Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
16/04/2024, 15:29
General
-
Target
f3c6cb40a2380d1e8fcc0d894adc8623_JaffaCakes118.exe
-
Size
444KB
-
MD5
f3c6cb40a2380d1e8fcc0d894adc8623
-
SHA1
cba93ba3e160c8455f6ef0c5267c8212b0d334b4
-
SHA256
c59b6aaa89857754bb4e6be79a372f15875e42a079fc6b0c90bdaceaa04c9948
-
SHA512
eefdfa0fff35901aeb144aeabe433cf0b023bb38240c38280b4cdbc9f1a81cf42c3b66296b6cee42f9329ef9b8bd6ce4d99cea276b020d5ff43864a607a14695
-
SSDEEP
6144:n3C9BRo7MlrWKo+lS0Le4xRSAoq78yoyfx93sEqkeGLo:n3C9yMo+S0L9xRnoq7H9xqYLo
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 40 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 57 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f3c6cb40a2380d1e8fcc0d894adc8623_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f3c6cb40a2380d1e8fcc0d894adc8623_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\0r020c.exec:\0r020c.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qc36o1c.exec:\qc36o1c.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\104mu.exec:\104mu.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1q9jc04.exec:\1q9jc04.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\k951155.exec:\k951155.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fo9ob.exec:\fo9ob.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\w0u9563.exec:\w0u9563.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\29ce30.exec:\29ce30.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\30w3o.exec:\30w3o.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1p1qg.exec:\1p1qg.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qj57cr7.exec:\qj57cr7.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\735935.exec:\735935.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\h1a6m.exec:\h1a6m.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\umweog.exec:\umweog.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0f0riuq.exec:\0f0riuq.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\55wv5ie.exec:\55wv5ie.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8u92i70.exec:\8u92i70.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\21c10uf.exec:\21c10uf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hmw72bq.exec:\hmw72bq.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g5g75ux.exec:\g5g75ux.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ww06b.exec:\ww06b.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\0g3q9.exec:\0g3q9.exe23⤵
- Executes dropped EXE
-
\??\c:\1e7cp0.exec:\1e7cp0.exe24⤵
- Executes dropped EXE
-
\??\c:\235179d.exec:\235179d.exe25⤵
- Executes dropped EXE
-
\??\c:\j88q2ek.exec:\j88q2ek.exe26⤵
- Executes dropped EXE
-
\??\c:\k67599t.exec:\k67599t.exe27⤵
- Executes dropped EXE
-
\??\c:\lab85oh.exec:\lab85oh.exe28⤵
- Executes dropped EXE
-
\??\c:\0ju2tt4.exec:\0ju2tt4.exe29⤵
- Executes dropped EXE
-
\??\c:\6kmg7ef.exec:\6kmg7ef.exe30⤵
- Executes dropped EXE
-
\??\c:\r7g427u.exec:\r7g427u.exe31⤵
- Executes dropped EXE
-
\??\c:\6wgag.exec:\6wgag.exe32⤵
- Executes dropped EXE
-
\??\c:\lug7c.exec:\lug7c.exe33⤵
- Executes dropped EXE
-
\??\c:\0oup8.exec:\0oup8.exe34⤵
- Executes dropped EXE
-
\??\c:\5fhu32.exec:\5fhu32.exe35⤵
- Executes dropped EXE
-
\??\c:\2978l7.exec:\2978l7.exe36⤵
- Executes dropped EXE
-
\??\c:\xc191.exec:\xc191.exe37⤵
- Executes dropped EXE
-
\??\c:\36ugs.exec:\36ugs.exe38⤵
- Executes dropped EXE
-
\??\c:\75e7a.exec:\75e7a.exe39⤵
-
\??\c:\05tt04.exec:\05tt04.exe40⤵
- Executes dropped EXE
-
\??\c:\2577c.exec:\2577c.exe41⤵
- Executes dropped EXE
-
\??\c:\15931.exec:\15931.exe42⤵
- Executes dropped EXE
-
\??\c:\l259319.exec:\l259319.exe43⤵
- Executes dropped EXE
-
\??\c:\6nsiqm5.exec:\6nsiqm5.exe44⤵
- Executes dropped EXE
-
\??\c:\n9kk14s.exec:\n9kk14s.exe45⤵
- Executes dropped EXE
-
\??\c:\hi0u7.exec:\hi0u7.exe46⤵
- Executes dropped EXE
-
\??\c:\7537393.exec:\7537393.exe47⤵
- Executes dropped EXE
-
\??\c:\r39111.exec:\r39111.exe48⤵
- Executes dropped EXE
-
\??\c:\8s6d1.exec:\8s6d1.exe49⤵
- Executes dropped EXE
-
\??\c:\39995.exec:\39995.exe50⤵
- Executes dropped EXE
-
\??\c:\73odo.exec:\73odo.exe51⤵
- Executes dropped EXE
-
\??\c:\n8p0c.exec:\n8p0c.exe52⤵
- Executes dropped EXE
-
\??\c:\4rtqro.exec:\4rtqro.exe53⤵
- Executes dropped EXE
-
\??\c:\wgmii.exec:\wgmii.exe54⤵
- Executes dropped EXE
-
\??\c:\b4qn30.exec:\b4qn30.exe55⤵
- Executes dropped EXE
-
\??\c:\amh4u.exec:\amh4u.exe56⤵
- Executes dropped EXE
-
\??\c:\2sr2a.exec:\2sr2a.exe57⤵
- Executes dropped EXE
-
\??\c:\2wgj5k.exec:\2wgj5k.exe58⤵
- Executes dropped EXE
-
\??\c:\99051.exec:\99051.exe59⤵
- Executes dropped EXE
-
\??\c:\f56h14.exec:\f56h14.exe60⤵
- Executes dropped EXE
-
\??\c:\978x7.exec:\978x7.exe61⤵
- Executes dropped EXE
-
\??\c:\rwmeu3.exec:\rwmeu3.exe62⤵
- Executes dropped EXE
-
\??\c:\8g4cb.exec:\8g4cb.exe63⤵
- Executes dropped EXE
-
\??\c:\5g97c.exec:\5g97c.exe64⤵
- Executes dropped EXE
-
\??\c:\be6gb.exec:\be6gb.exe65⤵
- Executes dropped EXE
-
\??\c:\70odr.exec:\70odr.exe66⤵
- Executes dropped EXE
-
\??\c:\c2a53.exec:\c2a53.exe67⤵
-
\??\c:\f4sd7.exec:\f4sd7.exe68⤵
-
\??\c:\46gwr59.exec:\46gwr59.exe69⤵
-
\??\c:\0v39mp.exec:\0v39mp.exe70⤵
-
\??\c:\v7af12p.exec:\v7af12p.exe71⤵
-
\??\c:\7mn3w.exec:\7mn3w.exe72⤵
-
\??\c:\mk3n339.exec:\mk3n339.exe73⤵
-
\??\c:\kw7309.exec:\kw7309.exe74⤵
-
\??\c:\97293.exec:\97293.exe75⤵
-
\??\c:\199135.exec:\199135.exe76⤵
-
\??\c:\gs54u.exec:\gs54u.exe77⤵
-
\??\c:\95jdq.exec:\95jdq.exe78⤵
-
\??\c:\0xtf9g.exec:\0xtf9g.exe79⤵
-
\??\c:\u0799ua.exec:\u0799ua.exe80⤵
-
\??\c:\18gomi1.exec:\18gomi1.exe81⤵
-
\??\c:\fbcgc.exec:\fbcgc.exe82⤵
-
\??\c:\47k7gt.exec:\47k7gt.exe83⤵
-
\??\c:\4ko50.exec:\4ko50.exe84⤵
-
\??\c:\70202.exec:\70202.exe85⤵
-
\??\c:\t3x5wme.exec:\t3x5wme.exe86⤵
-
\??\c:\blju40.exec:\blju40.exe87⤵
-
\??\c:\2um7m.exec:\2um7m.exe88⤵
-
\??\c:\po2sl6s.exec:\po2sl6s.exe89⤵
-
\??\c:\3u3f5.exec:\3u3f5.exe90⤵
-
\??\c:\cob18.exec:\cob18.exe91⤵
-
\??\c:\130e69e.exec:\130e69e.exe92⤵
-
\??\c:\8gl1sm.exec:\8gl1sm.exe93⤵
-
\??\c:\4makq.exec:\4makq.exe94⤵
-
\??\c:\11if7.exec:\11if7.exe95⤵
-
\??\c:\ex96ed.exec:\ex96ed.exe96⤵
-
\??\c:\5917j03.exec:\5917j03.exe97⤵
-
\??\c:\p9e79.exec:\p9e79.exe98⤵
-
\??\c:\4er703.exec:\4er703.exe99⤵
-
\??\c:\2e571.exec:\2e571.exe100⤵
-
\??\c:\636koi8.exec:\636koi8.exe101⤵
-
\??\c:\636e4u1.exec:\636e4u1.exe102⤵
-
\??\c:\52wg87t.exec:\52wg87t.exe103⤵
-
\??\c:\p9835.exec:\p9835.exe104⤵
-
\??\c:\71wd9i.exec:\71wd9i.exe105⤵
-
\??\c:\h36w2ma.exec:\h36w2ma.exe106⤵
-
\??\c:\ob7j8o.exec:\ob7j8o.exe107⤵
-
\??\c:\0w70q.exec:\0w70q.exe108⤵
-
\??\c:\pl1eup.exec:\pl1eup.exe109⤵
-
\??\c:\3w6um5.exec:\3w6um5.exe110⤵
-
\??\c:\93eoi.exec:\93eoi.exe111⤵
-
\??\c:\e3cesx.exec:\e3cesx.exe112⤵
-
\??\c:\r7sv5.exec:\r7sv5.exe113⤵
-
\??\c:\374f9o.exec:\374f9o.exe114⤵
-
\??\c:\439dr9.exec:\439dr9.exe115⤵
-
\??\c:\f4fh4.exec:\f4fh4.exe116⤵
-
\??\c:\lv607gn.exec:\lv607gn.exe117⤵
-
\??\c:\b4kd52o.exec:\b4kd52o.exe118⤵
-
\??\c:\l3gu6i3.exec:\l3gu6i3.exe119⤵
-
\??\c:\odlfx.exec:\odlfx.exe120⤵
-
\??\c:\6c93ix.exec:\6c93ix.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-