Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
23-05-2024 00:57
General
-
Target
671ab578608d3ccf4cd19b2ad2bda850_NeikiAnalytics.exe
-
Size
120KB
-
MD5
671ab578608d3ccf4cd19b2ad2bda850
-
SHA1
3612c83454998d4de0260c5d79ba7c3481c8c048
-
SHA256
b012e9dd260dbf06dcf017a72c6ecccbcde039c8298c697f9b6ed6152ea14e2d
-
SHA512
dd8c406c3542ac0ef3f0e36b408ce6452542d0e4ccbc13a66b12181cffd958c17793c5e9ad949d8c9805b8fbd703ef412c5f4c1482cee1bb159da52c419c037f
-
SSDEEP
3072:/hOmTsF93UYfwC6GIoutKzdbr9XcMRwk6mNb5TcPeJipUPe:/cm4FmowdHoSKZf5cX5m7TNG
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\671ab578608d3ccf4cd19b2ad2bda850_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\671ab578608d3ccf4cd19b2ad2bda850_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xvd167q.exec:\xvd167q.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5293bi3.exec:\5293bi3.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\cc7sg4.exec:\cc7sg4.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ve92g7c.exec:\ve92g7c.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\91s5j9.exec:\91s5j9.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04w95n1.exec:\04w95n1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g0rc96.exec:\g0rc96.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a61nb.exec:\a61nb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d15720.exec:\d15720.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\63ri1d.exec:\63ri1d.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bpx117.exec:\bpx117.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8d5he.exec:\8d5he.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t2iuv.exec:\t2iuv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0001bku.exec:\0001bku.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w0p533o.exec:\w0p533o.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ufu7iig.exec:\ufu7iig.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dwec3.exec:\dwec3.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ko7wwgo.exec:\ko7wwgo.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bcm828.exec:\bcm828.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wbhf1qn.exec:\wbhf1qn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7xm12w5.exec:\7xm12w5.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\199gqn.exec:\199gqn.exe23⤵
- Executes dropped EXE
-
\??\c:\rdj5bp.exec:\rdj5bp.exe24⤵
- Executes dropped EXE
-
\??\c:\29x1x3.exec:\29x1x3.exe25⤵
- Executes dropped EXE
-
\??\c:\ogj7ke.exec:\ogj7ke.exe26⤵
- Executes dropped EXE
-
\??\c:\jl2wg.exec:\jl2wg.exe27⤵
- Executes dropped EXE
-
\??\c:\5c7sg6.exec:\5c7sg6.exe28⤵
- Executes dropped EXE
-
\??\c:\7u42e.exec:\7u42e.exe29⤵
- Executes dropped EXE
-
\??\c:\kt7m9.exec:\kt7m9.exe30⤵
- Executes dropped EXE
-
\??\c:\7vhu40i.exec:\7vhu40i.exe31⤵
- Executes dropped EXE
-
\??\c:\we86o.exec:\we86o.exe32⤵
- Executes dropped EXE
-
\??\c:\wl7lut.exec:\wl7lut.exe33⤵
- Executes dropped EXE
-
\??\c:\99c01s.exec:\99c01s.exe34⤵
- Executes dropped EXE
-
\??\c:\4dm493.exec:\4dm493.exe35⤵
- Executes dropped EXE
-
\??\c:\5vvbc.exec:\5vvbc.exe36⤵
- Executes dropped EXE
-
\??\c:\tb2ef.exec:\tb2ef.exe37⤵
- Executes dropped EXE
-
\??\c:\hoi3s5q.exec:\hoi3s5q.exe38⤵
- Executes dropped EXE
-
\??\c:\9e534.exec:\9e534.exe39⤵
- Executes dropped EXE
-
\??\c:\loi7g.exec:\loi7g.exe40⤵
- Executes dropped EXE
-
\??\c:\503gm.exec:\503gm.exe41⤵
- Executes dropped EXE
-
\??\c:\ff2gk.exec:\ff2gk.exe42⤵
- Executes dropped EXE
-
\??\c:\mk1vkjo.exec:\mk1vkjo.exe43⤵
- Executes dropped EXE
-
\??\c:\q5kwe.exec:\q5kwe.exe44⤵
- Executes dropped EXE
-
\??\c:\492fc8.exec:\492fc8.exe45⤵
- Executes dropped EXE
-
\??\c:\80f1e3g.exec:\80f1e3g.exe46⤵
- Executes dropped EXE
-
\??\c:\1tw1n.exec:\1tw1n.exe47⤵
- Executes dropped EXE
-
\??\c:\v9aab8c.exec:\v9aab8c.exe48⤵
- Executes dropped EXE
-
\??\c:\k4m04.exec:\k4m04.exe49⤵
- Executes dropped EXE
-
\??\c:\i6pm7h.exec:\i6pm7h.exe50⤵
- Executes dropped EXE
-
\??\c:\pplg2.exec:\pplg2.exe51⤵
- Executes dropped EXE
-
\??\c:\h1qls.exec:\h1qls.exe52⤵
- Executes dropped EXE
-
\??\c:\d0nak.exec:\d0nak.exe53⤵
- Executes dropped EXE
-
\??\c:\1xml83d.exec:\1xml83d.exe54⤵
- Executes dropped EXE
-
\??\c:\elsk1.exec:\elsk1.exe55⤵
- Executes dropped EXE
-
\??\c:\j5gsh.exec:\j5gsh.exe56⤵
- Executes dropped EXE
-
\??\c:\ich8q3.exec:\ich8q3.exe57⤵
- Executes dropped EXE
-
\??\c:\6252ro.exec:\6252ro.exe58⤵
- Executes dropped EXE
-
\??\c:\fophfvh.exec:\fophfvh.exe59⤵
- Executes dropped EXE
-
\??\c:\h577d.exec:\h577d.exe60⤵
- Executes dropped EXE
-
\??\c:\o3m5n.exec:\o3m5n.exe61⤵
- Executes dropped EXE
-
\??\c:\mggk1o1.exec:\mggk1o1.exe62⤵
- Executes dropped EXE
-
\??\c:\ma9ti.exec:\ma9ti.exe63⤵
- Executes dropped EXE
-
\??\c:\g0ja3.exec:\g0ja3.exe64⤵
- Executes dropped EXE
-
\??\c:\8810r98.exec:\8810r98.exe65⤵
- Executes dropped EXE
-
\??\c:\6b36hc.exec:\6b36hc.exe66⤵
-
\??\c:\l57q4fh.exec:\l57q4fh.exe67⤵
-
\??\c:\g4115g0.exec:\g4115g0.exe68⤵
-
\??\c:\kfh33.exec:\kfh33.exe69⤵
-
\??\c:\33g6n7.exec:\33g6n7.exe70⤵
-
\??\c:\99096.exec:\99096.exe71⤵
-
\??\c:\rdomkc.exec:\rdomkc.exe72⤵
-
\??\c:\8vf5k1e.exec:\8vf5k1e.exe73⤵
-
\??\c:\0v6da58.exec:\0v6da58.exe74⤵
-
\??\c:\xma52.exec:\xma52.exe75⤵
-
\??\c:\4gwis.exec:\4gwis.exe76⤵
-
\??\c:\21kbl7.exec:\21kbl7.exe77⤵
-
\??\c:\4a1qlox.exec:\4a1qlox.exe78⤵
-
\??\c:\wasw08c.exec:\wasw08c.exe79⤵
-
\??\c:\dkbijq0.exec:\dkbijq0.exe80⤵
-
\??\c:\bp34g5.exec:\bp34g5.exe81⤵
-
\??\c:\1l380r.exec:\1l380r.exe82⤵
-
\??\c:\7j213w5.exec:\7j213w5.exe83⤵
-
\??\c:\373co.exec:\373co.exe84⤵
-
\??\c:\w9b5cc9.exec:\w9b5cc9.exe85⤵
-
\??\c:\g37e9.exec:\g37e9.exe86⤵
-
\??\c:\irmtc.exec:\irmtc.exe87⤵
-
\??\c:\n4t9xs.exec:\n4t9xs.exe88⤵
-
\??\c:\qr650o.exec:\qr650o.exe89⤵
-
\??\c:\4id5o1d.exec:\4id5o1d.exe90⤵
-
\??\c:\5k3ro6.exec:\5k3ro6.exe91⤵
-
\??\c:\2vpb9r.exec:\2vpb9r.exe92⤵
-
\??\c:\b764w.exec:\b764w.exe93⤵
-
\??\c:\vu43e8.exec:\vu43e8.exe94⤵
-
\??\c:\ke4fonq.exec:\ke4fonq.exe95⤵
-
\??\c:\t58c5.exec:\t58c5.exe96⤵
-
\??\c:\dvk777.exec:\dvk777.exe97⤵
-
\??\c:\185u71.exec:\185u71.exe98⤵
-
\??\c:\3ll97va.exec:\3ll97va.exe99⤵
-
\??\c:\4nh7u36.exec:\4nh7u36.exe100⤵
-
\??\c:\799i719.exec:\799i719.exe101⤵
-
\??\c:\9knl9s.exec:\9knl9s.exe102⤵
-
\??\c:\5l33k.exec:\5l33k.exe103⤵
-
\??\c:\vd8k8x.exec:\vd8k8x.exe104⤵
-
\??\c:\dqnqu.exec:\dqnqu.exe105⤵
-
\??\c:\i47rs7v.exec:\i47rs7v.exe106⤵
-
\??\c:\6ro72n8.exec:\6ro72n8.exe107⤵
-
\??\c:\3393m3.exec:\3393m3.exe108⤵
-
\??\c:\g39l828.exec:\g39l828.exe109⤵
-
\??\c:\28p3e5.exec:\28p3e5.exe110⤵
-
\??\c:\clvok0.exec:\clvok0.exe111⤵
-
\??\c:\sc769.exec:\sc769.exe112⤵
-
\??\c:\t9tnv3.exec:\t9tnv3.exe113⤵
-
\??\c:\0t36dgg.exec:\0t36dgg.exe114⤵
-
\??\c:\xu56s.exec:\xu56s.exe115⤵
-
\??\c:\hq1bl.exec:\hq1bl.exe116⤵
-
\??\c:\8pdjt.exec:\8pdjt.exe117⤵
-
\??\c:\40ie0.exec:\40ie0.exe118⤵
-
\??\c:\l8r17.exec:\l8r17.exe119⤵
-
\??\c:\7i7227n.exec:\7i7227n.exe120⤵
-
\??\c:\b14w81.exec:\b14w81.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-