Analysis
-
max time kernel
151s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/06/2024, 09:53
General
-
Target
0491df71e07d851e0bf5e73bd06d1a80_NeikiAnalytics.exe
-
Size
81KB
-
MD5
0491df71e07d851e0bf5e73bd06d1a80
-
SHA1
d6f9e86d862b0314453b375dc4f1a662203319ea
-
SHA256
fd00cc1548bb3be1bd3061a05de409eabaaf6dc3405fb4a0e389558eb1f62737
-
SHA512
d66220ab95896f5938f593cf0fa1ee04cd541f5a42d6e0ef4dcbbdcb44308a47ae89f6a5d45ccdc822865b9832da667404f6bdc77747c10a10aef7f0bbb5b30d
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vY:ymb3NkkiQ3mdBjFo6Pfgy3dbc/Y
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0491df71e07d851e0bf5e73bd06d1a80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0491df71e07d851e0bf5e73bd06d1a80_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\o7qquc.exec:\o7qquc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p14g076.exec:\p14g076.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3744e.exec:\3744e.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o4681.exec:\o4681.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9u7952.exec:\9u7952.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mltfu.exec:\mltfu.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e773e1x.exec:\e773e1x.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fp1p3.exec:\fp1p3.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6so41p.exec:\6so41p.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\e0kl0nu.exec:\e0kl0nu.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\14ko46.exec:\14ko46.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qo6i565.exec:\qo6i565.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2e25oa.exec:\g2e25oa.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28jv4.exec:\28jv4.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6tt19o7.exec:\6tt19o7.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\db6r0.exec:\db6r0.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w9000.exec:\w9000.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\wo2a7q.exec:\wo2a7q.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\t36oir.exec:\t36oir.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\avb2ve.exec:\avb2ve.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5a5wl.exec:\5a5wl.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q1550.exec:\q1550.exe23⤵
- Executes dropped EXE
-
\??\c:\m55v0.exec:\m55v0.exe24⤵
- Executes dropped EXE
-
\??\c:\hhcw19.exec:\hhcw19.exe25⤵
- Executes dropped EXE
-
\??\c:\v363c.exec:\v363c.exe26⤵
- Executes dropped EXE
-
\??\c:\0eec58.exec:\0eec58.exe27⤵
- Executes dropped EXE
-
\??\c:\06602.exec:\06602.exe28⤵
- Executes dropped EXE
-
\??\c:\2o658.exec:\2o658.exe29⤵
- Executes dropped EXE
-
\??\c:\x9357.exec:\x9357.exe30⤵
- Executes dropped EXE
-
\??\c:\fkm50f.exec:\fkm50f.exe31⤵
- Executes dropped EXE
-
\??\c:\5o007n.exec:\5o007n.exe32⤵
- Executes dropped EXE
-
\??\c:\7j6cu9.exec:\7j6cu9.exe33⤵
- Executes dropped EXE
-
\??\c:\i4250.exec:\i4250.exe34⤵
- Executes dropped EXE
-
\??\c:\vqnb3.exec:\vqnb3.exe35⤵
- Executes dropped EXE
-
\??\c:\6938i.exec:\6938i.exe36⤵
- Executes dropped EXE
-
\??\c:\9oi15hw.exec:\9oi15hw.exe37⤵
- Executes dropped EXE
-
\??\c:\tcrmil7.exec:\tcrmil7.exe38⤵
- Executes dropped EXE
-
\??\c:\o54r54r.exec:\o54r54r.exe39⤵
- Executes dropped EXE
-
\??\c:\453ke03.exec:\453ke03.exe40⤵
- Executes dropped EXE
-
\??\c:\219167.exec:\219167.exe41⤵
- Executes dropped EXE
-
\??\c:\eko3r58.exec:\eko3r58.exe42⤵
- Executes dropped EXE
-
\??\c:\2etfjw5.exec:\2etfjw5.exe43⤵
- Executes dropped EXE
-
\??\c:\05g93.exec:\05g93.exe44⤵
- Executes dropped EXE
-
\??\c:\71ppm4.exec:\71ppm4.exe45⤵
- Executes dropped EXE
-
\??\c:\t41k7eb.exec:\t41k7eb.exe46⤵
- Executes dropped EXE
-
\??\c:\0mrb9h8.exec:\0mrb9h8.exe47⤵
- Executes dropped EXE
-
\??\c:\d503t78.exec:\d503t78.exe48⤵
- Executes dropped EXE
-
\??\c:\4xuc8.exec:\4xuc8.exe49⤵
- Executes dropped EXE
-
\??\c:\w8b2e6p.exec:\w8b2e6p.exe50⤵
- Executes dropped EXE
-
\??\c:\rvj029.exec:\rvj029.exe51⤵
- Executes dropped EXE
-
\??\c:\85ord3.exec:\85ord3.exe52⤵
- Executes dropped EXE
-
\??\c:\800ehw.exec:\800ehw.exe53⤵
- Executes dropped EXE
-
\??\c:\3cmqom.exec:\3cmqom.exe54⤵
- Executes dropped EXE
-
\??\c:\aee4l.exec:\aee4l.exe55⤵
- Executes dropped EXE
-
\??\c:\w5b5q.exec:\w5b5q.exe56⤵
- Executes dropped EXE
-
\??\c:\ek2i34p.exec:\ek2i34p.exe57⤵
- Executes dropped EXE
-
\??\c:\jb6xs.exec:\jb6xs.exe58⤵
- Executes dropped EXE
-
\??\c:\56kw0q1.exec:\56kw0q1.exe59⤵
- Executes dropped EXE
-
\??\c:\a6501.exec:\a6501.exe60⤵
- Executes dropped EXE
-
\??\c:\75etfs.exec:\75etfs.exe61⤵
- Executes dropped EXE
-
\??\c:\748lb7o.exec:\748lb7o.exe62⤵
- Executes dropped EXE
-
\??\c:\dnbl6d.exec:\dnbl6d.exe63⤵
- Executes dropped EXE
-
\??\c:\u0akhff.exec:\u0akhff.exe64⤵
- Executes dropped EXE
-
\??\c:\nx5qn7l.exec:\nx5qn7l.exe65⤵
- Executes dropped EXE
-
\??\c:\wp5155o.exec:\wp5155o.exe66⤵
-
\??\c:\pvk5lg.exec:\pvk5lg.exe67⤵
-
\??\c:\h3la43m.exec:\h3la43m.exe68⤵
-
\??\c:\31cmk0o.exec:\31cmk0o.exe69⤵
-
\??\c:\526vo.exec:\526vo.exe70⤵
-
\??\c:\444640.exec:\444640.exe71⤵
-
\??\c:\g28favi.exec:\g28favi.exe72⤵
-
\??\c:\34c35.exec:\34c35.exe73⤵
-
\??\c:\68t4of.exec:\68t4of.exe74⤵
-
\??\c:\x5r273.exec:\x5r273.exe75⤵
-
\??\c:\913557m.exec:\913557m.exe76⤵
-
\??\c:\2q983.exec:\2q983.exe77⤵
-
\??\c:\gnxgh.exec:\gnxgh.exe78⤵
-
\??\c:\450dp3.exec:\450dp3.exe79⤵
-
\??\c:\27992.exec:\27992.exe80⤵
-
\??\c:\urrku.exec:\urrku.exe81⤵
-
\??\c:\3bj79i6.exec:\3bj79i6.exe82⤵
-
\??\c:\91ganfe.exec:\91ganfe.exe83⤵
-
\??\c:\h3oe734.exec:\h3oe734.exe84⤵
-
\??\c:\2318152.exec:\2318152.exe85⤵
-
\??\c:\2014clc.exec:\2014clc.exe86⤵
-
\??\c:\s91f33.exec:\s91f33.exe87⤵
-
\??\c:\63ca45.exec:\63ca45.exe88⤵
-
\??\c:\f1a8jl.exec:\f1a8jl.exe89⤵
-
\??\c:\39406.exec:\39406.exe90⤵
-
\??\c:\1qi4m79.exec:\1qi4m79.exe91⤵
-
\??\c:\57m2h.exec:\57m2h.exe92⤵
-
\??\c:\566eu7.exec:\566eu7.exe93⤵
-
\??\c:\8c70c6.exec:\8c70c6.exe94⤵
-
\??\c:\2v8br94.exec:\2v8br94.exe95⤵
-
\??\c:\32w9aa.exec:\32w9aa.exe96⤵
-
\??\c:\ud450k7.exec:\ud450k7.exe97⤵
-
\??\c:\43equg1.exec:\43equg1.exe98⤵
-
\??\c:\308l8l4.exec:\308l8l4.exe99⤵
-
\??\c:\9a7pt96.exec:\9a7pt96.exe100⤵
-
\??\c:\6u34v.exec:\6u34v.exe101⤵
-
\??\c:\2286468.exec:\2286468.exe102⤵
-
\??\c:\dxp443.exec:\dxp443.exe103⤵
-
\??\c:\030h2.exec:\030h2.exe104⤵
-
\??\c:\l965e9.exec:\l965e9.exe105⤵
-
\??\c:\85tj6.exec:\85tj6.exe106⤵
-
\??\c:\09au186.exec:\09au186.exe107⤵
-
\??\c:\o2ppqn.exec:\o2ppqn.exe108⤵
-
\??\c:\65b7uf.exec:\65b7uf.exe109⤵
-
\??\c:\ilu5125.exec:\ilu5125.exe110⤵
-
\??\c:\75fnj.exec:\75fnj.exe111⤵
-
\??\c:\7gl856.exec:\7gl856.exe112⤵
-
\??\c:\hpjts.exec:\hpjts.exe113⤵
-
\??\c:\8m52amk.exec:\8m52amk.exe114⤵
-
\??\c:\93640.exec:\93640.exe115⤵
-
\??\c:\mx74e1k.exec:\mx74e1k.exe116⤵
-
\??\c:\bit54.exec:\bit54.exe117⤵
-
\??\c:\i157ad.exec:\i157ad.exe118⤵
-
\??\c:\ff6a1e.exec:\ff6a1e.exe119⤵
-
\??\c:\b3c3e9.exec:\b3c3e9.exe120⤵
-
\??\c:\59a27e.exec:\59a27e.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-