Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/05/2024, 23:03
General
-
Target
8cf86d541c02145be85e053c30aa7690_NEIKI.exe
-
Size
151KB
-
MD5
8cf86d541c02145be85e053c30aa7690
-
SHA1
2563981f6829d80b03465ee3689fcdf60026056c
-
SHA256
d3031b2a5f3cb31690eb20c5cb1eee2a676a968f39969c0e6fa1031c12e05475
-
SHA512
c8b7b4b4c57099bd82a366d08f97c792d4e580bd27b8c02d7424a70b77f8dacf4cbc2eb5108695cafed270ff2b55b8052191f1578f08581e15965241648d72d6
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73tvn+Yp9gBEpBSlrseOwXKvr7Q:n3C9BRo7tvnJ9oEzq7byQ
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8cf86d541c02145be85e053c30aa7690_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\8cf86d541c02145be85e053c30aa7690_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\9vmakk.exec:\9vmakk.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rv7953v.exec:\rv7953v.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ixh77.exec:\ixh77.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\739g6.exec:\739g6.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\a51bb5.exec:\a51bb5.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vk9vr.exec:\vk9vr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\m57132.exec:\m57132.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\019eo.exec:\019eo.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5t0b2.exec:\5t0b2.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\as9w95r.exec:\as9w95r.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\mg6akk.exec:\mg6akk.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\u9g09.exec:\u9g09.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\io147.exec:\io147.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9w9our7.exec:\9w9our7.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0v97e5c.exec:\0v97e5c.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\2xr5x.exec:\2xr5x.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1e7tt1.exec:\1e7tt1.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1k72lf0.exec:\1k72lf0.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\717xb0.exec:\717xb0.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kod84.exec:\kod84.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\r6q61.exec:\r6q61.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\613f3i.exec:\613f3i.exe23⤵
- Executes dropped EXE
-
\??\c:\0b89tu1.exec:\0b89tu1.exe24⤵
- Executes dropped EXE
-
\??\c:\ceb699.exec:\ceb699.exe25⤵
- Executes dropped EXE
-
\??\c:\m2n7o35.exec:\m2n7o35.exe26⤵
- Executes dropped EXE
-
\??\c:\3hrn8.exec:\3hrn8.exe27⤵
- Executes dropped EXE
-
\??\c:\9v13s.exec:\9v13s.exe28⤵
- Executes dropped EXE
-
\??\c:\w26bv9.exec:\w26bv9.exe29⤵
- Executes dropped EXE
-
\??\c:\awu38p.exec:\awu38p.exe30⤵
- Executes dropped EXE
-
\??\c:\4duc15.exec:\4duc15.exe31⤵
- Executes dropped EXE
-
\??\c:\2p507.exec:\2p507.exe32⤵
- Executes dropped EXE
-
\??\c:\e37t2.exec:\e37t2.exe33⤵
- Executes dropped EXE
-
\??\c:\u6a5m.exec:\u6a5m.exe34⤵
- Executes dropped EXE
-
\??\c:\h67jgq.exec:\h67jgq.exe35⤵
- Executes dropped EXE
-
\??\c:\hi5aqum.exec:\hi5aqum.exe36⤵
- Executes dropped EXE
-
\??\c:\64oa3j8.exec:\64oa3j8.exe37⤵
- Executes dropped EXE
-
\??\c:\3ttu7v4.exec:\3ttu7v4.exe38⤵
- Executes dropped EXE
-
\??\c:\lak2nw.exec:\lak2nw.exe39⤵
- Executes dropped EXE
-
\??\c:\067qd.exec:\067qd.exe40⤵
- Executes dropped EXE
-
\??\c:\7hp1b.exec:\7hp1b.exe41⤵
- Executes dropped EXE
-
\??\c:\74t75f.exec:\74t75f.exe42⤵
- Executes dropped EXE
-
\??\c:\ke04v.exec:\ke04v.exe43⤵
- Executes dropped EXE
-
\??\c:\14ul961.exec:\14ul961.exe44⤵
- Executes dropped EXE
-
\??\c:\ibm1152.exec:\ibm1152.exe45⤵
- Executes dropped EXE
-
\??\c:\1ioj5.exec:\1ioj5.exe46⤵
- Executes dropped EXE
-
\??\c:\up5m0.exec:\up5m0.exe47⤵
- Executes dropped EXE
-
\??\c:\860w2u.exec:\860w2u.exe48⤵
- Executes dropped EXE
-
\??\c:\7j2d3if.exec:\7j2d3if.exe49⤵
- Executes dropped EXE
-
\??\c:\6efs735.exec:\6efs735.exe50⤵
- Executes dropped EXE
-
\??\c:\n1c04.exec:\n1c04.exe51⤵
- Executes dropped EXE
-
\??\c:\l68nr.exec:\l68nr.exe52⤵
- Executes dropped EXE
-
\??\c:\9scjwim.exec:\9scjwim.exe53⤵
- Executes dropped EXE
-
\??\c:\72l4ne.exec:\72l4ne.exe54⤵
- Executes dropped EXE
-
\??\c:\ca2f3.exec:\ca2f3.exe55⤵
- Executes dropped EXE
-
\??\c:\89h97.exec:\89h97.exe56⤵
- Executes dropped EXE
-
\??\c:\v5vm1.exec:\v5vm1.exe57⤵
- Executes dropped EXE
-
\??\c:\2f3m3k.exec:\2f3m3k.exe58⤵
- Executes dropped EXE
-
\??\c:\459v41.exec:\459v41.exe59⤵
- Executes dropped EXE
-
\??\c:\15s5kj.exec:\15s5kj.exe60⤵
- Executes dropped EXE
-
\??\c:\5g9vte3.exec:\5g9vte3.exe61⤵
- Executes dropped EXE
-
\??\c:\b33q9o3.exec:\b33q9o3.exe62⤵
- Executes dropped EXE
-
\??\c:\oi74l.exec:\oi74l.exe63⤵
- Executes dropped EXE
-
\??\c:\ri95j.exec:\ri95j.exe64⤵
- Executes dropped EXE
-
\??\c:\c9bmng.exec:\c9bmng.exe65⤵
- Executes dropped EXE
-
\??\c:\n84n754.exec:\n84n754.exe66⤵
-
\??\c:\0snfv9.exec:\0snfv9.exe67⤵
-
\??\c:\3391c92.exec:\3391c92.exe68⤵
-
\??\c:\82h356.exec:\82h356.exe69⤵
-
\??\c:\pw589u3.exec:\pw589u3.exe70⤵
-
\??\c:\djanr3r.exec:\djanr3r.exe71⤵
-
\??\c:\57m0t.exec:\57m0t.exe72⤵
-
\??\c:\961xo.exec:\961xo.exe73⤵
-
\??\c:\w73g1.exec:\w73g1.exe74⤵
-
\??\c:\99g355.exec:\99g355.exe75⤵
-
\??\c:\e1d04.exec:\e1d04.exe76⤵
-
\??\c:\jme08.exec:\jme08.exe77⤵
-
\??\c:\l9mqx.exec:\l9mqx.exe78⤵
-
\??\c:\083gp.exec:\083gp.exe79⤵
-
\??\c:\9at1aw.exec:\9at1aw.exe80⤵
-
\??\c:\3x7m49.exec:\3x7m49.exe81⤵
-
\??\c:\27q613d.exec:\27q613d.exe82⤵
-
\??\c:\89137o.exec:\89137o.exe83⤵
-
\??\c:\5pp737.exec:\5pp737.exe84⤵
-
\??\c:\509a8.exec:\509a8.exe85⤵
-
\??\c:\xthtx.exec:\xthtx.exe86⤵
-
\??\c:\omvh79j.exec:\omvh79j.exe87⤵
-
\??\c:\4218u92.exec:\4218u92.exe88⤵
-
\??\c:\ii2lsg.exec:\ii2lsg.exe89⤵
-
\??\c:\51xwq8.exec:\51xwq8.exe90⤵
-
\??\c:\v71c5o.exec:\v71c5o.exe91⤵
-
\??\c:\xcu18hw.exec:\xcu18hw.exe92⤵
-
\??\c:\c8f2m.exec:\c8f2m.exe93⤵
-
\??\c:\20rg59g.exec:\20rg59g.exe94⤵
-
\??\c:\33431lc.exec:\33431lc.exe95⤵
-
\??\c:\3oqikc.exec:\3oqikc.exe96⤵
-
\??\c:\23i4rg8.exec:\23i4rg8.exe97⤵
-
\??\c:\66f5s3.exec:\66f5s3.exe98⤵
-
\??\c:\wg1hk3.exec:\wg1hk3.exe99⤵
-
\??\c:\k973572.exec:\k973572.exe100⤵
-
\??\c:\6m8d3k.exec:\6m8d3k.exe101⤵
-
\??\c:\rqt18o.exec:\rqt18o.exe102⤵
-
\??\c:\qu4s76h.exec:\qu4s76h.exe103⤵
-
\??\c:\503ix5.exec:\503ix5.exe104⤵
-
\??\c:\rgtk1is.exec:\rgtk1is.exe105⤵
-
\??\c:\c8svje.exec:\c8svje.exe106⤵
-
\??\c:\j46h04.exec:\j46h04.exe107⤵
-
\??\c:\u38uuim.exec:\u38uuim.exe108⤵
-
\??\c:\8x3g72s.exec:\8x3g72s.exe109⤵
-
\??\c:\1ne5u1.exec:\1ne5u1.exe110⤵
-
\??\c:\jt3on.exec:\jt3on.exe111⤵
-
\??\c:\86cm4.exec:\86cm4.exe112⤵
-
\??\c:\7jjku.exec:\7jjku.exe113⤵
-
\??\c:\u37f9.exec:\u37f9.exe114⤵
-
\??\c:\dhjj5.exec:\dhjj5.exe115⤵
-
\??\c:\xrprtt.exec:\xrprtt.exe116⤵
-
\??\c:\1cu5j1.exec:\1cu5j1.exe117⤵
-
\??\c:\1w3vw4b.exec:\1w3vw4b.exe118⤵
-
\??\c:\dt32g.exec:\dt32g.exe119⤵
-
\??\c:\7u9rxr7.exec:\7u9rxr7.exe120⤵
-
\??\c:\40ur03i.exec:\40ur03i.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-