Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
26/04/2024, 08:26
General
-
Target
005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe
-
Size
372KB
-
MD5
005f60af1ad9167ea24c61a4532d007f
-
SHA1
2a93056d9ec4f99897f363013d9f8b74354a1041
-
SHA256
0bbc0a39084dfd5d42b29846fad0598355461116c8cd1437cd47123757b8e1f7
-
SHA512
d34ac72f2291854dba8606f2ee6228187e05112dc0276716056c943a4d06a842153c7beee4b56a1d8cb39899643883c6ec4442a3819fa0d4ebbd481523f7cf1c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QOhsJ4BCW6EX8t:n3C9BRo7MlrWKo+lBhI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 58 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\jpddp.exec:\jpddp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1bbhnt.exec:\1bbhnt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thbhbb.exec:\thbhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvjv.exec:\ddvjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhhtb.exec:\tnhhtb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3nhntb.exec:\3nhntb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxflrlx.exec:\fxflrlx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjjvv.exec:\vjjvv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttthbn.exec:\ttthbn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrllxfl.exec:\rrllxfl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnttt.exec:\3bnttt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrfrxxx.exec:\xrfrxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjvp.exec:\jjjvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7vjjj.exec:\7vjjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnhhtb.exec:\bnhhtb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrfrrf.exec:\xxrfrrf.exe17⤵
- Executes dropped EXE
-
\??\c:\vpjjj.exec:\vpjjj.exe18⤵
- Executes dropped EXE
-
\??\c:\hhnnnn.exec:\hhnnnn.exe19⤵
- Executes dropped EXE
-
\??\c:\frxfrfx.exec:\frxfrfx.exe20⤵
- Executes dropped EXE
-
\??\c:\tnhnbb.exec:\tnhnbb.exe21⤵
- Executes dropped EXE
-
\??\c:\ppjvp.exec:\ppjvp.exe22⤵
- Executes dropped EXE
-
\??\c:\9frrffr.exec:\9frrffr.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\btnttb.exec:\btnttb.exe25⤵
- Executes dropped EXE
-
\??\c:\ffxxflr.exec:\ffxxflr.exe26⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe27⤵
- Executes dropped EXE
-
\??\c:\ffrrxlf.exec:\ffrrxlf.exe28⤵
- Executes dropped EXE
-
\??\c:\hhtbbh.exec:\hhtbbh.exe29⤵
- Executes dropped EXE
-
\??\c:\hhntnt.exec:\hhntnt.exe30⤵
- Executes dropped EXE
-
\??\c:\xrlrfrf.exec:\xrlrfrf.exe31⤵
- Executes dropped EXE
-
\??\c:\vddpp.exec:\vddpp.exe32⤵
- Executes dropped EXE
-
\??\c:\5nbhnn.exec:\5nbhnn.exe33⤵
- Executes dropped EXE
-
\??\c:\3lfxrfx.exec:\3lfxrfx.exe34⤵
- Executes dropped EXE
-
\??\c:\djvdv.exec:\djvdv.exe35⤵
- Executes dropped EXE
-
\??\c:\7xrxlrx.exec:\7xrxlrx.exe36⤵
- Executes dropped EXE
-
\??\c:\vpdpd.exec:\vpdpd.exe37⤵
- Executes dropped EXE
-
\??\c:\ffxfrrl.exec:\ffxfrrl.exe38⤵
- Executes dropped EXE
-
\??\c:\tnhhtb.exec:\tnhhtb.exe39⤵
- Executes dropped EXE
-
\??\c:\9lxfflx.exec:\9lxfflx.exe40⤵
- Executes dropped EXE
-
\??\c:\btntnb.exec:\btntnb.exe41⤵
- Executes dropped EXE
-
\??\c:\xfllxfr.exec:\xfllxfr.exe42⤵
- Executes dropped EXE
-
\??\c:\hbhntt.exec:\hbhntt.exe43⤵
- Executes dropped EXE
-
\??\c:\ddppd.exec:\ddppd.exe44⤵
- Executes dropped EXE
-
\??\c:\btnhnh.exec:\btnhnh.exe45⤵
- Executes dropped EXE
-
\??\c:\vdvjv.exec:\vdvjv.exe46⤵
- Executes dropped EXE
-
\??\c:\fxlxlrx.exec:\fxlxlrx.exe47⤵
- Executes dropped EXE
-
\??\c:\1hbhnt.exec:\1hbhnt.exe48⤵
- Executes dropped EXE
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe49⤵
- Executes dropped EXE
-
\??\c:\dvjjp.exec:\dvjjp.exe50⤵
- Executes dropped EXE
-
\??\c:\7lllrlr.exec:\7lllrlr.exe51⤵
- Executes dropped EXE
-
\??\c:\ppdjp.exec:\ppdjp.exe52⤵
- Executes dropped EXE
-
\??\c:\flflflx.exec:\flflflx.exe53⤵
- Executes dropped EXE
-
\??\c:\vpdpj.exec:\vpdpj.exe54⤵
- Executes dropped EXE
-
\??\c:\llrxrxr.exec:\llrxrxr.exe55⤵
- Executes dropped EXE
-
\??\c:\bttbnt.exec:\bttbnt.exe56⤵
- Executes dropped EXE
-
\??\c:\vvjpd.exec:\vvjpd.exe57⤵
- Executes dropped EXE
-
\??\c:\lllxrxf.exec:\lllxrxf.exe58⤵
- Executes dropped EXE
-
\??\c:\thntnt.exec:\thntnt.exe59⤵
- Executes dropped EXE
-
\??\c:\rffffrl.exec:\rffffrl.exe60⤵
- Executes dropped EXE
-
\??\c:\dddvj.exec:\dddvj.exe61⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe62⤵
- Executes dropped EXE
-
\??\c:\dvdpd.exec:\dvdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\1bttth.exec:\1bttth.exe64⤵
- Executes dropped EXE
-
\??\c:\pvjdd.exec:\pvjdd.exe65⤵
- Executes dropped EXE
-
\??\c:\rfxffrx.exec:\rfxffrx.exe66⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe67⤵
-
\??\c:\9tbnbn.exec:\9tbnbn.exe68⤵
-
\??\c:\xfrfxxl.exec:\xfrfxxl.exe69⤵
-
\??\c:\9htthh.exec:\9htthh.exe70⤵
-
\??\c:\hbhntt.exec:\hbhntt.exe71⤵
-
\??\c:\vpjjp.exec:\vpjjp.exe72⤵
-
\??\c:\1tbttt.exec:\1tbttt.exe73⤵
-
\??\c:\dpjdp.exec:\dpjdp.exe74⤵
-
\??\c:\5hnnnt.exec:\5hnnnt.exe75⤵
-
\??\c:\pjvpv.exec:\pjvpv.exe76⤵
-
\??\c:\bthhnn.exec:\bthhnn.exe77⤵
-
\??\c:\dvpjj.exec:\dvpjj.exe78⤵
-
\??\c:\frfflll.exec:\frfflll.exe79⤵
-
\??\c:\pjdpv.exec:\pjdpv.exe80⤵
-
\??\c:\rfxxllx.exec:\rfxxllx.exe81⤵
-
\??\c:\9vppd.exec:\9vppd.exe82⤵
-
\??\c:\bbttnh.exec:\bbttnh.exe83⤵
-
\??\c:\xxrllxr.exec:\xxrllxr.exe84⤵
-
\??\c:\bbhntt.exec:\bbhntt.exe85⤵
-
\??\c:\7dvvj.exec:\7dvvj.exe86⤵
-
\??\c:\xxxllrl.exec:\xxxllrl.exe87⤵
-
\??\c:\btntbh.exec:\btntbh.exe88⤵
-
\??\c:\rlxfllx.exec:\rlxfllx.exe89⤵
-
\??\c:\tnbtht.exec:\tnbtht.exe90⤵
-
\??\c:\fxrrrll.exec:\fxrrrll.exe91⤵
-
\??\c:\pdppv.exec:\pdppv.exe92⤵
-
\??\c:\lxlrffl.exec:\lxlrffl.exe93⤵
-
\??\c:\hnbhtb.exec:\hnbhtb.exe94⤵
-
\??\c:\rlflxfl.exec:\rlflxfl.exe95⤵
-
\??\c:\pppdv.exec:\pppdv.exe96⤵
-
\??\c:\lrflrll.exec:\lrflrll.exe97⤵
-
\??\c:\vdvpd.exec:\vdvpd.exe98⤵
-
\??\c:\5dppv.exec:\5dppv.exe99⤵
-
\??\c:\3bhtnb.exec:\3bhtnb.exe100⤵
-
\??\c:\7dpjp.exec:\7dpjp.exe101⤵
-
\??\c:\nhhhbh.exec:\nhhhbh.exe102⤵
-
\??\c:\rlrrxxx.exec:\rlrrxxx.exe103⤵
-
\??\c:\5bbnbh.exec:\5bbnbh.exe104⤵
-
\??\c:\pdvvd.exec:\pdvvd.exe105⤵
-
\??\c:\hhbbbn.exec:\hhbbbn.exe106⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe107⤵
-
\??\c:\hhbnht.exec:\hhbnht.exe108⤵
-
\??\c:\7jvjd.exec:\7jvjd.exe109⤵
-
\??\c:\1lfrxfl.exec:\1lfrxfl.exe110⤵
-
\??\c:\jdjpp.exec:\jdjpp.exe111⤵
-
\??\c:\tnbntb.exec:\tnbntb.exe112⤵
-
\??\c:\vdvdd.exec:\vdvdd.exe113⤵
-
\??\c:\tnbbhh.exec:\tnbbhh.exe114⤵
-
\??\c:\dvjdv.exec:\dvjdv.exe115⤵
-
\??\c:\7tnbbh.exec:\7tnbbh.exe116⤵
-
\??\c:\flfffff.exec:\flfffff.exe117⤵
-
\??\c:\jdjpd.exec:\jdjpd.exe118⤵
-
\??\c:\fxflflx.exec:\fxflflx.exe119⤵
-
\??\c:\hhbnbh.exec:\hhbnbh.exe120⤵
-
\??\c:\rfxrllx.exec:\rfxrllx.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-