Analysis
-
max time kernel
144s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
22-05-2024 22:48
General
-
Target
50554607449ff34b4b86f175e7957b10_NeikiAnalytics.exe
-
Size
75KB
-
MD5
50554607449ff34b4b86f175e7957b10
-
SHA1
ebb2421c8ce837557d339506f176ddf7bea63b42
-
SHA256
cfbea9a7a4248531844fdfd45a341220d3dc942f40f901469d8b53d59066e8b5
-
SHA512
0b24048161cf685d37144060a294a449352a9b109926014e205bb5db230b4ce8c2237e1fa5c06c5c20ce74c13d759588de12879141a2890b1889829a63759c47
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5Mf:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCa
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 36 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\50554607449ff34b4b86f175e7957b10_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\50554607449ff34b4b86f175e7957b10_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3ti0f.exec:\3ti0f.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tu786.exec:\tu786.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d0mc0.exec:\d0mc0.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\th7u83.exec:\th7u83.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ol1a13j.exec:\ol1a13j.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8mat9.exec:\8mat9.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d7o8s.exec:\d7o8s.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sgsa0.exec:\sgsa0.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n27eq.exec:\n27eq.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qk4s8.exec:\qk4s8.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rm35qtq.exec:\rm35qtq.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\02lu47f.exec:\02lu47f.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m7bqw1.exec:\m7bqw1.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i46l2gx.exec:\i46l2gx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\411i92.exec:\411i92.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\312ir.exec:\312ir.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43k26od.exec:\43k26od.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e37h9.exec:\e37h9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rr1k38.exec:\rr1k38.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6317ql5.exec:\6317ql5.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9n751c.exec:\9n751c.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7gkbls.exec:\7gkbls.exe23⤵
- Executes dropped EXE
-
\??\c:\5e9jg.exec:\5e9jg.exe24⤵
- Executes dropped EXE
-
\??\c:\x19sk.exec:\x19sk.exe25⤵
- Executes dropped EXE
-
\??\c:\31j93.exec:\31j93.exe26⤵
- Executes dropped EXE
-
\??\c:\86ksm10.exec:\86ksm10.exe27⤵
- Executes dropped EXE
-
\??\c:\lfgswo.exec:\lfgswo.exe28⤵
- Executes dropped EXE
-
\??\c:\8vjdms.exec:\8vjdms.exe29⤵
- Executes dropped EXE
-
\??\c:\7a55r1.exec:\7a55r1.exe30⤵
- Executes dropped EXE
-
\??\c:\771b7.exec:\771b7.exe31⤵
- Executes dropped EXE
-
\??\c:\28792pg.exec:\28792pg.exe32⤵
- Executes dropped EXE
-
\??\c:\w0diu5.exec:\w0diu5.exe33⤵
- Executes dropped EXE
-
\??\c:\0hn4m.exec:\0hn4m.exe34⤵
- Executes dropped EXE
-
\??\c:\3qostf1.exec:\3qostf1.exe35⤵
- Executes dropped EXE
-
\??\c:\o9427gp.exec:\o9427gp.exe36⤵
- Executes dropped EXE
-
\??\c:\vmv68.exec:\vmv68.exe37⤵
- Executes dropped EXE
-
\??\c:\5wcr2m.exec:\5wcr2m.exe38⤵
- Executes dropped EXE
-
\??\c:\7awo17m.exec:\7awo17m.exe39⤵
- Executes dropped EXE
-
\??\c:\9he12.exec:\9he12.exe40⤵
- Executes dropped EXE
-
\??\c:\es2l5.exec:\es2l5.exe41⤵
- Executes dropped EXE
-
\??\c:\56w11.exec:\56w11.exe42⤵
- Executes dropped EXE
-
\??\c:\97lu1a.exec:\97lu1a.exe43⤵
- Executes dropped EXE
-
\??\c:\wtdhrr3.exec:\wtdhrr3.exe44⤵
- Executes dropped EXE
-
\??\c:\5t279.exec:\5t279.exe45⤵
- Executes dropped EXE
-
\??\c:\e51x7t5.exec:\e51x7t5.exe46⤵
- Executes dropped EXE
-
\??\c:\q6go13.exec:\q6go13.exe47⤵
- Executes dropped EXE
-
\??\c:\4i4m7.exec:\4i4m7.exe48⤵
- Executes dropped EXE
-
\??\c:\86ewcak.exec:\86ewcak.exe49⤵
- Executes dropped EXE
-
\??\c:\mwnh0.exec:\mwnh0.exe50⤵
- Executes dropped EXE
-
\??\c:\vb58q7.exec:\vb58q7.exe51⤵
- Executes dropped EXE
-
\??\c:\78vgh5.exec:\78vgh5.exe52⤵
- Executes dropped EXE
-
\??\c:\de7r1.exec:\de7r1.exe53⤵
- Executes dropped EXE
-
\??\c:\fvx77s.exec:\fvx77s.exe54⤵
- Executes dropped EXE
-
\??\c:\45455.exec:\45455.exe55⤵
- Executes dropped EXE
-
\??\c:\6c2frme.exec:\6c2frme.exe56⤵
- Executes dropped EXE
-
\??\c:\tqrjqu.exec:\tqrjqu.exe57⤵
- Executes dropped EXE
-
\??\c:\f6q1i6.exec:\f6q1i6.exe58⤵
- Executes dropped EXE
-
\??\c:\nuouo9.exec:\nuouo9.exe59⤵
- Executes dropped EXE
-
\??\c:\o17am.exec:\o17am.exe60⤵
- Executes dropped EXE
-
\??\c:\g41da90.exec:\g41da90.exe61⤵
- Executes dropped EXE
-
\??\c:\c5jg5.exec:\c5jg5.exe62⤵
- Executes dropped EXE
-
\??\c:\27071.exec:\27071.exe63⤵
- Executes dropped EXE
-
\??\c:\1k3j1.exec:\1k3j1.exe64⤵
- Executes dropped EXE
-
\??\c:\kcd7qb.exec:\kcd7qb.exe65⤵
- Executes dropped EXE
-
\??\c:\c1c5299.exec:\c1c5299.exe66⤵
-
\??\c:\0e7o1qe.exec:\0e7o1qe.exe67⤵
-
\??\c:\xm7uojh.exec:\xm7uojh.exe68⤵
-
\??\c:\6q7j5.exec:\6q7j5.exe69⤵
-
\??\c:\x761k43.exec:\x761k43.exe70⤵
-
\??\c:\gnr0s.exec:\gnr0s.exe71⤵
-
\??\c:\a04cwo.exec:\a04cwo.exe72⤵
-
\??\c:\x1n1ig.exec:\x1n1ig.exe73⤵
-
\??\c:\wro54.exec:\wro54.exe74⤵
-
\??\c:\4w50765.exec:\4w50765.exe75⤵
-
\??\c:\m7536c.exec:\m7536c.exe76⤵
-
\??\c:\39335k.exec:\39335k.exe77⤵
-
\??\c:\3fa07n.exec:\3fa07n.exe78⤵
-
\??\c:\e8ffrd.exec:\e8ffrd.exe79⤵
-
\??\c:\ids939.exec:\ids939.exe80⤵
-
\??\c:\332s1.exec:\332s1.exe81⤵
-
\??\c:\ma12dg7.exec:\ma12dg7.exe82⤵
-
\??\c:\97s65.exec:\97s65.exe83⤵
-
\??\c:\f371q5.exec:\f371q5.exe84⤵
-
\??\c:\ra6va.exec:\ra6va.exe85⤵
-
\??\c:\dp9vp2.exec:\dp9vp2.exe86⤵
-
\??\c:\d2257i.exec:\d2257i.exe87⤵
-
\??\c:\x98j5ga.exec:\x98j5ga.exe88⤵
-
\??\c:\l54l2.exec:\l54l2.exe89⤵
-
\??\c:\j3c5n0x.exec:\j3c5n0x.exe90⤵
-
\??\c:\tif77p.exec:\tif77p.exe91⤵
-
\??\c:\c9hd53q.exec:\c9hd53q.exe92⤵
-
\??\c:\1wo7s.exec:\1wo7s.exe93⤵
-
\??\c:\47rqc2.exec:\47rqc2.exe94⤵
-
\??\c:\7p518lc.exec:\7p518lc.exe95⤵
-
\??\c:\l502qg.exec:\l502qg.exe96⤵
-
\??\c:\56f911v.exec:\56f911v.exe97⤵
-
\??\c:\s5e3w.exec:\s5e3w.exe98⤵
-
\??\c:\2l315m.exec:\2l315m.exe99⤵
-
\??\c:\m5sq7f4.exec:\m5sq7f4.exe100⤵
-
\??\c:\52e9cog.exec:\52e9cog.exe101⤵
-
\??\c:\e4ux6.exec:\e4ux6.exe102⤵
-
\??\c:\n5s50x.exec:\n5s50x.exe103⤵
-
\??\c:\9x3ld3.exec:\9x3ld3.exe104⤵
-
\??\c:\i0lcg14.exec:\i0lcg14.exe105⤵
-
\??\c:\sa45ap.exec:\sa45ap.exe106⤵
-
\??\c:\4s8pd.exec:\4s8pd.exe107⤵
-
\??\c:\2meubb.exec:\2meubb.exe108⤵
-
\??\c:\e9mc35.exec:\e9mc35.exe109⤵
-
\??\c:\35759s.exec:\35759s.exe110⤵
-
\??\c:\95el1.exec:\95el1.exe111⤵
-
\??\c:\9u3an7.exec:\9u3an7.exe112⤵
-
\??\c:\nukxd.exec:\nukxd.exe113⤵
-
\??\c:\6kk8x.exec:\6kk8x.exe114⤵
-
\??\c:\n2sd3.exec:\n2sd3.exe115⤵
-
\??\c:\44v6b2.exec:\44v6b2.exe116⤵
-
\??\c:\5h7h85.exec:\5h7h85.exe117⤵
-
\??\c:\h5nno5s.exec:\h5nno5s.exe118⤵
-
\??\c:\37sv4n.exec:\37sv4n.exe119⤵
-
\??\c:\t3sm0.exec:\t3sm0.exe120⤵
-
\??\c:\o3501.exec:\o3501.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-