Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
09/05/2024, 02:59
General
-
Target
d7802181f57be93701be7f29cb7e6c00_NEIKI.exe
-
Size
221KB
-
MD5
d7802181f57be93701be7f29cb7e6c00
-
SHA1
7712eed21792defcf730acbe103270c813edd15f
-
SHA256
906ac2c42248bc9d9d3f85ae7e02b247211dd332c130fd733b55debaa5c2c83f
-
SHA512
1ab2f4ca2d32043c9c9c03fdab3181b45d5b91c2454fae36f75faceef553eacc9dbd65109b378106dec22b6f9596023a961933ee4a97b51515b8535772771cb1
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzo:T4wFHoS3dJS4ZzeFaKHpCco
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d7802181f57be93701be7f29cb7e6c00_NEIKI.exe"C:\Users\Admin\AppData\Local\Temp\d7802181f57be93701be7f29cb7e6c00_NEIKI.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\thnthb.exec:\thnthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ppjp.exec:\5ppjp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nhbtt.exec:\9nhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jjdv.exec:\7jjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vdpdj.exec:\vdpdj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfxffl.exec:\xrfxffl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttthh.exec:\nttthh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbnhbb.exec:\nbnhbb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjjp.exec:\vjjjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnttnt.exec:\tnttnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjvvv.exec:\pjvvv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrrxr.exec:\fxxrrxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnbtbb.exec:\hnbtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxxff.exec:\flxxxff.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffxxl.exec:\xfffxxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvdvj.exec:\dvdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvjd.exec:\5pvjd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbtnnn.exec:\hbtnnn.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbb.exec:\ttthbb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrlll.exec:\frfrlll.exe23⤵
- Executes dropped EXE
-
\??\c:\9xxfxxf.exec:\9xxfxxf.exe24⤵
- Executes dropped EXE
-
\??\c:\vjppj.exec:\vjppj.exe25⤵
- Executes dropped EXE
-
\??\c:\1lrlllr.exec:\1lrlllr.exe26⤵
- Executes dropped EXE
-
\??\c:\tntnnn.exec:\tntnnn.exe27⤵
- Executes dropped EXE
-
\??\c:\xrllxxl.exec:\xrllxxl.exe28⤵
- Executes dropped EXE
-
\??\c:\lrflfrr.exec:\lrflfrr.exe29⤵
- Executes dropped EXE
-
\??\c:\9thbbb.exec:\9thbbb.exe30⤵
- Executes dropped EXE
-
\??\c:\djpjv.exec:\djpjv.exe31⤵
- Executes dropped EXE
-
\??\c:\5hhbtb.exec:\5hhbtb.exe32⤵
- Executes dropped EXE
-
\??\c:\jjpjp.exec:\jjpjp.exe33⤵
- Executes dropped EXE
-
\??\c:\fllffll.exec:\fllffll.exe34⤵
- Executes dropped EXE
-
\??\c:\hnnhbt.exec:\hnnhbt.exe35⤵
- Executes dropped EXE
-
\??\c:\7bbtnn.exec:\7bbtnn.exe36⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe37⤵
- Executes dropped EXE
-
\??\c:\rxrllff.exec:\rxrllff.exe38⤵
- Executes dropped EXE
-
\??\c:\flllfff.exec:\flllfff.exe39⤵
- Executes dropped EXE
-
\??\c:\hhbtbb.exec:\hhbtbb.exe40⤵
- Executes dropped EXE
-
\??\c:\jpdvp.exec:\jpdvp.exe41⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe42⤵
- Executes dropped EXE
-
\??\c:\1lrrxxf.exec:\1lrrxxf.exe43⤵
- Executes dropped EXE
-
\??\c:\7rrrfrl.exec:\7rrrfrl.exe44⤵
- Executes dropped EXE
-
\??\c:\thhbbb.exec:\thhbbb.exe45⤵
- Executes dropped EXE
-
\??\c:\nbntht.exec:\nbntht.exe46⤵
- Executes dropped EXE
-
\??\c:\7jjdv.exec:\7jjdv.exe47⤵
- Executes dropped EXE
-
\??\c:\jvvdv.exec:\jvvdv.exe48⤵
- Executes dropped EXE
-
\??\c:\xrxrlll.exec:\xrxrlll.exe49⤵
- Executes dropped EXE
-
\??\c:\hbbtnn.exec:\hbbtnn.exe50⤵
- Executes dropped EXE
-
\??\c:\nbbbtt.exec:\nbbbtt.exe51⤵
- Executes dropped EXE
-
\??\c:\dvvpj.exec:\dvvpj.exe52⤵
- Executes dropped EXE
-
\??\c:\1vdpd.exec:\1vdpd.exe53⤵
- Executes dropped EXE
-
\??\c:\7rrxrrr.exec:\7rrxrrr.exe54⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe55⤵
- Executes dropped EXE
-
\??\c:\thhbtt.exec:\thhbtt.exe56⤵
- Executes dropped EXE
-
\??\c:\5djjd.exec:\5djjd.exe57⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe58⤵
- Executes dropped EXE
-
\??\c:\9fllfxr.exec:\9fllfxr.exe59⤵
- Executes dropped EXE
-
\??\c:\1fxrlfx.exec:\1fxrlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\hbnhhh.exec:\hbnhhh.exe61⤵
- Executes dropped EXE
-
\??\c:\httnhh.exec:\httnhh.exe62⤵
- Executes dropped EXE
-
\??\c:\jpvvd.exec:\jpvvd.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvpp.exec:\vjvpp.exe64⤵
- Executes dropped EXE
-
\??\c:\3xlffff.exec:\3xlffff.exe65⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe66⤵
-
\??\c:\hnnhtt.exec:\hnnhtt.exe67⤵
-
\??\c:\vvddv.exec:\vvddv.exe68⤵
-
\??\c:\rlxxrff.exec:\rlxxrff.exe69⤵
-
\??\c:\fxxxllr.exec:\fxxxllr.exe70⤵
-
\??\c:\1bbnhh.exec:\1bbnhh.exe71⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe72⤵
-
\??\c:\jvdjd.exec:\jvdjd.exe73⤵
-
\??\c:\rffxrrl.exec:\rffxrrl.exe74⤵
-
\??\c:\hnnhnt.exec:\hnnhnt.exe75⤵
-
\??\c:\jjpjj.exec:\jjpjj.exe76⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe77⤵
-
\??\c:\lffxrfx.exec:\lffxrfx.exe78⤵
-
\??\c:\3rrlffx.exec:\3rrlffx.exe79⤵
-
\??\c:\hbbtbb.exec:\hbbtbb.exe80⤵
-
\??\c:\5ttnbb.exec:\5ttnbb.exe81⤵
-
\??\c:\pjjpd.exec:\pjjpd.exe82⤵
-
\??\c:\xxfxxrl.exec:\xxfxxrl.exe83⤵
-
\??\c:\5xfxxxx.exec:\5xfxxxx.exe84⤵
-
\??\c:\ttbbhh.exec:\ttbbhh.exe85⤵
-
\??\c:\bhhtbt.exec:\bhhtbt.exe86⤵
-
\??\c:\ddpjj.exec:\ddpjj.exe87⤵
-
\??\c:\djjdd.exec:\djjdd.exe88⤵
-
\??\c:\rxlfrrl.exec:\rxlfrrl.exe89⤵
-
\??\c:\flrxllf.exec:\flrxllf.exe90⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe91⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe92⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe93⤵
-
\??\c:\vpdjd.exec:\vpdjd.exe94⤵
-
\??\c:\1rfrlll.exec:\1rfrlll.exe95⤵
-
\??\c:\xlrlffx.exec:\xlrlffx.exe96⤵
-
\??\c:\3ntttt.exec:\3ntttt.exe97⤵
-
\??\c:\nbhbtn.exec:\nbhbtn.exe98⤵
-
\??\c:\7vddv.exec:\7vddv.exe99⤵
-
\??\c:\9vdvv.exec:\9vdvv.exe100⤵
-
\??\c:\1ffxrfx.exec:\1ffxrfx.exe101⤵
-
\??\c:\xrrrllf.exec:\xrrrllf.exe102⤵
-
\??\c:\nbbtbt.exec:\nbbtbt.exe103⤵
-
\??\c:\bntnhb.exec:\bntnhb.exe104⤵
-
\??\c:\5vdvd.exec:\5vdvd.exe105⤵
-
\??\c:\7vppv.exec:\7vppv.exe106⤵
-
\??\c:\fffrllf.exec:\fffrllf.exe107⤵
-
\??\c:\5rxrllf.exec:\5rxrllf.exe108⤵
-
\??\c:\tthbtt.exec:\tthbtt.exe109⤵
-
\??\c:\nbbnhb.exec:\nbbnhb.exe110⤵
-
\??\c:\pdpjd.exec:\pdpjd.exe111⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe112⤵
-
\??\c:\rlxxrfr.exec:\rlxxrfr.exe113⤵
-
\??\c:\fxxxrrf.exec:\fxxxrrf.exe114⤵
-
\??\c:\tntntn.exec:\tntntn.exe115⤵
-
\??\c:\dpjdd.exec:\dpjdd.exe116⤵
-
\??\c:\pjpjd.exec:\pjpjd.exe117⤵
-
\??\c:\frfffff.exec:\frfffff.exe118⤵
-
\??\c:\fflfxrx.exec:\fflfxrx.exe119⤵
-
\??\c:\ntbhhh.exec:\ntbhhh.exe120⤵
-
\??\c:\1nhbbb.exec:\1nhbbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-