Analysis
-
max time kernel
161s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
12/05/2024, 18:58
General
-
Target
434fb356b44099233f93bad587424d90_NeikiAnalytics.exe
-
Size
114KB
-
MD5
434fb356b44099233f93bad587424d90
-
SHA1
cd1c644873299f56590d456c1e96e61a692b2be8
-
SHA256
66d80073c3288cea285f33a2cec63f31442d6561e6202d049779e487c1e90364
-
SHA512
544d841bf7f6a684a5d61d79f127dec3fc0d1c5656285be00493b2bd44a3051461a8b418f3515e4ca7a7d0b3df3e845f056b7cab601e12324c6155dcb99e54e0
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73oYUCD7R2F2UVbyy0NN:ymb3NkkiQ3mdBjFo73HUoMsAbrK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 30 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\434fb356b44099233f93bad587424d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\434fb356b44099233f93bad587424d90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\sx02i6w.exec:\sx02i6w.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hc5vw.exec:\hc5vw.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2414l.exec:\2414l.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0v6n23n.exec:\0v6n23n.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\64kc3.exec:\64kc3.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\176xt.exec:\176xt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\utf8r7.exec:\utf8r7.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8qb9li.exec:\8qb9li.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\641d4th.exec:\641d4th.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b94qwnp.exec:\b94qwnp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f3q9700.exec:\f3q9700.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s13bg.exec:\s13bg.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qi95sm.exec:\qi95sm.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7n5hco.exec:\7n5hco.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3g69w43.exec:\3g69w43.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\61t39c.exec:\61t39c.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u06f0.exec:\u06f0.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5da1h.exec:\5da1h.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4286484.exec:\4286484.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a4fla.exec:\a4fla.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5xi34.exec:\5xi34.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3s7we1.exec:\3s7we1.exe23⤵
- Executes dropped EXE
-
\??\c:\s1p25.exec:\s1p25.exe24⤵
- Executes dropped EXE
-
\??\c:\19fr85x.exec:\19fr85x.exe25⤵
- Executes dropped EXE
-
\??\c:\m9g284.exec:\m9g284.exe26⤵
- Executes dropped EXE
-
\??\c:\63shf.exec:\63shf.exe27⤵
- Executes dropped EXE
-
\??\c:\9gq5u1.exec:\9gq5u1.exe28⤵
- Executes dropped EXE
-
\??\c:\vnn73l.exec:\vnn73l.exe29⤵
- Executes dropped EXE
-
\??\c:\k19581x.exec:\k19581x.exe30⤵
- Executes dropped EXE
-
\??\c:\e0891xg.exec:\e0891xg.exe31⤵
- Executes dropped EXE
-
\??\c:\5fm24w7.exec:\5fm24w7.exe32⤵
- Executes dropped EXE
-
\??\c:\507w1f.exec:\507w1f.exe33⤵
- Executes dropped EXE
-
\??\c:\vt5ee04.exec:\vt5ee04.exe34⤵
- Executes dropped EXE
-
\??\c:\xp72e.exec:\xp72e.exe35⤵
- Executes dropped EXE
-
\??\c:\3agek.exec:\3agek.exe36⤵
- Executes dropped EXE
-
\??\c:\3u7m0.exec:\3u7m0.exe37⤵
- Executes dropped EXE
-
\??\c:\5no7125.exec:\5no7125.exe38⤵
- Executes dropped EXE
-
\??\c:\d35rw.exec:\d35rw.exe39⤵
- Executes dropped EXE
-
\??\c:\3o96h.exec:\3o96h.exe40⤵
- Executes dropped EXE
-
\??\c:\1ucsu56.exec:\1ucsu56.exe41⤵
- Executes dropped EXE
-
\??\c:\r67l4g.exec:\r67l4g.exe42⤵
- Executes dropped EXE
-
\??\c:\q34gf45.exec:\q34gf45.exe43⤵
- Executes dropped EXE
-
\??\c:\3n6cu.exec:\3n6cu.exe44⤵
- Executes dropped EXE
-
\??\c:\uc1r89.exec:\uc1r89.exe45⤵
- Executes dropped EXE
-
\??\c:\n7j45k.exec:\n7j45k.exe46⤵
- Executes dropped EXE
-
\??\c:\dnshf3.exec:\dnshf3.exe47⤵
- Executes dropped EXE
-
\??\c:\b668n.exec:\b668n.exe48⤵
- Executes dropped EXE
-
\??\c:\am90da.exec:\am90da.exe49⤵
- Executes dropped EXE
-
\??\c:\90vaklm.exec:\90vaklm.exe50⤵
- Executes dropped EXE
-
\??\c:\65x3a.exec:\65x3a.exe51⤵
- Executes dropped EXE
-
\??\c:\n7c3mg.exec:\n7c3mg.exe52⤵
- Executes dropped EXE
-
\??\c:\fw853ql.exec:\fw853ql.exe53⤵
- Executes dropped EXE
-
\??\c:\ckx5jcg.exec:\ckx5jcg.exe54⤵
- Executes dropped EXE
-
\??\c:\24166h.exec:\24166h.exe55⤵
- Executes dropped EXE
-
\??\c:\4co2n1.exec:\4co2n1.exe56⤵
- Executes dropped EXE
-
\??\c:\45hf53.exec:\45hf53.exe57⤵
- Executes dropped EXE
-
\??\c:\760lv.exec:\760lv.exe58⤵
- Executes dropped EXE
-
\??\c:\17x36gs.exec:\17x36gs.exe59⤵
- Executes dropped EXE
-
\??\c:\6ae1o3.exec:\6ae1o3.exe60⤵
- Executes dropped EXE
-
\??\c:\6253n.exec:\6253n.exe61⤵
- Executes dropped EXE
-
\??\c:\0aws86.exec:\0aws86.exe62⤵
- Executes dropped EXE
-
\??\c:\a8s1obg.exec:\a8s1obg.exe63⤵
- Executes dropped EXE
-
\??\c:\48m0e5.exec:\48m0e5.exe64⤵
- Executes dropped EXE
-
\??\c:\4lolcrx.exec:\4lolcrx.exe65⤵
- Executes dropped EXE
-
\??\c:\fpav5.exec:\fpav5.exe66⤵
-
\??\c:\0dgpwk.exec:\0dgpwk.exe67⤵
-
\??\c:\888m8.exec:\888m8.exe68⤵
-
\??\c:\a47kx.exec:\a47kx.exe69⤵
-
\??\c:\0x5i96.exec:\0x5i96.exe70⤵
-
\??\c:\03hvq.exec:\03hvq.exe71⤵
-
\??\c:\7dpsw.exec:\7dpsw.exe72⤵
-
\??\c:\hrr70k.exec:\hrr70k.exe73⤵
-
\??\c:\u3oa8m2.exec:\u3oa8m2.exe74⤵
-
\??\c:\80h38.exec:\80h38.exe75⤵
-
\??\c:\342tq9.exec:\342tq9.exe76⤵
-
\??\c:\rxgcj.exec:\rxgcj.exe77⤵
-
\??\c:\634a5tf.exec:\634a5tf.exe78⤵
-
\??\c:\l93q5.exec:\l93q5.exe79⤵
-
\??\c:\dvhivvb.exec:\dvhivvb.exe80⤵
-
\??\c:\h3351mg.exec:\h3351mg.exe81⤵
-
\??\c:\3867s7v.exec:\3867s7v.exe82⤵
-
\??\c:\2tw01o.exec:\2tw01o.exe83⤵
-
\??\c:\m4c8k.exec:\m4c8k.exe84⤵
-
\??\c:\qimw1.exec:\qimw1.exe85⤵
-
\??\c:\0mo24.exec:\0mo24.exe86⤵
-
\??\c:\lo972.exec:\lo972.exe87⤵
-
\??\c:\0kcs4f8.exec:\0kcs4f8.exe88⤵
-
\??\c:\9cj7a7.exec:\9cj7a7.exe89⤵
-
\??\c:\7svg20v.exec:\7svg20v.exe90⤵
-
\??\c:\111crd4.exec:\111crd4.exe91⤵
-
\??\c:\8iii02g.exec:\8iii02g.exe92⤵
-
\??\c:\350ssq8.exec:\350ssq8.exe93⤵
-
\??\c:\0rfa3w.exec:\0rfa3w.exe94⤵
-
\??\c:\gacc9.exec:\gacc9.exe95⤵
-
\??\c:\0ssw17f.exec:\0ssw17f.exe96⤵
-
\??\c:\x3to27.exec:\x3to27.exe97⤵
-
\??\c:\1tob6j.exec:\1tob6j.exe98⤵
-
\??\c:\xs8v92f.exec:\xs8v92f.exe99⤵
-
\??\c:\1bwx9x6.exec:\1bwx9x6.exe100⤵
-
\??\c:\hkg71k2.exec:\hkg71k2.exe101⤵
-
\??\c:\secm2q3.exec:\secm2q3.exe102⤵
-
\??\c:\103ie.exec:\103ie.exe103⤵
-
\??\c:\o3g18.exec:\o3g18.exe104⤵
-
\??\c:\r8keux.exec:\r8keux.exe105⤵
-
\??\c:\79i9e7x.exec:\79i9e7x.exe106⤵
-
\??\c:\kw1l75.exec:\kw1l75.exe107⤵
-
\??\c:\s574a.exec:\s574a.exe108⤵
-
\??\c:\90c7kq6.exec:\90c7kq6.exe109⤵
-
\??\c:\84h75e.exec:\84h75e.exe110⤵
-
\??\c:\695q1.exec:\695q1.exe111⤵
-
\??\c:\0j19e.exec:\0j19e.exe112⤵
-
\??\c:\b106878.exec:\b106878.exe113⤵
-
\??\c:\8n15g.exec:\8n15g.exe114⤵
-
\??\c:\7tu7m.exec:\7tu7m.exe115⤵
-
\??\c:\13mg433.exec:\13mg433.exe116⤵
-
\??\c:\b7j90.exec:\b7j90.exe117⤵
-
\??\c:\of950.exec:\of950.exe118⤵
-
\??\c:\ud6s8s0.exec:\ud6s8s0.exe119⤵
-
\??\c:\159kq9.exec:\159kq9.exe120⤵
-
\??\c:\4p4kb.exec:\4p4kb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-