\??\c:\jtxxbb.exec:\jtxxbb.exe78⤵
-
\??\c:\pdnhn.exec:\pdnhn.exe79⤵
-
\??\c:\fpjvbd.exec:\fpjvbd.exe80⤵
-
\??\c:\fjlpd.exec:\fjlpd.exe81⤵
-
\??\c:\pbnrf.exec:\pbnrf.exe82⤵
-
\??\c:\nbdlnl.exec:\nbdlnl.exe83⤵
-
\??\c:\ttpnv.exec:\ttpnv.exe84⤵
-
\??\c:\blxxr.exec:\blxxr.exe85⤵
-
\??\c:\brptv.exec:\brptv.exe86⤵
-
\??\c:\vftrrb.exec:\vftrrb.exe87⤵
-
\??\c:\tprfnj.exec:\tprfnj.exe88⤵
-
\??\c:\bbfvr.exec:\bbfvr.exe89⤵
-
\??\c:\bbxdth.exec:\bbxdth.exe90⤵
-
\??\c:\hpftrjv.exec:\hpftrjv.exe91⤵
-
\??\c:\hjltfdj.exec:\hjltfdj.exe92⤵
-
\??\c:\trtxt.exec:\trtxt.exe93⤵
-
\??\c:\phbrv.exec:\phbrv.exe94⤵
-
\??\c:\bvvdhh.exec:\bvvdhh.exe95⤵
-
\??\c:\ttlntbj.exec:\ttlntbj.exe96⤵
-
\??\c:\bldxd.exec:\bldxd.exe97⤵
-
\??\c:\ltddjx.exec:\ltddjx.exe98⤵
-
\??\c:\frpjtpf.exec:\frpjtpf.exe99⤵
-
\??\c:\xjrpj.exec:\xjrpj.exe100⤵
-
\??\c:\htfnnj.exec:\htfnnj.exe101⤵
-
\??\c:\nnrllr.exec:\nnrllr.exe102⤵
-
\??\c:\fnjtj.exec:\fnjtj.exe103⤵
-
\??\c:\hrttrxj.exec:\hrttrxj.exe104⤵
-
\??\c:\vbttx.exec:\vbttx.exe105⤵
-
\??\c:\hhnnr.exec:\hhnnr.exe106⤵
-
\??\c:\pdjlhb.exec:\pdjlhb.exe107⤵
-
\??\c:\fpjfvr.exec:\fpjfvr.exe108⤵
-
\??\c:\hrjxvn.exec:\hrjxvn.exe109⤵
-
\??\c:\hxlrnph.exec:\hxlrnph.exe110⤵
-
\??\c:\rprnnrl.exec:\rprnnrl.exe111⤵
-
\??\c:\lrvhnl.exec:\lrvhnl.exe112⤵
-
\??\c:\ljrpvxh.exec:\ljrpvxh.exe113⤵
-
\??\c:\vxnxnl.exec:\vxnxnl.exe114⤵
-
\??\c:\xjrjtbb.exec:\xjrjtbb.exe115⤵
-
\??\c:\xnbxr.exec:\xnbxr.exe116⤵
-
\??\c:\xtjphvd.exec:\xtjphvd.exe117⤵
-
\??\c:\lnrdpjr.exec:\lnrdpjr.exe118⤵
-
\??\c:\blfrhfl.exec:\blfrhfl.exe119⤵
-
\??\c:\lxtnjdj.exec:\lxtnjdj.exe120⤵
-
\??\c:\xrthlnl.exec:\xrthlnl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-