Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
17-05-2024 09:13
General
-
Target
e6e8126a99cba2319972df66287a5880_NeikiAnalytics.exe
-
Size
482KB
-
MD5
e6e8126a99cba2319972df66287a5880
-
SHA1
9b8184788b48c39caeb4677cd5e29e9ca5446d89
-
SHA256
a0f23d771be6b235c965a7fc4f63e62fe842c5ff0b72d528754f091e6a0a319e
-
SHA512
d5d194a54c4c00bac4dc25fd0628f5754692ddee7a62256b8b58948fa82d98edd8e10de0e89bfbb0a561df983351a07b839690866b7667f0a7f6a469fda8a492
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizP:q7Tc2NYHUrAwqzc9
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e6e8126a99cba2319972df66287a5880_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\e6e8126a99cba2319972df66287a5880_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\303lakc.exec:\303lakc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x2r3109.exec:\x2r3109.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8ctiu.exec:\8ctiu.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4xua9b2.exec:\4xua9b2.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\184gqu.exec:\184gqu.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6f2as.exec:\s6f2as.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfx39j.exec:\bfx39j.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gnvp43g.exec:\gnvp43g.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4r3wk.exec:\4r3wk.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cs3qu.exec:\cs3qu.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9s446g.exec:\9s446g.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28389.exec:\28389.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\988ux.exec:\988ux.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dne31.exec:\5dne31.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q97k17.exec:\q97k17.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68d8wn1.exec:\68d8wn1.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\emps9.exec:\emps9.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\atw0di.exec:\atw0di.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f16pvp6.exec:\f16pvp6.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c33m76.exec:\c33m76.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\809wt.exec:\809wt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7a0nf.exec:\7a0nf.exe23⤵
- Executes dropped EXE
-
\??\c:\6w8478.exec:\6w8478.exe24⤵
- Executes dropped EXE
-
\??\c:\9ue09o.exec:\9ue09o.exe25⤵
- Executes dropped EXE
-
\??\c:\4si584i.exec:\4si584i.exe26⤵
- Executes dropped EXE
-
\??\c:\909d7t2.exec:\909d7t2.exe27⤵
- Executes dropped EXE
-
\??\c:\6wwhf.exec:\6wwhf.exe28⤵
- Executes dropped EXE
-
\??\c:\8fdec8.exec:\8fdec8.exe29⤵
- Executes dropped EXE
-
\??\c:\t0op8c.exec:\t0op8c.exe30⤵
- Executes dropped EXE
-
\??\c:\5n73k.exec:\5n73k.exe31⤵
- Executes dropped EXE
-
\??\c:\2c6vqov.exec:\2c6vqov.exe32⤵
- Executes dropped EXE
-
\??\c:\4a242.exec:\4a242.exe33⤵
- Executes dropped EXE
-
\??\c:\cif6pe.exec:\cif6pe.exe34⤵
- Executes dropped EXE
-
\??\c:\2uo11.exec:\2uo11.exe35⤵
- Executes dropped EXE
-
\??\c:\vq7cu1j.exec:\vq7cu1j.exe36⤵
- Executes dropped EXE
-
\??\c:\635kkc.exec:\635kkc.exe37⤵
- Executes dropped EXE
-
\??\c:\qo9qd6.exec:\qo9qd6.exe38⤵
- Executes dropped EXE
-
\??\c:\53n6ma.exec:\53n6ma.exe39⤵
- Executes dropped EXE
-
\??\c:\r5oio9.exec:\r5oio9.exe40⤵
- Executes dropped EXE
-
\??\c:\mj257w.exec:\mj257w.exe41⤵
- Executes dropped EXE
-
\??\c:\3dw8dr0.exec:\3dw8dr0.exe42⤵
- Executes dropped EXE
-
\??\c:\4wlnj1.exec:\4wlnj1.exe43⤵
- Executes dropped EXE
-
\??\c:\09iv5.exec:\09iv5.exe44⤵
- Executes dropped EXE
-
\??\c:\s71ufr.exec:\s71ufr.exe45⤵
- Executes dropped EXE
-
\??\c:\jpjf64.exec:\jpjf64.exe46⤵
- Executes dropped EXE
-
\??\c:\3jdki6.exec:\3jdki6.exe47⤵
- Executes dropped EXE
-
\??\c:\u9k167.exec:\u9k167.exe48⤵
- Executes dropped EXE
-
\??\c:\6kvt7.exec:\6kvt7.exe49⤵
- Executes dropped EXE
-
\??\c:\3r3ff.exec:\3r3ff.exe50⤵
- Executes dropped EXE
-
\??\c:\86fo27.exec:\86fo27.exe51⤵
- Executes dropped EXE
-
\??\c:\a0s45.exec:\a0s45.exe52⤵
- Executes dropped EXE
-
\??\c:\xr58m7.exec:\xr58m7.exe53⤵
- Executes dropped EXE
-
\??\c:\p5614q.exec:\p5614q.exe54⤵
- Executes dropped EXE
-
\??\c:\s147frc.exec:\s147frc.exe55⤵
- Executes dropped EXE
-
\??\c:\ll15x.exec:\ll15x.exe56⤵
- Executes dropped EXE
-
\??\c:\3rife.exec:\3rife.exe57⤵
- Executes dropped EXE
-
\??\c:\g784735.exec:\g784735.exe58⤵
- Executes dropped EXE
-
\??\c:\114lr8.exec:\114lr8.exe59⤵
- Executes dropped EXE
-
\??\c:\rvnjjbn.exec:\rvnjjbn.exe60⤵
- Executes dropped EXE
-
\??\c:\w7957us.exec:\w7957us.exe61⤵
- Executes dropped EXE
-
\??\c:\q7v8e.exec:\q7v8e.exe62⤵
- Executes dropped EXE
-
\??\c:\msqei.exec:\msqei.exe63⤵
- Executes dropped EXE
-
\??\c:\97lp417.exec:\97lp417.exe64⤵
- Executes dropped EXE
-
\??\c:\3395g98.exec:\3395g98.exe65⤵
- Executes dropped EXE
-
\??\c:\g81h4.exec:\g81h4.exe66⤵
-
\??\c:\tsjtc7g.exec:\tsjtc7g.exe67⤵
-
\??\c:\7skcx.exec:\7skcx.exe68⤵
-
\??\c:\seh9h.exec:\seh9h.exe69⤵
-
\??\c:\nk972dd.exec:\nk972dd.exe70⤵
-
\??\c:\w50ri.exec:\w50ri.exe71⤵
-
\??\c:\1ti8i1.exec:\1ti8i1.exe72⤵
-
\??\c:\c1m67tv.exec:\c1m67tv.exe73⤵
-
\??\c:\2412556.exec:\2412556.exe74⤵
-
\??\c:\aq9579v.exec:\aq9579v.exe75⤵
-
\??\c:\09o9mwk.exec:\09o9mwk.exe76⤵
-
\??\c:\p9bg03.exec:\p9bg03.exe77⤵
-
\??\c:\hfcsk5u.exec:\hfcsk5u.exe78⤵
-
\??\c:\g17g1.exec:\g17g1.exe79⤵
-
\??\c:\132m4pj.exec:\132m4pj.exe80⤵
-
\??\c:\4l4oi0d.exec:\4l4oi0d.exe81⤵
-
\??\c:\08n5ur.exec:\08n5ur.exe82⤵
-
\??\c:\qq9tfl.exec:\qq9tfl.exe83⤵
-
\??\c:\clfmw2.exec:\clfmw2.exe84⤵
-
\??\c:\88q75d.exec:\88q75d.exe85⤵
-
\??\c:\r7g9129.exec:\r7g9129.exe86⤵
-
\??\c:\s36p6d2.exec:\s36p6d2.exe87⤵
-
\??\c:\1dw8o1q.exec:\1dw8o1q.exe88⤵
-
\??\c:\4789p3.exec:\4789p3.exe89⤵
-
\??\c:\8st7bld.exec:\8st7bld.exe90⤵
-
\??\c:\cim1d0x.exec:\cim1d0x.exe91⤵
-
\??\c:\5bc3j27.exec:\5bc3j27.exe92⤵
-
\??\c:\hlfr1wq.exec:\hlfr1wq.exe93⤵
-
\??\c:\5d352.exec:\5d352.exe94⤵
-
\??\c:\gq5uuj.exec:\gq5uuj.exe95⤵
-
\??\c:\9ab1q.exec:\9ab1q.exe96⤵
-
\??\c:\u0ng2x4.exec:\u0ng2x4.exe97⤵
-
\??\c:\rjs7e.exec:\rjs7e.exe98⤵
-
\??\c:\1fkts.exec:\1fkts.exe99⤵
-
\??\c:\pieh51.exec:\pieh51.exe100⤵
-
\??\c:\w166oq.exec:\w166oq.exe101⤵
-
\??\c:\6bu977k.exec:\6bu977k.exe102⤵
-
\??\c:\4n3u57g.exec:\4n3u57g.exe103⤵
-
\??\c:\x9f06ow.exec:\x9f06ow.exe104⤵
-
\??\c:\wntlv5p.exec:\wntlv5p.exe105⤵
-
\??\c:\78dnshv.exec:\78dnshv.exe106⤵
-
\??\c:\4nv3wq.exec:\4nv3wq.exe107⤵
-
\??\c:\8p56v40.exec:\8p56v40.exe108⤵
-
\??\c:\35rfs.exec:\35rfs.exe109⤵
-
\??\c:\dkm5n.exec:\dkm5n.exe110⤵
-
\??\c:\5c4d67.exec:\5c4d67.exe111⤵
-
\??\c:\g39pwt.exec:\g39pwt.exe112⤵
-
\??\c:\80cj39.exec:\80cj39.exe113⤵
-
\??\c:\1g7a6dt.exec:\1g7a6dt.exe114⤵
-
\??\c:\39w7wnk.exec:\39w7wnk.exe115⤵
-
\??\c:\71d296.exec:\71d296.exe116⤵
-
\??\c:\5923166.exec:\5923166.exe117⤵
-
\??\c:\dfp53.exec:\dfp53.exe118⤵
-
\??\c:\3u12k7.exec:\3u12k7.exe119⤵
-
\??\c:\6159l4.exec:\6159l4.exe120⤵
-
\??\c:\d61o4m1.exec:\d61o4m1.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-