Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
08-05-2024 02:04
General
-
Target
a12074f8e97a865af036978b96d2a5a0_NEIKI.exe
-
Size
73KB
-
MD5
a12074f8e97a865af036978b96d2a5a0
-
SHA1
3d9203d641333c995eb23f0dcb702ce715edf16e
-
SHA256
b043b00b525f363755f1a6e5d98ddef8e01156cbf1c88b76072c65b772db42c2
-
SHA512
7023104acc6bd05acf174e4a6542c49b05f799ee37ea1ef360a20e472ae490a98bb42cfb4b65ffd8ff01f0dc4226e140d37108a10e243b4dbec64165be5b0364
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAw4Pt:ymb3NkkiQ3mdBjFIpkPcy8qs4Pt
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 26 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a12074f8e97a865af036978b96d2a5a0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\a12074f8e97a865af036978b96d2a5a0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbhnh.exec:\tnbhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxlrx.exec:\rlxxlrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbbnt.exec:\nnbbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhttn.exec:\bhhttn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjpd.exec:\vpjpd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlflrxf.exec:\xlflrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhhth.exec:\nnhhth.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvj.exec:\pjvvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fflrfrf.exec:\fflrfrf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxfrxf.exec:\xlxfrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bnntt.exec:\5bnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdppv.exec:\jdppv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddpj.exec:\7ddpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflx.exec:\rlxxflx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tntthh.exec:\tntthh.exe17⤵
- Executes dropped EXE
-
\??\c:\9pddp.exec:\9pddp.exe18⤵
- Executes dropped EXE
-
\??\c:\jvppv.exec:\jvppv.exe19⤵
- Executes dropped EXE
-
\??\c:\fxflrxl.exec:\fxflrxl.exe20⤵
- Executes dropped EXE
-
\??\c:\tnbbnn.exec:\tnbbnn.exe21⤵
- Executes dropped EXE
-
\??\c:\tthtbn.exec:\tthtbn.exe22⤵
- Executes dropped EXE
-
\??\c:\vdjvp.exec:\vdjvp.exe23⤵
- Executes dropped EXE
-
\??\c:\lxllxxx.exec:\lxllxxx.exe24⤵
- Executes dropped EXE
-
\??\c:\llllffr.exec:\llllffr.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbhtb.exec:\hbbhtb.exe26⤵
- Executes dropped EXE
-
\??\c:\jjpvj.exec:\jjpvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xrffrrx.exec:\xrffrrx.exe28⤵
- Executes dropped EXE
-
\??\c:\fflfxrl.exec:\fflfxrl.exe29⤵
- Executes dropped EXE
-
\??\c:\nhbhbh.exec:\nhbhbh.exe30⤵
- Executes dropped EXE
-
\??\c:\7jppd.exec:\7jppd.exe31⤵
- Executes dropped EXE
-
\??\c:\vvpdj.exec:\vvpdj.exe32⤵
- Executes dropped EXE
-
\??\c:\lrxrrll.exec:\lrxrrll.exe33⤵
- Executes dropped EXE
-
\??\c:\hbhntn.exec:\hbhntn.exe34⤵
- Executes dropped EXE
-
\??\c:\jdjjp.exec:\jdjjp.exe35⤵
- Executes dropped EXE
-
\??\c:\pjdjp.exec:\pjdjp.exe36⤵
- Executes dropped EXE
-
\??\c:\xrrxffl.exec:\xrrxffl.exe37⤵
- Executes dropped EXE
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe38⤵
- Executes dropped EXE
-
\??\c:\bbtbhh.exec:\bbtbhh.exe39⤵
- Executes dropped EXE
-
\??\c:\tntbbh.exec:\tntbbh.exe40⤵
- Executes dropped EXE
-
\??\c:\5jdjj.exec:\5jdjj.exe41⤵
- Executes dropped EXE
-
\??\c:\5ddpd.exec:\5ddpd.exe42⤵
- Executes dropped EXE
-
\??\c:\rfxfffl.exec:\rfxfffl.exe43⤵
- Executes dropped EXE
-
\??\c:\xxflxfr.exec:\xxflxfr.exe44⤵
- Executes dropped EXE
-
\??\c:\ttbbtt.exec:\ttbbtt.exe45⤵
- Executes dropped EXE
-
\??\c:\3hhthh.exec:\3hhthh.exe46⤵
- Executes dropped EXE
-
\??\c:\jdpvj.exec:\jdpvj.exe47⤵
- Executes dropped EXE
-
\??\c:\pdvvv.exec:\pdvvv.exe48⤵
- Executes dropped EXE
-
\??\c:\rrlrxxl.exec:\rrlrxxl.exe49⤵
- Executes dropped EXE
-
\??\c:\xrlxfrx.exec:\xrlxfrx.exe50⤵
- Executes dropped EXE
-
\??\c:\tnbnth.exec:\tnbnth.exe51⤵
- Executes dropped EXE
-
\??\c:\nntthh.exec:\nntthh.exe52⤵
- Executes dropped EXE
-
\??\c:\7nhhbb.exec:\7nhhbb.exe53⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe54⤵
- Executes dropped EXE
-
\??\c:\jdvjp.exec:\jdvjp.exe55⤵
- Executes dropped EXE
-
\??\c:\1flrffr.exec:\1flrffr.exe56⤵
- Executes dropped EXE
-
\??\c:\rlrrffr.exec:\rlrrffr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe58⤵
- Executes dropped EXE
-
\??\c:\1hthhn.exec:\1hthhn.exe59⤵
- Executes dropped EXE
-
\??\c:\5tnbnn.exec:\5tnbnn.exe60⤵
- Executes dropped EXE
-
\??\c:\5pjjv.exec:\5pjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\9dvdp.exec:\9dvdp.exe62⤵
- Executes dropped EXE
-
\??\c:\xrrrxxf.exec:\xrrrxxf.exe63⤵
- Executes dropped EXE
-
\??\c:\3fxrflr.exec:\3fxrflr.exe64⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe65⤵
- Executes dropped EXE
-
\??\c:\nhbbnt.exec:\nhbbnt.exe66⤵
-
\??\c:\jdppd.exec:\jdppd.exe67⤵
-
\??\c:\vppdp.exec:\vppdp.exe68⤵
-
\??\c:\nhbbnt.exec:\nhbbnt.exe69⤵
-
\??\c:\nbnhhn.exec:\nbnhhn.exe70⤵
-
\??\c:\vpdjv.exec:\vpdjv.exe71⤵
-
\??\c:\jddjj.exec:\jddjj.exe72⤵
-
\??\c:\fxrxllr.exec:\fxrxllr.exe73⤵
-
\??\c:\1rfrffx.exec:\1rfrffx.exe74⤵
-
\??\c:\3btnnt.exec:\3btnnt.exe75⤵
-
\??\c:\bbtbhb.exec:\bbtbhb.exe76⤵
-
\??\c:\3jdvj.exec:\3jdvj.exe77⤵
-
\??\c:\3ppvd.exec:\3ppvd.exe78⤵
-
\??\c:\9ppvp.exec:\9ppvp.exe79⤵
-
\??\c:\rllxrfl.exec:\rllxrfl.exe80⤵
-
\??\c:\rlxlrxl.exec:\rlxlrxl.exe81⤵
-
\??\c:\nbttbn.exec:\nbttbn.exe82⤵
-
\??\c:\pvjvp.exec:\pvjvp.exe83⤵
-
\??\c:\djdjp.exec:\djdjp.exe84⤵
-
\??\c:\7xfrflr.exec:\7xfrflr.exe85⤵
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe86⤵
-
\??\c:\hbtbtb.exec:\hbtbtb.exe87⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe88⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe89⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe90⤵
-
\??\c:\xrfrlrx.exec:\xrfrlrx.exe91⤵
-
\??\c:\1llrxlr.exec:\1llrxlr.exe92⤵
-
\??\c:\htbnnt.exec:\htbnnt.exe93⤵
-
\??\c:\tnhnnn.exec:\tnhnnn.exe94⤵
-
\??\c:\pjvvd.exec:\pjvvd.exe95⤵
-
\??\c:\7jddp.exec:\7jddp.exe96⤵
-
\??\c:\rfffrrx.exec:\rfffrrx.exe97⤵
-
\??\c:\rfxxfxf.exec:\rfxxfxf.exe98⤵
-
\??\c:\9xrxllr.exec:\9xrxllr.exe99⤵
-
\??\c:\tbttbb.exec:\tbttbb.exe100⤵
-
\??\c:\tntbbh.exec:\tntbbh.exe101⤵
-
\??\c:\jdvjv.exec:\jdvjv.exe102⤵
-
\??\c:\9vvdd.exec:\9vvdd.exe103⤵
-
\??\c:\rlxlxxl.exec:\rlxlxxl.exe104⤵
-
\??\c:\xrffllx.exec:\xrffllx.exe105⤵
-
\??\c:\tnhtbh.exec:\tnhtbh.exe106⤵
-
\??\c:\bbtthh.exec:\bbtthh.exe107⤵
-
\??\c:\5jjdd.exec:\5jjdd.exe108⤵
-
\??\c:\3pjpd.exec:\3pjpd.exe109⤵
-
\??\c:\7rlxxlr.exec:\7rlxxlr.exe110⤵
-
\??\c:\fxlrxxx.exec:\fxlrxxx.exe111⤵
-
\??\c:\3ntnnh.exec:\3ntnnh.exe112⤵
-
\??\c:\bthnbh.exec:\bthnbh.exe113⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe114⤵
-
\??\c:\dddpv.exec:\dddpv.exe115⤵
-
\??\c:\9rfxfxf.exec:\9rfxfxf.exe116⤵
-
\??\c:\3fxfrfr.exec:\3fxfrfr.exe117⤵
-
\??\c:\tntbnn.exec:\tntbnn.exe118⤵
-
\??\c:\1ntbbb.exec:\1ntbbb.exe119⤵
-
\??\c:\5jdjp.exec:\5jdjp.exe120⤵
-
\??\c:\vpdvd.exec:\vpdvd.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-