Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14-05-2024 06:22
General
-
Target
92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe
-
Size
61KB
-
MD5
92a7813d62b1b883fb69e15e3619fe40
-
SHA1
61b081f9184888585ca6d2c458e1112ce4d0a6da
-
SHA256
dd529a92b52bc5717e6ea2dbdc41631c8d676555a4ef5bb95b6a626d3e7f1233
-
SHA512
cb4463b2cfeb2eb1386c21be95913167de3bc9181321d69a4768fb1fac4e4e7a77088d7ac24cc1e1553baa0f15742964a84718f404692c3c8286969bc9bbd412
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDII9ZvHKEG:ymb3NkkiQ3mdBjFII9ZvHKEG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\92a7813d62b1b883fb69e15e3619fe40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\coxwjd.exec:\coxwjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ce062e.exec:\ce062e.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e6urmmh.exec:\e6urmmh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j5ds29.exec:\j5ds29.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2g1c71.exec:\2g1c71.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g5ixoa1.exec:\g5ixoa1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d5qtf43.exec:\d5qtf43.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\upk1a.exec:\upk1a.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r99bk.exec:\r99bk.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n3o3lk.exec:\n3o3lk.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mtf7s.exec:\mtf7s.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qvf19m.exec:\qvf19m.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\77i05l.exec:\77i05l.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7a5e14x.exec:\7a5e14x.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q8av23u.exec:\q8av23u.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lp31gbu.exec:\lp31gbu.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4i493.exec:\4i493.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\twx0tii.exec:\twx0tii.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xpd1u4.exec:\xpd1u4.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15a33.exec:\15a33.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m5e5f.exec:\m5e5f.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e9uus20.exec:\e9uus20.exe23⤵
- Executes dropped EXE
-
\??\c:\386kc.exec:\386kc.exe24⤵
- Executes dropped EXE
-
\??\c:\8mv75k.exec:\8mv75k.exe25⤵
- Executes dropped EXE
-
\??\c:\o239w1.exec:\o239w1.exe26⤵
- Executes dropped EXE
-
\??\c:\79laoa.exec:\79laoa.exe27⤵
- Executes dropped EXE
-
\??\c:\p10tp0u.exec:\p10tp0u.exe28⤵
- Executes dropped EXE
-
\??\c:\91a1999.exec:\91a1999.exe29⤵
- Executes dropped EXE
-
\??\c:\1whc757.exec:\1whc757.exe30⤵
- Executes dropped EXE
-
\??\c:\w92926l.exec:\w92926l.exe31⤵
- Executes dropped EXE
-
\??\c:\225v9.exec:\225v9.exe32⤵
- Executes dropped EXE
-
\??\c:\7x7u9ru.exec:\7x7u9ru.exe33⤵
- Executes dropped EXE
-
\??\c:\i8i91.exec:\i8i91.exe34⤵
- Executes dropped EXE
-
\??\c:\01s2tg.exec:\01s2tg.exe35⤵
- Executes dropped EXE
-
\??\c:\l15mwi.exec:\l15mwi.exe36⤵
- Executes dropped EXE
-
\??\c:\nui1ca.exec:\nui1ca.exe37⤵
- Executes dropped EXE
-
\??\c:\c9kf6.exec:\c9kf6.exe38⤵
- Executes dropped EXE
-
\??\c:\119x5.exec:\119x5.exe39⤵
- Executes dropped EXE
-
\??\c:\u69hn2.exec:\u69hn2.exe40⤵
- Executes dropped EXE
-
\??\c:\7qo5k.exec:\7qo5k.exe41⤵
- Executes dropped EXE
-
\??\c:\8511o1g.exec:\8511o1g.exe42⤵
- Executes dropped EXE
-
\??\c:\7ku18.exec:\7ku18.exe43⤵
- Executes dropped EXE
-
\??\c:\7loi7.exec:\7loi7.exe44⤵
- Executes dropped EXE
-
\??\c:\77b3c.exec:\77b3c.exe45⤵
- Executes dropped EXE
-
\??\c:\muudm.exec:\muudm.exe46⤵
- Executes dropped EXE
-
\??\c:\9ir7gm.exec:\9ir7gm.exe47⤵
- Executes dropped EXE
-
\??\c:\8d5m6h6.exec:\8d5m6h6.exe48⤵
- Executes dropped EXE
-
\??\c:\312qi.exec:\312qi.exe49⤵
- Executes dropped EXE
-
\??\c:\olu1ild.exec:\olu1ild.exe50⤵
- Executes dropped EXE
-
\??\c:\0w713e.exec:\0w713e.exe51⤵
- Executes dropped EXE
-
\??\c:\jgteux.exec:\jgteux.exe52⤵
- Executes dropped EXE
-
\??\c:\l5dru.exec:\l5dru.exe53⤵
- Executes dropped EXE
-
\??\c:\a0il7.exec:\a0il7.exe54⤵
- Executes dropped EXE
-
\??\c:\554b2.exec:\554b2.exe55⤵
- Executes dropped EXE
-
\??\c:\g74w45g.exec:\g74w45g.exe56⤵
- Executes dropped EXE
-
\??\c:\q04c1.exec:\q04c1.exe57⤵
- Executes dropped EXE
-
\??\c:\tio9o8.exec:\tio9o8.exe58⤵
- Executes dropped EXE
-
\??\c:\k9peo.exec:\k9peo.exe59⤵
- Executes dropped EXE
-
\??\c:\rp3t7n.exec:\rp3t7n.exe60⤵
- Executes dropped EXE
-
\??\c:\b16kwom.exec:\b16kwom.exe61⤵
- Executes dropped EXE
-
\??\c:\1039u5k.exec:\1039u5k.exe62⤵
- Executes dropped EXE
-
\??\c:\lgc96mn.exec:\lgc96mn.exe63⤵
- Executes dropped EXE
-
\??\c:\jk46a88.exec:\jk46a88.exe64⤵
- Executes dropped EXE
-
\??\c:\1ssbcs.exec:\1ssbcs.exe65⤵
- Executes dropped EXE
-
\??\c:\39wu3.exec:\39wu3.exe66⤵
-
\??\c:\x3s8n.exec:\x3s8n.exe67⤵
-
\??\c:\osvdj6.exec:\osvdj6.exe68⤵
-
\??\c:\pg5eka.exec:\pg5eka.exe69⤵
-
\??\c:\1h35o49.exec:\1h35o49.exe70⤵
-
\??\c:\4941j.exec:\4941j.exe71⤵
-
\??\c:\76fxs.exec:\76fxs.exe72⤵
-
\??\c:\gw9k69c.exec:\gw9k69c.exe73⤵
-
\??\c:\k15oi.exec:\k15oi.exe74⤵
-
\??\c:\wwc89w0.exec:\wwc89w0.exe75⤵
-
\??\c:\0p9e5ou.exec:\0p9e5ou.exe76⤵
-
\??\c:\0li735.exec:\0li735.exe77⤵
-
\??\c:\o7409.exec:\o7409.exe78⤵
-
\??\c:\xp4mam.exec:\xp4mam.exe79⤵
-
\??\c:\169jn5.exec:\169jn5.exe80⤵
-
\??\c:\295o3gj.exec:\295o3gj.exe81⤵
-
\??\c:\b1w3o0.exec:\b1w3o0.exe82⤵
-
\??\c:\r3sg9k7.exec:\r3sg9k7.exe83⤵
-
\??\c:\7bjj201.exec:\7bjj201.exe84⤵
-
\??\c:\kc8jhk5.exec:\kc8jhk5.exe85⤵
-
\??\c:\8t6h5.exec:\8t6h5.exe86⤵
-
\??\c:\b313mm.exec:\b313mm.exe87⤵
-
\??\c:\k5xc14.exec:\k5xc14.exe88⤵
-
\??\c:\lek60t.exec:\lek60t.exe89⤵
-
\??\c:\aqe0cst.exec:\aqe0cst.exe90⤵
-
\??\c:\n3e07t.exec:\n3e07t.exe91⤵
-
\??\c:\9mc5c.exec:\9mc5c.exe92⤵
-
\??\c:\lri5ga3.exec:\lri5ga3.exe93⤵
-
\??\c:\4jg68b.exec:\4jg68b.exe94⤵
-
\??\c:\483pf1.exec:\483pf1.exe95⤵
-
\??\c:\69wbn1c.exec:\69wbn1c.exe96⤵
-
\??\c:\120ee64.exec:\120ee64.exe97⤵
-
\??\c:\7dsei3.exec:\7dsei3.exe98⤵
-
\??\c:\d6v62t.exec:\d6v62t.exe99⤵
-
\??\c:\r1a299g.exec:\r1a299g.exe100⤵
-
\??\c:\je9i124.exec:\je9i124.exe101⤵
-
\??\c:\5pkkivs.exec:\5pkkivs.exe102⤵
-
\??\c:\r2c4ca.exec:\r2c4ca.exe103⤵
-
\??\c:\t7s3nq.exec:\t7s3nq.exe104⤵
-
\??\c:\va34g.exec:\va34g.exe105⤵
-
\??\c:\b1569.exec:\b1569.exe106⤵
-
\??\c:\a856x.exec:\a856x.exe107⤵
-
\??\c:\5h692x1.exec:\5h692x1.exe108⤵
-
\??\c:\2d200.exec:\2d200.exe109⤵
-
\??\c:\pi79n.exec:\pi79n.exe110⤵
-
\??\c:\0j17sd.exec:\0j17sd.exe111⤵
-
\??\c:\b42ro8.exec:\b42ro8.exe112⤵
-
\??\c:\r15j5jm.exec:\r15j5jm.exe113⤵
-
\??\c:\1nll7.exec:\1nll7.exe114⤵
-
\??\c:\1i5o185.exec:\1i5o185.exe115⤵
-
\??\c:\5939h.exec:\5939h.exe116⤵
-
\??\c:\889s73.exec:\889s73.exe117⤵
-
\??\c:\0burm9.exec:\0burm9.exe118⤵
-
\??\c:\45dka32.exec:\45dka32.exe119⤵
-
\??\c:\hbe05.exec:\hbe05.exe120⤵
-
\??\c:\v1nk9co.exec:\v1nk9co.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-