Analysis
-
max time kernel
109s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02-06-2024 01:33
General
-
Target
1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe
-
Size
81KB
-
MD5
1d0953d05efec3e53c3fb8ffbd3a8cd0
-
SHA1
5dcaed28bf86dbe8a84341e4409e4b1e921a1168
-
SHA256
314b32a30e4c2f5619c10e323343c6cd1d30042a7a5480f7c74e3cbf5f49c221
-
SHA512
b63c8537f82245e71aae1612043b7832e966d0412600c17509782ece9cc32754ed1f0088d3666d7a936f41896b34a9cd5b0c14c4a8186070465a63d90d7e00a9
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+C2HVM1p6T7QV:zhOmTsF93UYfwC6GIoutiTU2HVS63QV
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d0953d05efec3e53c3fb8ffbd3a8cd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\k0bx3e.exec:\k0bx3e.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u23h1.exec:\u23h1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0rmpt55.exec:\0rmpt55.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2qe3k.exec:\2qe3k.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\003o55o.exec:\003o55o.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6md73.exec:\6md73.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0up35.exec:\0up35.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\70we6.exec:\70we6.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\510r1.exec:\510r1.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o1w70p9.exec:\o1w70p9.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\991c7.exec:\991c7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1b3c7ae.exec:\1b3c7ae.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0q8t5.exec:\0q8t5.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\96apkh2.exec:\96apkh2.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\v1hqf0.exec:\v1hqf0.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8i6f1f6.exec:\8i6f1f6.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pio99.exec:\pio99.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20951s.exec:\20951s.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdp510.exec:\jdp510.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\99mtw.exec:\99mtw.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\46v6u.exec:\46v6u.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\78lh5h.exec:\78lh5h.exe23⤵
- Executes dropped EXE
-
\??\c:\2eqn31.exec:\2eqn31.exe24⤵
- Executes dropped EXE
-
\??\c:\9n80n.exec:\9n80n.exe25⤵
- Executes dropped EXE
-
\??\c:\eqqcg5.exec:\eqqcg5.exe26⤵
- Executes dropped EXE
-
\??\c:\972wcs9.exec:\972wcs9.exe27⤵
- Executes dropped EXE
-
\??\c:\n5m7t5.exec:\n5m7t5.exe28⤵
- Executes dropped EXE
-
\??\c:\m9l18.exec:\m9l18.exe29⤵
- Executes dropped EXE
-
\??\c:\rixmq5n.exec:\rixmq5n.exe30⤵
- Executes dropped EXE
-
\??\c:\f31nh.exec:\f31nh.exe31⤵
- Executes dropped EXE
-
\??\c:\v47otcv.exec:\v47otcv.exe32⤵
- Executes dropped EXE
-
\??\c:\nw84jd.exec:\nw84jd.exe33⤵
- Executes dropped EXE
-
\??\c:\l569qb7.exec:\l569qb7.exe34⤵
- Executes dropped EXE
-
\??\c:\3nh0ge.exec:\3nh0ge.exe35⤵
- Executes dropped EXE
-
\??\c:\c605808.exec:\c605808.exe36⤵
- Executes dropped EXE
-
\??\c:\t8fr3m.exec:\t8fr3m.exe37⤵
- Executes dropped EXE
-
\??\c:\j50l58q.exec:\j50l58q.exe38⤵
- Executes dropped EXE
-
\??\c:\ilu17.exec:\ilu17.exe39⤵
- Executes dropped EXE
-
\??\c:\8r9iu92.exec:\8r9iu92.exe40⤵
- Executes dropped EXE
-
\??\c:\l30f1.exec:\l30f1.exe41⤵
- Executes dropped EXE
-
\??\c:\8f6s9u.exec:\8f6s9u.exe42⤵
- Executes dropped EXE
-
\??\c:\0sih3lv.exec:\0sih3lv.exe43⤵
- Executes dropped EXE
-
\??\c:\h05rh.exec:\h05rh.exe44⤵
- Executes dropped EXE
-
\??\c:\qblsq.exec:\qblsq.exe45⤵
- Executes dropped EXE
-
\??\c:\ovqn4.exec:\ovqn4.exe46⤵
- Executes dropped EXE
-
\??\c:\9l3h96.exec:\9l3h96.exe47⤵
- Executes dropped EXE
-
\??\c:\thu9g03.exec:\thu9g03.exe48⤵
- Executes dropped EXE
-
\??\c:\9d49t8.exec:\9d49t8.exe49⤵
- Executes dropped EXE
-
\??\c:\d3kt45u.exec:\d3kt45u.exe50⤵
- Executes dropped EXE
-
\??\c:\j3ge2.exec:\j3ge2.exe51⤵
- Executes dropped EXE
-
\??\c:\8alu0.exec:\8alu0.exe52⤵
- Executes dropped EXE
-
\??\c:\o3oc1.exec:\o3oc1.exe53⤵
- Executes dropped EXE
-
\??\c:\u39pme7.exec:\u39pme7.exe54⤵
- Executes dropped EXE
-
\??\c:\rrfaexn.exec:\rrfaexn.exe55⤵
- Executes dropped EXE
-
\??\c:\r7npdnh.exec:\r7npdnh.exe56⤵
- Executes dropped EXE
-
\??\c:\wphlm.exec:\wphlm.exe57⤵
- Executes dropped EXE
-
\??\c:\e7h0j3n.exec:\e7h0j3n.exe58⤵
- Executes dropped EXE
-
\??\c:\gmdqcis.exec:\gmdqcis.exe59⤵
- Executes dropped EXE
-
\??\c:\v1t6s.exec:\v1t6s.exe60⤵
- Executes dropped EXE
-
\??\c:\g26379.exec:\g26379.exe61⤵
- Executes dropped EXE
-
\??\c:\jh1oul7.exec:\jh1oul7.exe62⤵
- Executes dropped EXE
-
\??\c:\l747n7u.exec:\l747n7u.exe63⤵
- Executes dropped EXE
-
\??\c:\5wexfb5.exec:\5wexfb5.exe64⤵
- Executes dropped EXE
-
\??\c:\38tcu5.exec:\38tcu5.exe65⤵
- Executes dropped EXE
-
\??\c:\15qhf.exec:\15qhf.exe66⤵
-
\??\c:\215x21.exec:\215x21.exe67⤵
-
\??\c:\o9n3sdh.exec:\o9n3sdh.exe68⤵
-
\??\c:\xah38m2.exec:\xah38m2.exe69⤵
-
\??\c:\45890.exec:\45890.exe70⤵
-
\??\c:\g1i37gd.exec:\g1i37gd.exe71⤵
-
\??\c:\9jg0msw.exec:\9jg0msw.exe72⤵
-
\??\c:\q01c0.exec:\q01c0.exe73⤵
-
\??\c:\74itth1.exec:\74itth1.exe74⤵
-
\??\c:\2p03c.exec:\2p03c.exe75⤵
-
\??\c:\ol0cv0b.exec:\ol0cv0b.exe76⤵
-
\??\c:\kjk70.exec:\kjk70.exe77⤵
-
\??\c:\21eo2.exec:\21eo2.exe78⤵
-
\??\c:\sa6h2.exec:\sa6h2.exe79⤵
-
\??\c:\0q88ga.exec:\0q88ga.exe80⤵
-
\??\c:\jeu1s0b.exec:\jeu1s0b.exe81⤵
-
\??\c:\fj879a3.exec:\fj879a3.exe82⤵
-
\??\c:\d1f7902.exec:\d1f7902.exe83⤵
-
\??\c:\9fnf5tt.exec:\9fnf5tt.exe84⤵
-
\??\c:\ghecg0.exec:\ghecg0.exe85⤵
-
\??\c:\q64bw.exec:\q64bw.exe86⤵
-
\??\c:\61rog.exec:\61rog.exe87⤵
-
\??\c:\r84uof7.exec:\r84uof7.exe88⤵
-
\??\c:\a2en4.exec:\a2en4.exe89⤵
-
\??\c:\a783i9.exec:\a783i9.exe90⤵
-
\??\c:\r097rc.exec:\r097rc.exe91⤵
-
\??\c:\6u4c62.exec:\6u4c62.exe92⤵
-
\??\c:\cptlf8.exec:\cptlf8.exe93⤵
-
\??\c:\ico54.exec:\ico54.exe94⤵
-
\??\c:\7k4bt.exec:\7k4bt.exe95⤵
-
\??\c:\0lo7s.exec:\0lo7s.exe96⤵
-
\??\c:\q7n75.exec:\q7n75.exe97⤵
-
\??\c:\mw27jm.exec:\mw27jm.exe98⤵
-
\??\c:\3kblhex.exec:\3kblhex.exe99⤵
-
\??\c:\68eupn.exec:\68eupn.exe100⤵
-
\??\c:\8b7irmp.exec:\8b7irmp.exe101⤵
-
\??\c:\0197nr4.exec:\0197nr4.exe102⤵
-
\??\c:\l743b17.exec:\l743b17.exe103⤵
-
\??\c:\mw86l.exec:\mw86l.exe104⤵
-
\??\c:\f6mbod.exec:\f6mbod.exe105⤵
-
\??\c:\1lcfd43.exec:\1lcfd43.exe106⤵
-
\??\c:\h9pp6o4.exec:\h9pp6o4.exe107⤵
-
\??\c:\d12jwuh.exec:\d12jwuh.exe108⤵
-
\??\c:\58v73k7.exec:\58v73k7.exe109⤵
-
\??\c:\i1v7lms.exec:\i1v7lms.exe110⤵
-
\??\c:\r7k05a2.exec:\r7k05a2.exe111⤵
-
\??\c:\8559k94.exec:\8559k94.exe112⤵
-
\??\c:\a7u0kh2.exec:\a7u0kh2.exe113⤵
-
\??\c:\0r404ua.exec:\0r404ua.exe114⤵
-
\??\c:\7k439o.exec:\7k439o.exe115⤵
-
\??\c:\agg7pp.exec:\agg7pp.exe116⤵
-
\??\c:\9m2j180.exec:\9m2j180.exe117⤵
-
\??\c:\j22sg1i.exec:\j22sg1i.exe118⤵
-
\??\c:\2xsbbc5.exec:\2xsbbc5.exe119⤵
-
\??\c:\mpt4mo.exec:\mpt4mo.exe120⤵
-
\??\c:\v294v6t.exec:\v294v6t.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-