Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/05/2024, 22:19
General
-
Target
0f0a38af2d686213f4f87100088918c0_NeikiAnalytics.exe
-
Size
306KB
-
MD5
0f0a38af2d686213f4f87100088918c0
-
SHA1
475ddfcf76c4e7a7e293a2b5dba9bc8785eb7bd0
-
SHA256
bb412a494ddbed94e628dc28ffac1c17864692b5aaf566e30bca97db9baa2db5
-
SHA512
95ec71029207b7bed053abe1173c286f0b37e8e04d68065e63114a09a5ff0e09b81cfbf47bf1548b2f09cb7ac9451529d42667eb010c9caa945884a32e0c10a6
-
SSDEEP
6144:n3C9BRo/CH26ZAmaOXicLrnRukAPXt1UP+3OgEbXeTiDSd2vV:n3C9uUnAvtd3Ogld2vV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 25 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f0a38af2d686213f4f87100088918c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0f0a38af2d686213f4f87100088918c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3e89r.exec:\3e89r.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\101kt2e.exec:\101kt2e.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\69900o.exec:\69900o.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\sw4qs9.exec:\sw4qs9.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d396edr.exec:\d396edr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9l1181c.exec:\9l1181c.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1s377.exec:\1s377.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\252r3.exec:\252r3.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fjr29.exec:\fjr29.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\17412v7.exec:\17412v7.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6ajq7c4.exec:\6ajq7c4.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0vp3g0.exec:\0vp3g0.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ra3nf9.exec:\ra3nf9.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7c7l4.exec:\7c7l4.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\00j7bb.exec:\00j7bb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u2ktb5.exec:\u2ktb5.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ce974.exec:\ce974.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8181d.exec:\8181d.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4193g8.exec:\4193g8.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6kh3r.exec:\6kh3r.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5685d.exec:\5685d.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2mt518.exec:\2mt518.exe23⤵
- Executes dropped EXE
-
\??\c:\9e4wp9.exec:\9e4wp9.exe24⤵
- Executes dropped EXE
-
\??\c:\ekwwkx9.exec:\ekwwkx9.exe25⤵
- Executes dropped EXE
-
\??\c:\34m01.exec:\34m01.exe26⤵
- Executes dropped EXE
-
\??\c:\u9lmh.exec:\u9lmh.exe27⤵
- Executes dropped EXE
-
\??\c:\uw3sa.exec:\uw3sa.exe28⤵
- Executes dropped EXE
-
\??\c:\005oc88.exec:\005oc88.exe29⤵
- Executes dropped EXE
-
\??\c:\6qtq8r.exec:\6qtq8r.exe30⤵
- Executes dropped EXE
-
\??\c:\t35mw8t.exec:\t35mw8t.exe31⤵
- Executes dropped EXE
-
\??\c:\5lwf6.exec:\5lwf6.exe32⤵
- Executes dropped EXE
-
\??\c:\72j2wq9.exec:\72j2wq9.exe33⤵
- Executes dropped EXE
-
\??\c:\t8v9g7.exec:\t8v9g7.exe34⤵
- Executes dropped EXE
-
\??\c:\pjmww.exec:\pjmww.exe35⤵
- Executes dropped EXE
-
\??\c:\7qqxmw.exec:\7qqxmw.exe36⤵
- Executes dropped EXE
-
\??\c:\8s701xt.exec:\8s701xt.exe37⤵
- Executes dropped EXE
-
\??\c:\6575o.exec:\6575o.exe38⤵
- Executes dropped EXE
-
\??\c:\67pfe4.exec:\67pfe4.exe39⤵
- Executes dropped EXE
-
\??\c:\wh3762h.exec:\wh3762h.exe40⤵
- Executes dropped EXE
-
\??\c:\7ifqc.exec:\7ifqc.exe41⤵
- Executes dropped EXE
-
\??\c:\8vexa.exec:\8vexa.exe42⤵
- Executes dropped EXE
-
\??\c:\3u9sdnu.exec:\3u9sdnu.exe43⤵
- Executes dropped EXE
-
\??\c:\v9h8x18.exec:\v9h8x18.exe44⤵
- Executes dropped EXE
-
\??\c:\d00p71d.exec:\d00p71d.exe45⤵
- Executes dropped EXE
-
\??\c:\75ijq6.exec:\75ijq6.exe46⤵
- Executes dropped EXE
-
\??\c:\4q0525x.exec:\4q0525x.exe47⤵
- Executes dropped EXE
-
\??\c:\20wei5c.exec:\20wei5c.exe48⤵
- Executes dropped EXE
-
\??\c:\d5xajk.exec:\d5xajk.exe49⤵
- Executes dropped EXE
-
\??\c:\3g27wqq.exec:\3g27wqq.exe50⤵
- Executes dropped EXE
-
\??\c:\n7l4h4g.exec:\n7l4h4g.exe51⤵
- Executes dropped EXE
-
\??\c:\2oc3p4g.exec:\2oc3p4g.exe52⤵
- Executes dropped EXE
-
\??\c:\i018wx.exec:\i018wx.exe53⤵
- Executes dropped EXE
-
\??\c:\l707ip7.exec:\l707ip7.exe54⤵
- Executes dropped EXE
-
\??\c:\n2oae.exec:\n2oae.exe55⤵
- Executes dropped EXE
-
\??\c:\fg217k.exec:\fg217k.exe56⤵
- Executes dropped EXE
-
\??\c:\379pn4.exec:\379pn4.exe57⤵
- Executes dropped EXE
-
\??\c:\10sh32.exec:\10sh32.exe58⤵
- Executes dropped EXE
-
\??\c:\7eq8i5m.exec:\7eq8i5m.exe59⤵
- Executes dropped EXE
-
\??\c:\033w5i.exec:\033w5i.exe60⤵
- Executes dropped EXE
-
\??\c:\8ncn20q.exec:\8ncn20q.exe61⤵
- Executes dropped EXE
-
\??\c:\8khi77.exec:\8khi77.exe62⤵
- Executes dropped EXE
-
\??\c:\90ga14.exec:\90ga14.exe63⤵
- Executes dropped EXE
-
\??\c:\2dsw357.exec:\2dsw357.exe64⤵
- Executes dropped EXE
-
\??\c:\381gm7.exec:\381gm7.exe65⤵
- Executes dropped EXE
-
\??\c:\lf9x9.exec:\lf9x9.exe66⤵
-
\??\c:\2vfgkq1.exec:\2vfgkq1.exe67⤵
-
\??\c:\1f7pjt.exec:\1f7pjt.exe68⤵
-
\??\c:\2os48c.exec:\2os48c.exe69⤵
-
\??\c:\96o6nm.exec:\96o6nm.exe70⤵
-
\??\c:\2jpcm.exec:\2jpcm.exe71⤵
-
\??\c:\0qhlc78.exec:\0qhlc78.exe72⤵
-
\??\c:\b850n.exec:\b850n.exe73⤵
-
\??\c:\utk93c8.exec:\utk93c8.exe74⤵
-
\??\c:\w11g27p.exec:\w11g27p.exe75⤵
-
\??\c:\e6ml44.exec:\e6ml44.exe76⤵
-
\??\c:\1xe2ou2.exec:\1xe2ou2.exe77⤵
-
\??\c:\ip11rw5.exec:\ip11rw5.exe78⤵
-
\??\c:\98a6wt4.exec:\98a6wt4.exe79⤵
-
\??\c:\5gv2agt.exec:\5gv2agt.exe80⤵
-
\??\c:\88ee3en.exec:\88ee3en.exe81⤵
-
\??\c:\s0k179t.exec:\s0k179t.exe82⤵
-
\??\c:\02779k.exec:\02779k.exe83⤵
-
\??\c:\len7e7o.exec:\len7e7o.exe84⤵
-
\??\c:\4e392.exec:\4e392.exe85⤵
-
\??\c:\bic80am.exec:\bic80am.exe86⤵
-
\??\c:\12119a.exec:\12119a.exe87⤵
-
\??\c:\5m1rf12.exec:\5m1rf12.exe88⤵
-
\??\c:\bke0i.exec:\bke0i.exe89⤵
-
\??\c:\031d7.exec:\031d7.exe90⤵
-
\??\c:\7s0era.exec:\7s0era.exe91⤵
-
\??\c:\7754h3.exec:\7754h3.exe92⤵
-
\??\c:\0k723x.exec:\0k723x.exe93⤵
-
\??\c:\ji1jlv5.exec:\ji1jlv5.exe94⤵
-
\??\c:\3r0qe2r.exec:\3r0qe2r.exe95⤵
-
\??\c:\criql.exec:\criql.exe96⤵
-
\??\c:\727579.exec:\727579.exe97⤵
-
\??\c:\591796u.exec:\591796u.exe98⤵
-
\??\c:\k1g49.exec:\k1g49.exe99⤵
-
\??\c:\29i73kb.exec:\29i73kb.exe100⤵
-
\??\c:\1olm7.exec:\1olm7.exe101⤵
-
\??\c:\21h9410.exec:\21h9410.exe102⤵
-
\??\c:\u2neu1.exec:\u2neu1.exe103⤵
-
\??\c:\7qnum.exec:\7qnum.exe104⤵
-
\??\c:\x2a2p15.exec:\x2a2p15.exe105⤵
-
\??\c:\775la.exec:\775la.exe106⤵
-
\??\c:\um134.exec:\um134.exe107⤵
-
\??\c:\445o0.exec:\445o0.exe108⤵
-
\??\c:\387809.exec:\387809.exe109⤵
-
\??\c:\o0m3oo.exec:\o0m3oo.exe110⤵
-
\??\c:\9ebim.exec:\9ebim.exe111⤵
-
\??\c:\m2brd8.exec:\m2brd8.exe112⤵
-
\??\c:\jocjqe.exec:\jocjqe.exe113⤵
-
\??\c:\36v0il.exec:\36v0il.exe114⤵
-
\??\c:\1k2rh2.exec:\1k2rh2.exe115⤵
-
\??\c:\1lcav.exec:\1lcav.exe116⤵
-
\??\c:\js6kb1.exec:\js6kb1.exe117⤵
-
\??\c:\9s9k557.exec:\9s9k557.exe118⤵
-
\??\c:\58u39.exec:\58u39.exe119⤵
-
\??\c:\j22s9o.exec:\j22s9o.exe120⤵
-
\??\c:\51658ws.exec:\51658ws.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-