Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21/04/2024, 03:44
General
-
Target
fe59dcb118d51aef74acc8140866d7fa_JaffaCakes118.exe
-
Size
81KB
-
MD5
fe59dcb118d51aef74acc8140866d7fa
-
SHA1
80d93e5db6ea8213de203eb95e2356e24effcc74
-
SHA256
b634efb07d33e2c97e695b8243a03ce3e4c479eda37317dafb15764c9891decd
-
SHA512
9fd59926f4dc0ede73b465dae49b9bff73cf29fbd633c9340ecbce1d032aecac4c4a7e30671ad85c71aa9948301421601685dc64aa68ec62f230f8c91db2febe
-
SSDEEP
1536:+VtjAKqURk0Ex/tIWLSYGc5cmFF+TTdGka2dQe5GrpXLap:CN1qURFY/RLSO5cmFY9GMdKGp
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 4 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\fe59dcb118d51aef74acc8140866d7fa_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\fe59dcb118d51aef74acc8140866d7fa_JaffaCakes118.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Systembrpxd.exe"C:\Users\Admin\AppData\Local\Temp\Systembrpxd.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD5909fc13592055549885dda3e4232e842
SHA1c029452f57740591c2adc55aa43be81fc6ddba0c
SHA25611f209850a369d4dfe749df9eed95a26007492491f23a94225d1de998be80a94
SHA51232018d8ae71addd80eb590eee9f476c171d80818a321288fd3c8aa35cda16434126e6315f4dce105b6b94f881511e95719a2b86e5b183a23da39ba1fcdb8b43b
-
Filesize
84B
MD5aba9cd664e9da8bca0399f2e19245fa3
SHA120de734829af8497baf8e663e38ea5d98f5bea74
SHA256e2c1bddc46dcd965af9f787b8a0cef22c47703838fc7955f936b6e79890ee2af
SHA5128305d8976c46f8029f6df10131f8a84740bed834aaa9ace4d71ac7936ef5ed457f5b0b0094833f4a8fb12b69a85410945c89eae2eea8492a520c4bc11258489d
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB