Analysis
-
max time kernel
152s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
23/05/2024, 10:49
General
-
Target
47a611a6179a1a1cf8a30bc02b20cad0_NeikiAnalytics.exe
-
Size
328KB
-
MD5
47a611a6179a1a1cf8a30bc02b20cad0
-
SHA1
e53be27e43cf6d5632a9633ae87583fb524fc173
-
SHA256
0ac2d2b89bff167b4323ecd3ae7b7cd48e9372187c92d66bd32100c1a365708e
-
SHA512
8adf55dd97589c3c49afa57b088ad06153ede82c3c7505f3867a725a1ae8d0d60438e36424e1e3dc98ab58d1884e879dbe61f70d838bf527d05111c2c4d8dd78
-
SSDEEP
6144:Lcm4FmowdHoSHt251UriZFwfsDX2UznsaFVNJCMKAbeR:R4wFHoSHYHUrAwfMp3CDR
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\47a611a6179a1a1cf8a30bc02b20cad0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\47a611a6179a1a1cf8a30bc02b20cad0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\oox240.exec:\oox240.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g77493.exec:\g77493.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3w4v2.exec:\3w4v2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3v9q238.exec:\3v9q238.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x0194.exec:\x0194.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0ne8776.exec:\0ne8776.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i58lvj5.exec:\i58lvj5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\093s3o8.exec:\093s3o8.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\647pp34.exec:\647pp34.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2s7dp7.exec:\2s7dp7.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j585c1s.exec:\j585c1s.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2neu1m8.exec:\2neu1m8.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sew100.exec:\sew100.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rd38qk3.exec:\rd38qk3.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\j40qjw5.exec:\j40qjw5.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3f4133.exec:\3f4133.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8r6n2.exec:\8r6n2.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\970h3.exec:\970h3.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q7msm.exec:\q7msm.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\401gpwk.exec:\401gpwk.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4nhqal.exec:\4nhqal.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6728sw.exec:\6728sw.exe23⤵
- Executes dropped EXE
-
\??\c:\0gs07s.exec:\0gs07s.exe24⤵
- Executes dropped EXE
-
\??\c:\988t16.exec:\988t16.exe25⤵
- Executes dropped EXE
-
\??\c:\9lbfje.exec:\9lbfje.exe26⤵
- Executes dropped EXE
-
\??\c:\q3r3der.exec:\q3r3der.exe27⤵
- Executes dropped EXE
-
\??\c:\ov28288.exec:\ov28288.exe28⤵
- Executes dropped EXE
-
\??\c:\vi3ig.exec:\vi3ig.exe29⤵
- Executes dropped EXE
-
\??\c:\4q2q96.exec:\4q2q96.exe30⤵
- Executes dropped EXE
-
\??\c:\2916e.exec:\2916e.exe31⤵
- Executes dropped EXE
-
\??\c:\64hk7.exec:\64hk7.exe32⤵
- Executes dropped EXE
-
\??\c:\023o0.exec:\023o0.exe33⤵
- Executes dropped EXE
-
\??\c:\3mheo59.exec:\3mheo59.exe34⤵
- Executes dropped EXE
-
\??\c:\htlttht.exec:\htlttht.exe35⤵
- Executes dropped EXE
-
\??\c:\i99kb.exec:\i99kb.exe36⤵
- Executes dropped EXE
-
\??\c:\6jg4qo6.exec:\6jg4qo6.exe37⤵
- Executes dropped EXE
-
\??\c:\i908g.exec:\i908g.exe38⤵
- Executes dropped EXE
-
\??\c:\q949l90.exec:\q949l90.exe39⤵
- Executes dropped EXE
-
\??\c:\jbtj08.exec:\jbtj08.exe40⤵
- Executes dropped EXE
-
\??\c:\tcc7boc.exec:\tcc7boc.exe41⤵
- Executes dropped EXE
-
\??\c:\tptphlp.exec:\tptphlp.exe42⤵
- Executes dropped EXE
-
\??\c:\pk013.exec:\pk013.exe43⤵
- Executes dropped EXE
-
\??\c:\18uu3.exec:\18uu3.exe44⤵
- Executes dropped EXE
-
\??\c:\5wqib.exec:\5wqib.exe45⤵
- Executes dropped EXE
-
\??\c:\ea101q.exec:\ea101q.exe46⤵
- Executes dropped EXE
-
\??\c:\k1dm9k.exec:\k1dm9k.exe47⤵
- Executes dropped EXE
-
\??\c:\c7mwog7.exec:\c7mwog7.exe48⤵
- Executes dropped EXE
-
\??\c:\ne85f5t.exec:\ne85f5t.exe49⤵
- Executes dropped EXE
-
\??\c:\6ebtki.exec:\6ebtki.exe50⤵
- Executes dropped EXE
-
\??\c:\6cxpb1.exec:\6cxpb1.exe51⤵
- Executes dropped EXE
-
\??\c:\p195l49.exec:\p195l49.exe52⤵
- Executes dropped EXE
-
\??\c:\1w31x.exec:\1w31x.exe53⤵
- Executes dropped EXE
-
\??\c:\5ncsw.exec:\5ncsw.exe54⤵
- Executes dropped EXE
-
\??\c:\2fa2913.exec:\2fa2913.exe55⤵
- Executes dropped EXE
-
\??\c:\ppse99.exec:\ppse99.exe56⤵
- Executes dropped EXE
-
\??\c:\kn64i9n.exec:\kn64i9n.exe57⤵
- Executes dropped EXE
-
\??\c:\pv4hw.exec:\pv4hw.exe58⤵
- Executes dropped EXE
-
\??\c:\n23953.exec:\n23953.exe59⤵
- Executes dropped EXE
-
\??\c:\25388.exec:\25388.exe60⤵
- Executes dropped EXE
-
\??\c:\am1k5f.exec:\am1k5f.exe61⤵
- Executes dropped EXE
-
\??\c:\4bc2l7.exec:\4bc2l7.exe62⤵
- Executes dropped EXE
-
\??\c:\c65e591.exec:\c65e591.exe63⤵
- Executes dropped EXE
-
\??\c:\m2k75j.exec:\m2k75j.exe64⤵
- Executes dropped EXE
-
\??\c:\26qhus.exec:\26qhus.exe65⤵
- Executes dropped EXE
-
\??\c:\6pk4he3.exec:\6pk4he3.exe66⤵
-
\??\c:\47agw9b.exec:\47agw9b.exe67⤵
-
\??\c:\3vhi0.exec:\3vhi0.exe68⤵
-
\??\c:\26o2m.exec:\26o2m.exe69⤵
-
\??\c:\w91t7.exec:\w91t7.exe70⤵
-
\??\c:\g3000a0.exec:\g3000a0.exe71⤵
-
\??\c:\788oa3k.exec:\788oa3k.exe72⤵
-
\??\c:\t824331.exec:\t824331.exe73⤵
-
\??\c:\69hw991.exec:\69hw991.exe74⤵
-
\??\c:\s73tv36.exec:\s73tv36.exe75⤵
-
\??\c:\757917.exec:\757917.exe76⤵
-
\??\c:\o1i03.exec:\o1i03.exe77⤵
-
\??\c:\45c85k.exec:\45c85k.exe78⤵
-
\??\c:\ex5x2.exec:\ex5x2.exe79⤵
-
\??\c:\965e81.exec:\965e81.exe80⤵
-
\??\c:\49w4kq.exec:\49w4kq.exe81⤵
-
\??\c:\ocut6.exec:\ocut6.exe82⤵
-
\??\c:\31bh1.exec:\31bh1.exe83⤵
-
\??\c:\8irid36.exec:\8irid36.exe84⤵
-
\??\c:\3335g7.exec:\3335g7.exe85⤵
-
\??\c:\3s532x.exec:\3s532x.exe86⤵
-
\??\c:\vm1i41g.exec:\vm1i41g.exe87⤵
-
\??\c:\ah0rm.exec:\ah0rm.exe88⤵
-
\??\c:\b1cve29.exec:\b1cve29.exe89⤵
-
\??\c:\5x468.exec:\5x468.exe90⤵
-
\??\c:\xm0bl.exec:\xm0bl.exe91⤵
-
\??\c:\lg1ebq.exec:\lg1ebq.exe92⤵
-
\??\c:\1cse7kw.exec:\1cse7kw.exe93⤵
-
\??\c:\auv1l5p.exec:\auv1l5p.exe94⤵
-
\??\c:\jabo8g1.exec:\jabo8g1.exe95⤵
-
\??\c:\1mc550.exec:\1mc550.exe96⤵
-
\??\c:\o17k087.exec:\o17k087.exe97⤵
-
\??\c:\85i1u.exec:\85i1u.exe98⤵
-
\??\c:\a81c1.exec:\a81c1.exe99⤵
-
\??\c:\p5qos39.exec:\p5qos39.exe100⤵
-
\??\c:\pevnw90.exec:\pevnw90.exe101⤵
-
\??\c:\kqq7t.exec:\kqq7t.exe102⤵
-
\??\c:\r878uvh.exec:\r878uvh.exe103⤵
-
\??\c:\l8xcd.exec:\l8xcd.exe104⤵
-
\??\c:\v1335m.exec:\v1335m.exe105⤵
-
\??\c:\07r32.exec:\07r32.exe106⤵
-
\??\c:\wt3n51.exec:\wt3n51.exe107⤵
-
\??\c:\txhxdpt.exec:\txhxdpt.exe108⤵
-
\??\c:\uo5a6ke.exec:\uo5a6ke.exe109⤵
-
\??\c:\t2t85n7.exec:\t2t85n7.exe110⤵
-
\??\c:\fpb3o.exec:\fpb3o.exe111⤵
-
\??\c:\dqf7mx.exec:\dqf7mx.exe112⤵
-
\??\c:\qn9f06.exec:\qn9f06.exe113⤵
-
\??\c:\gs2kf.exec:\gs2kf.exe114⤵
-
\??\c:\6r9225.exec:\6r9225.exe115⤵
-
\??\c:\a21jv.exec:\a21jv.exe116⤵
-
\??\c:\8q3351l.exec:\8q3351l.exe117⤵
-
\??\c:\va65g.exec:\va65g.exe118⤵
-
\??\c:\7t3xs.exec:\7t3xs.exe119⤵
-
\??\c:\i589x6j.exec:\i589x6j.exe120⤵
-
\??\c:\lsw7if.exec:\lsw7if.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-