Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15/05/2024, 03:42
General
-
Target
73a0c512f4f5d3c49606e440f213ee30_NeikiAnalytics.exe
-
Size
453KB
-
MD5
73a0c512f4f5d3c49606e440f213ee30
-
SHA1
db7f764c592c454afa9ff0f5961614c8418450b3
-
SHA256
f63c176c2522811dc7c2ca1aafa72484dd73f3fd6b39394b24385fcbd44fd8d5
-
SHA512
7ef97dcf89b44f361e89eafe00c74c60501c25fbb07c1844763d23e893819e8bbeabc7ebe36a6aa189cdd4d31d0db851820bd9479f8121b564db0621c418c6c2
-
SSDEEP
6144:rcm4FmowdHoSphraHcpOaKHpXfRo0V8JcgE+ezpg1xrloBNTNmP:x4wFHoS3eFaKHpv/VycgE81lgC
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\73a0c512f4f5d3c49606e440f213ee30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\73a0c512f4f5d3c49606e440f213ee30_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\47g179.exec:\47g179.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\882vj.exec:\882vj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\19qq5a.exec:\19qq5a.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n6m9q5.exec:\n6m9q5.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1x9851.exec:\1x9851.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j3s678.exec:\j3s678.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7uo78.exec:\7uo78.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\72650wq.exec:\72650wq.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q0mb2h.exec:\q0mb2h.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15741.exec:\15741.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7w5j9g6.exec:\7w5j9g6.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0rudqbu.exec:\0rudqbu.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tc7eww.exec:\tc7eww.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrf5a.exec:\lrf5a.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b18r47.exec:\b18r47.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c711sv.exec:\c711sv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r954gx8.exec:\r954gx8.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s4912.exec:\s4912.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\oc7k20j.exec:\oc7k20j.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g1004h.exec:\g1004h.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\735nr0.exec:\735nr0.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91mi90.exec:\91mi90.exe23⤵
- Executes dropped EXE
-
\??\c:\7s60nt.exec:\7s60nt.exe24⤵
- Executes dropped EXE
-
\??\c:\sfrsbx8.exec:\sfrsbx8.exe25⤵
- Executes dropped EXE
-
\??\c:\0t9c1j.exec:\0t9c1j.exe26⤵
- Executes dropped EXE
-
\??\c:\2fctwe2.exec:\2fctwe2.exe27⤵
- Executes dropped EXE
-
\??\c:\n14sd.exec:\n14sd.exe28⤵
- Executes dropped EXE
-
\??\c:\0x8q7t.exec:\0x8q7t.exe29⤵
- Executes dropped EXE
-
\??\c:\cc72ev.exec:\cc72ev.exe30⤵
- Executes dropped EXE
-
\??\c:\95f94.exec:\95f94.exe31⤵
- Executes dropped EXE
-
\??\c:\3crjb.exec:\3crjb.exe32⤵
- Executes dropped EXE
-
\??\c:\9en9mu7.exec:\9en9mu7.exe33⤵
- Executes dropped EXE
-
\??\c:\9ioo7t.exec:\9ioo7t.exe34⤵
- Executes dropped EXE
-
\??\c:\n2j3txe.exec:\n2j3txe.exe35⤵
- Executes dropped EXE
-
\??\c:\3sr59.exec:\3sr59.exe36⤵
- Executes dropped EXE
-
\??\c:\tq2rx.exec:\tq2rx.exe37⤵
- Executes dropped EXE
-
\??\c:\hb56ed.exec:\hb56ed.exe38⤵
- Executes dropped EXE
-
\??\c:\6i1111.exec:\6i1111.exe39⤵
- Executes dropped EXE
-
\??\c:\awi64.exec:\awi64.exe40⤵
- Executes dropped EXE
-
\??\c:\6928x6.exec:\6928x6.exe41⤵
- Executes dropped EXE
-
\??\c:\78dua.exec:\78dua.exe42⤵
- Executes dropped EXE
-
\??\c:\f4g7qh.exec:\f4g7qh.exe43⤵
- Executes dropped EXE
-
\??\c:\wtvlt1.exec:\wtvlt1.exe44⤵
- Executes dropped EXE
-
\??\c:\4s38g51.exec:\4s38g51.exe45⤵
- Executes dropped EXE
-
\??\c:\skhl8co.exec:\skhl8co.exe46⤵
- Executes dropped EXE
-
\??\c:\f2477.exec:\f2477.exe47⤵
- Executes dropped EXE
-
\??\c:\293475.exec:\293475.exe48⤵
- Executes dropped EXE
-
\??\c:\8ifc8.exec:\8ifc8.exe49⤵
- Executes dropped EXE
-
\??\c:\64q57f.exec:\64q57f.exe50⤵
- Executes dropped EXE
-
\??\c:\ut1hexa.exec:\ut1hexa.exe51⤵
- Executes dropped EXE
-
\??\c:\jp77kl.exec:\jp77kl.exe52⤵
- Executes dropped EXE
-
\??\c:\eco9d.exec:\eco9d.exe53⤵
- Executes dropped EXE
-
\??\c:\qh71b0k.exec:\qh71b0k.exe54⤵
- Executes dropped EXE
-
\??\c:\fx13k1d.exec:\fx13k1d.exe55⤵
- Executes dropped EXE
-
\??\c:\aruri5.exec:\aruri5.exe56⤵
- Executes dropped EXE
-
\??\c:\92002i.exec:\92002i.exe57⤵
- Executes dropped EXE
-
\??\c:\s0r2o2.exec:\s0r2o2.exe58⤵
- Executes dropped EXE
-
\??\c:\djexs.exec:\djexs.exe59⤵
- Executes dropped EXE
-
\??\c:\r3x4ii.exec:\r3x4ii.exe60⤵
- Executes dropped EXE
-
\??\c:\664tv3.exec:\664tv3.exe61⤵
- Executes dropped EXE
-
\??\c:\681pd3.exec:\681pd3.exe62⤵
- Executes dropped EXE
-
\??\c:\wkwiu.exec:\wkwiu.exe63⤵
- Executes dropped EXE
-
\??\c:\d4ciq.exec:\d4ciq.exe64⤵
- Executes dropped EXE
-
\??\c:\r51hli.exec:\r51hli.exe65⤵
- Executes dropped EXE
-
\??\c:\g6a057.exec:\g6a057.exe66⤵
-
\??\c:\omspb2n.exec:\omspb2n.exe67⤵
-
\??\c:\vl19te.exec:\vl19te.exe68⤵
-
\??\c:\64k7579.exec:\64k7579.exe69⤵
-
\??\c:\a6qxu.exec:\a6qxu.exe70⤵
-
\??\c:\0i7gd.exec:\0i7gd.exe71⤵
-
\??\c:\740mg2.exec:\740mg2.exe72⤵
-
\??\c:\2x1k35.exec:\2x1k35.exe73⤵
-
\??\c:\cl5d0uf.exec:\cl5d0uf.exe74⤵
-
\??\c:\99s0cic.exec:\99s0cic.exe75⤵
-
\??\c:\2717vda.exec:\2717vda.exe76⤵
-
\??\c:\8wnr13.exec:\8wnr13.exe77⤵
-
\??\c:\0j0efv.exec:\0j0efv.exe78⤵
-
\??\c:\3j0104.exec:\3j0104.exe79⤵
-
\??\c:\2sv25.exec:\2sv25.exe80⤵
-
\??\c:\6cf13g.exec:\6cf13g.exe81⤵
-
\??\c:\6hrec5g.exec:\6hrec5g.exe82⤵
-
\??\c:\b041715.exec:\b041715.exe83⤵
-
\??\c:\7q7jjs.exec:\7q7jjs.exe84⤵
-
\??\c:\ab9xd.exec:\ab9xd.exe85⤵
-
\??\c:\92bt3f.exec:\92bt3f.exe86⤵
-
\??\c:\g19t79.exec:\g19t79.exe87⤵
-
\??\c:\4u2s9.exec:\4u2s9.exe88⤵
-
\??\c:\7a74t.exec:\7a74t.exe89⤵
-
\??\c:\q2eho75.exec:\q2eho75.exe90⤵
-
\??\c:\g6m47l.exec:\g6m47l.exe91⤵
-
\??\c:\1bq7ls.exec:\1bq7ls.exe92⤵
-
\??\c:\k9ro3.exec:\k9ro3.exe93⤵
-
\??\c:\sc41f.exec:\sc41f.exe94⤵
-
\??\c:\4322bm3.exec:\4322bm3.exe95⤵
-
\??\c:\364dv.exec:\364dv.exe96⤵
-
\??\c:\cx59p9q.exec:\cx59p9q.exe97⤵
-
\??\c:\7lrg4qc.exec:\7lrg4qc.exe98⤵
-
\??\c:\x74dn.exec:\x74dn.exe99⤵
-
\??\c:\xovh0fi.exec:\xovh0fi.exe100⤵
-
\??\c:\l4mr1sw.exec:\l4mr1sw.exe101⤵
-
\??\c:\m8715bk.exec:\m8715bk.exe102⤵
-
\??\c:\xmxdp7v.exec:\xmxdp7v.exe103⤵
-
\??\c:\c76a4b.exec:\c76a4b.exe104⤵
-
\??\c:\qnm5hv.exec:\qnm5hv.exe105⤵
-
\??\c:\vd71h3.exec:\vd71h3.exe106⤵
-
\??\c:\dd86dm.exec:\dd86dm.exe107⤵
-
\??\c:\6util9i.exec:\6util9i.exe108⤵
-
\??\c:\4hw4w2l.exec:\4hw4w2l.exe109⤵
-
\??\c:\mar2x.exec:\mar2x.exe110⤵
-
\??\c:\087to3t.exec:\087to3t.exe111⤵
-
\??\c:\178i8x.exec:\178i8x.exe112⤵
-
\??\c:\seqi6.exec:\seqi6.exe113⤵
-
\??\c:\8b3c74s.exec:\8b3c74s.exe114⤵
-
\??\c:\62e6r1j.exec:\62e6r1j.exe115⤵
-
\??\c:\q6aex6.exec:\q6aex6.exe116⤵
-
\??\c:\h1u1cu.exec:\h1u1cu.exe117⤵
-
\??\c:\9d720.exec:\9d720.exe118⤵
-
\??\c:\d06259.exec:\d06259.exe119⤵
-
\??\c:\73gqc.exec:\73gqc.exe120⤵
-
\??\c:\19817p.exec:\19817p.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-