Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/05/2024, 07:09
General
-
Target
49e4470f16bd8d7670427d8961f936e0_NeikiAnalytics.exe
-
Size
232KB
-
MD5
49e4470f16bd8d7670427d8961f936e0
-
SHA1
32582bff29fa200c453db470ccaa6e6ecbc6480b
-
SHA256
fc5cb386f1a05cf0f6736bd9b9e2d13541d9a67efa49515364e5b20dd0ffab11
-
SHA512
60d07c5afdfeea0563d963f37ba536761f438418793509d9c3a85e4f79a1a2506df32f12f316f2c4c6a6a6dc1e647be47210e07473d6f86ed9c12943352abe06
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LAIRUohTF/SjSrbzLAuBjfwFOmoFzMvUpGqC5n+Ngj:n3C9BRo/AIuuFSjA8uBjwI7FjpjC5+Kj
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\49e4470f16bd8d7670427d8961f936e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\49e4470f16bd8d7670427d8961f936e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\l871b25.exec:\l871b25.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\i21fcr.exec:\i21fcr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\76tmq5.exec:\76tmq5.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9mqn393.exec:\9mqn393.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\builvd4.exec:\builvd4.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s21k9b0.exec:\s21k9b0.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3p0k4ps.exec:\3p0k4ps.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\39kie.exec:\39kie.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0c6a9p.exec:\0c6a9p.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x3s56.exec:\x3s56.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\43u5x89.exec:\43u5x89.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\d317534.exec:\d317534.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\me5w2g1.exec:\me5w2g1.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s828n5.exec:\s828n5.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04qn23.exec:\04qn23.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\er2cp2.exec:\er2cp2.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\93a18w7.exec:\93a18w7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99d1esn.exec:\99d1esn.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0d4sj8q.exec:\0d4sj8q.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\aps1jg.exec:\aps1jg.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\07w9f8.exec:\07w9f8.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\55kbc.exec:\55kbc.exe23⤵
- Executes dropped EXE
-
\??\c:\293c7x.exec:\293c7x.exe24⤵
- Executes dropped EXE
-
\??\c:\7lk791k.exec:\7lk791k.exe25⤵
- Executes dropped EXE
-
\??\c:\n9hqb96.exec:\n9hqb96.exe26⤵
- Executes dropped EXE
-
\??\c:\ho308.exec:\ho308.exe27⤵
-
\??\c:\8w2vl0.exec:\8w2vl0.exe28⤵
- Executes dropped EXE
-
\??\c:\393q86a.exec:\393q86a.exe29⤵
- Executes dropped EXE
-
\??\c:\3fo7l.exec:\3fo7l.exe30⤵
- Executes dropped EXE
-
\??\c:\6w5ot.exec:\6w5ot.exe31⤵
- Executes dropped EXE
-
\??\c:\044d1s.exec:\044d1s.exe32⤵
- Executes dropped EXE
-
\??\c:\8t39k3.exec:\8t39k3.exe33⤵
- Executes dropped EXE
-
\??\c:\12475pr.exec:\12475pr.exe34⤵
- Executes dropped EXE
-
\??\c:\auwk9w3.exec:\auwk9w3.exe35⤵
- Executes dropped EXE
-
\??\c:\x445d.exec:\x445d.exe36⤵
- Executes dropped EXE
-
\??\c:\67frr9.exec:\67frr9.exe37⤵
- Executes dropped EXE
-
\??\c:\99cdvab.exec:\99cdvab.exe38⤵
- Executes dropped EXE
-
\??\c:\422b4.exec:\422b4.exe39⤵
- Executes dropped EXE
-
\??\c:\nm2fc.exec:\nm2fc.exe40⤵
- Executes dropped EXE
-
\??\c:\385tc3x.exec:\385tc3x.exe41⤵
- Executes dropped EXE
-
\??\c:\r5hc05.exec:\r5hc05.exe42⤵
- Executes dropped EXE
-
\??\c:\q72g4.exec:\q72g4.exe43⤵
- Executes dropped EXE
-
\??\c:\lv46d.exec:\lv46d.exe44⤵
- Executes dropped EXE
-
\??\c:\620w9.exec:\620w9.exe45⤵
- Executes dropped EXE
-
\??\c:\f57b6.exec:\f57b6.exe46⤵
- Executes dropped EXE
-
\??\c:\p5092s.exec:\p5092s.exe47⤵
- Executes dropped EXE
-
\??\c:\35nn77n.exec:\35nn77n.exe48⤵
- Executes dropped EXE
-
\??\c:\q1adm.exec:\q1adm.exe49⤵
- Executes dropped EXE
-
\??\c:\898s5p.exec:\898s5p.exe50⤵
- Executes dropped EXE
-
\??\c:\412086e.exec:\412086e.exe51⤵
- Executes dropped EXE
-
\??\c:\122qkh.exec:\122qkh.exe52⤵
- Executes dropped EXE
-
\??\c:\84m8rcn.exec:\84m8rcn.exe53⤵
- Executes dropped EXE
-
\??\c:\1vq45.exec:\1vq45.exe54⤵
- Executes dropped EXE
-
\??\c:\82g9q.exec:\82g9q.exe55⤵
- Executes dropped EXE
-
\??\c:\637194n.exec:\637194n.exe56⤵
- Executes dropped EXE
-
\??\c:\1918u.exec:\1918u.exe57⤵
- Executes dropped EXE
-
\??\c:\12070.exec:\12070.exe58⤵
- Executes dropped EXE
-
\??\c:\v1nc3.exec:\v1nc3.exe59⤵
- Executes dropped EXE
-
\??\c:\xr7ocu.exec:\xr7ocu.exe60⤵
- Executes dropped EXE
-
\??\c:\05s56n.exec:\05s56n.exe61⤵
- Executes dropped EXE
-
\??\c:\7xx7h34.exec:\7xx7h34.exe62⤵
- Executes dropped EXE
-
\??\c:\th2bke.exec:\th2bke.exe63⤵
- Executes dropped EXE
-
\??\c:\05e13v0.exec:\05e13v0.exe64⤵
- Executes dropped EXE
-
\??\c:\9c2cip.exec:\9c2cip.exe65⤵
- Executes dropped EXE
-
\??\c:\dl71x5.exec:\dl71x5.exe66⤵
- Executes dropped EXE
-
\??\c:\7j1hn.exec:\7j1hn.exe67⤵
-
\??\c:\q0379.exec:\q0379.exe68⤵
-
\??\c:\042227.exec:\042227.exe69⤵
-
\??\c:\gawe0i4.exec:\gawe0i4.exe70⤵
-
\??\c:\1n2cooc.exec:\1n2cooc.exe71⤵
-
\??\c:\w71jf.exec:\w71jf.exe72⤵
-
\??\c:\t673q4.exec:\t673q4.exe73⤵
-
\??\c:\n8wenrg.exec:\n8wenrg.exe74⤵
-
\??\c:\e5su7.exec:\e5su7.exe75⤵
-
\??\c:\a9a9r.exec:\a9a9r.exe76⤵
-
\??\c:\317s5.exec:\317s5.exe77⤵
-
\??\c:\0e143q.exec:\0e143q.exe78⤵
-
\??\c:\83xkff.exec:\83xkff.exe79⤵
-
\??\c:\81m76.exec:\81m76.exe80⤵
-
\??\c:\npj2u.exec:\npj2u.exe81⤵
-
\??\c:\6042059.exec:\6042059.exe82⤵
-
\??\c:\s168t07.exec:\s168t07.exe83⤵
-
\??\c:\02thb7.exec:\02thb7.exe84⤵
-
\??\c:\gaeun.exec:\gaeun.exe85⤵
-
\??\c:\5gw8wn.exec:\5gw8wn.exe86⤵
-
\??\c:\0180g.exec:\0180g.exe87⤵
-
\??\c:\m6k02d9.exec:\m6k02d9.exe88⤵
-
\??\c:\t4f111.exec:\t4f111.exe89⤵
-
\??\c:\1o5n50p.exec:\1o5n50p.exe90⤵
-
\??\c:\77wxu.exec:\77wxu.exe91⤵
-
\??\c:\q088b.exec:\q088b.exe92⤵
-
\??\c:\w9ww76.exec:\w9ww76.exe93⤵
-
\??\c:\48sp4v.exec:\48sp4v.exe94⤵
-
\??\c:\l92jj11.exec:\l92jj11.exe95⤵
-
\??\c:\ox1cilj.exec:\ox1cilj.exe96⤵
-
\??\c:\9a952.exec:\9a952.exe97⤵
-
\??\c:\6w40tu.exec:\6w40tu.exe98⤵
-
\??\c:\hfknqr.exec:\hfknqr.exe99⤵
-
\??\c:\6i8u5.exec:\6i8u5.exe100⤵
-
\??\c:\iw0j2.exec:\iw0j2.exe101⤵
-
\??\c:\0rdmu2.exec:\0rdmu2.exe102⤵
-
\??\c:\9t46rfs.exec:\9t46rfs.exe103⤵
-
\??\c:\gsakus.exec:\gsakus.exe104⤵
-
\??\c:\s7vx4v.exec:\s7vx4v.exe105⤵
-
\??\c:\4n41j85.exec:\4n41j85.exe106⤵
-
\??\c:\5v0s310.exec:\5v0s310.exe107⤵
-
\??\c:\b0nsqe.exec:\b0nsqe.exe108⤵
-
\??\c:\029h351.exec:\029h351.exe109⤵
-
\??\c:\2uimgb.exec:\2uimgb.exe110⤵
-
\??\c:\lwexp8.exec:\lwexp8.exe111⤵
-
\??\c:\82k42.exec:\82k42.exe112⤵
-
\??\c:\x22fuim.exec:\x22fuim.exe113⤵
-
\??\c:\m7cx5.exec:\m7cx5.exe114⤵
-
\??\c:\sjga65.exec:\sjga65.exe115⤵
-
\??\c:\112dw52.exec:\112dw52.exe116⤵
-
\??\c:\ku3sm.exec:\ku3sm.exe117⤵
-
\??\c:\43gnx.exec:\43gnx.exe118⤵
-
\??\c:\pw827.exec:\pw827.exe119⤵
-
\??\c:\4h6ss9.exec:\4h6ss9.exe120⤵
-
\??\c:\4sae9.exec:\4sae9.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-