Analysis
-
max time kernel
160s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07/05/2024, 22:36
General
-
Target
53ad6bc3afdd23409878d904374eb8e0_NEIKI.exe
-
Size
482KB
-
MD5
53ad6bc3afdd23409878d904374eb8e0
-
SHA1
9f6fb454a3022fce5d6de1f219fef8a532ea9f41
-
SHA256
fb5eed44a6150b5704b87b5bb9ad832c2d480087d82d672793c6dcdbfdaef434
-
SHA512
508bfb034244c9967963139f13dcc54cc9b9667beb978c5fceb48836c62f2fbbeb700c7c58350d9bf313a4e7d0ee33842f47b83350dc6238a668a3474495dc6a
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwu1b26X1wjhtSizjO:q7Tc2NYHUrAwqzcI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\53ad6bc3afdd23409878d904374eb8e0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\53ad6bc3afdd23409878d904374eb8e0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\k741c0.exec:\k741c0.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\537x3q1.exec:\537x3q1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6mg4r2.exec:\6mg4r2.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\63c82.exec:\63c82.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\c2gmt.exec:\c2gmt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h78g3.exec:\h78g3.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\58mdgt.exec:\58mdgt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2t2p0i.exec:\2t2p0i.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\32f5s.exec:\32f5s.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\windo6.exec:\windo6.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s7946f7.exec:\s7946f7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\48608.exec:\48608.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7g0510e.exec:\7g0510e.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x5i5w.exec:\x5i5w.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\848804.exec:\848804.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppn334.exec:\ppn334.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x89pw.exec:\x89pw.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hc1b1ch.exec:\hc1b1ch.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ut4rvb.exec:\ut4rvb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\o783mr.exec:\o783mr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4p8659d.exec:\4p8659d.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\f9b9c.exec:\f9b9c.exe23⤵
- Executes dropped EXE
-
\??\c:\a78n8.exec:\a78n8.exe24⤵
- Executes dropped EXE
-
\??\c:\58cm50.exec:\58cm50.exe25⤵
- Executes dropped EXE
-
\??\c:\p7c7db.exec:\p7c7db.exe26⤵
- Executes dropped EXE
-
\??\c:\45qkb.exec:\45qkb.exe27⤵
- Executes dropped EXE
-
\??\c:\3s283.exec:\3s283.exe28⤵
- Executes dropped EXE
-
\??\c:\cia78.exec:\cia78.exe29⤵
- Executes dropped EXE
-
\??\c:\9l69c09.exec:\9l69c09.exe30⤵
- Executes dropped EXE
-
\??\c:\ecb2350.exec:\ecb2350.exe31⤵
- Executes dropped EXE
-
\??\c:\34n6v.exec:\34n6v.exe32⤵
- Executes dropped EXE
-
\??\c:\1v94vi4.exec:\1v94vi4.exe33⤵
- Executes dropped EXE
-
\??\c:\7eq3k45.exec:\7eq3k45.exe34⤵
- Executes dropped EXE
-
\??\c:\73f9xm.exec:\73f9xm.exe35⤵
- Executes dropped EXE
-
\??\c:\cj991.exec:\cj991.exe36⤵
- Executes dropped EXE
-
\??\c:\wo93925.exec:\wo93925.exe37⤵
- Executes dropped EXE
-
\??\c:\1lua527.exec:\1lua527.exe38⤵
- Executes dropped EXE
-
\??\c:\6394xa.exec:\6394xa.exe39⤵
- Executes dropped EXE
-
\??\c:\c6e6u1.exec:\c6e6u1.exe40⤵
- Executes dropped EXE
-
\??\c:\59r9lvm.exec:\59r9lvm.exe41⤵
- Executes dropped EXE
-
\??\c:\1tbog.exec:\1tbog.exe42⤵
- Executes dropped EXE
-
\??\c:\15j1ssb.exec:\15j1ssb.exe43⤵
- Executes dropped EXE
-
\??\c:\xc56d7.exec:\xc56d7.exe44⤵
- Executes dropped EXE
-
\??\c:\e7cl0o.exec:\e7cl0o.exe45⤵
- Executes dropped EXE
-
\??\c:\xc2m91.exec:\xc2m91.exe46⤵
- Executes dropped EXE
-
\??\c:\o8be9.exec:\o8be9.exe47⤵
- Executes dropped EXE
-
\??\c:\qi5xmk3.exec:\qi5xmk3.exe48⤵
- Executes dropped EXE
-
\??\c:\k1bqtim.exec:\k1bqtim.exe49⤵
- Executes dropped EXE
-
\??\c:\q515985.exec:\q515985.exe50⤵
- Executes dropped EXE
-
\??\c:\5655607.exec:\5655607.exe51⤵
- Executes dropped EXE
-
\??\c:\vqebxpe.exec:\vqebxpe.exe52⤵
- Executes dropped EXE
-
\??\c:\kk0j34.exec:\kk0j34.exe53⤵
- Executes dropped EXE
-
\??\c:\272f2.exec:\272f2.exe54⤵
- Executes dropped EXE
-
\??\c:\65nku.exec:\65nku.exe55⤵
- Executes dropped EXE
-
\??\c:\022h67f.exec:\022h67f.exe56⤵
- Executes dropped EXE
-
\??\c:\8449eb8.exec:\8449eb8.exe57⤵
- Executes dropped EXE
-
\??\c:\d0e4h0t.exec:\d0e4h0t.exe58⤵
- Executes dropped EXE
-
\??\c:\6205i8d.exec:\6205i8d.exe59⤵
- Executes dropped EXE
-
\??\c:\d89seht.exec:\d89seht.exe60⤵
- Executes dropped EXE
-
\??\c:\a3578b8.exec:\a3578b8.exe61⤵
- Executes dropped EXE
-
\??\c:\3395ap.exec:\3395ap.exe62⤵
- Executes dropped EXE
-
\??\c:\h2atq.exec:\h2atq.exe63⤵
- Executes dropped EXE
-
\??\c:\a3te286.exec:\a3te286.exe64⤵
- Executes dropped EXE
-
\??\c:\062892l.exec:\062892l.exe65⤵
- Executes dropped EXE
-
\??\c:\a203m3f.exec:\a203m3f.exe66⤵
-
\??\c:\876gs.exec:\876gs.exe67⤵
-
\??\c:\mekd7t5.exec:\mekd7t5.exe68⤵
-
\??\c:\tbbi3.exec:\tbbi3.exe69⤵
-
\??\c:\672513i.exec:\672513i.exe70⤵
-
\??\c:\53s79.exec:\53s79.exe71⤵
-
\??\c:\n9h5b7.exec:\n9h5b7.exe72⤵
-
\??\c:\wewq9.exec:\wewq9.exe73⤵
-
\??\c:\1m7d17.exec:\1m7d17.exe74⤵
-
\??\c:\lt193gh.exec:\lt193gh.exe75⤵
-
\??\c:\peew0.exec:\peew0.exe76⤵
-
\??\c:\18117.exec:\18117.exe77⤵
-
\??\c:\6bb541k.exec:\6bb541k.exe78⤵
-
\??\c:\0xl02.exec:\0xl02.exe79⤵
-
\??\c:\ox63d1h.exec:\ox63d1h.exe80⤵
-
\??\c:\5k5w2br.exec:\5k5w2br.exe81⤵
-
\??\c:\27qu5i4.exec:\27qu5i4.exe82⤵
-
\??\c:\gs3490t.exec:\gs3490t.exe83⤵
-
\??\c:\1l34377.exec:\1l34377.exe84⤵
-
\??\c:\i4i4o12.exec:\i4i4o12.exe85⤵
-
\??\c:\ha5a1w9.exec:\ha5a1w9.exe86⤵
-
\??\c:\4o55j.exec:\4o55j.exe87⤵
-
\??\c:\w9oven.exec:\w9oven.exe88⤵
-
\??\c:\ak47ov7.exec:\ak47ov7.exe89⤵
-
\??\c:\03915.exec:\03915.exe90⤵
-
\??\c:\2i1132.exec:\2i1132.exe91⤵
-
\??\c:\sku13i.exec:\sku13i.exe92⤵
-
\??\c:\p7t0vd.exec:\p7t0vd.exe93⤵
-
\??\c:\xhoera.exec:\xhoera.exe94⤵
-
\??\c:\ucg18te.exec:\ucg18te.exe95⤵
-
\??\c:\8429dc7.exec:\8429dc7.exe96⤵
-
\??\c:\tw647ki.exec:\tw647ki.exe97⤵
-
\??\c:\ogip0i.exec:\ogip0i.exe98⤵
-
\??\c:\qr0e18.exec:\qr0e18.exe99⤵
-
\??\c:\7h9r1w.exec:\7h9r1w.exe100⤵
-
\??\c:\8942lsu.exec:\8942lsu.exe101⤵
-
\??\c:\9ri531.exec:\9ri531.exe102⤵
-
\??\c:\s0mble.exec:\s0mble.exe103⤵
-
\??\c:\tqki119.exec:\tqki119.exe104⤵
-
\??\c:\p50g6.exec:\p50g6.exe105⤵
-
\??\c:\pqw9v.exec:\pqw9v.exe106⤵
-
\??\c:\2q2cr9.exec:\2q2cr9.exe107⤵
-
\??\c:\36j1q0.exec:\36j1q0.exe108⤵
-
\??\c:\g869o82.exec:\g869o82.exe109⤵
-
\??\c:\k050u.exec:\k050u.exe110⤵
-
\??\c:\160f0.exec:\160f0.exe111⤵
-
\??\c:\0pa1dd.exec:\0pa1dd.exe112⤵
-
\??\c:\0q373j.exec:\0q373j.exe113⤵
-
\??\c:\6qf9116.exec:\6qf9116.exe114⤵
-
\??\c:\28eeu2.exec:\28eeu2.exe115⤵
-
\??\c:\p2r8w78.exec:\p2r8w78.exe116⤵
-
\??\c:\ao9r36.exec:\ao9r36.exe117⤵
-
\??\c:\fgeoxd.exec:\fgeoxd.exe118⤵
-
\??\c:\v6dd8.exec:\v6dd8.exe119⤵
-
\??\c:\6137a7k.exec:\6137a7k.exe120⤵
-
\??\c:\b22g78d.exec:\b22g78d.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-