Analysis
-
max time kernel
154s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/04/2024, 12:15
General
-
Target
00bfa31ad49c7d66b65dd63499eb0df3_JaffaCakes118.exe
-
Size
365KB
-
MD5
00bfa31ad49c7d66b65dd63499eb0df3
-
SHA1
096662f9df51c9467cea2f3254bc4f2caa6e623e
-
SHA256
8cbf41cc091ce0a909e4f91dc8545e99cb2caf9aa3a6376a0b88cd5bf8197943
-
SHA512
4d2609319f328593f515c301fd4f1b31104d0e715716ea49df5e38669c4c4a51e064f1445b7b9e58af9d2c3b7d51e7a00615a837d56a704f4469dd2d67012018
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAsACF486jFX8fkYtB6J6q1K7+:Pcm7ImGddXtWrXD486jFX88Y/MK7+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00bfa31ad49c7d66b65dd63499eb0df3_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\00bfa31ad49c7d66b65dd63499eb0df3_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nb0p7l.exec:\nb0p7l.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\p33412o.exec:\p33412o.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\15g0n.exec:\15g0n.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7dexp.exec:\7dexp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\osk69r.exec:\osk69r.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\8581q1.exec:\8581q1.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\qi1o5.exec:\qi1o5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\kf94799.exec:\kf94799.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\4f0740.exec:\4f0740.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\b8ff9p5.exec:\b8ff9p5.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\g2c771.exec:\g2c771.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3l7g52k.exec:\3l7g52k.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lc5xq.exec:\lc5xq.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x44cm.exec:\x44cm.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\513o9.exec:\513o9.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9bqn0x.exec:\9bqn0x.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\x42j985.exec:\x42j985.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\gaxat.exec:\gaxat.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jd5wm.exec:\jd5wm.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\6iar84.exec:\6iar84.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\q7h17.exec:\q7h17.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\n182f9.exec:\n182f9.exe23⤵
- Executes dropped EXE
-
\??\c:\r8v75.exec:\r8v75.exe24⤵
- Executes dropped EXE
-
\??\c:\u9556w.exec:\u9556w.exe25⤵
- Executes dropped EXE
-
\??\c:\0dm314.exec:\0dm314.exe26⤵
- Executes dropped EXE
-
\??\c:\239309.exec:\239309.exe27⤵
- Executes dropped EXE
-
\??\c:\dg31hee.exec:\dg31hee.exe28⤵
- Executes dropped EXE
-
\??\c:\9iua3.exec:\9iua3.exe29⤵
- Executes dropped EXE
-
\??\c:\243ui46.exec:\243ui46.exe30⤵
- Executes dropped EXE
-
\??\c:\xj9281.exec:\xj9281.exe31⤵
- Executes dropped EXE
-
\??\c:\11b1s.exec:\11b1s.exe32⤵
- Executes dropped EXE
-
\??\c:\x3i304.exec:\x3i304.exe33⤵
- Executes dropped EXE
-
\??\c:\xagph9n.exec:\xagph9n.exe34⤵
- Executes dropped EXE
-
\??\c:\x9gak.exec:\x9gak.exe35⤵
- Executes dropped EXE
-
\??\c:\k08cvdf.exec:\k08cvdf.exe36⤵
- Executes dropped EXE
-
\??\c:\j3m5b5.exec:\j3m5b5.exe37⤵
- Executes dropped EXE
-
\??\c:\ifs06.exec:\ifs06.exe38⤵
- Executes dropped EXE
-
\??\c:\095i33.exec:\095i33.exe39⤵
- Executes dropped EXE
-
\??\c:\52579.exec:\52579.exe40⤵
- Executes dropped EXE
-
\??\c:\9qh3797.exec:\9qh3797.exe41⤵
- Executes dropped EXE
-
\??\c:\a9785ou.exec:\a9785ou.exe42⤵
- Executes dropped EXE
-
\??\c:\ao934rm.exec:\ao934rm.exe43⤵
- Executes dropped EXE
-
\??\c:\8b7463.exec:\8b7463.exe44⤵
- Executes dropped EXE
-
\??\c:\04equ.exec:\04equ.exe45⤵
- Executes dropped EXE
-
\??\c:\lx25kdq.exec:\lx25kdq.exe46⤵
- Executes dropped EXE
-
\??\c:\ug9kb.exec:\ug9kb.exe47⤵
- Executes dropped EXE
-
\??\c:\30434.exec:\30434.exe48⤵
- Executes dropped EXE
-
\??\c:\0fi17v.exec:\0fi17v.exe49⤵
- Executes dropped EXE
-
\??\c:\u0i1et.exec:\u0i1et.exe50⤵
- Executes dropped EXE
-
\??\c:\3jdw5.exec:\3jdw5.exe51⤵
- Executes dropped EXE
-
\??\c:\8r4f09h.exec:\8r4f09h.exe52⤵
- Executes dropped EXE
-
\??\c:\5616n.exec:\5616n.exe53⤵
- Executes dropped EXE
-
\??\c:\6d5616.exec:\6d5616.exe54⤵
- Executes dropped EXE
-
\??\c:\fa195i9.exec:\fa195i9.exe55⤵
- Executes dropped EXE
-
\??\c:\mli4r9.exec:\mli4r9.exe56⤵
- Executes dropped EXE
-
\??\c:\3q20cu.exec:\3q20cu.exe57⤵
- Executes dropped EXE
-
\??\c:\8x3aa.exec:\8x3aa.exe58⤵
- Executes dropped EXE
-
\??\c:\k5twu0.exec:\k5twu0.exe59⤵
- Executes dropped EXE
-
\??\c:\d5f141.exec:\d5f141.exe60⤵
- Executes dropped EXE
-
\??\c:\vk7bup.exec:\vk7bup.exe61⤵
- Executes dropped EXE
-
\??\c:\ffd1b.exec:\ffd1b.exe62⤵
- Executes dropped EXE
-
\??\c:\bomei8.exec:\bomei8.exe63⤵
- Executes dropped EXE
-
\??\c:\u5u5qqw.exec:\u5u5qqw.exe64⤵
- Executes dropped EXE
-
\??\c:\j4e3o2g.exec:\j4e3o2g.exe65⤵
- Executes dropped EXE
-
\??\c:\e39qf84.exec:\e39qf84.exe66⤵
-
\??\c:\50l17.exec:\50l17.exe67⤵
-
\??\c:\1iimk4.exec:\1iimk4.exe68⤵
-
\??\c:\6qk1t.exec:\6qk1t.exe69⤵
-
\??\c:\703ct.exec:\703ct.exe70⤵
-
\??\c:\73506.exec:\73506.exe71⤵
-
\??\c:\ne5d8i.exec:\ne5d8i.exe72⤵
-
\??\c:\199s4.exec:\199s4.exe73⤵
-
\??\c:\o7ffg.exec:\o7ffg.exe74⤵
-
\??\c:\quv77.exec:\quv77.exe75⤵
-
\??\c:\6iakiaq.exec:\6iakiaq.exe76⤵
-
\??\c:\vhi1g9.exec:\vhi1g9.exe77⤵
-
\??\c:\a8w380k.exec:\a8w380k.exe78⤵
-
\??\c:\fa23693.exec:\fa23693.exe79⤵
-
\??\c:\u2t590.exec:\u2t590.exe80⤵
-
\??\c:\st7u353.exec:\st7u353.exe81⤵
-
\??\c:\cee555m.exec:\cee555m.exe82⤵
-
\??\c:\qq3h6t.exec:\qq3h6t.exe83⤵
-
\??\c:\wh3b7.exec:\wh3b7.exe84⤵
-
\??\c:\55107k.exec:\55107k.exe85⤵
-
\??\c:\rq578r.exec:\rq578r.exe86⤵
-
\??\c:\unqu1c.exec:\unqu1c.exe87⤵
-
\??\c:\fvjbnv.exec:\fvjbnv.exe88⤵
-
\??\c:\835xs.exec:\835xs.exe89⤵
-
\??\c:\x58m6e.exec:\x58m6e.exe90⤵
-
\??\c:\xr3f9aa.exec:\xr3f9aa.exe91⤵
-
\??\c:\onopve.exec:\onopve.exe92⤵
-
\??\c:\rg55n.exec:\rg55n.exe93⤵
-
\??\c:\v6157.exec:\v6157.exe94⤵
-
\??\c:\0lv9ge.exec:\0lv9ge.exe95⤵
-
\??\c:\i9691.exec:\i9691.exe96⤵
-
\??\c:\0779735.exec:\0779735.exe97⤵
-
\??\c:\vs5qxk1.exec:\vs5qxk1.exe98⤵
-
\??\c:\e30xc8.exec:\e30xc8.exe99⤵
-
\??\c:\r0u4ek.exec:\r0u4ek.exe100⤵
-
\??\c:\97d8v0.exec:\97d8v0.exe101⤵
-
\??\c:\it5o30.exec:\it5o30.exe102⤵
-
\??\c:\o8ieoug.exec:\o8ieoug.exe103⤵
-
\??\c:\ab15t6.exec:\ab15t6.exe104⤵
-
\??\c:\smwt8f5.exec:\smwt8f5.exe105⤵
-
\??\c:\6e2i5n1.exec:\6e2i5n1.exe106⤵
-
\??\c:\9t6t36.exec:\9t6t36.exe107⤵
-
\??\c:\n499l.exec:\n499l.exe108⤵
-
\??\c:\28go9bw.exec:\28go9bw.exe109⤵
-
\??\c:\k1i29.exec:\k1i29.exe110⤵
-
\??\c:\od3leph.exec:\od3leph.exe111⤵
-
\??\c:\lvb3bs.exec:\lvb3bs.exe112⤵
-
\??\c:\4m45250.exec:\4m45250.exe113⤵
-
\??\c:\e7n8i0.exec:\e7n8i0.exe114⤵
-
\??\c:\8hpwb.exec:\8hpwb.exe115⤵
-
\??\c:\5v94g0.exec:\5v94g0.exe116⤵
-
\??\c:\qf534.exec:\qf534.exe117⤵
-
\??\c:\bo2npx.exec:\bo2npx.exe118⤵
-
\??\c:\32b73h.exec:\32b73h.exe119⤵
-
\??\c:\v7rm517.exec:\v7rm517.exe120⤵
-
\??\c:\92g9w2.exec:\92g9w2.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-