Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13-05-2024 19:55
General
-
Target
0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe
-
Size
232KB
-
MD5
0c85ea076dcc9296f4fa953ba6674e50
-
SHA1
f260eeee25c8ee1ba8824bea39aa5e934ba96f4d
-
SHA256
73520ba9871e7eb4d409d7e98a28019a12ff12b2a38b08f5608de875c040e5cc
-
SHA512
d593f587be0ef23d7e1a7477a427f1d8bbe75420b61c56cc59280d0a8c5018eac398a6d7f0de0e0136dabadce04fa60e078ba2640fa24a7bae5f41134f1e211c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+4:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+4
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 27 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c85ea076dcc9296f4fa953ba6674e50_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\895o7.exec:\895o7.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rosbf5.exec:\rosbf5.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\961urc.exec:\961urc.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l0682l0.exec:\l0682l0.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w7he19u.exec:\w7he19u.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjm278x.exec:\fjm278x.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3k60rx2.exec:\3k60rx2.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6em2s.exec:\6em2s.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\veiaa.exec:\veiaa.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7k5786s.exec:\7k5786s.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j246r.exec:\j246r.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7gp84b4.exec:\7gp84b4.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\32ppe93.exec:\32ppe93.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v27usw.exec:\v27usw.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xx24e0.exec:\xx24e0.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\22ou5.exec:\22ou5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15339.exec:\15339.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fnsnxd.exec:\fnsnxd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1993x.exec:\1993x.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\79oj7w.exec:\79oj7w.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ax282.exec:\ax282.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a28u753.exec:\a28u753.exe23⤵
- Executes dropped EXE
-
\??\c:\8505l4.exec:\8505l4.exe24⤵
- Executes dropped EXE
-
\??\c:\603p17.exec:\603p17.exe25⤵
- Executes dropped EXE
-
\??\c:\r50pgfj.exec:\r50pgfj.exe26⤵
- Executes dropped EXE
-
\??\c:\8p207.exec:\8p207.exe27⤵
- Executes dropped EXE
-
\??\c:\b4u0b.exec:\b4u0b.exe28⤵
- Executes dropped EXE
-
\??\c:\6f058b.exec:\6f058b.exe29⤵
- Executes dropped EXE
-
\??\c:\m1l8e34.exec:\m1l8e34.exe30⤵
- Executes dropped EXE
-
\??\c:\m3of0.exec:\m3of0.exe31⤵
- Executes dropped EXE
-
\??\c:\7g1wecg.exec:\7g1wecg.exe32⤵
- Executes dropped EXE
-
\??\c:\70b105.exec:\70b105.exe33⤵
- Executes dropped EXE
-
\??\c:\895mm7.exec:\895mm7.exe34⤵
- Executes dropped EXE
-
\??\c:\r69fl.exec:\r69fl.exe35⤵
- Executes dropped EXE
-
\??\c:\kv61a3.exec:\kv61a3.exe36⤵
- Executes dropped EXE
-
\??\c:\7133b4w.exec:\7133b4w.exe37⤵
- Executes dropped EXE
-
\??\c:\vkw1c.exec:\vkw1c.exe38⤵
- Executes dropped EXE
-
\??\c:\76gwc.exec:\76gwc.exe39⤵
- Executes dropped EXE
-
\??\c:\81i26.exec:\81i26.exe40⤵
- Executes dropped EXE
-
\??\c:\3d31043.exec:\3d31043.exe41⤵
- Executes dropped EXE
-
\??\c:\qurg4n2.exec:\qurg4n2.exe42⤵
- Executes dropped EXE
-
\??\c:\033382n.exec:\033382n.exe43⤵
- Executes dropped EXE
-
\??\c:\smad2f8.exec:\smad2f8.exe44⤵
- Executes dropped EXE
-
\??\c:\f4o06o2.exec:\f4o06o2.exe45⤵
- Executes dropped EXE
-
\??\c:\3eomo.exec:\3eomo.exe46⤵
- Executes dropped EXE
-
\??\c:\8p1o1f.exec:\8p1o1f.exe47⤵
- Executes dropped EXE
-
\??\c:\v615q91.exec:\v615q91.exe48⤵
- Executes dropped EXE
-
\??\c:\0l3wu61.exec:\0l3wu61.exe49⤵
- Executes dropped EXE
-
\??\c:\6am7p.exec:\6am7p.exe50⤵
- Executes dropped EXE
-
\??\c:\fd3l1k.exec:\fd3l1k.exe51⤵
- Executes dropped EXE
-
\??\c:\j83hu4.exec:\j83hu4.exe52⤵
- Executes dropped EXE
-
\??\c:\rs7nx7.exec:\rs7nx7.exe53⤵
- Executes dropped EXE
-
\??\c:\io59c62.exec:\io59c62.exe54⤵
- Executes dropped EXE
-
\??\c:\7j01i5u.exec:\7j01i5u.exe55⤵
- Executes dropped EXE
-
\??\c:\ppje759.exec:\ppje759.exe56⤵
- Executes dropped EXE
-
\??\c:\86gak.exec:\86gak.exe57⤵
- Executes dropped EXE
-
\??\c:\i731g6h.exec:\i731g6h.exe58⤵
- Executes dropped EXE
-
\??\c:\lhw7e3u.exec:\lhw7e3u.exe59⤵
- Executes dropped EXE
-
\??\c:\95u94.exec:\95u94.exe60⤵
- Executes dropped EXE
-
\??\c:\kt6578.exec:\kt6578.exe61⤵
- Executes dropped EXE
-
\??\c:\5l0i372.exec:\5l0i372.exe62⤵
- Executes dropped EXE
-
\??\c:\7jqx446.exec:\7jqx446.exe63⤵
- Executes dropped EXE
-
\??\c:\6w8ojv.exec:\6w8ojv.exe64⤵
- Executes dropped EXE
-
\??\c:\c0d422i.exec:\c0d422i.exe65⤵
- Executes dropped EXE
-
\??\c:\mj51w5.exec:\mj51w5.exe66⤵
-
\??\c:\5m26aa7.exec:\5m26aa7.exe67⤵
-
\??\c:\b7633.exec:\b7633.exe68⤵
-
\??\c:\p5ixg.exec:\p5ixg.exe69⤵
-
\??\c:\ac3i5.exec:\ac3i5.exe70⤵
-
\??\c:\bfvnl.exec:\bfvnl.exe71⤵
-
\??\c:\9l7ma9.exec:\9l7ma9.exe72⤵
-
\??\c:\q80p5d7.exec:\q80p5d7.exe73⤵
-
\??\c:\05t97r.exec:\05t97r.exe74⤵
-
\??\c:\4lj379q.exec:\4lj379q.exe75⤵
-
\??\c:\s89836.exec:\s89836.exe76⤵
-
\??\c:\82302o6.exec:\82302o6.exe77⤵
-
\??\c:\j24860.exec:\j24860.exe78⤵
-
\??\c:\37ur2.exec:\37ur2.exe79⤵
-
\??\c:\e8uf6ph.exec:\e8uf6ph.exe80⤵
-
\??\c:\09618.exec:\09618.exe81⤵
-
\??\c:\4uf038.exec:\4uf038.exe82⤵
-
\??\c:\981ew.exec:\981ew.exe83⤵
-
\??\c:\xmbc1.exec:\xmbc1.exe84⤵
-
\??\c:\lom95.exec:\lom95.exe85⤵
-
\??\c:\id7h5s.exec:\id7h5s.exe86⤵
-
\??\c:\36k31.exec:\36k31.exe87⤵
-
\??\c:\3noaq.exec:\3noaq.exe88⤵
-
\??\c:\i22hwo.exec:\i22hwo.exe89⤵
-
\??\c:\83rd1.exec:\83rd1.exe90⤵
-
\??\c:\oow936g.exec:\oow936g.exe91⤵
-
\??\c:\45j6n.exec:\45j6n.exe92⤵
-
\??\c:\jjq92.exec:\jjq92.exe93⤵
-
\??\c:\066u793.exec:\066u793.exe94⤵
-
\??\c:\52pf73b.exec:\52pf73b.exe95⤵
-
\??\c:\1601m.exec:\1601m.exe96⤵
-
\??\c:\71q37or.exec:\71q37or.exe97⤵
-
\??\c:\40kk19c.exec:\40kk19c.exe98⤵
-
\??\c:\658pe47.exec:\658pe47.exe99⤵
-
\??\c:\l757asp.exec:\l757asp.exe100⤵
-
\??\c:\qh60t.exec:\qh60t.exe101⤵
-
\??\c:\0i5h79.exec:\0i5h79.exe102⤵
-
\??\c:\x66lm3.exec:\x66lm3.exe103⤵
-
\??\c:\ul583.exec:\ul583.exe104⤵
-
\??\c:\u13k9q.exec:\u13k9q.exe105⤵
-
\??\c:\3g5s4gt.exec:\3g5s4gt.exe106⤵
-
\??\c:\37jt99.exec:\37jt99.exe107⤵
-
\??\c:\95ncm.exec:\95ncm.exe108⤵
-
\??\c:\277155k.exec:\277155k.exe109⤵
-
\??\c:\8k8w1o.exec:\8k8w1o.exe110⤵
-
\??\c:\s9jd37.exec:\s9jd37.exe111⤵
-
\??\c:\813be.exec:\813be.exe112⤵
-
\??\c:\w72kkh.exec:\w72kkh.exe113⤵
-
\??\c:\6464i.exec:\6464i.exe114⤵
-
\??\c:\7q316.exec:\7q316.exe115⤵
-
\??\c:\9d4q8.exec:\9d4q8.exe116⤵
-
\??\c:\agvqr1.exec:\agvqr1.exe117⤵
-
\??\c:\bh1757.exec:\bh1757.exe118⤵
-
\??\c:\0k7t7.exec:\0k7t7.exe119⤵
-
\??\c:\8m89r0.exec:\8m89r0.exe120⤵
-
\??\c:\rgiq75f.exec:\rgiq75f.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-