Analysis
-
max time kernel
104s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/05/2024, 19:27
General
-
Target
530501e26aa786e046b74257de215b80_NeikiAnalytics.exe
-
Size
125KB
-
MD5
530501e26aa786e046b74257de215b80
-
SHA1
6e8ec8248595979660b6ebcf7cefbb446f9c8bc7
-
SHA256
37206b071917650a51c44065845fd40005b063a603fe46b78f004520ebae97c9
-
SHA512
12ac87eba3093678f8f4b577d74cd0bd61518738733da646033f564357f3cdbaa4103dfae68b2b68872afecc5f54b11c8e5136fbb311368cea02126c8e0fb083
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NgVyFsZC:ymb3NkkiQ3mdBjFo73HUoMsAbrxVB0
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\530501e26aa786e046b74257de215b80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\530501e26aa786e046b74257de215b80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\k725ap2.exec:\k725ap2.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrrxge9.exec:\hrrxge9.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dv25qq.exec:\dv25qq.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p5ps9.exec:\p5ps9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d8m0t9.exec:\d8m0t9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02866.exec:\02866.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aui59j3.exec:\aui59j3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tq725ra.exec:\tq725ra.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\82541o.exec:\82541o.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\49n3dv.exec:\49n3dv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sk0aa4.exec:\sk0aa4.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r505j78.exec:\r505j78.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\684088.exec:\684088.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\koi1q3.exec:\koi1q3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\12ol03.exec:\12ol03.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p388wc.exec:\p388wc.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\403419.exec:\403419.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t51mp19.exec:\t51mp19.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o9511rr.exec:\o9511rr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\psa7a1.exec:\psa7a1.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dm1u7.exec:\dm1u7.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fkc3kc.exec:\5fkc3kc.exe23⤵
- Executes dropped EXE
-
\??\c:\mk6he2.exec:\mk6he2.exe24⤵
- Executes dropped EXE
-
\??\c:\sn2f9.exec:\sn2f9.exe25⤵
- Executes dropped EXE
-
\??\c:\6t9a8f0.exec:\6t9a8f0.exe26⤵
- Executes dropped EXE
-
\??\c:\4q0us.exec:\4q0us.exe27⤵
- Executes dropped EXE
-
\??\c:\g72k6ur.exec:\g72k6ur.exe28⤵
- Executes dropped EXE
-
\??\c:\fiu0wn.exec:\fiu0wn.exe29⤵
- Executes dropped EXE
-
\??\c:\nq6ma.exec:\nq6ma.exe30⤵
- Executes dropped EXE
-
\??\c:\0qkwca8.exec:\0qkwca8.exe31⤵
- Executes dropped EXE
-
\??\c:\4773bk.exec:\4773bk.exe32⤵
- Executes dropped EXE
-
\??\c:\358v81.exec:\358v81.exe33⤵
- Executes dropped EXE
-
\??\c:\41m2nc.exec:\41m2nc.exe34⤵
- Executes dropped EXE
-
\??\c:\gh585h8.exec:\gh585h8.exe35⤵
- Executes dropped EXE
-
\??\c:\95hcs65.exec:\95hcs65.exe36⤵
- Executes dropped EXE
-
\??\c:\23hlg.exec:\23hlg.exe37⤵
- Executes dropped EXE
-
\??\c:\23bx63.exec:\23bx63.exe38⤵
- Executes dropped EXE
-
\??\c:\0gp080.exec:\0gp080.exe39⤵
- Executes dropped EXE
-
\??\c:\2s68d.exec:\2s68d.exe40⤵
- Executes dropped EXE
-
\??\c:\7d4l4.exec:\7d4l4.exe41⤵
- Executes dropped EXE
-
\??\c:\h5aq2.exec:\h5aq2.exe42⤵
- Executes dropped EXE
-
\??\c:\u814pi.exec:\u814pi.exe43⤵
- Executes dropped EXE
-
\??\c:\1koa3.exec:\1koa3.exe44⤵
- Executes dropped EXE
-
\??\c:\hf19595.exec:\hf19595.exe45⤵
- Executes dropped EXE
-
\??\c:\3sa02.exec:\3sa02.exe46⤵
- Executes dropped EXE
-
\??\c:\78q8q.exec:\78q8q.exe47⤵
- Executes dropped EXE
-
\??\c:\8gupu.exec:\8gupu.exe48⤵
- Executes dropped EXE
-
\??\c:\k0891.exec:\k0891.exe49⤵
- Executes dropped EXE
-
\??\c:\31m48n.exec:\31m48n.exe50⤵
- Executes dropped EXE
-
\??\c:\5inorg.exec:\5inorg.exe51⤵
- Executes dropped EXE
-
\??\c:\lpm95.exec:\lpm95.exe52⤵
- Executes dropped EXE
-
\??\c:\75w39.exec:\75w39.exe53⤵
- Executes dropped EXE
-
\??\c:\o8dki.exec:\o8dki.exe54⤵
- Executes dropped EXE
-
\??\c:\30903j.exec:\30903j.exe55⤵
- Executes dropped EXE
-
\??\c:\kq8qt.exec:\kq8qt.exe56⤵
- Executes dropped EXE
-
\??\c:\6k0iu8.exec:\6k0iu8.exe57⤵
- Executes dropped EXE
-
\??\c:\1m705.exec:\1m705.exe58⤵
- Executes dropped EXE
-
\??\c:\1e6vt80.exec:\1e6vt80.exe59⤵
- Executes dropped EXE
-
\??\c:\2qptbe.exec:\2qptbe.exe60⤵
- Executes dropped EXE
-
\??\c:\563iug.exec:\563iug.exe61⤵
- Executes dropped EXE
-
\??\c:\5cgku.exec:\5cgku.exe62⤵
- Executes dropped EXE
-
\??\c:\7h0o699.exec:\7h0o699.exe63⤵
- Executes dropped EXE
-
\??\c:\4d4uv4f.exec:\4d4uv4f.exe64⤵
- Executes dropped EXE
-
\??\c:\g31f5md.exec:\g31f5md.exe65⤵
- Executes dropped EXE
-
\??\c:\9jjqo3.exec:\9jjqo3.exe66⤵
-
\??\c:\i4u00.exec:\i4u00.exe67⤵
-
\??\c:\71qoa.exec:\71qoa.exe68⤵
-
\??\c:\9l5g9.exec:\9l5g9.exe69⤵
-
\??\c:\i4io3uu.exec:\i4io3uu.exe70⤵
-
\??\c:\vkwc3.exec:\vkwc3.exe71⤵
-
\??\c:\k5q09.exec:\k5q09.exe72⤵
-
\??\c:\dn0i3m.exec:\dn0i3m.exe73⤵
-
\??\c:\2e91m.exec:\2e91m.exe74⤵
-
\??\c:\spc5388.exec:\spc5388.exe75⤵
-
\??\c:\pd35nh1.exec:\pd35nh1.exe76⤵
-
\??\c:\02715.exec:\02715.exe77⤵
-
\??\c:\i1cm7e7.exec:\i1cm7e7.exe78⤵
-
\??\c:\86685.exec:\86685.exe79⤵
-
\??\c:\41ld2.exec:\41ld2.exe80⤵
-
\??\c:\75n3g4.exec:\75n3g4.exe81⤵
-
\??\c:\254mk.exec:\254mk.exe82⤵
-
\??\c:\3777f1.exec:\3777f1.exe83⤵
-
\??\c:\v4w00.exec:\v4w00.exe84⤵
-
\??\c:\u844c1.exec:\u844c1.exe85⤵
-
\??\c:\qu75jd.exec:\qu75jd.exe86⤵
-
\??\c:\t9x035.exec:\t9x035.exe87⤵
-
\??\c:\9o226.exec:\9o226.exe88⤵
-
\??\c:\qq9w7.exec:\qq9w7.exe89⤵
-
\??\c:\57t1v.exec:\57t1v.exe90⤵
-
\??\c:\i562h.exec:\i562h.exe91⤵
-
\??\c:\40r57uv.exec:\40r57uv.exe92⤵
-
\??\c:\n4f9w38.exec:\n4f9w38.exe93⤵
-
\??\c:\d9hhi.exec:\d9hhi.exe94⤵
-
\??\c:\2at155.exec:\2at155.exe95⤵
-
\??\c:\3u452.exec:\3u452.exe96⤵
-
\??\c:\5cu149.exec:\5cu149.exe97⤵
-
\??\c:\cswu2x5.exec:\cswu2x5.exe98⤵
-
\??\c:\8ne8id.exec:\8ne8id.exe99⤵
-
\??\c:\f99qi7.exec:\f99qi7.exe100⤵
-
\??\c:\1w02k.exec:\1w02k.exe101⤵
-
\??\c:\qss2e68.exec:\qss2e68.exe102⤵
-
\??\c:\03sa8.exec:\03sa8.exe103⤵
-
\??\c:\23x3gsa.exec:\23x3gsa.exe104⤵
-
\??\c:\6604626.exec:\6604626.exe105⤵
-
\??\c:\0fbo1.exec:\0fbo1.exe106⤵
-
\??\c:\j1m8p.exec:\j1m8p.exe107⤵
-
\??\c:\9j791v.exec:\9j791v.exe108⤵
-
\??\c:\j9mmh9.exec:\j9mmh9.exe109⤵
-
\??\c:\a7kki.exec:\a7kki.exe110⤵
-
\??\c:\41h5u80.exec:\41h5u80.exe111⤵
-
\??\c:\q00u0.exec:\q00u0.exe112⤵
-
\??\c:\7xos992.exec:\7xos992.exe113⤵
-
\??\c:\4a775.exec:\4a775.exe114⤵
-
\??\c:\92brgq1.exec:\92brgq1.exe115⤵
-
\??\c:\g29580k.exec:\g29580k.exe116⤵
-
\??\c:\668u1.exec:\668u1.exe117⤵
-
\??\c:\96huu.exec:\96huu.exe118⤵
-
\??\c:\kju566r.exec:\kju566r.exe119⤵
-
\??\c:\2w5nm8.exec:\2w5nm8.exe120⤵
-
\??\c:\o767tg.exec:\o767tg.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-