Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12/05/2024, 10:04
General
-
Target
8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe
-
Size
278KB
-
MD5
8331c9081a64a1bf2eb8e8187682d670
-
SHA1
30c08c1f26bfcb7e1cddccd95d9d312670ccd534
-
SHA256
47bfa7e4b3a593cb80ac33d3f1e20cde3eba66736193864f79a61ed719ee7a61
-
SHA512
e70afbb25cd8ac0851cbe9b22a15ecef5992d1dce30758375742ef97f954afd35a6d433f8930fc5eee87634370324ceed12ea7a49e998d9a375c8c5cb755e743
-
SSDEEP
6144:7cm4FmowdHoSoXSBcm4Vcm4FmowdHoSphra+cm4FMhraHcpOaKHpl:B4wFHoSoXW434wFHoS3eg4aeFaKHpl
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 62 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8331c9081a64a1bf2eb8e8187682d670_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\lx93f9.exec:\lx93f9.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7i11s.exec:\7i11s.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p318dvb.exec:\p318dvb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6xgv292.exec:\6xgv292.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\deblgw.exec:\deblgw.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1t1n1.exec:\1t1n1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07pjm.exec:\07pjm.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k5nht.exec:\k5nht.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\44f00x.exec:\44f00x.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m26r9jk.exec:\m26r9jk.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\94xx585.exec:\94xx585.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x27phx.exec:\x27phx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22eid7.exec:\22eid7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrs0tu.exec:\lrs0tu.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ht3s5u.exec:\ht3s5u.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l646cbb.exec:\l646cbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mmmllp.exec:\mmmllp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\257vt.exec:\257vt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kn7nb.exec:\kn7nb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vsq9s.exec:\vsq9s.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0d3vj.exec:\0d3vj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e8htfr.exec:\e8htfr.exe23⤵
- Executes dropped EXE
-
\??\c:\5dgk14f.exec:\5dgk14f.exe24⤵
- Executes dropped EXE
-
\??\c:\v91q4.exec:\v91q4.exe25⤵
- Executes dropped EXE
-
\??\c:\flti982.exec:\flti982.exe26⤵
- Executes dropped EXE
-
\??\c:\ow7421.exec:\ow7421.exe27⤵
- Executes dropped EXE
-
\??\c:\urg4qf.exec:\urg4qf.exe28⤵
- Executes dropped EXE
-
\??\c:\vg57m.exec:\vg57m.exe29⤵
- Executes dropped EXE
-
\??\c:\l5fvvk.exec:\l5fvvk.exe30⤵
- Executes dropped EXE
-
\??\c:\1583l.exec:\1583l.exe31⤵
- Executes dropped EXE
-
\??\c:\wvn76ah.exec:\wvn76ah.exe32⤵
- Executes dropped EXE
-
\??\c:\075b415.exec:\075b415.exe33⤵
- Executes dropped EXE
-
\??\c:\p00rj5.exec:\p00rj5.exe34⤵
- Executes dropped EXE
-
\??\c:\x1obiu.exec:\x1obiu.exe35⤵
- Executes dropped EXE
-
\??\c:\31u88.exec:\31u88.exe36⤵
- Executes dropped EXE
-
\??\c:\r1rfv.exec:\r1rfv.exe37⤵
- Executes dropped EXE
-
\??\c:\50phk18.exec:\50phk18.exe38⤵
- Executes dropped EXE
-
\??\c:\m4l2wud.exec:\m4l2wud.exe39⤵
- Executes dropped EXE
-
\??\c:\5vdse32.exec:\5vdse32.exe40⤵
- Executes dropped EXE
-
\??\c:\5wu8l.exec:\5wu8l.exe41⤵
- Executes dropped EXE
-
\??\c:\1cd7a0.exec:\1cd7a0.exe42⤵
- Executes dropped EXE
-
\??\c:\9v9hx.exec:\9v9hx.exe43⤵
- Executes dropped EXE
-
\??\c:\3lei2.exec:\3lei2.exe44⤵
- Executes dropped EXE
-
\??\c:\g75xx.exec:\g75xx.exe45⤵
- Executes dropped EXE
-
\??\c:\w37tk7.exec:\w37tk7.exe46⤵
- Executes dropped EXE
-
\??\c:\rl3we.exec:\rl3we.exe47⤵
- Executes dropped EXE
-
\??\c:\bfc6u.exec:\bfc6u.exe48⤵
- Executes dropped EXE
-
\??\c:\ssv5233.exec:\ssv5233.exe49⤵
- Executes dropped EXE
-
\??\c:\oapw422.exec:\oapw422.exe50⤵
- Executes dropped EXE
-
\??\c:\7u56a.exec:\7u56a.exe51⤵
- Executes dropped EXE
-
\??\c:\d58f22.exec:\d58f22.exe52⤵
- Executes dropped EXE
-
\??\c:\13jqu.exec:\13jqu.exe53⤵
- Executes dropped EXE
-
\??\c:\57jaqfj.exec:\57jaqfj.exe54⤵
- Executes dropped EXE
-
\??\c:\080jlb8.exec:\080jlb8.exe55⤵
- Executes dropped EXE
-
\??\c:\l240p8.exec:\l240p8.exe56⤵
- Executes dropped EXE
-
\??\c:\ap3m684.exec:\ap3m684.exe57⤵
- Executes dropped EXE
-
\??\c:\q189tf.exec:\q189tf.exe58⤵
- Executes dropped EXE
-
\??\c:\d5j85.exec:\d5j85.exe59⤵
- Executes dropped EXE
-
\??\c:\hc26d44.exec:\hc26d44.exe60⤵
- Executes dropped EXE
-
\??\c:\h8n59o.exec:\h8n59o.exe61⤵
- Executes dropped EXE
-
\??\c:\5hhelv.exec:\5hhelv.exe62⤵
- Executes dropped EXE
-
\??\c:\v095pv2.exec:\v095pv2.exe63⤵
- Executes dropped EXE
-
\??\c:\cgjj63.exec:\cgjj63.exe64⤵
- Executes dropped EXE
-
\??\c:\p18oq1.exec:\p18oq1.exe65⤵
- Executes dropped EXE
-
\??\c:\76lvkix.exec:\76lvkix.exe66⤵
-
\??\c:\0rl81.exec:\0rl81.exe67⤵
-
\??\c:\g5ww5.exec:\g5ww5.exe68⤵
-
\??\c:\8loa6vp.exec:\8loa6vp.exe69⤵
-
\??\c:\w2um9j.exec:\w2um9j.exe70⤵
-
\??\c:\m96n7.exec:\m96n7.exe71⤵
-
\??\c:\t67522x.exec:\t67522x.exe72⤵
-
\??\c:\6c31p7.exec:\6c31p7.exe73⤵
-
\??\c:\92259a.exec:\92259a.exe74⤵
-
\??\c:\v5r7h.exec:\v5r7h.exe75⤵
-
\??\c:\6p66x49.exec:\6p66x49.exe76⤵
-
\??\c:\6e759r4.exec:\6e759r4.exe77⤵
-
\??\c:\qw1c8o.exec:\qw1c8o.exe78⤵
-
\??\c:\ifp31.exec:\ifp31.exe79⤵
-
\??\c:\1ux9vs.exec:\1ux9vs.exe80⤵
-
\??\c:\7o152.exec:\7o152.exe81⤵
-
\??\c:\ttiun5.exec:\ttiun5.exe82⤵
-
\??\c:\k7vq7.exec:\k7vq7.exe83⤵
-
\??\c:\x5j956.exec:\x5j956.exe84⤵
-
\??\c:\4un624.exec:\4un624.exe85⤵
-
\??\c:\6957bn.exec:\6957bn.exe86⤵
-
\??\c:\0tu5k.exec:\0tu5k.exe87⤵
-
\??\c:\0sgqc.exec:\0sgqc.exe88⤵
-
\??\c:\n2h3um.exec:\n2h3um.exe89⤵
-
\??\c:\454fi9.exec:\454fi9.exe90⤵
-
\??\c:\s175s49.exec:\s175s49.exe91⤵
-
\??\c:\korsw.exec:\korsw.exe92⤵
-
\??\c:\qn7128w.exec:\qn7128w.exe93⤵
-
\??\c:\h5wc7.exec:\h5wc7.exe94⤵
-
\??\c:\51251.exec:\51251.exe95⤵
-
\??\c:\47fi00m.exec:\47fi00m.exe96⤵
-
\??\c:\25t617i.exec:\25t617i.exe97⤵
-
\??\c:\2k81s95.exec:\2k81s95.exe98⤵
-
\??\c:\mfa79.exec:\mfa79.exe99⤵
-
\??\c:\ja8e005.exec:\ja8e005.exe100⤵
-
\??\c:\qr161.exec:\qr161.exe101⤵
-
\??\c:\c3mc3gj.exec:\c3mc3gj.exe102⤵
-
\??\c:\519iui.exec:\519iui.exe103⤵
-
\??\c:\1797t.exec:\1797t.exe104⤵
-
\??\c:\5cf3g1.exec:\5cf3g1.exe105⤵
-
\??\c:\4s3vjx.exec:\4s3vjx.exe106⤵
-
\??\c:\f9g5tn.exec:\f9g5tn.exe107⤵
-
\??\c:\45jb3.exec:\45jb3.exe108⤵
-
\??\c:\qcxa1.exec:\qcxa1.exe109⤵
-
\??\c:\90v3o1.exec:\90v3o1.exe110⤵
-
\??\c:\3if55x5.exec:\3if55x5.exe111⤵
-
\??\c:\takk4.exec:\takk4.exe112⤵
-
\??\c:\hn8p1.exec:\hn8p1.exe113⤵
-
\??\c:\vgsk56.exec:\vgsk56.exe114⤵
-
\??\c:\21e1q59.exec:\21e1q59.exe115⤵
-
\??\c:\5jt1vni.exec:\5jt1vni.exe116⤵
-
\??\c:\b29qld4.exec:\b29qld4.exe117⤵
-
\??\c:\ixgh951.exec:\ixgh951.exe118⤵
-
\??\c:\0sx49.exec:\0sx49.exe119⤵
-
\??\c:\03gpm9.exec:\03gpm9.exe120⤵
-
\??\c:\f217g.exec:\f217g.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-