Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
30/05/2024, 14:07
General
-
Target
afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe
-
Size
361KB
-
MD5
afe28056f55dd4f1e11f35c480fbda80
-
SHA1
a4496308721e9b7e0b063edc1ef2ee360b6ca8a0
-
SHA256
933626561162358c827f5a4f06ce06b7a37418bf0314152aba73d055400f61d0
-
SHA512
535e636f1b11483e0942755a80c4be9b68df533ed6b0bef92c7d2bcfd695d6681cd0afcf3ffab6b4288d9f63e4de8a8ecb8f11340770e09eb72790e7838687ac
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7N+8px7g:n3C9uYA71kSMu08px7g
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 37 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\afe28056f55dd4f1e11f35c480fbda80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\5ke2iho.exec:\5ke2iho.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0pg111b.exec:\0pg111b.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pq486.exec:\pq486.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ksqwf.exec:\ksqwf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p2n1175.exec:\p2n1175.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l7c9qw7.exec:\l7c9qw7.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6daae3.exec:\6daae3.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbos3v.exec:\1nbos3v.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1qp76.exec:\1qp76.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2138rb.exec:\2138rb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\occ34v.exec:\occ34v.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\185te.exec:\185te.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\033p284.exec:\033p284.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\23w61qe.exec:\23w61qe.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\49473.exec:\49473.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jxtc6a.exec:\jxtc6a.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r79kq6f.exec:\r79kq6f.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b3a2h.exec:\b3a2h.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0x5ucr.exec:\0x5ucr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q94k7.exec:\q94k7.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8804e72.exec:\8804e72.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\l9j9c3.exec:\l9j9c3.exe23⤵
- Executes dropped EXE
-
\??\c:\td1s5.exec:\td1s5.exe24⤵
- Executes dropped EXE
-
\??\c:\058bk87.exec:\058bk87.exe25⤵
- Executes dropped EXE
-
\??\c:\39359r1.exec:\39359r1.exe26⤵
- Executes dropped EXE
-
\??\c:\xlui6x.exec:\xlui6x.exe27⤵
- Executes dropped EXE
-
\??\c:\d5w6m.exec:\d5w6m.exe28⤵
- Executes dropped EXE
-
\??\c:\dg0pw8.exec:\dg0pw8.exe29⤵
- Executes dropped EXE
-
\??\c:\6550743.exec:\6550743.exe30⤵
- Executes dropped EXE
-
\??\c:\6b53va.exec:\6b53va.exe31⤵
- Executes dropped EXE
-
\??\c:\7dame.exec:\7dame.exe32⤵
- Executes dropped EXE
-
\??\c:\43an4.exec:\43an4.exe33⤵
- Executes dropped EXE
-
\??\c:\04b41.exec:\04b41.exe34⤵
- Executes dropped EXE
-
\??\c:\i773d.exec:\i773d.exe35⤵
- Executes dropped EXE
-
\??\c:\2693o.exec:\2693o.exe36⤵
- Executes dropped EXE
-
\??\c:\61qnvu.exec:\61qnvu.exe37⤵
- Executes dropped EXE
-
\??\c:\r490nto.exec:\r490nto.exe38⤵
- Executes dropped EXE
-
\??\c:\6w735.exec:\6w735.exe39⤵
- Executes dropped EXE
-
\??\c:\f7744f.exec:\f7744f.exe40⤵
- Executes dropped EXE
-
\??\c:\b2887.exec:\b2887.exe41⤵
- Executes dropped EXE
-
\??\c:\t87duaj.exec:\t87duaj.exe42⤵
- Executes dropped EXE
-
\??\c:\xco8ff.exec:\xco8ff.exe43⤵
- Executes dropped EXE
-
\??\c:\e9nud.exec:\e9nud.exe44⤵
- Executes dropped EXE
-
\??\c:\r9kwu9.exec:\r9kwu9.exe45⤵
- Executes dropped EXE
-
\??\c:\sj331jl.exec:\sj331jl.exe46⤵
- Executes dropped EXE
-
\??\c:\etqomtc.exec:\etqomtc.exe47⤵
- Executes dropped EXE
-
\??\c:\t8t4u1.exec:\t8t4u1.exe48⤵
- Executes dropped EXE
-
\??\c:\86nek.exec:\86nek.exe49⤵
- Executes dropped EXE
-
\??\c:\1frs9.exec:\1frs9.exe50⤵
- Executes dropped EXE
-
\??\c:\5g908.exec:\5g908.exe51⤵
- Executes dropped EXE
-
\??\c:\gsw8u.exec:\gsw8u.exe52⤵
- Executes dropped EXE
-
\??\c:\r373n1.exec:\r373n1.exe53⤵
- Executes dropped EXE
-
\??\c:\2lc95.exec:\2lc95.exe54⤵
- Executes dropped EXE
-
\??\c:\4381a2.exec:\4381a2.exe55⤵
- Executes dropped EXE
-
\??\c:\57pw625.exec:\57pw625.exe56⤵
- Executes dropped EXE
-
\??\c:\33l6h.exec:\33l6h.exe57⤵
- Executes dropped EXE
-
\??\c:\19na3.exec:\19na3.exe58⤵
- Executes dropped EXE
-
\??\c:\vmu74.exec:\vmu74.exe59⤵
- Executes dropped EXE
-
\??\c:\iu7l5.exec:\iu7l5.exe60⤵
- Executes dropped EXE
-
\??\c:\m819nw2.exec:\m819nw2.exe61⤵
- Executes dropped EXE
-
\??\c:\01b7383.exec:\01b7383.exe62⤵
- Executes dropped EXE
-
\??\c:\c6gm3.exec:\c6gm3.exe63⤵
- Executes dropped EXE
-
\??\c:\8o18wh.exec:\8o18wh.exe64⤵
- Executes dropped EXE
-
\??\c:\5l0aa.exec:\5l0aa.exe65⤵
- Executes dropped EXE
-
\??\c:\p5wtec.exec:\p5wtec.exe66⤵
-
\??\c:\11htw1.exec:\11htw1.exe67⤵
-
\??\c:\vk5o5e3.exec:\vk5o5e3.exe68⤵
-
\??\c:\90k5k.exec:\90k5k.exe69⤵
-
\??\c:\h855tj1.exec:\h855tj1.exe70⤵
-
\??\c:\8n7mp3.exec:\8n7mp3.exe71⤵
-
\??\c:\563u79.exec:\563u79.exe72⤵
-
\??\c:\765uu.exec:\765uu.exe73⤵
-
\??\c:\f7129da.exec:\f7129da.exe74⤵
-
\??\c:\45s210.exec:\45s210.exe75⤵
-
\??\c:\x006e.exec:\x006e.exe76⤵
-
\??\c:\7q5ofl.exec:\7q5ofl.exe77⤵
-
\??\c:\937x9nc.exec:\937x9nc.exe78⤵
-
\??\c:\u8qht8.exec:\u8qht8.exe79⤵
-
\??\c:\6e8t1.exec:\6e8t1.exe80⤵
-
\??\c:\49ip5i5.exec:\49ip5i5.exe81⤵
-
\??\c:\p6jkl.exec:\p6jkl.exe82⤵
-
\??\c:\w913d.exec:\w913d.exe83⤵
-
\??\c:\plnk1r.exec:\plnk1r.exe84⤵
-
\??\c:\62f94sp.exec:\62f94sp.exe85⤵
-
\??\c:\o714m.exec:\o714m.exe86⤵
-
\??\c:\a91d3a0.exec:\a91d3a0.exe87⤵
-
\??\c:\sm5l7v.exec:\sm5l7v.exe88⤵
-
\??\c:\gwel062.exec:\gwel062.exe89⤵
-
\??\c:\hw35x67.exec:\hw35x67.exe90⤵
-
\??\c:\741lus5.exec:\741lus5.exe91⤵
-
\??\c:\8gs35f.exec:\8gs35f.exe92⤵
-
\??\c:\pmd5d.exec:\pmd5d.exe93⤵
-
\??\c:\10mm6b.exec:\10mm6b.exe94⤵
-
\??\c:\7qp81t.exec:\7qp81t.exe95⤵
-
\??\c:\rf9t3wh.exec:\rf9t3wh.exe96⤵
-
\??\c:\b2lja5.exec:\b2lja5.exe97⤵
-
\??\c:\xh870d.exec:\xh870d.exe98⤵
-
\??\c:\i8xfgq.exec:\i8xfgq.exe99⤵
-
\??\c:\m64hh.exec:\m64hh.exe100⤵
-
\??\c:\60qb4t.exec:\60qb4t.exe101⤵
-
\??\c:\bopp9.exec:\bopp9.exe102⤵
-
\??\c:\885tm3q.exec:\885tm3q.exe103⤵
-
\??\c:\3b0bt.exec:\3b0bt.exe104⤵
-
\??\c:\b2eqh.exec:\b2eqh.exe105⤵
-
\??\c:\tnt9t3.exec:\tnt9t3.exe106⤵
-
\??\c:\wkbho9r.exec:\wkbho9r.exe107⤵
-
\??\c:\3693591.exec:\3693591.exe108⤵
-
\??\c:\3kj99.exec:\3kj99.exe109⤵
-
\??\c:\8sg9sm.exec:\8sg9sm.exe110⤵
-
\??\c:\rc24x.exec:\rc24x.exe111⤵
-
\??\c:\1n11p8.exec:\1n11p8.exe112⤵
-
\??\c:\q2v1h35.exec:\q2v1h35.exe113⤵
-
\??\c:\av3k519.exec:\av3k519.exe114⤵
-
\??\c:\w0du6.exec:\w0du6.exe115⤵
-
\??\c:\l5g5q.exec:\l5g5q.exe116⤵
-
\??\c:\gg5d5.exec:\gg5d5.exe117⤵
-
\??\c:\p7f7a.exec:\p7f7a.exe118⤵
-
\??\c:\fis92.exec:\fis92.exe119⤵
-
\??\c:\118li.exec:\118li.exe120⤵
-
\??\c:\9w34av.exec:\9w34av.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-