Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
09/05/2024, 02:59
General
-
Target
d7802181f57be93701be7f29cb7e6c00_NEIKI.exe
-
Size
221KB
-
MD5
d7802181f57be93701be7f29cb7e6c00
-
SHA1
7712eed21792defcf730acbe103270c813edd15f
-
SHA256
906ac2c42248bc9d9d3f85ae7e02b247211dd332c130fd733b55debaa5c2c83f
-
SHA512
1ab2f4ca2d32043c9c9c03fdab3181b45d5b91c2454fae36f75faceef553eacc9dbd65109b378106dec22b6f9596023a961933ee4a97b51515b8535772771cb1
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzo:T4wFHoS3dJS4ZzeFaKHpCco
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 34 IoCs
-
Malware Dropper & Backdoor - Berbew 33 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7802181f57be93701be7f29cb7e6c00_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\d7802181f57be93701be7f29cb7e6c00_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxllrl.exec:\fxxllrl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjddp.exec:\jjddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lfrffx.exec:\9lfrffx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvppj.exec:\dvppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpvd.exec:\dvpvd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbtbnn.exec:\bbtbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxffxxx.exec:\fxffxxx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtb.exec:\tnbbtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvddv.exec:\vvddv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frrflrl.exec:\frrflrl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhnnh.exec:\tnhnnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nhtbh.exec:\7nhtbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3xxfrxr.exec:\3xxfrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbnbn.exec:\hbbnbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9vdjv.exec:\9vdjv.exe17⤵
- Executes dropped EXE
-
\??\c:\7lxlrrx.exec:\7lxlrrx.exe18⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe19⤵
- Executes dropped EXE
-
\??\c:\5dpvj.exec:\5dpvj.exe20⤵
- Executes dropped EXE
-
\??\c:\lxlrxlx.exec:\lxlrxlx.exe21⤵
- Executes dropped EXE
-
\??\c:\nhtnbh.exec:\nhtnbh.exe22⤵
- Executes dropped EXE
-
\??\c:\ddvpj.exec:\ddvpj.exe23⤵
- Executes dropped EXE
-
\??\c:\ffxflrl.exec:\ffxflrl.exe24⤵
- Executes dropped EXE
-
\??\c:\jjvdj.exec:\jjvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\7frflrx.exec:\7frflrx.exe26⤵
- Executes dropped EXE
-
\??\c:\ddjjd.exec:\ddjjd.exe27⤵
- Executes dropped EXE
-
\??\c:\xlrrfxf.exec:\xlrrfxf.exe28⤵
- Executes dropped EXE
-
\??\c:\hbhnnb.exec:\hbhnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe30⤵
- Executes dropped EXE
-
\??\c:\9xlxlrx.exec:\9xlxlrx.exe31⤵
- Executes dropped EXE
-
\??\c:\tnbhnb.exec:\tnbhnb.exe32⤵
- Executes dropped EXE
-
\??\c:\vvjdj.exec:\vvjdj.exe33⤵
- Executes dropped EXE
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe34⤵
- Executes dropped EXE
-
\??\c:\lfxxllr.exec:\lfxxllr.exe35⤵
- Executes dropped EXE
-
\??\c:\thbhtt.exec:\thbhtt.exe36⤵
- Executes dropped EXE
-
\??\c:\vjddj.exec:\vjddj.exe37⤵
- Executes dropped EXE
-
\??\c:\ppjvj.exec:\ppjvj.exe38⤵
- Executes dropped EXE
-
\??\c:\xxllllx.exec:\xxllllx.exe39⤵
- Executes dropped EXE
-
\??\c:\ttnthn.exec:\ttnthn.exe40⤵
- Executes dropped EXE
-
\??\c:\hbtbht.exec:\hbtbht.exe41⤵
- Executes dropped EXE
-
\??\c:\7dvdv.exec:\7dvdv.exe42⤵
- Executes dropped EXE
-
\??\c:\pvvvj.exec:\pvvvj.exe43⤵
- Executes dropped EXE
-
\??\c:\rrlfxlx.exec:\rrlfxlx.exe44⤵
- Executes dropped EXE
-
\??\c:\htbbnn.exec:\htbbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\htbhnh.exec:\htbhnh.exe46⤵
- Executes dropped EXE
-
\??\c:\dpjjp.exec:\dpjjp.exe47⤵
- Executes dropped EXE
-
\??\c:\dpvvd.exec:\dpvvd.exe48⤵
- Executes dropped EXE
-
\??\c:\fxlxfrf.exec:\fxlxfrf.exe49⤵
- Executes dropped EXE
-
\??\c:\bbntbh.exec:\bbntbh.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjpd.exec:\vpjpd.exe51⤵
- Executes dropped EXE
-
\??\c:\7jvdp.exec:\7jvdp.exe52⤵
- Executes dropped EXE
-
\??\c:\ffxrrrf.exec:\ffxrrrf.exe53⤵
- Executes dropped EXE
-
\??\c:\1rlxxff.exec:\1rlxxff.exe54⤵
- Executes dropped EXE
-
\??\c:\ttnbnt.exec:\ttnbnt.exe55⤵
- Executes dropped EXE
-
\??\c:\dpjpv.exec:\dpjpv.exe56⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe57⤵
- Executes dropped EXE
-
\??\c:\3frfrxf.exec:\3frfrxf.exe58⤵
- Executes dropped EXE
-
\??\c:\tnbhnb.exec:\tnbhnb.exe59⤵
- Executes dropped EXE
-
\??\c:\ttnbhn.exec:\ttnbhn.exe60⤵
- Executes dropped EXE
-
\??\c:\ppjjv.exec:\ppjjv.exe61⤵
- Executes dropped EXE
-
\??\c:\lfxllrl.exec:\lfxllrl.exe62⤵
- Executes dropped EXE
-
\??\c:\fxrlrrf.exec:\fxrlrrf.exe63⤵
- Executes dropped EXE
-
\??\c:\hbnbnb.exec:\hbnbnb.exe64⤵
- Executes dropped EXE
-
\??\c:\btthnn.exec:\btthnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe66⤵
-
\??\c:\9rlrxxf.exec:\9rlrxxf.exe67⤵
-
\??\c:\llxrxfx.exec:\llxrxfx.exe68⤵
-
\??\c:\thtttt.exec:\thtttt.exe69⤵
-
\??\c:\9pdjd.exec:\9pdjd.exe70⤵
-
\??\c:\1pjpv.exec:\1pjpv.exe71⤵
-
\??\c:\rrrflrf.exec:\rrrflrf.exe72⤵
-
\??\c:\fxllxlx.exec:\fxllxlx.exe73⤵
-
\??\c:\tnhbhb.exec:\tnhbhb.exe74⤵
-
\??\c:\1vpvd.exec:\1vpvd.exe75⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe76⤵
-
\??\c:\xrrllrf.exec:\xrrllrf.exe77⤵
-
\??\c:\bbthnb.exec:\bbthnb.exe78⤵
-
\??\c:\bnbntb.exec:\bnbntb.exe79⤵
-
\??\c:\1dpvv.exec:\1dpvv.exe80⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe81⤵
-
\??\c:\rrlxrxr.exec:\rrlxrxr.exe82⤵
-
\??\c:\7bbnnt.exec:\7bbnnt.exe83⤵
-
\??\c:\1hthhb.exec:\1hthhb.exe84⤵
-
\??\c:\pvpdd.exec:\pvpdd.exe85⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe86⤵
-
\??\c:\fxlrlfr.exec:\fxlrlfr.exe87⤵
-
\??\c:\7tnnnt.exec:\7tnnnt.exe88⤵
-
\??\c:\5jjpd.exec:\5jjpd.exe89⤵
-
\??\c:\dvvjv.exec:\dvvjv.exe90⤵
-
\??\c:\ffxfrxr.exec:\ffxfrxr.exe91⤵
-
\??\c:\3fxxfxx.exec:\3fxxfxx.exe92⤵
-
\??\c:\tthbhn.exec:\tthbhn.exe93⤵
-
\??\c:\9nntnn.exec:\9nntnn.exe94⤵
-
\??\c:\vvpvd.exec:\vvpvd.exe95⤵
-
\??\c:\ffxllrf.exec:\ffxllrf.exe96⤵
-
\??\c:\3llfxrl.exec:\3llfxrl.exe97⤵
-
\??\c:\btnhnh.exec:\btnhnh.exe98⤵
-
\??\c:\7jdjp.exec:\7jdjp.exe99⤵
-
\??\c:\vvvdv.exec:\vvvdv.exe100⤵
-
\??\c:\1xrrfll.exec:\1xrrfll.exe101⤵
-
\??\c:\nhnhht.exec:\nhnhht.exe102⤵
-
\??\c:\pjjdd.exec:\pjjdd.exe103⤵
-
\??\c:\ddpjv.exec:\ddpjv.exe104⤵
-
\??\c:\xrfrflx.exec:\xrfrflx.exe105⤵
-
\??\c:\lfxflrx.exec:\lfxflrx.exe106⤵
-
\??\c:\tnhnht.exec:\tnhnht.exe107⤵
-
\??\c:\5ddvd.exec:\5ddvd.exe108⤵
-
\??\c:\rrfrffr.exec:\rrfrffr.exe109⤵
-
\??\c:\rlxxxxl.exec:\rlxxxxl.exe110⤵
-
\??\c:\tnbhtb.exec:\tnbhtb.exe111⤵
-
\??\c:\ntthnt.exec:\ntthnt.exe112⤵
-
\??\c:\vpjjj.exec:\vpjjj.exe113⤵
-
\??\c:\fxrrllx.exec:\fxrrllx.exe114⤵
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe115⤵
-
\??\c:\nhnthn.exec:\nhnthn.exe116⤵
-
\??\c:\pjjdj.exec:\pjjdj.exe117⤵
-
\??\c:\dvpvp.exec:\dvpvp.exe118⤵
-
\??\c:\7lxrffx.exec:\7lxrffx.exe119⤵
-
\??\c:\frfrlrx.exec:\frfrlrx.exe120⤵
-
\??\c:\tnnnbb.exec:\tnnnbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-