Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/04/2024, 21:55
General
-
Target
06287fa228425e823150ed4af3bebd11_JaffaCakes118.exe
-
Size
190KB
-
MD5
06287fa228425e823150ed4af3bebd11
-
SHA1
0995123376c401338ad81e3721f3dff77624b50c
-
SHA256
00772b2f101126e1d227af508946b205f166332dcd14e047ff5d1e7d862f6148
-
SHA512
43356483e92d36eff32e8ff4fe85f442f924a738c8e51bed515c26a20fb6414395c8b9652fe639c0acb1654aa25c67d696685e1e743830b06b7d17649d757a72
-
SSDEEP
1536:EvQBeOGtrYSSsrc93UBIfdC67m6AJiqjt3ufT/FRxZOYCqc:EhOm2sI93UufdC67ciyt3ujFf73c
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 39 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06287fa228425e823150ed4af3bebd11_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\06287fa228425e823150ed4af3bebd11_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\3htthb.exec:\3htthb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddv.exec:\vpddv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxlxlfl.exec:\lxlxlfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrrrr.exec:\frlrrrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5thtnh.exec:\5thtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvvj.exec:\pdvvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3lffxxf.exec:\3lffxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xfflll.exec:\9xfflll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htbhhh.exec:\htbhhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pdvpp.exec:\pdvpp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5frrfff.exec:\5frrfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfrrxxf.exec:\lfrrxxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tnbnt.exec:\1tnbnt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvvv.exec:\jvvvv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frxrlff.exec:\frxrlff.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrffffl.exec:\xrffffl.exe17⤵
- Executes dropped EXE
-
\??\c:\hthbtn.exec:\hthbtn.exe18⤵
- Executes dropped EXE
-
\??\c:\pdppd.exec:\pdppd.exe19⤵
- Executes dropped EXE
-
\??\c:\djvjj.exec:\djvjj.exe20⤵
- Executes dropped EXE
-
\??\c:\7xfffxf.exec:\7xfffxf.exe21⤵
- Executes dropped EXE
-
\??\c:\bnttbt.exec:\bnttbt.exe22⤵
- Executes dropped EXE
-
\??\c:\tnttht.exec:\tnttht.exe23⤵
- Executes dropped EXE
-
\??\c:\jjvdv.exec:\jjvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\7ffxrlr.exec:\7ffxrlr.exe25⤵
- Executes dropped EXE
-
\??\c:\thtbhh.exec:\thtbhh.exe26⤵
- Executes dropped EXE
-
\??\c:\9vvvd.exec:\9vvvd.exe27⤵
- Executes dropped EXE
-
\??\c:\xllxrll.exec:\xllxrll.exe28⤵
- Executes dropped EXE
-
\??\c:\9htbhh.exec:\9htbhh.exe29⤵
- Executes dropped EXE
-
\??\c:\htbbbt.exec:\htbbbt.exe30⤵
- Executes dropped EXE
-
\??\c:\pdjdv.exec:\pdjdv.exe31⤵
- Executes dropped EXE
-
\??\c:\frrrlll.exec:\frrrlll.exe32⤵
- Executes dropped EXE
-
\??\c:\xrxxfxr.exec:\xrxxfxr.exe33⤵
- Executes dropped EXE
-
\??\c:\1tbbbh.exec:\1tbbbh.exe34⤵
- Executes dropped EXE
-
\??\c:\pjvvd.exec:\pjvvd.exe35⤵
- Executes dropped EXE
-
\??\c:\frlffrx.exec:\frlffrx.exe36⤵
- Executes dropped EXE
-
\??\c:\9ffxxrl.exec:\9ffxxrl.exe37⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe38⤵
- Executes dropped EXE
-
\??\c:\nbhbnh.exec:\nbhbnh.exe39⤵
- Executes dropped EXE
-
\??\c:\pdjjv.exec:\pdjjv.exe40⤵
- Executes dropped EXE
-
\??\c:\1pjjj.exec:\1pjjj.exe41⤵
- Executes dropped EXE
-
\??\c:\rlllxlf.exec:\rlllxlf.exe42⤵
- Executes dropped EXE
-
\??\c:\3hnnnh.exec:\3hnnnh.exe43⤵
- Executes dropped EXE
-
\??\c:\hbnhnb.exec:\hbnhnb.exe44⤵
- Executes dropped EXE
-
\??\c:\dpppd.exec:\dpppd.exe45⤵
- Executes dropped EXE
-
\??\c:\5dpvv.exec:\5dpvv.exe46⤵
- Executes dropped EXE
-
\??\c:\xlfflff.exec:\xlfflff.exe47⤵
- Executes dropped EXE
-
\??\c:\rlfrrlr.exec:\rlfrrlr.exe48⤵
- Executes dropped EXE
-
\??\c:\nhhhtt.exec:\nhhhtt.exe49⤵
- Executes dropped EXE
-
\??\c:\1nbhbb.exec:\1nbhbb.exe50⤵
- Executes dropped EXE
-
\??\c:\1pvdv.exec:\1pvdv.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxfxx.exec:\rlfxfxx.exe52⤵
- Executes dropped EXE
-
\??\c:\lxfxrxx.exec:\lxfxrxx.exe53⤵
- Executes dropped EXE
-
\??\c:\htttnn.exec:\htttnn.exe54⤵
- Executes dropped EXE
-
\??\c:\bntttt.exec:\bntttt.exe55⤵
- Executes dropped EXE
-
\??\c:\dpppp.exec:\dpppp.exe56⤵
- Executes dropped EXE
-
\??\c:\5pdvj.exec:\5pdvj.exe57⤵
- Executes dropped EXE
-
\??\c:\nhntnt.exec:\nhntnt.exe58⤵
- Executes dropped EXE
-
\??\c:\nhnnbt.exec:\nhnnbt.exe59⤵
- Executes dropped EXE
-
\??\c:\pjvjp.exec:\pjvjp.exe60⤵
- Executes dropped EXE
-
\??\c:\pdpvd.exec:\pdpvd.exe61⤵
- Executes dropped EXE
-
\??\c:\frxxxrr.exec:\frxxxrr.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhhnn.exec:\nhhhnn.exe63⤵
- Executes dropped EXE
-
\??\c:\1hhhnn.exec:\1hhhnn.exe64⤵
- Executes dropped EXE
-
\??\c:\dvvvd.exec:\dvvvd.exe65⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe66⤵
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe67⤵
-
\??\c:\1bnhhh.exec:\1bnhhh.exe68⤵
-
\??\c:\hhbtbb.exec:\hhbtbb.exe69⤵
-
\??\c:\pdjjd.exec:\pdjjd.exe70⤵
-
\??\c:\xrfffll.exec:\xrfffll.exe71⤵
-
\??\c:\ffxfrxl.exec:\ffxfrxl.exe72⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe73⤵
-
\??\c:\ppddp.exec:\ppddp.exe74⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe75⤵
-
\??\c:\1xllllf.exec:\1xllllf.exe76⤵
-
\??\c:\fxrrllx.exec:\fxrrllx.exe77⤵
-
\??\c:\btbbbt.exec:\btbbbt.exe78⤵
-
\??\c:\pvddd.exec:\pvddd.exe79⤵
-
\??\c:\dvppv.exec:\dvppv.exe80⤵
-
\??\c:\rlxrxfl.exec:\rlxrxfl.exe81⤵
-
\??\c:\frxfrxf.exec:\frxfrxf.exe82⤵
-
\??\c:\1bnnnb.exec:\1bnnnb.exe83⤵
-
\??\c:\ddpjp.exec:\ddpjp.exe84⤵
-
\??\c:\9vjdd.exec:\9vjdd.exe85⤵
-
\??\c:\rrffllx.exec:\rrffllx.exe86⤵
-
\??\c:\rxllllr.exec:\rxllllr.exe87⤵
-
\??\c:\7hnttb.exec:\7hnttb.exe88⤵
-
\??\c:\7tbbtt.exec:\7tbbtt.exe89⤵
-
\??\c:\dpdjj.exec:\dpdjj.exe90⤵
-
\??\c:\dpdjv.exec:\dpdjv.exe91⤵
-
\??\c:\rfrrxrf.exec:\rfrrxrf.exe92⤵
-
\??\c:\hbbhtb.exec:\hbbhtb.exe93⤵
-
\??\c:\nhtbnn.exec:\nhtbnn.exe94⤵
-
\??\c:\pjpvd.exec:\pjpvd.exe95⤵
-
\??\c:\7ddvv.exec:\7ddvv.exe96⤵
-
\??\c:\fxxfllr.exec:\fxxfllr.exe97⤵
-
\??\c:\frfflrr.exec:\frfflrr.exe98⤵
-
\??\c:\bthnbn.exec:\bthnbn.exe99⤵
-
\??\c:\1nnnnn.exec:\1nnnnn.exe100⤵
-
\??\c:\1htbht.exec:\1htbht.exe101⤵
-
\??\c:\pjddj.exec:\pjddj.exe102⤵
-
\??\c:\9vdvj.exec:\9vdvj.exe103⤵
-
\??\c:\frllllx.exec:\frllllx.exe104⤵
-
\??\c:\3frlxrr.exec:\3frlxrr.exe105⤵
-
\??\c:\1bnhnn.exec:\1bnhnn.exe106⤵
-
\??\c:\3jjdv.exec:\3jjdv.exe107⤵
-
\??\c:\jvddv.exec:\jvddv.exe108⤵
-
\??\c:\9rrxxxl.exec:\9rrxxxl.exe109⤵
-
\??\c:\fxrfrxx.exec:\fxrfrxx.exe110⤵
-
\??\c:\nbnnnh.exec:\nbnnnh.exe111⤵
-
\??\c:\ppjpd.exec:\ppjpd.exe112⤵
-
\??\c:\1djdj.exec:\1djdj.exe113⤵
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe114⤵
-
\??\c:\3xlfrfl.exec:\3xlfrfl.exe115⤵
-
\??\c:\3bnthn.exec:\3bnthn.exe116⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe117⤵
-
\??\c:\dpvjp.exec:\dpvjp.exe118⤵
-
\??\c:\xlxxxxr.exec:\xlxxxxr.exe119⤵
-
\??\c:\lfrrffr.exec:\lfrrffr.exe120⤵
-
\??\c:\tnbhht.exec:\tnbhht.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-