Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
28-06-2024 08:22
General
-
Target
8e7eb941d0d853bd295157c4491339b013184096fe9eb3492dfef6344fd23abf_NeikiAnalytics.exe
-
Size
342KB
-
MD5
6e83d31477236dfbb16e843702527480
-
SHA1
e1cf16db24e03195e02f8f7924bfaecd8cba8b49
-
SHA256
8e7eb941d0d853bd295157c4491339b013184096fe9eb3492dfef6344fd23abf
-
SHA512
10fc0d36e47c9fe2db0724874f4669463a2af126541a9d236e2a9d1c425dc4f0473c781ae99e6d1d8efe0fc6bce533db8967a97616ce930f1d1aba97e884b4fd
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYAX:l7TcbWXZshJX2VGdX
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 48 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 48 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e7eb941d0d853bd295157c4491339b013184096fe9eb3492dfef6344fd23abf_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8e7eb941d0d853bd295157c4491339b013184096fe9eb3492dfef6344fd23abf_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ftnjbj.exec:\ftnjbj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ndhpllp.exec:\ndhpllp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdnblf.exec:\xdnblf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fltrpp.exec:\fltrpp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\trlvf.exec:\trlvf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ptxtjxh.exec:\ptxtjxh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffjndfl.exec:\ffjndfl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\phjbjxb.exec:\phjbjxb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xdllx.exec:\xdllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vtrdl.exec:\vtrdl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvbjrp.exec:\ppvbjrp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lhxftrh.exec:\lhxftrh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllnhn.exec:\lllnhn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djfrrld.exec:\djfrrld.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdppjr.exec:\vdppjr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txtdjd.exec:\txtdjd.exe17⤵
- Executes dropped EXE
-
\??\c:\thnxhb.exec:\thnxhb.exe18⤵
- Executes dropped EXE
-
\??\c:\ldttr.exec:\ldttr.exe19⤵
- Executes dropped EXE
-
\??\c:\jblrn.exec:\jblrn.exe20⤵
- Executes dropped EXE
-
\??\c:\bbxldr.exec:\bbxldr.exe21⤵
- Executes dropped EXE
-
\??\c:\hlbtvj.exec:\hlbtvj.exe22⤵
- Executes dropped EXE
-
\??\c:\pbdrvr.exec:\pbdrvr.exe23⤵
- Executes dropped EXE
-
\??\c:\lvbxd.exec:\lvbxd.exe24⤵
- Executes dropped EXE
-
\??\c:\ftttd.exec:\ftttd.exe25⤵
- Executes dropped EXE
-
\??\c:\pbrpl.exec:\pbrpl.exe26⤵
- Executes dropped EXE
-
\??\c:\xtbrh.exec:\xtbrh.exe27⤵
- Executes dropped EXE
-
\??\c:\xfjlhfr.exec:\xfjlhfr.exe28⤵
- Executes dropped EXE
-
\??\c:\dxjhvhl.exec:\dxjhvhl.exe29⤵
- Executes dropped EXE
-
\??\c:\hbllbvp.exec:\hbllbvp.exe30⤵
- Executes dropped EXE
-
\??\c:\njplt.exec:\njplt.exe31⤵
- Executes dropped EXE
-
\??\c:\nldhtt.exec:\nldhtt.exe32⤵
- Executes dropped EXE
-
\??\c:\lxprfrl.exec:\lxprfrl.exe33⤵
- Executes dropped EXE
-
\??\c:\vdrnbpl.exec:\vdrnbpl.exe34⤵
- Executes dropped EXE
-
\??\c:\xlrxb.exec:\xlrxb.exe35⤵
- Executes dropped EXE
-
\??\c:\vdlxtn.exec:\vdlxtn.exe36⤵
- Executes dropped EXE
-
\??\c:\ltblvv.exec:\ltblvv.exe37⤵
- Executes dropped EXE
-
\??\c:\fldhnpn.exec:\fldhnpn.exe38⤵
- Executes dropped EXE
-
\??\c:\dxrjr.exec:\dxrjr.exe39⤵
- Executes dropped EXE
-
\??\c:\ntjfjjt.exec:\ntjfjjt.exe40⤵
- Executes dropped EXE
-
\??\c:\vjxvdnn.exec:\vjxvdnn.exe41⤵
- Executes dropped EXE
-
\??\c:\dvdnvdj.exec:\dvdnvdj.exe42⤵
- Executes dropped EXE
-
\??\c:\lntxhlf.exec:\lntxhlf.exe43⤵
- Executes dropped EXE
-
\??\c:\pdxhxxl.exec:\pdxhxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\pbthbvx.exec:\pbthbvx.exe45⤵
- Executes dropped EXE
-
\??\c:\jrxnnf.exec:\jrxnnf.exe46⤵
- Executes dropped EXE
-
\??\c:\bhtlbd.exec:\bhtlbd.exe47⤵
- Executes dropped EXE
-
\??\c:\fhjrpv.exec:\fhjrpv.exe48⤵
- Executes dropped EXE
-
\??\c:\pndndf.exec:\pndndf.exe49⤵
- Executes dropped EXE
-
\??\c:\bnhtfl.exec:\bnhtfl.exe50⤵
- Executes dropped EXE
-
\??\c:\vnjjv.exec:\vnjjv.exe51⤵
- Executes dropped EXE
-
\??\c:\xrdjn.exec:\xrdjn.exe52⤵
- Executes dropped EXE
-
\??\c:\pjdbhv.exec:\pjdbhv.exe53⤵
- Executes dropped EXE
-
\??\c:\xdxjvt.exec:\xdxjvt.exe54⤵
- Executes dropped EXE
-
\??\c:\htvprjj.exec:\htvprjj.exe55⤵
- Executes dropped EXE
-
\??\c:\jprxdv.exec:\jprxdv.exe56⤵
- Executes dropped EXE
-
\??\c:\hvhdt.exec:\hvhdt.exe57⤵
- Executes dropped EXE
-
\??\c:\pptjdlj.exec:\pptjdlj.exe58⤵
- Executes dropped EXE
-
\??\c:\bbhfp.exec:\bbhfp.exe59⤵
- Executes dropped EXE
-
\??\c:\fllthtx.exec:\fllthtx.exe60⤵
- Executes dropped EXE
-
\??\c:\dppfr.exec:\dppfr.exe61⤵
- Executes dropped EXE
-
\??\c:\pjppjtt.exec:\pjppjtt.exe62⤵
- Executes dropped EXE
-
\??\c:\rppln.exec:\rppln.exe63⤵
- Executes dropped EXE
-
\??\c:\dnrplbf.exec:\dnrplbf.exe64⤵
- Executes dropped EXE
-
\??\c:\tdpvblv.exec:\tdpvblv.exe65⤵
- Executes dropped EXE
-
\??\c:\rfxfd.exec:\rfxfd.exe66⤵
-
\??\c:\fpjlr.exec:\fpjlr.exe67⤵
-
\??\c:\hfpxtp.exec:\hfpxtp.exe68⤵
-
\??\c:\tvdrxbl.exec:\tvdrxbl.exe69⤵
-
\??\c:\fnjfv.exec:\fnjfv.exe70⤵
-
\??\c:\hfbfnh.exec:\hfbfnh.exe71⤵
-
\??\c:\hhbjhd.exec:\hhbjhd.exe72⤵
-
\??\c:\pbtxbjf.exec:\pbtxbjf.exe73⤵
-
\??\c:\dpbjd.exec:\dpbjd.exe74⤵
-
\??\c:\pphtvdr.exec:\pphtvdr.exe75⤵
-
\??\c:\jrptd.exec:\jrptd.exe76⤵
-
\??\c:\prnlxd.exec:\prnlxd.exe77⤵
-
\??\c:\tjnptl.exec:\tjnptl.exe78⤵
-
\??\c:\prdbp.exec:\prdbp.exe79⤵
-
\??\c:\xbpfblb.exec:\xbpfblb.exe80⤵
-
\??\c:\hdvvjp.exec:\hdvvjp.exe81⤵
-
\??\c:\bptrt.exec:\bptrt.exe82⤵
-
\??\c:\lptff.exec:\lptff.exe83⤵
-
\??\c:\hjfpjt.exec:\hjfpjt.exe84⤵
-
\??\c:\xfxdlpd.exec:\xfxdlpd.exe85⤵
-
\??\c:\ltbpdl.exec:\ltbpdl.exe86⤵
-
\??\c:\vfvlrfb.exec:\vfvlrfb.exe87⤵
-
\??\c:\dxlvx.exec:\dxlvx.exe88⤵
-
\??\c:\ldtlfx.exec:\ldtlfx.exe89⤵
-
\??\c:\tdfhlfh.exec:\tdfhlfh.exe90⤵
-
\??\c:\fltpn.exec:\fltpn.exe91⤵
-
\??\c:\nrfvx.exec:\nrfvx.exe92⤵
-
\??\c:\vbbdj.exec:\vbbdj.exe93⤵
-
\??\c:\brhftfx.exec:\brhftfx.exe94⤵
-
\??\c:\rtdhhp.exec:\rtdhhp.exe95⤵
-
\??\c:\djtvp.exec:\djtvp.exe96⤵
-
\??\c:\djbdt.exec:\djbdt.exe97⤵
-
\??\c:\pjxtvb.exec:\pjxtvb.exe98⤵
-
\??\c:\vpvfhbh.exec:\vpvfhbh.exe99⤵
-
\??\c:\tdtlftn.exec:\tdtlftn.exe100⤵
-
\??\c:\ltnfjj.exec:\ltnfjj.exe101⤵
-
\??\c:\hhnpxf.exec:\hhnpxf.exe102⤵
-
\??\c:\xhxnjbn.exec:\xhxnjbn.exe103⤵
-
\??\c:\vfnjrdt.exec:\vfnjrdt.exe104⤵
-
\??\c:\jhvnjjj.exec:\jhvnjjj.exe105⤵
-
\??\c:\rbdxbfp.exec:\rbdxbfp.exe106⤵
-
\??\c:\npjvhp.exec:\npjvhp.exe107⤵
-
\??\c:\txdhhnt.exec:\txdhhnt.exe108⤵
-
\??\c:\xrjrn.exec:\xrjrn.exe109⤵
-
\??\c:\vlvrbh.exec:\vlvrbh.exe110⤵
-
\??\c:\tjtntjl.exec:\tjtntjl.exe111⤵
-
\??\c:\dttvdj.exec:\dttvdj.exe112⤵
-
\??\c:\jpxlnhj.exec:\jpxlnhj.exe113⤵
-
\??\c:\ffvdb.exec:\ffvdb.exe114⤵
-
\??\c:\ldttn.exec:\ldttn.exe115⤵
-
\??\c:\hpjvnpt.exec:\hpjvnpt.exe116⤵
-
\??\c:\xjrpr.exec:\xjrpr.exe117⤵
-
\??\c:\lvrvr.exec:\lvrvr.exe118⤵
-
\??\c:\rvntlh.exec:\rvntlh.exe119⤵
-
\??\c:\jxbdj.exec:\jxbdj.exe120⤵
-
\??\c:\hdnbnh.exec:\hdnbnh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-