Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
27/04/2024, 00:45
General
-
Target
0207be56172ef24acfda330d48fd7c8c_JaffaCakes118.exe
-
Size
232KB
-
MD5
0207be56172ef24acfda330d48fd7c8c
-
SHA1
be59f20aa13224a4f245c3c0e50eccfeed1bbece
-
SHA256
3a9a57d586141522128c8fb98ca1c1846d63309816a38b3672c7a743d90c0feb
-
SHA512
e3d55842c24a72580789c9289d812682bb1bbc24ecba1c4a334e8c44044c6094211b7ed4554ef596b5b74e57492f22b879d54f2b17c7ec931ef60e13b9041404
-
SSDEEP
3072:ThOmTsF93UYfwC6GIout0fmCiiiXAsACF486jFX8fkYtB6J6eUTV4qQG4:Tcm4FmowdHoSgWrXD486jFX88Y/eUBY
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 51 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0207be56172ef24acfda330d48fd7c8c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0207be56172ef24acfda330d48fd7c8c_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xjlnx.exec:\xjlnx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnftnln.exec:\hnftnln.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ldlfd.exec:\ldlfd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdxjvfj.exec:\rdxjvfj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxnplhp.exec:\lxnplhp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rdlxhxh.exec:\rdlxhxh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrprtt.exec:\rrprtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\txjlr.exec:\txjlr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrttr.exec:\hrttr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrpvdj.exec:\rrpvdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jhftfvd.exec:\jhftfvd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrplp.exec:\xrplp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thllb.exec:\thllb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vbdrlj.exec:\vbdrlj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pfpthhb.exec:\pfpthhb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xvfdbvj.exec:\xvfdbvj.exe17⤵
- Executes dropped EXE
-
\??\c:\hpptdtl.exec:\hpptdtl.exe18⤵
- Executes dropped EXE
-
\??\c:\jfpndf.exec:\jfpndf.exe19⤵
- Executes dropped EXE
-
\??\c:\ldjtp.exec:\ldjtp.exe20⤵
- Executes dropped EXE
-
\??\c:\phpvbb.exec:\phpvbb.exe21⤵
- Executes dropped EXE
-
\??\c:\dxhrnjn.exec:\dxhrnjn.exe22⤵
- Executes dropped EXE
-
\??\c:\lnjvr.exec:\lnjvr.exe23⤵
- Executes dropped EXE
-
\??\c:\njpjl.exec:\njpjl.exe24⤵
- Executes dropped EXE
-
\??\c:\ddhpbnt.exec:\ddhpbnt.exe25⤵
- Executes dropped EXE
-
\??\c:\nvxrb.exec:\nvxrb.exe26⤵
- Executes dropped EXE
-
\??\c:\nbhldr.exec:\nbhldr.exe27⤵
- Executes dropped EXE
-
\??\c:\fhxbj.exec:\fhxbj.exe28⤵
- Executes dropped EXE
-
\??\c:\jbrdtv.exec:\jbrdtv.exe29⤵
- Executes dropped EXE
-
\??\c:\vxdrnh.exec:\vxdrnh.exe30⤵
- Executes dropped EXE
-
\??\c:\nljtjn.exec:\nljtjn.exe31⤵
- Executes dropped EXE
-
\??\c:\lhdxjv.exec:\lhdxjv.exe32⤵
- Executes dropped EXE
-
\??\c:\tjlbdn.exec:\tjlbdn.exe33⤵
- Executes dropped EXE
-
\??\c:\tlnrdlp.exec:\tlnrdlp.exe34⤵
- Executes dropped EXE
-
\??\c:\npxtrxv.exec:\npxtrxv.exe35⤵
- Executes dropped EXE
-
\??\c:\bttnb.exec:\bttnb.exe36⤵
- Executes dropped EXE
-
\??\c:\hhhblnh.exec:\hhhblnh.exe37⤵
- Executes dropped EXE
-
\??\c:\blvbv.exec:\blvbv.exe38⤵
- Executes dropped EXE
-
\??\c:\bhtdjr.exec:\bhtdjr.exe39⤵
- Executes dropped EXE
-
\??\c:\tlxnh.exec:\tlxnh.exe40⤵
- Executes dropped EXE
-
\??\c:\btttfnf.exec:\btttfnf.exe41⤵
- Executes dropped EXE
-
\??\c:\bhjdx.exec:\bhjdx.exe42⤵
-
\??\c:\pntplt.exec:\pntplt.exe43⤵
- Executes dropped EXE
-
\??\c:\dfnltl.exec:\dfnltl.exe44⤵
- Executes dropped EXE
-
\??\c:\jltttt.exec:\jltttt.exe45⤵
- Executes dropped EXE
-
\??\c:\bdnlt.exec:\bdnlt.exe46⤵
- Executes dropped EXE
-
\??\c:\jpbjb.exec:\jpbjb.exe47⤵
- Executes dropped EXE
-
\??\c:\rbtnxn.exec:\rbtnxn.exe48⤵
- Executes dropped EXE
-
\??\c:\fvxfpdv.exec:\fvxfpdv.exe49⤵
- Executes dropped EXE
-
\??\c:\rtbpfjh.exec:\rtbpfjh.exe50⤵
- Executes dropped EXE
-
\??\c:\njpnd.exec:\njpnd.exe51⤵
- Executes dropped EXE
-
\??\c:\vdvxj.exec:\vdvxj.exe52⤵
- Executes dropped EXE
-
\??\c:\xbdtd.exec:\xbdtd.exe53⤵
- Executes dropped EXE
-
\??\c:\nxbpnbh.exec:\nxbpnbh.exe54⤵
- Executes dropped EXE
-
\??\c:\dtptvv.exec:\dtptvv.exe55⤵
- Executes dropped EXE
-
\??\c:\drxpb.exec:\drxpb.exe56⤵
- Executes dropped EXE
-
\??\c:\vxtlrnt.exec:\vxtlrnt.exe57⤵
- Executes dropped EXE
-
\??\c:\lptpthp.exec:\lptpthp.exe58⤵
- Executes dropped EXE
-
\??\c:\thhdpfp.exec:\thhdpfp.exe59⤵
- Executes dropped EXE
-
\??\c:\xnbfth.exec:\xnbfth.exe60⤵
- Executes dropped EXE
-
\??\c:\vnrnbn.exec:\vnrnbn.exe61⤵
- Executes dropped EXE
-
\??\c:\dpljdjt.exec:\dpljdjt.exe62⤵
- Executes dropped EXE
-
\??\c:\htbdlft.exec:\htbdlft.exe63⤵
- Executes dropped EXE
-
\??\c:\hffdbhd.exec:\hffdbhd.exe64⤵
- Executes dropped EXE
-
\??\c:\njhxxlj.exec:\njhxxlj.exe65⤵
- Executes dropped EXE
-
\??\c:\lvfff.exec:\lvfff.exe66⤵
- Executes dropped EXE
-
\??\c:\nnpdrrp.exec:\nnpdrrp.exe67⤵
-
\??\c:\fdnxndd.exec:\fdnxndd.exe68⤵
-
\??\c:\jbvxjv.exec:\jbvxjv.exe69⤵
-
\??\c:\fjbjr.exec:\fjbjr.exe70⤵
-
\??\c:\vhdxlh.exec:\vhdxlh.exe71⤵
-
\??\c:\pjvnt.exec:\pjvnt.exe72⤵
-
\??\c:\xrrbjt.exec:\xrrbjt.exe73⤵
-
\??\c:\brpfrxh.exec:\brpfrxh.exe74⤵
-
\??\c:\jrxhrjj.exec:\jrxhrjj.exe75⤵
-
\??\c:\tfnnr.exec:\tfnnr.exe76⤵
-
\??\c:\dbvrb.exec:\dbvrb.exe77⤵
-
\??\c:\nbtffdh.exec:\nbtffdh.exe78⤵
-
\??\c:\xvrbfn.exec:\xvrbfn.exe79⤵
-
\??\c:\xlbhp.exec:\xlbhp.exe80⤵
-
\??\c:\jbfrtlh.exec:\jbfrtlh.exe81⤵
-
\??\c:\pfdnbj.exec:\pfdnbj.exe82⤵
-
\??\c:\lfhjxd.exec:\lfhjxd.exe83⤵
-
\??\c:\hhxth.exec:\hhxth.exe84⤵
-
\??\c:\bfbpfdl.exec:\bfbpfdl.exe85⤵
-
\??\c:\dbhnvvt.exec:\dbhnvvt.exe86⤵
-
\??\c:\jbttppv.exec:\jbttppv.exe87⤵
-
\??\c:\fjfdxr.exec:\fjfdxr.exe88⤵
-
\??\c:\jprvt.exec:\jprvt.exe89⤵
-
\??\c:\rpdvp.exec:\rpdvp.exe90⤵
-
\??\c:\bpfrj.exec:\bpfrj.exe91⤵
-
\??\c:\rxvpfvl.exec:\rxvpfvl.exe92⤵
-
\??\c:\xfbvt.exec:\xfbvt.exe93⤵
-
\??\c:\frvxv.exec:\frvxv.exe94⤵
-
\??\c:\ttvttb.exec:\ttvttb.exe95⤵
-
\??\c:\xtrhv.exec:\xtrhv.exe96⤵
-
\??\c:\rbxvv.exec:\rbxvv.exe97⤵
-
\??\c:\hfxfh.exec:\hfxfh.exe98⤵
-
\??\c:\jbpjjh.exec:\jbpjjh.exe99⤵
-
\??\c:\pxhjnf.exec:\pxhjnf.exe100⤵
-
\??\c:\nvttd.exec:\nvttd.exe101⤵
-
\??\c:\lndjfxt.exec:\lndjfxt.exe102⤵
-
\??\c:\ltdfjb.exec:\ltdfjb.exe103⤵
-
\??\c:\vjjlx.exec:\vjjlx.exe104⤵
-
\??\c:\dxjpf.exec:\dxjpf.exe105⤵
-
\??\c:\fxjpldd.exec:\fxjpldd.exe106⤵
-
\??\c:\hbvjx.exec:\hbvjx.exe107⤵
-
\??\c:\xldlv.exec:\xldlv.exe108⤵
-
\??\c:\dfxpd.exec:\dfxpd.exe109⤵
-
\??\c:\tjxnr.exec:\tjxnr.exe110⤵
-
\??\c:\ppjxdt.exec:\ppjxdt.exe111⤵
-
\??\c:\jvfftv.exec:\jvfftv.exe112⤵
-
\??\c:\trrdj.exec:\trrdj.exe113⤵
-
\??\c:\fdjnv.exec:\fdjnv.exe114⤵
-
\??\c:\rdpll.exec:\rdpll.exe115⤵
-
\??\c:\hnxvjlr.exec:\hnxvjlr.exe116⤵
-
\??\c:\vbldxh.exec:\vbldxh.exe117⤵
-
\??\c:\dffpxd.exec:\dffpxd.exe118⤵
-
\??\c:\xhdhrvv.exec:\xhdhrvv.exe119⤵
-
\??\c:\nvljp.exec:\nvljp.exe120⤵
-
\??\c:\lhtttj.exec:\lhtttj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-