Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
97s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
26/04/2024, 08:26
Errors
Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-26T08:28:46Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_11-dirty.qcow2\"}"
General
-
Target
005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe
-
Size
372KB
-
MD5
005f60af1ad9167ea24c61a4532d007f
-
SHA1
2a93056d9ec4f99897f363013d9f8b74354a1041
-
SHA256
0bbc0a39084dfd5d42b29846fad0598355461116c8cd1437cd47123757b8e1f7
-
SHA512
d34ac72f2291854dba8606f2ee6228187e05112dc0276716056c943a4d06a842153c7beee4b56a1d8cb39899643883c6ec4442a3819fa0d4ebbd481523f7cf1c
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KoSV31QOhsJ4BCW6EX8t:n3C9BRo7MlrWKo+lBhI
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 47 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\005f60af1ad9167ea24c61a4532d007f_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvpv.exec:\ddvpv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddvvj.exec:\ddvvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrlfl.exec:\lxxrlfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvvp.exec:\dpvvp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7tttbh.exec:\7tttbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbntth.exec:\tbntth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbhhn.exec:\hbbhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flrllll.exec:\flrllll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\424006.exec:\424006.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\20848.exec:\20848.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1hntnt.exec:\1hntnt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhbt.exec:\hthhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5fxrllf.exec:\5fxrllf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\848044.exec:\848044.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\86842.exec:\86842.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\04008.exec:\04008.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bthbbt.exec:\bthbbt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9lxrlxr.exec:\9lxrlxr.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\s6066.exec:\s6066.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\242222.exec:\242222.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\llrfrfl.exec:\llrfrfl.exe23⤵
- Executes dropped EXE
-
\??\c:\jdvpp.exec:\jdvpp.exe24⤵
- Executes dropped EXE
-
\??\c:\lffffxx.exec:\lffffxx.exe25⤵
- Executes dropped EXE
-
\??\c:\46808.exec:\46808.exe26⤵
- Executes dropped EXE
-
\??\c:\4482660.exec:\4482660.exe27⤵
- Executes dropped EXE
-
\??\c:\622001h.exec:\622001h.exe28⤵
- Executes dropped EXE
-
\??\c:\280040.exec:\280040.exe29⤵
- Executes dropped EXE
-
\??\c:\480400.exec:\480400.exe30⤵
- Executes dropped EXE
-
\??\c:\nnbbbb.exec:\nnbbbb.exe31⤵
- Executes dropped EXE
-
\??\c:\e48688.exec:\e48688.exe32⤵
- Executes dropped EXE
-
\??\c:\rxxxxxx.exec:\rxxxxxx.exe33⤵
- Executes dropped EXE
-
\??\c:\rllrllx.exec:\rllrllx.exe34⤵
- Executes dropped EXE
-
\??\c:\djjdj.exec:\djjdj.exe35⤵
- Executes dropped EXE
-
\??\c:\0066666.exec:\0066666.exe36⤵
- Executes dropped EXE
-
\??\c:\tnnntb.exec:\tnnntb.exe37⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe38⤵
- Executes dropped EXE
-
\??\c:\6026668.exec:\6026668.exe39⤵
- Executes dropped EXE
-
\??\c:\bthntn.exec:\bthntn.exe40⤵
- Executes dropped EXE
-
\??\c:\48842.exec:\48842.exe41⤵
- Executes dropped EXE
-
\??\c:\6460600.exec:\6460600.exe42⤵
- Executes dropped EXE
-
\??\c:\rlrrrrl.exec:\rlrrrrl.exe43⤵
- Executes dropped EXE
-
\??\c:\9htttn.exec:\9htttn.exe44⤵
- Executes dropped EXE
-
\??\c:\rlxxlfl.exec:\rlxxlfl.exe45⤵
- Executes dropped EXE
-
\??\c:\tnnhbt.exec:\tnnhbt.exe46⤵
- Executes dropped EXE
-
\??\c:\60084.exec:\60084.exe47⤵
- Executes dropped EXE
-
\??\c:\m0042.exec:\m0042.exe48⤵
- Executes dropped EXE
-
\??\c:\xxlrflr.exec:\xxlrflr.exe49⤵
- Executes dropped EXE
-
\??\c:\hbhnnn.exec:\hbhnnn.exe50⤵
- Executes dropped EXE
-
\??\c:\402004.exec:\402004.exe51⤵
- Executes dropped EXE
-
\??\c:\8882604.exec:\8882604.exe52⤵
- Executes dropped EXE
-
\??\c:\64266.exec:\64266.exe53⤵
- Executes dropped EXE
-
\??\c:\4048822.exec:\4048822.exe54⤵
- Executes dropped EXE
-
\??\c:\xlllfff.exec:\xlllfff.exe55⤵
- Executes dropped EXE
-
\??\c:\bnhhbt.exec:\bnhhbt.exe56⤵
- Executes dropped EXE
-
\??\c:\806604.exec:\806604.exe57⤵
- Executes dropped EXE
-
\??\c:\4408282.exec:\4408282.exe58⤵
- Executes dropped EXE
-
\??\c:\djvpj.exec:\djvpj.exe59⤵
- Executes dropped EXE
-
\??\c:\pjdvp.exec:\pjdvp.exe60⤵
- Executes dropped EXE
-
\??\c:\00600.exec:\00600.exe61⤵
- Executes dropped EXE
-
\??\c:\24604.exec:\24604.exe62⤵
- Executes dropped EXE
-
\??\c:\dpvpp.exec:\dpvpp.exe63⤵
- Executes dropped EXE
-
\??\c:\jdjpp.exec:\jdjpp.exe64⤵
- Executes dropped EXE
-
\??\c:\hhbbtb.exec:\hhbbtb.exe65⤵
- Executes dropped EXE
-
\??\c:\4000044.exec:\4000044.exe66⤵
-
\??\c:\ffffxxx.exec:\ffffxxx.exe67⤵
-
\??\c:\bbhthn.exec:\bbhthn.exe68⤵
-
\??\c:\84822.exec:\84822.exe69⤵
-
\??\c:\48040.exec:\48040.exe70⤵
-
\??\c:\9ddvv.exec:\9ddvv.exe71⤵
-
\??\c:\0448226.exec:\0448226.exe72⤵
-
\??\c:\bbhbbb.exec:\bbhbbb.exe73⤵
-
\??\c:\0482226.exec:\0482226.exe74⤵
-
\??\c:\jddvv.exec:\jddvv.exe75⤵
-
\??\c:\dvddd.exec:\dvddd.exe76⤵
-
\??\c:\26882.exec:\26882.exe77⤵
-
\??\c:\hbtnnn.exec:\hbtnnn.exe78⤵
-
\??\c:\466600.exec:\466600.exe79⤵
-
\??\c:\hbnhhh.exec:\hbnhhh.exe80⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe81⤵
-
\??\c:\rrxrlfx.exec:\rrxrlfx.exe82⤵
-
\??\c:\4882626.exec:\4882626.exe83⤵
-
\??\c:\84448.exec:\84448.exe84⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe85⤵
-
\??\c:\lxfxrll.exec:\lxfxrll.exe86⤵
-
\??\c:\202262.exec:\202262.exe87⤵
-
\??\c:\7jpjj.exec:\7jpjj.exe88⤵
-
\??\c:\rrxlfxr.exec:\rrxlfxr.exe89⤵
-
\??\c:\i420660.exec:\i420660.exe90⤵
-
\??\c:\e00488.exec:\e00488.exe91⤵
-
\??\c:\jpvjv.exec:\jpvjv.exe92⤵
-
\??\c:\468826.exec:\468826.exe93⤵
-
\??\c:\646604.exec:\646604.exe94⤵
-
\??\c:\68862.exec:\68862.exe95⤵
-
\??\c:\06204.exec:\06204.exe96⤵
-
\??\c:\jdjjp.exec:\jdjjp.exe97⤵
-
\??\c:\thtnbt.exec:\thtnbt.exe98⤵
-
\??\c:\4060826.exec:\4060826.exe99⤵
-
\??\c:\3tthbt.exec:\3tthbt.exe100⤵
-
\??\c:\8826048.exec:\8826048.exe101⤵
-
\??\c:\28004.exec:\28004.exe102⤵
-
\??\c:\84664.exec:\84664.exe103⤵
-
\??\c:\pjdpp.exec:\pjdpp.exe104⤵
-
\??\c:\802666.exec:\802666.exe105⤵
-
\??\c:\886200.exec:\886200.exe106⤵
-
\??\c:\2404448.exec:\2404448.exe107⤵
-
\??\c:\402246.exec:\402246.exe108⤵
-
\??\c:\00608.exec:\00608.exe109⤵
-
\??\c:\880462.exec:\880462.exe110⤵
-
\??\c:\tthbhh.exec:\tthbhh.exe111⤵
-
\??\c:\u022282.exec:\u022282.exe112⤵
-
\??\c:\jvdvp.exec:\jvdvp.exe113⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe114⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe115⤵
-
\??\c:\k86040.exec:\k86040.exe116⤵
-
\??\c:\rxxrllf.exec:\rxxrllf.exe117⤵
-
\??\c:\022222.exec:\022222.exe118⤵
-
\??\c:\pjddv.exec:\pjddv.exe119⤵
-
\??\c:\8682884.exec:\8682884.exe120⤵
-
\??\c:\nttnhh.exec:\nttnhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-