Analysis
-
max time kernel
151s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-06-2024 13:33
General
-
Target
a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe
-
Size
116KB
-
MD5
a51478a253606bfc805b40f17fb5dc30
-
SHA1
cf77c9027979b4fc4ca34e5967d833212bdd1491
-
SHA256
a91a69f7a43cdb18d829a5a1d0559712052c93bde345bdffd5de8dacfdbd569e
-
SHA512
c6a89e0f828cd8b94e2c895ea69b6d9f8d9ae8a4cea188adf149e373ce29d3cb3233069cc874395845f9ac7839d27dc7aec1bf2884f5409e14d663d1eaba8097
-
SSDEEP
3072:ymb3NkkiQ3mdBjFosxXGPXbXQMFHLgDWSmjlkFn:n3C9BRosxW8MFHLMWvlO
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a51478a253606bfc805b40f17fb5dc30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pvvdp.exec:\pvvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpdfhj.exec:\xpdfhj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tlxpn.exec:\tlxpn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffjxhf.exec:\ffjxhf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tptjl.exec:\tptjl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bvftdr.exec:\bvftdr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hftplf.exec:\hftplf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rfljfl.exec:\rfljfl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrrxptn.exec:\rrrxptn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dtvvvnt.exec:\dtvvvnt.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jrxbbf.exec:\jrxbbf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrhnbvj.exec:\vrhnbvj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdfhlxb.exec:\xdfhlxb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttdnfht.exec:\ttdnfht.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfvn.exec:\rrfvn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nndhdt.exec:\nndhdt.exe17⤵
- Executes dropped EXE
-
\??\c:\vdntfx.exec:\vdntfx.exe18⤵
- Executes dropped EXE
-
\??\c:\tnrrtlf.exec:\tnrrtlf.exe19⤵
- Executes dropped EXE
-
\??\c:\ltxfljr.exec:\ltxfljr.exe20⤵
- Executes dropped EXE
-
\??\c:\hhblf.exec:\hhblf.exe21⤵
- Executes dropped EXE
-
\??\c:\rdrxpp.exec:\rdrxpp.exe22⤵
- Executes dropped EXE
-
\??\c:\nnxbxdt.exec:\nnxbxdt.exe23⤵
- Executes dropped EXE
-
\??\c:\bttdd.exec:\bttdd.exe24⤵
- Executes dropped EXE
-
\??\c:\hfxbpvl.exec:\hfxbpvl.exe25⤵
- Executes dropped EXE
-
\??\c:\fnlbl.exec:\fnlbl.exe26⤵
- Executes dropped EXE
-
\??\c:\fhfbjx.exec:\fhfbjx.exe27⤵
- Executes dropped EXE
-
\??\c:\dhjprlf.exec:\dhjprlf.exe28⤵
- Executes dropped EXE
-
\??\c:\ppdbv.exec:\ppdbv.exe29⤵
- Executes dropped EXE
-
\??\c:\bplvjl.exec:\bplvjl.exe30⤵
- Executes dropped EXE
-
\??\c:\bvrrjf.exec:\bvrrjf.exe31⤵
- Executes dropped EXE
-
\??\c:\hhhlv.exec:\hhhlv.exe32⤵
- Executes dropped EXE
-
\??\c:\ffjvb.exec:\ffjvb.exe33⤵
- Executes dropped EXE
-
\??\c:\nrnhh.exec:\nrnhh.exe34⤵
- Executes dropped EXE
-
\??\c:\nldljl.exec:\nldljl.exe35⤵
- Executes dropped EXE
-
\??\c:\lxvjjd.exec:\lxvjjd.exe36⤵
- Executes dropped EXE
-
\??\c:\xbnpvx.exec:\xbnpvx.exe37⤵
- Executes dropped EXE
-
\??\c:\rljtnl.exec:\rljtnl.exe38⤵
- Executes dropped EXE
-
\??\c:\lpjrv.exec:\lpjrv.exe39⤵
- Executes dropped EXE
-
\??\c:\dtrhjp.exec:\dtrhjp.exe40⤵
- Executes dropped EXE
-
\??\c:\fnhdnnj.exec:\fnhdnnj.exe41⤵
- Executes dropped EXE
-
\??\c:\hbnrfv.exec:\hbnrfv.exe42⤵
- Executes dropped EXE
-
\??\c:\fhxnhbt.exec:\fhxnhbt.exe43⤵
- Executes dropped EXE
-
\??\c:\vddfvvf.exec:\vddfvvf.exe44⤵
- Executes dropped EXE
-
\??\c:\ttlbtrp.exec:\ttlbtrp.exe45⤵
- Executes dropped EXE
-
\??\c:\rlfrnr.exec:\rlfrnr.exe46⤵
- Executes dropped EXE
-
\??\c:\dnrjtx.exec:\dnrjtx.exe47⤵
- Executes dropped EXE
-
\??\c:\jvbvnn.exec:\jvbvnn.exe48⤵
- Executes dropped EXE
-
\??\c:\flvffhn.exec:\flvffhn.exe49⤵
- Executes dropped EXE
-
\??\c:\xnxrvnh.exec:\xnxrvnh.exe50⤵
- Executes dropped EXE
-
\??\c:\vtxxjrv.exec:\vtxxjrv.exe51⤵
- Executes dropped EXE
-
\??\c:\hprdrfr.exec:\hprdrfr.exe52⤵
- Executes dropped EXE
-
\??\c:\vbbvvpl.exec:\vbbvvpl.exe53⤵
- Executes dropped EXE
-
\??\c:\frnljb.exec:\frnljb.exe54⤵
- Executes dropped EXE
-
\??\c:\drthfbx.exec:\drthfbx.exe55⤵
- Executes dropped EXE
-
\??\c:\hbptpj.exec:\hbptpj.exe56⤵
- Executes dropped EXE
-
\??\c:\fpldj.exec:\fpldj.exe57⤵
- Executes dropped EXE
-
\??\c:\fxtlxfp.exec:\fxtlxfp.exe58⤵
- Executes dropped EXE
-
\??\c:\tnpvnxv.exec:\tnpvnxv.exe59⤵
- Executes dropped EXE
-
\??\c:\pfdnrb.exec:\pfdnrb.exe60⤵
- Executes dropped EXE
-
\??\c:\tvtlfrp.exec:\tvtlfrp.exe61⤵
- Executes dropped EXE
-
\??\c:\nnxjbtx.exec:\nnxjbtx.exe62⤵
- Executes dropped EXE
-
\??\c:\pnlpdl.exec:\pnlpdl.exe63⤵
- Executes dropped EXE
-
\??\c:\rvtnn.exec:\rvtnn.exe64⤵
- Executes dropped EXE
-
\??\c:\dfrrhj.exec:\dfrrhj.exe65⤵
- Executes dropped EXE
-
\??\c:\ftvfjjf.exec:\ftvfjjf.exe66⤵
-
\??\c:\ddtlpvp.exec:\ddtlpvp.exe67⤵
-
\??\c:\rprfbt.exec:\rprfbt.exe68⤵
-
\??\c:\tvtpbvp.exec:\tvtpbvp.exe69⤵
-
\??\c:\nbbhfr.exec:\nbbhfr.exe70⤵
-
\??\c:\drhntb.exec:\drhntb.exe71⤵
-
\??\c:\dbplh.exec:\dbplh.exe72⤵
-
\??\c:\dvprhhn.exec:\dvprhhn.exe73⤵
-
\??\c:\nfblrxd.exec:\nfblrxd.exe74⤵
-
\??\c:\lptdln.exec:\lptdln.exe75⤵
-
\??\c:\bfrrft.exec:\bfrrft.exe76⤵
-
\??\c:\hrdrr.exec:\hrdrr.exe77⤵
-
\??\c:\hvffrvb.exec:\hvffrvb.exe78⤵
-
\??\c:\pftnb.exec:\pftnb.exe79⤵
-
\??\c:\ndvbn.exec:\ndvbn.exe80⤵
-
\??\c:\dtpthh.exec:\dtpthh.exe81⤵
-
\??\c:\pvjpbx.exec:\pvjpbx.exe82⤵
-
\??\c:\dvvbdfr.exec:\dvvbdfr.exe83⤵
-
\??\c:\frbhr.exec:\frbhr.exe84⤵
-
\??\c:\fplrth.exec:\fplrth.exe85⤵
-
\??\c:\rhhfrdb.exec:\rhhfrdb.exe86⤵
-
\??\c:\rbhtrxh.exec:\rbhtrxh.exe87⤵
-
\??\c:\dxjvbd.exec:\dxjvbd.exe88⤵
-
\??\c:\hhlrtbd.exec:\hhlrtbd.exe89⤵
-
\??\c:\jvrrrdf.exec:\jvrrrdf.exe90⤵
-
\??\c:\hlhbvt.exec:\hlhbvt.exe91⤵
-
\??\c:\nvvpf.exec:\nvvpf.exe92⤵
-
\??\c:\vtxbbx.exec:\vtxbbx.exe93⤵
-
\??\c:\fdtvn.exec:\fdtvn.exe94⤵
-
\??\c:\hdrrvb.exec:\hdrrvb.exe95⤵
-
\??\c:\dnptf.exec:\dnptf.exe96⤵
-
\??\c:\tdtjdvd.exec:\tdtjdvd.exe97⤵
-
\??\c:\hxrnh.exec:\hxrnh.exe98⤵
-
\??\c:\rxhnr.exec:\rxhnr.exe99⤵
-
\??\c:\vxjpj.exec:\vxjpj.exe100⤵
-
\??\c:\prfvd.exec:\prfvd.exe101⤵
-
\??\c:\bddfjr.exec:\bddfjr.exe102⤵
-
\??\c:\tdpfrvv.exec:\tdpfrvv.exe103⤵
-
\??\c:\tndrtj.exec:\tndrtj.exe104⤵
-
\??\c:\lxdndnv.exec:\lxdndnv.exe105⤵
-
\??\c:\dvrpxxx.exec:\dvrpxxx.exe106⤵
-
\??\c:\bdvnrj.exec:\bdvnrj.exe107⤵
-
\??\c:\dtrlbj.exec:\dtrlbj.exe108⤵
-
\??\c:\njxbbpj.exec:\njxbbpj.exe109⤵
-
\??\c:\dlvlfl.exec:\dlvlfl.exe110⤵
-
\??\c:\lfhbf.exec:\lfhbf.exe111⤵
-
\??\c:\nlnfb.exec:\nlnfb.exe112⤵
-
\??\c:\lhndnj.exec:\lhndnj.exe113⤵
-
\??\c:\nrxfh.exec:\nrxfh.exe114⤵
-
\??\c:\lpptd.exec:\lpptd.exe115⤵
-
\??\c:\hdvlv.exec:\hdvlv.exe116⤵
-
\??\c:\lbrlhxx.exec:\lbrlhxx.exe117⤵
-
\??\c:\vjlpdf.exec:\vjlpdf.exe118⤵
-
\??\c:\phxvtj.exec:\phxvtj.exe119⤵
-
\??\c:\lfvxjv.exec:\lfvxjv.exe120⤵
-
\??\c:\lxbbj.exec:\lxbbj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-