Analysis
-
max time kernel
152s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 18:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a0142dcb0294a032d0497f913cdbe3a0_NeikiAnalytics.exe
Resource
win7-20240221-en
3 signatures
150 seconds
General
-
Target
a0142dcb0294a032d0497f913cdbe3a0_NeikiAnalytics.exe
-
Size
70KB
-
MD5
a0142dcb0294a032d0497f913cdbe3a0
-
SHA1
5e211532f13624745381613cb925d8c3c964edd5
-
SHA256
7dd3d67b6a381f770be9169defedade174a570c1fc148ca4eef7dbf51a0e17b5
-
SHA512
b04a6f275cac6c11a99b049ee9c8bb71c97078620d055528c5afcc95c5356811af71064b930efd720d3d2e17316e600bc6c67037a462f79eb6ac5f2c37d02666
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbYsq:ymb3NkkiQ3mdBjF0yjcsMsq
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
Processes:
resource yara_rule behavioral2/memory/2952-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4620-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1116-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2740-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3936-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2480-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2564-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2880-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4532-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3000-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2152-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1956-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1588-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3188-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4712-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1432-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1912-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4212-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4124-28-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2952-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3124-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2244-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3928-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4024-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4208-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4324-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3488-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Processes:
resource yara_rule behavioral2/memory/2952-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4620-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4620-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1116-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4124-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2740-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4212-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3936-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2480-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1912-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2564-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2880-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4532-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3000-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2152-121-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1956-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1588-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3188-139-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4712-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1432-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2564-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2564-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1912-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4212-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4124-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4124-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2952-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3124-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2244-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3928-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4024-194-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4208-200-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4324-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3488-211-0x0000000000400000-0x0000000000429000-memory.dmp upx
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0142dcb0294a032d0497f913cdbe3a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a0142dcb0294a032d0497f913cdbe3a0_NeikiAnalytics.exe"1⤵PID:2952
-
\??\c:\928gj8t.exec:\928gj8t.exe2⤵PID:4620
-
\??\c:\97l7a7.exec:\97l7a7.exe3⤵PID:1116
-
\??\c:\w3g4s19.exec:\w3g4s19.exe4⤵PID:4124
-
\??\c:\kqhf2.exec:\kqhf2.exe5⤵PID:2740
-
\??\c:\k3adhi.exec:\k3adhi.exe6⤵PID:4212
-
\??\c:\02d5v.exec:\02d5v.exe7⤵PID:3936
-
\??\c:\t1uvno.exec:\t1uvno.exe8⤵PID:2480
-
\??\c:\wc7n39.exec:\wc7n39.exe9⤵PID:1912
-
\??\c:\u369wk.exec:\u369wk.exe10⤵PID:2564
-
\??\c:\961ro.exec:\961ro.exe11⤵PID:2880
-
\??\c:\ske20.exec:\ske20.exe12⤵PID:4532
-
\??\c:\1x967v.exec:\1x967v.exe13⤵PID:1432
-
\??\c:\o1g5clm.exec:\o1g5clm.exe14⤵PID:4712
-
\??\c:\hq04i20.exec:\hq04i20.exe15⤵PID:3000
-
\??\c:\wq71x.exec:\wq71x.exe16⤵PID:1404
-
\??\c:\022c79a.exec:\022c79a.exe17⤵PID:2152
-
\??\c:\csm428.exec:\csm428.exe18⤵PID:1956
-
\??\c:\6w9w75.exec:\6w9w75.exe19⤵PID:1588
-
\??\c:\151oo29.exec:\151oo29.exe20⤵PID:3188
-
\??\c:\315pi4.exec:\315pi4.exe21⤵PID:1196
-
\??\c:\jhklw0.exec:\jhklw0.exe22⤵PID:1564
-
\??\c:\b11gb.exec:\b11gb.exe23⤵PID:3124
-
\??\c:\5934r.exec:\5934r.exe24⤵PID:2244
-
\??\c:\gken3.exec:\gken3.exe25⤵PID:460
-
\??\c:\4907ra.exec:\4907ra.exe26⤵PID:4864
-
\??\c:\ve7u2m.exec:\ve7u2m.exe27⤵PID:4052
-
\??\c:\a4u2i6.exec:\a4u2i6.exe28⤵PID:3928
-
\??\c:\9si5r5.exec:\9si5r5.exe29⤵PID:4024
-
\??\c:\18rd7.exec:\18rd7.exe30⤵PID:4208
-
\??\c:\m5oi7.exec:\m5oi7.exe31⤵PID:4324
-
\??\c:\hii94gv.exec:\hii94gv.exe32⤵PID:3488
-
\??\c:\of9o5w5.exec:\of9o5w5.exe33⤵PID:2364
-
\??\c:\x25k4.exec:\x25k4.exe34⤵PID:2864
-
\??\c:\259pkti.exec:\259pkti.exe35⤵PID:1764
-
\??\c:\6cad6r.exec:\6cad6r.exe36⤵PID:3948
-
\??\c:\l7kvni1.exec:\l7kvni1.exe37⤵PID:3816
-
\??\c:\31407j.exec:\31407j.exe38⤵PID:4268
-
\??\c:\casp22.exec:\casp22.exe39⤵PID:4744
-
\??\c:\7o13g31.exec:\7o13g31.exe40⤵PID:3004
-
\??\c:\38nki9p.exec:\38nki9p.exe41⤵PID:3508
-
\??\c:\45570w.exec:\45570w.exe42⤵PID:3480
-
\??\c:\ng03bcb.exec:\ng03bcb.exe43⤵PID:3152
-
\??\c:\42g6qj9.exec:\42g6qj9.exe44⤵PID:3160
-
\??\c:\82c2fpf.exec:\82c2fpf.exe45⤵PID:836
-
\??\c:\n53jf.exec:\n53jf.exe46⤵PID:4648
-
\??\c:\x6s35.exec:\x6s35.exe47⤵PID:952
-
\??\c:\i5k0t08.exec:\i5k0t08.exe48⤵PID:384
-
\??\c:\63j1b6c.exec:\63j1b6c.exe49⤵PID:4856
-
\??\c:\i6rqo7.exec:\i6rqo7.exe50⤵PID:3080
-
\??\c:\kh7gmn8.exec:\kh7gmn8.exe51⤵PID:4596
-
\??\c:\fu0op8.exec:\fu0op8.exe52⤵PID:3952
-
\??\c:\mjeb0s8.exec:\mjeb0s8.exe53⤵PID:2016
-
\??\c:\s56maa.exec:\s56maa.exe54⤵PID:1148
-
\??\c:\xw7rs1.exec:\xw7rs1.exe55⤵PID:3776
-
\??\c:\f77urm.exec:\f77urm.exe56⤵PID:1668
-
\??\c:\6541u.exec:\6541u.exe57⤵PID:5016
-
\??\c:\0l04mv.exec:\0l04mv.exe58⤵PID:700
-
\??\c:\ikkc9.exec:\ikkc9.exe59⤵PID:3256
-
\??\c:\3ht1o9m.exec:\3ht1o9m.exe60⤵PID:2976
-
\??\c:\0oo6c.exec:\0oo6c.exe61⤵PID:2300
-
\??\c:\r4o35os.exec:\r4o35os.exe62⤵PID:3408
-
\??\c:\n715n2j.exec:\n715n2j.exe63⤵PID:2232
-
\??\c:\v6xl5.exec:\v6xl5.exe64⤵PID:2032
-
\??\c:\1g175.exec:\1g175.exe65⤵PID:4128
-
\??\c:\57u533.exec:\57u533.exe66⤵PID:4372
-
\??\c:\eg65mup.exec:\eg65mup.exe67⤵PID:4588
-
\??\c:\8s272.exec:\8s272.exe68⤵PID:4748
-
\??\c:\v4us62q.exec:\v4us62q.exe69⤵PID:3780
-
\??\c:\1fjku1.exec:\1fjku1.exe70⤵PID:4320
-
\??\c:\7qqkor8.exec:\7qqkor8.exe71⤵PID:3628
-
\??\c:\uo54f4g.exec:\uo54f4g.exe72⤵PID:4580
-
\??\c:\hew7c9.exec:\hew7c9.exe73⤵PID:3424
-
\??\c:\3is3kq.exec:\3is3kq.exe74⤵PID:2064
-
\??\c:\x5544.exec:\x5544.exe75⤵PID:3600
-
\??\c:\0928w8.exec:\0928w8.exe76⤵PID:2448
-
\??\c:\0t81lcj.exec:\0t81lcj.exe77⤵PID:1312
-
\??\c:\3m3k3g.exec:\3m3k3g.exe78⤵PID:3260
-
\??\c:\0784448.exec:\0784448.exe79⤵PID:1464
-
\??\c:\751e1o.exec:\751e1o.exe80⤵PID:4232
-
\??\c:\r563lo.exec:\r563lo.exe81⤵PID:2240
-
\??\c:\86x9a9.exec:\86x9a9.exe82⤵PID:4004
-
\??\c:\1dgb8f.exec:\1dgb8f.exe83⤵PID:3508
-
\??\c:\1o197d.exec:\1o197d.exe84⤵PID:3480
-
\??\c:\p6g3q90.exec:\p6g3q90.exe85⤵PID:2948
-
\??\c:\02g3008.exec:\02g3008.exe86⤵PID:3160
-
\??\c:\0janomw.exec:\0janomw.exe87⤵PID:1340
-
\??\c:\f40om3.exec:\f40om3.exe88⤵PID:2896
-
\??\c:\7e3uc.exec:\7e3uc.exe89⤵PID:492
-
\??\c:\crs38.exec:\crs38.exe90⤵PID:4404
-
\??\c:\kg0c1s.exec:\kg0c1s.exe91⤵PID:5068
-
\??\c:\9s71d7.exec:\9s71d7.exe92⤵PID:2964
-
\??\c:\9953ll.exec:\9953ll.exe93⤵PID:2024
-
\??\c:\4oiu44.exec:\4oiu44.exe94⤵PID:4628
-
\??\c:\21i3u.exec:\21i3u.exe95⤵PID:1868
-
\??\c:\5fb5p53.exec:\5fb5p53.exe96⤵PID:3776
-
\??\c:\42m025.exec:\42m025.exe97⤵PID:1668
-
\??\c:\98b9a96.exec:\98b9a96.exe98⤵PID:4720
-
\??\c:\0e2w59p.exec:\0e2w59p.exe99⤵PID:1480
-
\??\c:\3k80ap.exec:\3k80ap.exe100⤵PID:4084
-
\??\c:\lg9us5.exec:\lg9us5.exe101⤵PID:1356
-
\??\c:\raw41o.exec:\raw41o.exe102⤵PID:1336
-
\??\c:\aaa82sa.exec:\aaa82sa.exe103⤵PID:916
-
\??\c:\29m6ur.exec:\29m6ur.exe104⤵PID:1720
-
\??\c:\m8k433.exec:\m8k433.exe105⤵PID:2032
-
\??\c:\7733h.exec:\7733h.exe106⤵PID:4972
-
\??\c:\ag7n3w.exec:\ag7n3w.exe107⤵PID:228
-
\??\c:\4485032.exec:\4485032.exe108⤵PID:5104
-
\??\c:\1sm46.exec:\1sm46.exe109⤵PID:4748
-
\??\c:\1r57j.exec:\1r57j.exe110⤵PID:1344
-
\??\c:\4qk87.exec:\4qk87.exe111⤵PID:3732
-
\??\c:\k70bk.exec:\k70bk.exe112⤵PID:3384
-
\??\c:\uv83kt.exec:\uv83kt.exe113⤵PID:4852
-
\??\c:\ja823.exec:\ja823.exe114⤵PID:3956
-
\??\c:\3xm2g.exec:\3xm2g.exe115⤵PID:1456
-
\??\c:\1xwf7il.exec:\1xwf7il.exe116⤵PID:2148
-
\??\c:\0etx2.exec:\0etx2.exe117⤵PID:4316
-
\??\c:\6ni49u.exec:\6ni49u.exe118⤵PID:3816
-
\??\c:\974wi.exec:\974wi.exe119⤵PID:1272
-
\??\c:\7l291.exec:\7l291.exe120⤵PID:4924
-
\??\c:\a1w1w.exec:\a1w1w.exe121⤵PID:3488
-
\??\c:\05gtq.exec:\05gtq.exe122⤵PID:412
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-