Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
25-06-2024 03:42
General
-
Target
2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe
-
Size
92KB
-
MD5
38f49eff137b92c50a9d7945572185b0
-
SHA1
8952db17f47e0755af64c5b8c03a9441df0fa8ff
-
SHA256
2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983
-
SHA512
ace7991c6350e41e848da3f78e39186bc8d28c46168d5322cfe521e80ad0eafe1e4be156d952f08cd91643d3610626c90662782706bd1f4f44d64094fbfa342a
-
SSDEEP
1536:8vQBeOGtrYS3srx93UBWfwC6Ggnouy80fg3Cip8iXAsG5M0u5YoWprCTI:8hOmTsF93UYfwC6GIout0fmCiiiXA6mP
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2a6e3ccd72b72a65c167e090f62e1d1ff32a3ab774cf2cecbf68b50d23fb1983_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\hjpxl.exec:\hjpxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddllx.exec:\vddllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjltl.exec:\dvjltl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndhjrnn.exec:\ndhjrnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbpldl.exec:\nbpldl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxfvh.exec:\pxfvh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vfhfjp.exec:\vfhfjp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pffhrt.exec:\pffhrt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjhnx.exec:\pjhnx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdbdtr.exec:\dvdbdtr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jftfxn.exec:\jftfxn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phvbnr.exec:\phvbnr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdvvbl.exec:\jdvvbl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tprhh.exec:\tprhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpnvrb.exec:\vvpnvrb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpfpr.exec:\xpfpr.exe17⤵
- Executes dropped EXE
-
\??\c:\njtdphl.exec:\njtdphl.exe18⤵
- Executes dropped EXE
-
\??\c:\lbptl.exec:\lbptl.exe19⤵
- Executes dropped EXE
-
\??\c:\thfxlr.exec:\thfxlr.exe20⤵
- Executes dropped EXE
-
\??\c:\pxxdhfj.exec:\pxxdhfj.exe21⤵
- Executes dropped EXE
-
\??\c:\hrpbr.exec:\hrpbr.exe22⤵
- Executes dropped EXE
-
\??\c:\djlljt.exec:\djlljt.exe23⤵
- Executes dropped EXE
-
\??\c:\ljfpp.exec:\ljfpp.exe24⤵
- Executes dropped EXE
-
\??\c:\rrpvd.exec:\rrpvd.exe25⤵
- Executes dropped EXE
-
\??\c:\drjldv.exec:\drjldv.exe26⤵
- Executes dropped EXE
-
\??\c:\drrxjn.exec:\drrxjn.exe27⤵
- Executes dropped EXE
-
\??\c:\vpdxtbt.exec:\vpdxtbt.exe28⤵
- Executes dropped EXE
-
\??\c:\ttjxbf.exec:\ttjxbf.exe29⤵
- Executes dropped EXE
-
\??\c:\ltddxh.exec:\ltddxh.exe30⤵
- Executes dropped EXE
-
\??\c:\bxjxpjr.exec:\bxjxpjr.exe31⤵
- Executes dropped EXE
-
\??\c:\pvbpxv.exec:\pvbpxv.exe32⤵
- Executes dropped EXE
-
\??\c:\jxxhtx.exec:\jxxhtx.exe33⤵
- Executes dropped EXE
-
\??\c:\pttprht.exec:\pttprht.exe34⤵
- Executes dropped EXE
-
\??\c:\rfvprt.exec:\rfvprt.exe35⤵
- Executes dropped EXE
-
\??\c:\ftdxx.exec:\ftdxx.exe36⤵
- Executes dropped EXE
-
\??\c:\lrtpl.exec:\lrtpl.exe37⤵
- Executes dropped EXE
-
\??\c:\vvlhf.exec:\vvlhf.exe38⤵
- Executes dropped EXE
-
\??\c:\rxjltl.exec:\rxjltl.exe39⤵
- Executes dropped EXE
-
\??\c:\rndnpfb.exec:\rndnpfb.exe40⤵
- Executes dropped EXE
-
\??\c:\jhvpfx.exec:\jhvpfx.exe41⤵
- Executes dropped EXE
-
\??\c:\xtdtl.exec:\xtdtl.exe42⤵
- Executes dropped EXE
-
\??\c:\bdbrv.exec:\bdbrv.exe43⤵
- Executes dropped EXE
-
\??\c:\dnrtp.exec:\dnrtp.exe44⤵
- Executes dropped EXE
-
\??\c:\vfblxp.exec:\vfblxp.exe45⤵
- Executes dropped EXE
-
\??\c:\bfvjlf.exec:\bfvjlf.exe46⤵
- Executes dropped EXE
-
\??\c:\xxrprpr.exec:\xxrprpr.exe47⤵
- Executes dropped EXE
-
\??\c:\jjbjt.exec:\jjbjt.exe48⤵
- Executes dropped EXE
-
\??\c:\nvpvhbh.exec:\nvpvhbh.exe49⤵
- Executes dropped EXE
-
\??\c:\lhntnf.exec:\lhntnf.exe50⤵
- Executes dropped EXE
-
\??\c:\pdxjp.exec:\pdxjp.exe51⤵
- Executes dropped EXE
-
\??\c:\xdlljx.exec:\xdlljx.exe52⤵
- Executes dropped EXE
-
\??\c:\prvdbvn.exec:\prvdbvn.exe53⤵
- Executes dropped EXE
-
\??\c:\jxltfr.exec:\jxltfr.exe54⤵
- Executes dropped EXE
-
\??\c:\hvvvbl.exec:\hvvvbl.exe55⤵
- Executes dropped EXE
-
\??\c:\jtdrlr.exec:\jtdrlr.exe56⤵
- Executes dropped EXE
-
\??\c:\lbhxxjr.exec:\lbhxxjr.exe57⤵
- Executes dropped EXE
-
\??\c:\vxtlfj.exec:\vxtlfj.exe58⤵
- Executes dropped EXE
-
\??\c:\hvbbvvl.exec:\hvbbvvl.exe59⤵
- Executes dropped EXE
-
\??\c:\tdfdvv.exec:\tdfdvv.exe60⤵
- Executes dropped EXE
-
\??\c:\lrhfjj.exec:\lrhfjj.exe61⤵
- Executes dropped EXE
-
\??\c:\nttjrl.exec:\nttjrl.exe62⤵
- Executes dropped EXE
-
\??\c:\lprjjnj.exec:\lprjjnj.exe63⤵
- Executes dropped EXE
-
\??\c:\frvdnj.exec:\frvdnj.exe64⤵
- Executes dropped EXE
-
\??\c:\bhjfl.exec:\bhjfl.exe65⤵
- Executes dropped EXE
-
\??\c:\bfhnrrp.exec:\bfhnrrp.exe66⤵
-
\??\c:\pdbhpx.exec:\pdbhpx.exe67⤵
-
\??\c:\jnjhj.exec:\jnjhj.exe68⤵
-
\??\c:\ldtbh.exec:\ldtbh.exe69⤵
-
\??\c:\fdtfb.exec:\fdtfb.exe70⤵
-
\??\c:\ttvnh.exec:\ttvnh.exe71⤵
-
\??\c:\rbnpv.exec:\rbnpv.exe72⤵
-
\??\c:\nxpdd.exec:\nxpdd.exe73⤵
-
\??\c:\dnxbhrn.exec:\dnxbhrn.exe74⤵
-
\??\c:\bnnfjj.exec:\bnnfjj.exe75⤵
-
\??\c:\xrhdx.exec:\xrhdx.exe76⤵
-
\??\c:\fllhf.exec:\fllhf.exe77⤵
-
\??\c:\ltfpld.exec:\ltfpld.exe78⤵
-
\??\c:\bfnxt.exec:\bfnxt.exe79⤵
-
\??\c:\rptltf.exec:\rptltf.exe80⤵
-
\??\c:\xbrpnx.exec:\xbrpnx.exe81⤵
-
\??\c:\ntjxh.exec:\ntjxh.exe82⤵
-
\??\c:\hdphpn.exec:\hdphpn.exe83⤵
-
\??\c:\ttrnv.exec:\ttrnv.exe84⤵
-
\??\c:\prlxbl.exec:\prlxbl.exe85⤵
-
\??\c:\jlnjdhj.exec:\jlnjdhj.exe86⤵
-
\??\c:\vlrllrp.exec:\vlrllrp.exe87⤵
-
\??\c:\lrxxp.exec:\lrxxp.exe88⤵
-
\??\c:\xdplrx.exec:\xdplrx.exe89⤵
-
\??\c:\nlfrjpl.exec:\nlfrjpl.exe90⤵
-
\??\c:\fbfxfr.exec:\fbfxfr.exe91⤵
-
\??\c:\jfdfbt.exec:\jfdfbt.exe92⤵
-
\??\c:\jvrfj.exec:\jvrfj.exe93⤵
-
\??\c:\pjdpn.exec:\pjdpn.exe94⤵
-
\??\c:\xlfxvbx.exec:\xlfxvbx.exe95⤵
-
\??\c:\hldrp.exec:\hldrp.exe96⤵
-
\??\c:\rxdrrfp.exec:\rxdrrfp.exe97⤵
-
\??\c:\nnljp.exec:\nnljp.exe98⤵
-
\??\c:\xdxphn.exec:\xdxphn.exe99⤵
-
\??\c:\dbfhj.exec:\dbfhj.exe100⤵
-
\??\c:\jtjxp.exec:\jtjxp.exe101⤵
-
\??\c:\tvvtlnd.exec:\tvvtlnd.exe102⤵
-
\??\c:\npnrdh.exec:\npnrdh.exe103⤵
-
\??\c:\vxrphr.exec:\vxrphr.exe104⤵
-
\??\c:\dlvldr.exec:\dlvldr.exe105⤵
-
\??\c:\jbttjr.exec:\jbttjr.exe106⤵
-
\??\c:\pdldd.exec:\pdldd.exe107⤵
-
\??\c:\fdjhh.exec:\fdjhh.exe108⤵
-
\??\c:\pvjbntx.exec:\pvjbntx.exe109⤵
-
\??\c:\fntrvjj.exec:\fntrvjj.exe110⤵
-
\??\c:\dndfrpr.exec:\dndfrpr.exe111⤵
-
\??\c:\xjdjld.exec:\xjdjld.exe112⤵
-
\??\c:\dpltfv.exec:\dpltfv.exe113⤵
-
\??\c:\lnjjj.exec:\lnjjj.exe114⤵
-
\??\c:\nvbjj.exec:\nvbjj.exe115⤵
-
\??\c:\rdhdj.exec:\rdhdj.exe116⤵
-
\??\c:\flvtl.exec:\flvtl.exe117⤵
-
\??\c:\hpxpbhp.exec:\hpxpbhp.exe118⤵
-
\??\c:\pbtdpxp.exec:\pbtdpxp.exe119⤵
-
\??\c:\fllnfd.exec:\fllnfd.exe120⤵
-
\??\c:\dtlfjvj.exec:\dtlfjvj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-