Analysis
-
max time kernel
149s -
max time network
112s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
08/05/2024, 11:55
General
-
Target
9a200a940b1c076af869e77932b4f0e0_NEIKI.exe
-
Size
74KB
-
MD5
9a200a940b1c076af869e77932b4f0e0
-
SHA1
57fdedc7747e3262ed38b2a0c2fe5428697904ce
-
SHA256
838bf3eb80e203a354dcec37e82f1b3e1eeb3cbbf9a8aab46eb20c5c5247dd41
-
SHA512
64d6c21e6e15373ca387a2ae7a7a3985c877b1870ea768baebc88fac1792d31202d36c7c91d7a487d346a677dc0e224952ecbf4bb09714a4835cfd28b8cff213
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIrmCeRMKeWqNSZ7:ymb3NkkiQ3mdBjFIjek5o
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 28 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a200a940b1c076af869e77932b4f0e0_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\9a200a940b1c076af869e77932b4f0e0_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3flxrrl.exec:\3flxrrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjpv.exec:\ddjpv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjppd.exec:\pjppd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fxrrrr.exec:\1fxrrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrlfr.exec:\lfrrlfr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bntntn.exec:\bntntn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrfrfxr.exec:\lrfrfxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lrrlxrl.exec:\lrrlxrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbtnh.exec:\1bbtnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjdj.exec:\vpjdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbhbhh.exec:\bbhbhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnhbh.exec:\nhnhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djdvj.exec:\djdvj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlxlfx.exec:\frlxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhbt.exec:\thnhbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrlfrfx.exec:\xrlfrfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxfrfx.exec:\5rxfrfx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnbt.exec:\hntnbt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdpd.exec:\vjdpd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1fllffx.exec:\1fllffx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnh.exec:\nhnnnh.exe23⤵
- Executes dropped EXE
-
\??\c:\7dpjd.exec:\7dpjd.exe24⤵
- Executes dropped EXE
-
\??\c:\9pdvp.exec:\9pdvp.exe25⤵
- Executes dropped EXE
-
\??\c:\flfxlfx.exec:\flfxlfx.exe26⤵
- Executes dropped EXE
-
\??\c:\hbnhnh.exec:\hbnhnh.exe27⤵
- Executes dropped EXE
-
\??\c:\9ppdp.exec:\9ppdp.exe28⤵
- Executes dropped EXE
-
\??\c:\rrrlfff.exec:\rrrlfff.exe29⤵
- Executes dropped EXE
-
\??\c:\lrrlffx.exec:\lrrlffx.exe30⤵
- Executes dropped EXE
-
\??\c:\tnnbtb.exec:\tnnbtb.exe31⤵
- Executes dropped EXE
-
\??\c:\pdvvp.exec:\pdvvp.exe32⤵
- Executes dropped EXE
-
\??\c:\vdpjp.exec:\vdpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\rrllfxr.exec:\rrllfxr.exe34⤵
- Executes dropped EXE
-
\??\c:\1hhtnh.exec:\1hhtnh.exe35⤵
-
\??\c:\nbbhtt.exec:\nbbhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\vdvpd.exec:\vdvpd.exe37⤵
- Executes dropped EXE
-
\??\c:\dvdvp.exec:\dvdvp.exe38⤵
- Executes dropped EXE
-
\??\c:\flrlffx.exec:\flrlffx.exe39⤵
- Executes dropped EXE
-
\??\c:\htnbnn.exec:\htnbnn.exe40⤵
- Executes dropped EXE
-
\??\c:\thtnhh.exec:\thtnhh.exe41⤵
- Executes dropped EXE
-
\??\c:\9dpdp.exec:\9dpdp.exe42⤵
- Executes dropped EXE
-
\??\c:\3jvvj.exec:\3jvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\5fxlxrr.exec:\5fxlxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\3ffrlfx.exec:\3ffrlfx.exe45⤵
- Executes dropped EXE
-
\??\c:\1nhtnn.exec:\1nhtnn.exe46⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe47⤵
- Executes dropped EXE
-
\??\c:\pjdpv.exec:\pjdpv.exe48⤵
- Executes dropped EXE
-
\??\c:\rffrfxr.exec:\rffrfxr.exe49⤵
- Executes dropped EXE
-
\??\c:\rflffxl.exec:\rflffxl.exe50⤵
- Executes dropped EXE
-
\??\c:\tnhbtn.exec:\tnhbtn.exe51⤵
- Executes dropped EXE
-
\??\c:\vdjdp.exec:\vdjdp.exe52⤵
- Executes dropped EXE
-
\??\c:\lfrfrrl.exec:\lfrfrrl.exe53⤵
- Executes dropped EXE
-
\??\c:\fxxrfxr.exec:\fxxrfxr.exe54⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe55⤵
- Executes dropped EXE
-
\??\c:\pdjdj.exec:\pdjdj.exe56⤵
- Executes dropped EXE
-
\??\c:\jjdvj.exec:\jjdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\9xlxlfx.exec:\9xlxlfx.exe58⤵
- Executes dropped EXE
-
\??\c:\rrxrrrx.exec:\rrxrrrx.exe59⤵
- Executes dropped EXE
-
\??\c:\1bbhhh.exec:\1bbhhh.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnhtn.exec:\bbnhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\vddvj.exec:\vddvj.exe63⤵
- Executes dropped EXE
-
\??\c:\lxfrfxf.exec:\lxfrfxf.exe64⤵
- Executes dropped EXE
-
\??\c:\1hhtnh.exec:\1hhtnh.exe65⤵
- Executes dropped EXE
-
\??\c:\nhnntn.exec:\nhnntn.exe66⤵
- Executes dropped EXE
-
\??\c:\hbbtht.exec:\hbbtht.exe67⤵
-
\??\c:\vvjdv.exec:\vvjdv.exe68⤵
-
\??\c:\xlxrfrl.exec:\xlxrfrl.exe69⤵
-
\??\c:\fxlfllr.exec:\fxlfllr.exe70⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe71⤵
-
\??\c:\tttbbh.exec:\tttbbh.exe72⤵
-
\??\c:\pddjd.exec:\pddjd.exe73⤵
-
\??\c:\jdjdd.exec:\jdjdd.exe74⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe75⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe76⤵
-
\??\c:\btbntt.exec:\btbntt.exe77⤵
-
\??\c:\dvvjd.exec:\dvvjd.exe78⤵
-
\??\c:\jpvpj.exec:\jpvpj.exe79⤵
-
\??\c:\3lrffxl.exec:\3lrffxl.exe80⤵
-
\??\c:\fllxllf.exec:\fllxllf.exe81⤵
-
\??\c:\ntbntt.exec:\ntbntt.exe82⤵
-
\??\c:\5bthth.exec:\5bthth.exe83⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe84⤵
-
\??\c:\flxrrrl.exec:\flxrrrl.exe85⤵
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe86⤵
-
\??\c:\hnhbtn.exec:\hnhbtn.exe87⤵
-
\??\c:\nbbttt.exec:\nbbttt.exe88⤵
-
\??\c:\vvdpv.exec:\vvdpv.exe89⤵
-
\??\c:\jpppp.exec:\jpppp.exe90⤵
-
\??\c:\xrfxrrf.exec:\xrfxrrf.exe91⤵
-
\??\c:\1ntnhh.exec:\1ntnhh.exe92⤵
-
\??\c:\thtbtt.exec:\thtbtt.exe93⤵
-
\??\c:\1pppp.exec:\1pppp.exe94⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe95⤵
-
\??\c:\lxfrxxr.exec:\lxfrxxr.exe96⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe97⤵
-
\??\c:\hbtbtt.exec:\hbtbtt.exe98⤵
-
\??\c:\tbhtnh.exec:\tbhtnh.exe99⤵
-
\??\c:\jvddp.exec:\jvddp.exe100⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe101⤵
-
\??\c:\fffxfxx.exec:\fffxfxx.exe102⤵
-
\??\c:\7bnhbb.exec:\7bnhbb.exe103⤵
-
\??\c:\vjpdd.exec:\vjpdd.exe104⤵
-
\??\c:\dvdvd.exec:\dvdvd.exe105⤵
-
\??\c:\xxrlxxr.exec:\xxrlxxr.exe106⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe107⤵
-
\??\c:\hbnbbb.exec:\hbnbbb.exe108⤵
-
\??\c:\jvddp.exec:\jvddp.exe109⤵
-
\??\c:\djjjj.exec:\djjjj.exe110⤵
-
\??\c:\lrffxxx.exec:\lrffxxx.exe111⤵
-
\??\c:\hnnnnn.exec:\hnnnnn.exe112⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe113⤵
-
\??\c:\dpdvv.exec:\dpdvv.exe114⤵
-
\??\c:\5fxfxlf.exec:\5fxfxlf.exe115⤵
-
\??\c:\3lxxrlf.exec:\3lxxrlf.exe116⤵
-
\??\c:\nhbthh.exec:\nhbthh.exe117⤵
-
\??\c:\jppdv.exec:\jppdv.exe118⤵
-
\??\c:\fxfrxxx.exec:\fxfrxxx.exe119⤵
-
\??\c:\thbnnn.exec:\thbnnn.exe120⤵
-
\??\c:\3bbbnn.exec:\3bbbnn.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-