Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
08/04/2024, 18:21
General
-
Target
e81d63337bef6ebe2ec64854e618d91d_JaffaCakes118.exe
-
Size
76KB
-
MD5
e81d63337bef6ebe2ec64854e618d91d
-
SHA1
e80fdee490584e95eb287814c1ba4e4b002dae37
-
SHA256
0fa708afb950135235414a19701664fa98611da87fc53503077566cabb432e47
-
SHA512
36445a6144820606d7a43d736a2d5d32838d18a78eac7d35da6e9abdc2e71ff68756535e8b6a44f97472a0e06f828fe98f095b8749450de2d7979ab7eab3053a
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNYl7tSS52nIsrtuXmHzl3n:khOmTsF93UYfwC6GIoutpYB7tSS5Ctug
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e81d63337bef6ebe2ec64854e618d91d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\e81d63337bef6ebe2ec64854e618d91d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vvdvv.exec:\vvdvv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\604488.exec:\604488.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\66882.exec:\66882.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\620602.exec:\620602.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjdjv.exec:\vjdjv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s2422.exec:\s2422.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6206044.exec:\6206044.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\28042.exec:\28042.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4800426.exec:\4800426.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\68260.exec:\68260.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ppjv.exec:\3ppjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\862244.exec:\862244.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlfxr.exec:\lfxlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxfxfxf.exec:\xxfxfxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xlrlfff.exec:\xlrlfff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrlfx.exec:\xxrrlfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\006266.exec:\006266.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\626488.exec:\626488.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnnnt.exec:\nhnnnt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffxxrr.exec:\fffxxrr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbbhhh.exec:\tbbhhh.exe23⤵
- Executes dropped EXE
-
\??\c:\4422282.exec:\4422282.exe24⤵
- Executes dropped EXE
-
\??\c:\4084044.exec:\4084044.exe25⤵
- Executes dropped EXE
-
\??\c:\hbbtbt.exec:\hbbtbt.exe26⤵
- Executes dropped EXE
-
\??\c:\60608.exec:\60608.exe27⤵
- Executes dropped EXE
-
\??\c:\4886860.exec:\4886860.exe28⤵
- Executes dropped EXE
-
\??\c:\btbtnh.exec:\btbtnh.exe29⤵
- Executes dropped EXE
-
\??\c:\7djjv.exec:\7djjv.exe30⤵
- Executes dropped EXE
-
\??\c:\8624826.exec:\8624826.exe31⤵
- Executes dropped EXE
-
\??\c:\xfffxrl.exec:\xfffxrl.exe32⤵
- Executes dropped EXE
-
\??\c:\frxrlll.exec:\frxrlll.exe33⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe34⤵
- Executes dropped EXE
-
\??\c:\400408.exec:\400408.exe35⤵
- Executes dropped EXE
-
\??\c:\flllxxr.exec:\flllxxr.exe36⤵
- Executes dropped EXE
-
\??\c:\u600484.exec:\u600484.exe37⤵
- Executes dropped EXE
-
\??\c:\i860804.exec:\i860804.exe38⤵
- Executes dropped EXE
-
\??\c:\66660.exec:\66660.exe39⤵
- Executes dropped EXE
-
\??\c:\lxfxllf.exec:\lxfxllf.exe40⤵
- Executes dropped EXE
-
\??\c:\084422.exec:\084422.exe41⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe42⤵
- Executes dropped EXE
-
\??\c:\0406800.exec:\0406800.exe43⤵
- Executes dropped EXE
-
\??\c:\c222660.exec:\c222660.exe44⤵
- Executes dropped EXE
-
\??\c:\xxxrlrr.exec:\xxxrlrr.exe45⤵
- Executes dropped EXE
-
\??\c:\84226.exec:\84226.exe46⤵
- Executes dropped EXE
-
\??\c:\4406666.exec:\4406666.exe47⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe48⤵
- Executes dropped EXE
-
\??\c:\jvjdv.exec:\jvjdv.exe49⤵
- Executes dropped EXE
-
\??\c:\jddvd.exec:\jddvd.exe50⤵
- Executes dropped EXE
-
\??\c:\48886.exec:\48886.exe51⤵
- Executes dropped EXE
-
\??\c:\ddppv.exec:\ddppv.exe52⤵
- Executes dropped EXE
-
\??\c:\4420064.exec:\4420064.exe53⤵
- Executes dropped EXE
-
\??\c:\pvjpp.exec:\pvjpp.exe54⤵
- Executes dropped EXE
-
\??\c:\828288.exec:\828288.exe55⤵
- Executes dropped EXE
-
\??\c:\dvjdv.exec:\dvjdv.exe56⤵
- Executes dropped EXE
-
\??\c:\00604.exec:\00604.exe57⤵
- Executes dropped EXE
-
\??\c:\rrrrflf.exec:\rrrrflf.exe58⤵
- Executes dropped EXE
-
\??\c:\k02044.exec:\k02044.exe59⤵
- Executes dropped EXE
-
\??\c:\1ddvp.exec:\1ddvp.exe60⤵
- Executes dropped EXE
-
\??\c:\rxxxrll.exec:\rxxxrll.exe61⤵
- Executes dropped EXE
-
\??\c:\c684406.exec:\c684406.exe62⤵
- Executes dropped EXE
-
\??\c:\o688222.exec:\o688222.exe63⤵
- Executes dropped EXE
-
\??\c:\hhbbtt.exec:\hhbbtt.exe64⤵
- Executes dropped EXE
-
\??\c:\02644.exec:\02644.exe65⤵
- Executes dropped EXE
-
\??\c:\08442.exec:\08442.exe66⤵
-
\??\c:\8460660.exec:\8460660.exe67⤵
-
\??\c:\tnnnnn.exec:\tnnnnn.exe68⤵
-
\??\c:\02882.exec:\02882.exe69⤵
-
\??\c:\2284400.exec:\2284400.exe70⤵
-
\??\c:\062828.exec:\062828.exe71⤵
-
\??\c:\60044.exec:\60044.exe72⤵
-
\??\c:\lxfxrrr.exec:\lxfxrrr.exe73⤵
-
\??\c:\ttntnn.exec:\ttntnn.exe74⤵
-
\??\c:\4000444.exec:\4000444.exe75⤵
-
\??\c:\jpvpp.exec:\jpvpp.exe76⤵
-
\??\c:\dpvvv.exec:\dpvvv.exe77⤵
-
\??\c:\88404.exec:\88404.exe78⤵
-
\??\c:\2200226.exec:\2200226.exe79⤵
-
\??\c:\2062226.exec:\2062226.exe80⤵
-
\??\c:\bhnhtn.exec:\bhnhtn.exe81⤵
-
\??\c:\48044.exec:\48044.exe82⤵
-
\??\c:\frxxrrr.exec:\frxxrrr.exe83⤵
-
\??\c:\btnhnn.exec:\btnhnn.exe84⤵
-
\??\c:\k80488.exec:\k80488.exe85⤵
-
\??\c:\84082.exec:\84082.exe86⤵
-
\??\c:\6402268.exec:\6402268.exe87⤵
-
\??\c:\xllfxrr.exec:\xllfxrr.exe88⤵
-
\??\c:\0246066.exec:\0246066.exe89⤵
-
\??\c:\3xxxxxx.exec:\3xxxxxx.exe90⤵
-
\??\c:\o466604.exec:\o466604.exe91⤵
-
\??\c:\jddvd.exec:\jddvd.exe92⤵
-
\??\c:\thhthb.exec:\thhthb.exe93⤵
-
\??\c:\1xxxrxr.exec:\1xxxrxr.exe94⤵
-
\??\c:\604422.exec:\604422.exe95⤵
-
\??\c:\u862404.exec:\u862404.exe96⤵
-
\??\c:\hbnnnt.exec:\hbnnnt.exe97⤵
-
\??\c:\4804006.exec:\4804006.exe98⤵
-
\??\c:\flrlffl.exec:\flrlffl.exe99⤵
-
\??\c:\0004264.exec:\0004264.exe100⤵
-
\??\c:\4404404.exec:\4404404.exe101⤵
-
\??\c:\062222.exec:\062222.exe102⤵
-
\??\c:\44626.exec:\44626.exe103⤵
-
\??\c:\flfxlff.exec:\flfxlff.exe104⤵
-
\??\c:\48442.exec:\48442.exe105⤵
-
\??\c:\442402.exec:\442402.exe106⤵
-
\??\c:\lfllfxx.exec:\lfllfxx.exe107⤵
-
\??\c:\4822284.exec:\4822284.exe108⤵
-
\??\c:\hbbtnn.exec:\hbbtnn.exe109⤵
-
\??\c:\602640.exec:\602640.exe110⤵
-
\??\c:\i824462.exec:\i824462.exe111⤵
-
\??\c:\2622888.exec:\2622888.exe112⤵
-
\??\c:\44644.exec:\44644.exe113⤵
-
\??\c:\ntttht.exec:\ntttht.exe114⤵
-
\??\c:\thbhnh.exec:\thbhnh.exe115⤵
-
\??\c:\2228282.exec:\2228282.exe116⤵
-
\??\c:\vpppp.exec:\vpppp.exe117⤵
-
\??\c:\3jvpv.exec:\3jvpv.exe118⤵
-
\??\c:\o282222.exec:\o282222.exe119⤵
-
\??\c:\0466604.exec:\0466604.exe120⤵
-
\??\c:\pvvdp.exec:\pvvdp.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-