Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
19-05-2024 02:29
General
-
Target
550d4b93391b003e834ceee8fce1a2c0_NeikiAnalytics.exe
-
Size
401KB
-
MD5
550d4b93391b003e834ceee8fce1a2c0
-
SHA1
ac74d619c727ecae8d5769e35fe4d7130a3fd50e
-
SHA256
7499362830dcb29d2ac72ab546253777948f6ba07fc4c953e6aec3a16e8ee028
-
SHA512
f184d6441aabd99b6823bba58b73fd1c29eced6c39768b3f9eef437532e3580b32b14129578cc9c4563f10e166fd9822e120ffca8c64a486762d446ccc8bc7eb
-
SSDEEP
6144:kcm4FmowdHoSph3Ymu8wdHoSM05d34iWRbzami3M:y4wFHoS3zuxHoSTd34iWRhic
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\550d4b93391b003e834ceee8fce1a2c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\550d4b93391b003e834ceee8fce1a2c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\df0n6c.exec:\df0n6c.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\231is26.exec:\231is26.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6aaw222.exec:\6aaw222.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3c5ma81.exec:\3c5ma81.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w509l.exec:\w509l.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\amix9q.exec:\amix9q.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1cb296.exec:\1cb296.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k96o43f.exec:\k96o43f.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t5l1c.exec:\t5l1c.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ai8u80s.exec:\ai8u80s.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3v9gv.exec:\3v9gv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\35cjj24.exec:\35cjj24.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\39c154.exec:\39c154.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\321c9.exec:\321c9.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mk72u1.exec:\mk72u1.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\26488.exec:\26488.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f6oug.exec:\f6oug.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0tust7.exec:\0tust7.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6xfc2.exec:\6xfc2.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8uue9.exec:\8uue9.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q6tb29.exec:\q6tb29.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e0pa49d.exec:\e0pa49d.exe23⤵
- Executes dropped EXE
-
\??\c:\b6373.exec:\b6373.exe24⤵
- Executes dropped EXE
-
\??\c:\hq0a5bk.exec:\hq0a5bk.exe25⤵
- Executes dropped EXE
-
\??\c:\2gsv1.exec:\2gsv1.exe26⤵
- Executes dropped EXE
-
\??\c:\n21dc.exec:\n21dc.exe27⤵
- Executes dropped EXE
-
\??\c:\h871air.exec:\h871air.exe28⤵
- Executes dropped EXE
-
\??\c:\o663s5.exec:\o663s5.exe29⤵
- Executes dropped EXE
-
\??\c:\n488jp.exec:\n488jp.exe30⤵
- Executes dropped EXE
-
\??\c:\3o037.exec:\3o037.exe31⤵
- Executes dropped EXE
-
\??\c:\9ixk4.exec:\9ixk4.exe32⤵
- Executes dropped EXE
-
\??\c:\5h0888a.exec:\5h0888a.exe33⤵
- Executes dropped EXE
-
\??\c:\64ako2.exec:\64ako2.exe34⤵
- Executes dropped EXE
-
\??\c:\r3g253n.exec:\r3g253n.exe35⤵
- Executes dropped EXE
-
\??\c:\7q6j2x.exec:\7q6j2x.exe36⤵
- Executes dropped EXE
-
\??\c:\190cu8.exec:\190cu8.exe37⤵
- Executes dropped EXE
-
\??\c:\19enn33.exec:\19enn33.exe38⤵
- Executes dropped EXE
-
\??\c:\1340k2q.exec:\1340k2q.exe39⤵
- Executes dropped EXE
-
\??\c:\hb6eiu6.exec:\hb6eiu6.exe40⤵
- Executes dropped EXE
-
\??\c:\8r1p9x.exec:\8r1p9x.exe41⤵
- Executes dropped EXE
-
\??\c:\mmv983.exec:\mmv983.exe42⤵
- Executes dropped EXE
-
\??\c:\78969.exec:\78969.exe43⤵
- Executes dropped EXE
-
\??\c:\in1kt42.exec:\in1kt42.exe44⤵
- Executes dropped EXE
-
\??\c:\n65g52n.exec:\n65g52n.exe45⤵
- Executes dropped EXE
-
\??\c:\4bc90ul.exec:\4bc90ul.exe46⤵
- Executes dropped EXE
-
\??\c:\78841.exec:\78841.exe47⤵
- Executes dropped EXE
-
\??\c:\5cl2469.exec:\5cl2469.exe48⤵
- Executes dropped EXE
-
\??\c:\ms4589.exec:\ms4589.exe49⤵
- Executes dropped EXE
-
\??\c:\e0p63.exec:\e0p63.exe50⤵
- Executes dropped EXE
-
\??\c:\o3l97u2.exec:\o3l97u2.exe51⤵
- Executes dropped EXE
-
\??\c:\siic8.exec:\siic8.exe52⤵
- Executes dropped EXE
-
\??\c:\v13p39.exec:\v13p39.exe53⤵
- Executes dropped EXE
-
\??\c:\p282g.exec:\p282g.exe54⤵
- Executes dropped EXE
-
\??\c:\pj264m.exec:\pj264m.exe55⤵
- Executes dropped EXE
-
\??\c:\346g9.exec:\346g9.exe56⤵
- Executes dropped EXE
-
\??\c:\1e4v2.exec:\1e4v2.exe57⤵
- Executes dropped EXE
-
\??\c:\a2128e.exec:\a2128e.exe58⤵
- Executes dropped EXE
-
\??\c:\ove57i.exec:\ove57i.exe59⤵
- Executes dropped EXE
-
\??\c:\svr783t.exec:\svr783t.exe60⤵
- Executes dropped EXE
-
\??\c:\xj0pw3s.exec:\xj0pw3s.exe61⤵
- Executes dropped EXE
-
\??\c:\9e1f4.exec:\9e1f4.exe62⤵
- Executes dropped EXE
-
\??\c:\p43hx.exec:\p43hx.exe63⤵
- Executes dropped EXE
-
\??\c:\8e904.exec:\8e904.exe64⤵
- Executes dropped EXE
-
\??\c:\949x7.exec:\949x7.exe65⤵
- Executes dropped EXE
-
\??\c:\05gk679.exec:\05gk679.exe66⤵
-
\??\c:\5x4428.exec:\5x4428.exe67⤵
-
\??\c:\0q38to.exec:\0q38to.exe68⤵
-
\??\c:\efn5505.exec:\efn5505.exe69⤵
-
\??\c:\75p4fe6.exec:\75p4fe6.exe70⤵
-
\??\c:\p1t9d.exec:\p1t9d.exe71⤵
-
\??\c:\39iu07q.exec:\39iu07q.exe72⤵
-
\??\c:\d4o3r6.exec:\d4o3r6.exe73⤵
-
\??\c:\c8w4u6.exec:\c8w4u6.exe74⤵
-
\??\c:\p87w5.exec:\p87w5.exe75⤵
-
\??\c:\8t1thi8.exec:\8t1thi8.exe76⤵
-
\??\c:\vll7t.exec:\vll7t.exe77⤵
-
\??\c:\1jatt.exec:\1jatt.exe78⤵
-
\??\c:\kw17p.exec:\kw17p.exe79⤵
-
\??\c:\n1k983h.exec:\n1k983h.exe80⤵
-
\??\c:\581f9lf.exec:\581f9lf.exe81⤵
-
\??\c:\sa15ht2.exec:\sa15ht2.exe82⤵
-
\??\c:\02268.exec:\02268.exe83⤵
-
\??\c:\84f7x.exec:\84f7x.exe84⤵
-
\??\c:\ux9m5.exec:\ux9m5.exe85⤵
-
\??\c:\n2dpw.exec:\n2dpw.exe86⤵
-
\??\c:\i039t3.exec:\i039t3.exe87⤵
-
\??\c:\2859v.exec:\2859v.exe88⤵
-
\??\c:\5120rjc.exec:\5120rjc.exe89⤵
-
\??\c:\i8b26.exec:\i8b26.exe90⤵
-
\??\c:\xu70moo.exec:\xu70moo.exe91⤵
-
\??\c:\6864642.exec:\6864642.exe92⤵
-
\??\c:\20sis.exec:\20sis.exe93⤵
-
\??\c:\1410a.exec:\1410a.exe94⤵
-
\??\c:\ji6979.exec:\ji6979.exe95⤵
-
\??\c:\gkf54c1.exec:\gkf54c1.exe96⤵
-
\??\c:\32tfad3.exec:\32tfad3.exe97⤵
-
\??\c:\tke6x9.exec:\tke6x9.exe98⤵
-
\??\c:\49uwi.exec:\49uwi.exe99⤵
-
\??\c:\chig6x2.exec:\chig6x2.exe100⤵
-
\??\c:\h86o5.exec:\h86o5.exe101⤵
-
\??\c:\4ir538.exec:\4ir538.exe102⤵
-
\??\c:\h022g1.exec:\h022g1.exe103⤵
-
\??\c:\18wh86.exec:\18wh86.exe104⤵
-
\??\c:\6c7i2.exec:\6c7i2.exe105⤵
-
\??\c:\kwdjqqx.exec:\kwdjqqx.exe106⤵
-
\??\c:\6i9475.exec:\6i9475.exe107⤵
-
\??\c:\d59nw4.exec:\d59nw4.exe108⤵
-
\??\c:\hsc9ud.exec:\hsc9ud.exe109⤵
-
\??\c:\98o9q1.exec:\98o9q1.exe110⤵
-
\??\c:\aqmd29.exec:\aqmd29.exe111⤵
-
\??\c:\c4pc5.exec:\c4pc5.exe112⤵
-
\??\c:\57ecx1.exec:\57ecx1.exe113⤵
-
\??\c:\2820022.exec:\2820022.exe114⤵
-
\??\c:\t239gx.exec:\t239gx.exe115⤵
-
\??\c:\x2l02.exec:\x2l02.exe116⤵
-
\??\c:\4i302q.exec:\4i302q.exe117⤵
-
\??\c:\x729a.exec:\x729a.exe118⤵
-
\??\c:\055gk5.exec:\055gk5.exe119⤵
-
\??\c:\44562l5.exec:\44562l5.exe120⤵
-
\??\c:\86622.exec:\86622.exe121⤵
-
\??\c:\3u45w.exec:\3u45w.exe122⤵
-
\??\c:\43o88vu.exec:\43o88vu.exe123⤵
-
\??\c:\5033ku.exec:\5033ku.exe124⤵
-
\??\c:\14uwbx.exec:\14uwbx.exe125⤵
-
\??\c:\ss3ew8.exec:\ss3ew8.exe126⤵
-
\??\c:\a4vq13.exec:\a4vq13.exe127⤵
-
\??\c:\6k9ja8.exec:\6k9ja8.exe128⤵
-
\??\c:\3eqt2lu.exec:\3eqt2lu.exe129⤵
-
\??\c:\0ds99.exec:\0ds99.exe130⤵
-
\??\c:\qga6cha.exec:\qga6cha.exe131⤵
-
\??\c:\7bud90a.exec:\7bud90a.exe132⤵
-
\??\c:\2u44g8o.exec:\2u44g8o.exe133⤵
-
\??\c:\nk0x539.exec:\nk0x539.exe134⤵
-
\??\c:\a14e1r8.exec:\a14e1r8.exe135⤵
-
\??\c:\ch5ciw7.exec:\ch5ciw7.exe136⤵
-
\??\c:\unm87.exec:\unm87.exe137⤵
-
\??\c:\54cu2a.exec:\54cu2a.exe138⤵
-
\??\c:\9phn10.exec:\9phn10.exe139⤵
-
\??\c:\9wv1ak.exec:\9wv1ak.exe140⤵
-
\??\c:\948gi83.exec:\948gi83.exe141⤵
-
\??\c:\44280.exec:\44280.exe142⤵
-
\??\c:\9cs1ed.exec:\9cs1ed.exe143⤵
-
\??\c:\t5wnc1r.exec:\t5wnc1r.exe144⤵
-
\??\c:\epo268.exec:\epo268.exe145⤵
-
\??\c:\h8d2d3x.exec:\h8d2d3x.exe146⤵
-
\??\c:\0w4u25.exec:\0w4u25.exe147⤵
-
\??\c:\416rfs.exec:\416rfs.exe148⤵
-
\??\c:\9ms067.exec:\9ms067.exe149⤵
-
\??\c:\h35u1j.exec:\h35u1j.exe150⤵
-
\??\c:\ll7e70.exec:\ll7e70.exe151⤵
-
\??\c:\odv84.exec:\odv84.exe152⤵
-
\??\c:\8xia2.exec:\8xia2.exe153⤵
-
\??\c:\6c24jno.exec:\6c24jno.exe154⤵
-
\??\c:\04fxbpt.exec:\04fxbpt.exe155⤵
-
\??\c:\10m258.exec:\10m258.exe156⤵
-
\??\c:\ssjj3.exec:\ssjj3.exe157⤵
-
\??\c:\ag8vob4.exec:\ag8vob4.exe158⤵
-
\??\c:\0c25r1.exec:\0c25r1.exe159⤵
-
\??\c:\67rv8.exec:\67rv8.exe160⤵
-
\??\c:\4ic6665.exec:\4ic6665.exe161⤵
-
\??\c:\11oc90.exec:\11oc90.exe162⤵
-
\??\c:\q47hk.exec:\q47hk.exe163⤵
-
\??\c:\9leiv2j.exec:\9leiv2j.exe164⤵
-
\??\c:\7785ws2.exec:\7785ws2.exe165⤵
-
\??\c:\sw1i2.exec:\sw1i2.exe166⤵
-
\??\c:\v67x63.exec:\v67x63.exe167⤵
-
\??\c:\6624888.exec:\6624888.exe168⤵
-
\??\c:\6dlf9db.exec:\6dlf9db.exe169⤵
-
\??\c:\neidet.exec:\neidet.exe170⤵
-
\??\c:\0c97o5.exec:\0c97o5.exe171⤵
-
\??\c:\jdmkcv.exec:\jdmkcv.exe172⤵
-
\??\c:\6d3e01l.exec:\6d3e01l.exe173⤵
-
\??\c:\u6mv4.exec:\u6mv4.exe174⤵
-
\??\c:\70l923.exec:\70l923.exe175⤵
-
\??\c:\6v03ko.exec:\6v03ko.exe176⤵
-
\??\c:\976sr5.exec:\976sr5.exe177⤵
-
\??\c:\05tb1f.exec:\05tb1f.exe178⤵
-
\??\c:\hqm57t8.exec:\hqm57t8.exe179⤵
-
\??\c:\88p3b03.exec:\88p3b03.exe180⤵
-
\??\c:\32kb9k.exec:\32kb9k.exe181⤵
-
\??\c:\07uf72.exec:\07uf72.exe182⤵
-
\??\c:\96hum1.exec:\96hum1.exe183⤵
-
\??\c:\7q2354.exec:\7q2354.exe184⤵
-
\??\c:\9l4aj1.exec:\9l4aj1.exe185⤵
-
\??\c:\7v50q1.exec:\7v50q1.exe186⤵
-
\??\c:\xa11dv1.exec:\xa11dv1.exe187⤵
-
\??\c:\01a61.exec:\01a61.exe188⤵
-
\??\c:\t1g8f88.exec:\t1g8f88.exe189⤵
-
\??\c:\8q2aj.exec:\8q2aj.exe190⤵
-
\??\c:\1q4eqi.exec:\1q4eqi.exe191⤵
-
\??\c:\67il116.exec:\67il116.exe192⤵
-
\??\c:\lmmq12r.exec:\lmmq12r.exe193⤵
-
\??\c:\0123i1.exec:\0123i1.exe194⤵
-
\??\c:\t6793u.exec:\t6793u.exe195⤵
-
\??\c:\8ulm3.exec:\8ulm3.exe196⤵
-
\??\c:\o30la.exec:\o30la.exe197⤵
-
\??\c:\2bc65c.exec:\2bc65c.exe198⤵
-
\??\c:\sp1q264.exec:\sp1q264.exe199⤵
-
\??\c:\x8m40.exec:\x8m40.exe200⤵
-
\??\c:\814o74u.exec:\814o74u.exe201⤵
-
\??\c:\tiolrp5.exec:\tiolrp5.exe202⤵
-
\??\c:\tfom31.exec:\tfom31.exe203⤵
-
\??\c:\u8igqcd.exec:\u8igqcd.exe204⤵
-
\??\c:\kek1dp.exec:\kek1dp.exe205⤵
-
\??\c:\0a4573.exec:\0a4573.exe206⤵
-
\??\c:\6ngqk3.exec:\6ngqk3.exe207⤵
-
\??\c:\2297jjh.exec:\2297jjh.exe208⤵
-
\??\c:\449350.exec:\449350.exe209⤵
-
\??\c:\i7n0aan.exec:\i7n0aan.exe210⤵
-
\??\c:\w001n5.exec:\w001n5.exe211⤵
-
\??\c:\c44wql9.exec:\c44wql9.exe212⤵
-
\??\c:\36hi1.exec:\36hi1.exe213⤵
-
\??\c:\d25w85.exec:\d25w85.exe214⤵
-
\??\c:\h0g5t3.exec:\h0g5t3.exe215⤵
-
\??\c:\279aw11.exec:\279aw11.exe216⤵
-
\??\c:\6161i.exec:\6161i.exe217⤵
-
\??\c:\802f06g.exec:\802f06g.exe218⤵
-
\??\c:\76apk.exec:\76apk.exe219⤵
-
\??\c:\r45w5xl.exec:\r45w5xl.exe220⤵
-
\??\c:\a9ac8.exec:\a9ac8.exe221⤵
-
\??\c:\37dp5p.exec:\37dp5p.exe222⤵
-
\??\c:\q8iqi70.exec:\q8iqi70.exe223⤵
-
\??\c:\3262j7.exec:\3262j7.exe224⤵
-
\??\c:\g3ds1.exec:\g3ds1.exe225⤵
-
\??\c:\xfu9fa.exec:\xfu9fa.exe226⤵
-
\??\c:\jll712.exec:\jll712.exe227⤵
-
\??\c:\pe2h00.exec:\pe2h00.exe228⤵
-
\??\c:\iu6xbb1.exec:\iu6xbb1.exe229⤵
-
\??\c:\bi9j8w3.exec:\bi9j8w3.exe230⤵
-
\??\c:\4tj48.exec:\4tj48.exe231⤵
-
\??\c:\0e71k9.exec:\0e71k9.exe232⤵
-
\??\c:\7ncu3g9.exec:\7ncu3g9.exe233⤵
-
\??\c:\hfr2gv.exec:\hfr2gv.exe234⤵
-
\??\c:\l451g.exec:\l451g.exe235⤵
-
\??\c:\k2p93j.exec:\k2p93j.exe236⤵
-
\??\c:\op0wn.exec:\op0wn.exe237⤵
-
\??\c:\l2btk.exec:\l2btk.exe238⤵
-
\??\c:\40j70.exec:\40j70.exe239⤵
-
\??\c:\9424bq.exec:\9424bq.exe240⤵
-
\??\c:\obfh1.exec:\obfh1.exe241⤵