Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
26/04/2024, 14:13
General
-
Target
00f2c6a78798d12bb2d055da1c65005b_JaffaCakes118.exe
-
Size
72KB
-
MD5
00f2c6a78798d12bb2d055da1c65005b
-
SHA1
735ba26f46e939f1b68d454e37e7c11f7ef790c6
-
SHA256
9c2b763cf8f2d0d3db267ddb00851fa4abe8a815eb43a85995d95e31ddcd2fe8
-
SHA512
7305bf5a144e1bc35e689781008304a4cf56ae229c4d0a9205278348f2d9ccfa61832edf5e410483712323f7adbe1d1b53d2d9bd15264c4565e926fb5662d9c1
-
SSDEEP
1536:TvQBeOGtrYS3srx93UBWfwC6Ggnouy80vU2r1vERckymCeF:ThOmTsF93UYfwC6GIout0vH1AQmL
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00f2c6a78798d12bb2d055da1c65005b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\00f2c6a78798d12bb2d055da1c65005b_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ntttnn.exec:\ntttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppjv.exec:\jppjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxlrrf.exec:\lfxlrrf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnnbt.exec:\1tnnbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnbt.exec:\9hnnbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\djppd.exec:\djppd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fffrfxl.exec:\fffrfxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthtn.exec:\htthtn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nttnhb.exec:\nttnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3pppd.exec:\3pppd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rxrffl.exec:\7rxrffl.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9nnhtt.exec:\9nnhtt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bbthbb.exec:\bbthbb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvjdp.exec:\dvjdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1ffrlfx.exec:\1ffrlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbtnb.exec:\3tbtnb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bnnhbt.exec:\bnnhbt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jddpd.exec:\jddpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1llxllx.exec:\1llxllx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnnnhh.exec:\hnnnhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdpjj.exec:\pdpjj.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfrrl.exec:\1rrfrrl.exe23⤵
- Executes dropped EXE
-
\??\c:\5bbnbh.exec:\5bbnbh.exe24⤵
- Executes dropped EXE
-
\??\c:\5vvjp.exec:\5vvjp.exe25⤵
- Executes dropped EXE
-
\??\c:\5pppd.exec:\5pppd.exe26⤵
- Executes dropped EXE
-
\??\c:\lrlxrrl.exec:\lrlxrrl.exe27⤵
- Executes dropped EXE
-
\??\c:\3rxxffl.exec:\3rxxffl.exe28⤵
- Executes dropped EXE
-
\??\c:\bhhbnb.exec:\bhhbnb.exe29⤵
- Executes dropped EXE
-
\??\c:\9vvjv.exec:\9vvjv.exe30⤵
- Executes dropped EXE
-
\??\c:\1rlfrlf.exec:\1rlfrlf.exe31⤵
- Executes dropped EXE
-
\??\c:\lfffrrx.exec:\lfffrrx.exe32⤵
- Executes dropped EXE
-
\??\c:\tbbthb.exec:\tbbthb.exe33⤵
- Executes dropped EXE
-
\??\c:\hhnbth.exec:\hhnbth.exe34⤵
- Executes dropped EXE
-
\??\c:\pdpjp.exec:\pdpjp.exe35⤵
- Executes dropped EXE
-
\??\c:\1lrllff.exec:\1lrllff.exe36⤵
- Executes dropped EXE
-
\??\c:\rxlfxrl.exec:\rxlfxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\tnhhbt.exec:\tnhhbt.exe38⤵
- Executes dropped EXE
-
\??\c:\hbtnbt.exec:\hbtnbt.exe39⤵
- Executes dropped EXE
-
\??\c:\3vvpd.exec:\3vvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\djdvd.exec:\djdvd.exe41⤵
- Executes dropped EXE
-
\??\c:\lxfffrr.exec:\lxfffrr.exe42⤵
- Executes dropped EXE
-
\??\c:\bntnhh.exec:\bntnhh.exe43⤵
- Executes dropped EXE
-
\??\c:\nbnbtn.exec:\nbnbtn.exe44⤵
- Executes dropped EXE
-
\??\c:\dpvjj.exec:\dpvjj.exe45⤵
- Executes dropped EXE
-
\??\c:\vvpdv.exec:\vvpdv.exe46⤵
- Executes dropped EXE
-
\??\c:\xffxfxr.exec:\xffxfxr.exe47⤵
- Executes dropped EXE
-
\??\c:\bttnht.exec:\bttnht.exe48⤵
- Executes dropped EXE
-
\??\c:\nnhbtt.exec:\nnhbtt.exe49⤵
- Executes dropped EXE
-
\??\c:\pvpjv.exec:\pvpjv.exe50⤵
- Executes dropped EXE
-
\??\c:\xllffxx.exec:\xllffxx.exe51⤵
- Executes dropped EXE
-
\??\c:\nnnnbt.exec:\nnnnbt.exe52⤵
- Executes dropped EXE
-
\??\c:\bhnhtb.exec:\bhnhtb.exe53⤵
- Executes dropped EXE
-
\??\c:\ppvvp.exec:\ppvvp.exe54⤵
- Executes dropped EXE
-
\??\c:\rrrlxrl.exec:\rrrlxrl.exe55⤵
- Executes dropped EXE
-
\??\c:\3htthh.exec:\3htthh.exe56⤵
- Executes dropped EXE
-
\??\c:\9vvpv.exec:\9vvpv.exe57⤵
- Executes dropped EXE
-
\??\c:\ddpjd.exec:\ddpjd.exe58⤵
- Executes dropped EXE
-
\??\c:\rffxrlf.exec:\rffxrlf.exe59⤵
- Executes dropped EXE
-
\??\c:\bnnnhb.exec:\bnnnhb.exe60⤵
- Executes dropped EXE
-
\??\c:\dvddd.exec:\dvddd.exe61⤵
- Executes dropped EXE
-
\??\c:\9xlxlfr.exec:\9xlxlfr.exe62⤵
- Executes dropped EXE
-
\??\c:\xffxrll.exec:\xffxrll.exe63⤵
- Executes dropped EXE
-
\??\c:\nthhbt.exec:\nthhbt.exe64⤵
- Executes dropped EXE
-
\??\c:\bhntbt.exec:\bhntbt.exe65⤵
- Executes dropped EXE
-
\??\c:\pvjpj.exec:\pvjpj.exe66⤵
-
\??\c:\xxxrlfx.exec:\xxxrlfx.exe67⤵
-
\??\c:\1rlfrlx.exec:\1rlfrlx.exe68⤵
-
\??\c:\3hnhbt.exec:\3hnhbt.exe69⤵
-
\??\c:\pvdvd.exec:\pvdvd.exe70⤵
-
\??\c:\xrxlrlf.exec:\xrxlrlf.exe71⤵
-
\??\c:\5lrlxrl.exec:\5lrlxrl.exe72⤵
-
\??\c:\hhhbnn.exec:\hhhbnn.exe73⤵
-
\??\c:\vvvpd.exec:\vvvpd.exe74⤵
-
\??\c:\fxrlxrx.exec:\fxrlxrx.exe75⤵
-
\??\c:\xrllfxr.exec:\xrllfxr.exe76⤵
-
\??\c:\fllfxxl.exec:\fllfxxl.exe77⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe78⤵
-
\??\c:\9ddpd.exec:\9ddpd.exe79⤵
-
\??\c:\frrlxrl.exec:\frrlxrl.exe80⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe81⤵
-
\??\c:\jjpjv.exec:\jjpjv.exe82⤵
-
\??\c:\ffllfff.exec:\ffllfff.exe83⤵
-
\??\c:\hbnbhh.exec:\hbnbhh.exe84⤵
-
\??\c:\dddvd.exec:\dddvd.exe85⤵
-
\??\c:\flfrfxr.exec:\flfrfxr.exe86⤵
-
\??\c:\lflfrlx.exec:\lflfrlx.exe87⤵
-
\??\c:\9djjv.exec:\9djjv.exe88⤵
-
\??\c:\rxffxxx.exec:\rxffxxx.exe89⤵
-
\??\c:\5xffflf.exec:\5xffflf.exe90⤵
-
\??\c:\nnnbtb.exec:\nnnbtb.exe91⤵
-
\??\c:\dpvvp.exec:\dpvvp.exe92⤵
-
\??\c:\5vvjj.exec:\5vvjj.exe93⤵
-
\??\c:\lfrffxx.exec:\lfrffxx.exe94⤵
-
\??\c:\lrrrffx.exec:\lrrrffx.exe95⤵
-
\??\c:\tbbbbt.exec:\tbbbbt.exe96⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe97⤵
-
\??\c:\jddvd.exec:\jddvd.exe98⤵
-
\??\c:\lflxlll.exec:\lflxlll.exe99⤵
-
\??\c:\3lrlxlx.exec:\3lrlxlx.exe100⤵
-
\??\c:\bttbtb.exec:\bttbtb.exe101⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe102⤵
-
\??\c:\jjddj.exec:\jjddj.exe103⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe104⤵
-
\??\c:\fxrrfxl.exec:\fxrrfxl.exe105⤵
-
\??\c:\xxrrrlf.exec:\xxrrrlf.exe106⤵
-
\??\c:\hhnntt.exec:\hhnntt.exe107⤵
-
\??\c:\dpvpd.exec:\dpvpd.exe108⤵
-
\??\c:\djjpd.exec:\djjpd.exe109⤵
-
\??\c:\flfrffr.exec:\flfrffr.exe110⤵
-
\??\c:\xfrfrrl.exec:\xfrfrrl.exe111⤵
-
\??\c:\hnbbtt.exec:\hnbbtt.exe112⤵
-
\??\c:\hhhbnh.exec:\hhhbnh.exe113⤵
-
\??\c:\vjjdj.exec:\vjjdj.exe114⤵
-
\??\c:\7pvjp.exec:\7pvjp.exe115⤵
-
\??\c:\xxfxxrl.exec:\xxfxxrl.exe116⤵
-
\??\c:\9xxrfxr.exec:\9xxrfxr.exe117⤵
-
\??\c:\5ttnbt.exec:\5ttnbt.exe118⤵
-
\??\c:\bnnbbt.exec:\bnnbbt.exe119⤵
-
\??\c:\1ddvp.exec:\1ddvp.exe120⤵
-
\??\c:\flllxxr.exec:\flllxxr.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-