Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
07-05-2024 20:05
General
-
Target
1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe
-
Size
351KB
-
MD5
1c693a60202ab21ec468e72d13cccbc0
-
SHA1
fcfb1405f40b31429d6344e39c466c5d4797e8b5
-
SHA256
f62958629395ecabe50259cfec131f1cd602e0ed2668bdd951e513bc6ffeda0c
-
SHA512
dd10f9914c201c8a74389d26bb433059e52b5804afbd437041897d0955acec414de1f3e8d7ea6c6b497135f44fcefbed4f1d9271cf4f513d157d04d84fc3d7f6
-
SSDEEP
6144:bcm4FmowdHoSgWrXD486jCpoAhlq1mEjBqLyOSlhNFF23k:h4wFHoSgWj168w1VjsyvhNFF20
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 46 IoCs
-
Malware Dropper & Backdoor - Berbew 45 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\1c693a60202ab21ec468e72d13cccbc0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvdp.exec:\dpvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrflxfx.exec:\xrflxfx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpv.exec:\vpjpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9dvjd.exec:\9dvjd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthtbn.exec:\bthtbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9jjpd.exec:\9jjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxfllff.exec:\rxfllff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbbhn.exec:\htbbhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdvjj.exec:\vdvjj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlllfl.exec:\7rlllfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffrlrl.exec:\5ffrlrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bhtbb.exec:\1bhtbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpdd.exec:\pdpdd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhntbh.exec:\nhntbh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnh.exec:\nnbbnh.exe17⤵
- Executes dropped EXE
-
\??\c:\3dvjd.exec:\3dvjd.exe18⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe19⤵
- Executes dropped EXE
-
\??\c:\pjvpd.exec:\pjvpd.exe20⤵
- Executes dropped EXE
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe21⤵
- Executes dropped EXE
-
\??\c:\nnhhtb.exec:\nnhhtb.exe22⤵
- Executes dropped EXE
-
\??\c:\jvpvj.exec:\jvpvj.exe23⤵
- Executes dropped EXE
-
\??\c:\7xrfrfl.exec:\7xrfrfl.exe24⤵
- Executes dropped EXE
-
\??\c:\nbtthn.exec:\nbtthn.exe25⤵
- Executes dropped EXE
-
\??\c:\dvddv.exec:\dvddv.exe26⤵
- Executes dropped EXE
-
\??\c:\1rflflf.exec:\1rflflf.exe27⤵
- Executes dropped EXE
-
\??\c:\hbtttb.exec:\hbtttb.exe28⤵
- Executes dropped EXE
-
\??\c:\1hbhtb.exec:\1hbhtb.exe29⤵
- Executes dropped EXE
-
\??\c:\7fxxfll.exec:\7fxxfll.exe30⤵
- Executes dropped EXE
-
\??\c:\lfrlxrr.exec:\lfrlxrr.exe31⤵
- Executes dropped EXE
-
\??\c:\7nthnn.exec:\7nthnn.exe32⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe33⤵
- Executes dropped EXE
-
\??\c:\5xfffxf.exec:\5xfffxf.exe34⤵
- Executes dropped EXE
-
\??\c:\btbnbt.exec:\btbnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\dvjjj.exec:\dvjjj.exe36⤵
- Executes dropped EXE
-
\??\c:\xrlrffr.exec:\xrlrffr.exe37⤵
- Executes dropped EXE
-
\??\c:\tnbhtt.exec:\tnbhtt.exe38⤵
- Executes dropped EXE
-
\??\c:\1bbnbh.exec:\1bbnbh.exe39⤵
- Executes dropped EXE
-
\??\c:\9jppj.exec:\9jppj.exe40⤵
-
\??\c:\lrlrflr.exec:\lrlrflr.exe41⤵
- Executes dropped EXE
-
\??\c:\nnhbth.exec:\nnhbth.exe42⤵
- Executes dropped EXE
-
\??\c:\dvppj.exec:\dvppj.exe43⤵
- Executes dropped EXE
-
\??\c:\5vdpv.exec:\5vdpv.exe44⤵
- Executes dropped EXE
-
\??\c:\fxxllxr.exec:\fxxllxr.exe45⤵
- Executes dropped EXE
-
\??\c:\3ntntb.exec:\3ntntb.exe46⤵
- Executes dropped EXE
-
\??\c:\hbhnht.exec:\hbhnht.exe47⤵
- Executes dropped EXE
-
\??\c:\9pjpp.exec:\9pjpp.exe48⤵
- Executes dropped EXE
-
\??\c:\rlflflx.exec:\rlflflx.exe49⤵
- Executes dropped EXE
-
\??\c:\tttbbh.exec:\tttbbh.exe50⤵
- Executes dropped EXE
-
\??\c:\7pddd.exec:\7pddd.exe51⤵
- Executes dropped EXE
-
\??\c:\9jvdd.exec:\9jvdd.exe52⤵
- Executes dropped EXE
-
\??\c:\lrflxfr.exec:\lrflxfr.exe53⤵
- Executes dropped EXE
-
\??\c:\bhbhhn.exec:\bhbhhn.exe54⤵
- Executes dropped EXE
-
\??\c:\3jjpp.exec:\3jjpp.exe55⤵
- Executes dropped EXE
-
\??\c:\9vvvv.exec:\9vvvv.exe56⤵
- Executes dropped EXE
-
\??\c:\llflffx.exec:\llflffx.exe57⤵
- Executes dropped EXE
-
\??\c:\3hthbn.exec:\3hthbn.exe58⤵
- Executes dropped EXE
-
\??\c:\3vpvd.exec:\3vpvd.exe59⤵
- Executes dropped EXE
-
\??\c:\ddvjv.exec:\ddvjv.exe60⤵
- Executes dropped EXE
-
\??\c:\fxrlrxl.exec:\fxrlrxl.exe61⤵
- Executes dropped EXE
-
\??\c:\nnhnhn.exec:\nnhnhn.exe62⤵
- Executes dropped EXE
-
\??\c:\hhttht.exec:\hhttht.exe63⤵
- Executes dropped EXE
-
\??\c:\5vvvd.exec:\5vvvd.exe64⤵
- Executes dropped EXE
-
\??\c:\llxfrxr.exec:\llxfrxr.exe65⤵
- Executes dropped EXE
-
\??\c:\lfxxfff.exec:\lfxxfff.exe66⤵
- Executes dropped EXE
-
\??\c:\3thnhh.exec:\3thnhh.exe67⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe68⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe69⤵
-
\??\c:\9rlxflx.exec:\9rlxflx.exe70⤵
-
\??\c:\tnhtnt.exec:\tnhtnt.exe71⤵
-
\??\c:\7btbhh.exec:\7btbhh.exe72⤵
-
\??\c:\djjvv.exec:\djjvv.exe73⤵
-
\??\c:\jpjpj.exec:\jpjpj.exe74⤵
-
\??\c:\1rrlfrx.exec:\1rrlfrx.exe75⤵
-
\??\c:\5nnnhh.exec:\5nnnhh.exe76⤵
-
\??\c:\tnhtnb.exec:\tnhtnb.exe77⤵
-
\??\c:\5jddd.exec:\5jddd.exe78⤵
-
\??\c:\flfrlxl.exec:\flfrlxl.exe79⤵
-
\??\c:\9ffxlrf.exec:\9ffxlrf.exe80⤵
-
\??\c:\hhbnhn.exec:\hhbnhn.exe81⤵
-
\??\c:\jdvvd.exec:\jdvvd.exe82⤵
-
\??\c:\ppjjv.exec:\ppjjv.exe83⤵
-
\??\c:\lrxlrxr.exec:\lrxlrxr.exe84⤵
-
\??\c:\hbbbnb.exec:\hbbbnb.exe85⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe86⤵
-
\??\c:\3vjdd.exec:\3vjdd.exe87⤵
-
\??\c:\pjjpv.exec:\pjjpv.exe88⤵
-
\??\c:\3fflxrf.exec:\3fflxrf.exe89⤵
-
\??\c:\3hbbth.exec:\3hbbth.exe90⤵
-
\??\c:\tthnbh.exec:\tthnbh.exe91⤵
-
\??\c:\5pdpv.exec:\5pdpv.exe92⤵
-
\??\c:\jdvjp.exec:\jdvjp.exe93⤵
-
\??\c:\9lxxllr.exec:\9lxxllr.exe94⤵
-
\??\c:\tnbbhb.exec:\tnbbhb.exe95⤵
-
\??\c:\hntnth.exec:\hntnth.exe96⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe97⤵
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe98⤵
-
\??\c:\rfrfrlr.exec:\rfrfrlr.exe99⤵
-
\??\c:\nbbbhb.exec:\nbbbhb.exe100⤵
-
\??\c:\vpvvd.exec:\vpvvd.exe101⤵
-
\??\c:\llfxfrf.exec:\llfxfrf.exe102⤵
-
\??\c:\frrrfxf.exec:\frrrfxf.exe103⤵
-
\??\c:\bhhntb.exec:\bhhntb.exe104⤵
-
\??\c:\1jvdj.exec:\1jvdj.exe105⤵
-
\??\c:\7vpdv.exec:\7vpdv.exe106⤵
-
\??\c:\7rxxfff.exec:\7rxxfff.exe107⤵
-
\??\c:\nhhhth.exec:\nhhhth.exe108⤵
-
\??\c:\ppddj.exec:\ppddj.exe109⤵
-
\??\c:\pjjpp.exec:\pjjpp.exe110⤵
-
\??\c:\xrxrfxf.exec:\xrxrfxf.exe111⤵
-
\??\c:\3nnthn.exec:\3nnthn.exe112⤵
-
\??\c:\bnhttt.exec:\bnhttt.exe113⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe114⤵
-
\??\c:\rlflxxr.exec:\rlflxxr.exe115⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe116⤵
-
\??\c:\nhbhbt.exec:\nhbhbt.exe117⤵
-
\??\c:\nnnnhh.exec:\nnnnhh.exe118⤵
-
\??\c:\dvdjd.exec:\dvdjd.exe119⤵
-
\??\c:\rfffllr.exec:\rfffllr.exe120⤵
-
\??\c:\lxfrlll.exec:\lxfrlll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-