Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 11:21

General

  • Target

    e757886b19702bae0e3ae51487de8cf9_JaffaCakes118.exe

  • Size

    92KB

  • MD5

    e757886b19702bae0e3ae51487de8cf9

  • SHA1

    0765dd2b744cf9acb885cab1f8acc94d41976170

  • SHA256

    18a93510d4c9cbffd669dc36abfee2b412b2aaa4fb590949978d8526496002cf

  • SHA512

    2787d4841fa0140d576d10b365fbd93a9780242f26bafa25621623acf77055d27fda57e741a1afbdb08371de47214183da22958bc12c4f59ef38c12d867977ec

  • SSDEEP

    1536:gsxoqT1PgsXDpeCs/XsDufXOXck4ODSCyUS4r9Tefg7aWSJTld2WeCl4R:gseqTV9XD4CaXHOXck48SBwQgnSxld2W

Malware Config

Signatures

  • Blackmoon, KrBanker

    Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.

  • Detect Blackmoon payload 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e757886b19702bae0e3ae51487de8cf9_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e757886b19702bae0e3ae51487de8cf9_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    PID:1452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\msg63CB.tmp

          Filesize

          47KB

          MD5

          ed0c74815e4d0c37563d89c7af54f2cc

          SHA1

          f12d4e876740769fe8c81fa421827140c8a0cf4e

          SHA256

          f07eb8723995cf5c90bad1a3fa3bc6419dad3952f238413c9b62d1f8ef292945

          SHA512

          0bccb938bca4f4546879119d81a2e7fe88552f87ab7e3cdfe7b70cd7bbcd847a607ff9e4423448e6bd87ffb901780041ad4fae1261ae7adbece53654935fc4ab

        • memory/1452-0-0x0000000000400000-0x0000000000417000-memory.dmp

          Filesize

          92KB

        • memory/1452-4-0x0000000010000000-0x0000000010052000-memory.dmp

          Filesize

          328KB

        • memory/1452-7-0x0000000010000000-0x0000000010052000-memory.dmp

          Filesize

          328KB