Analysis
-
max time kernel
150s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
29/04/2024, 10:09
General
-
Target
0767f9d87034325e62e6fa9e967c650e_JaffaCakes118.exe
-
Size
188KB
-
MD5
0767f9d87034325e62e6fa9e967c650e
-
SHA1
1eee318debcf15d0583fb4c282115d72b431c732
-
SHA256
a423ffeb394d1f6c833bcb0d7f21dfb4abc92b19db0c83255719d2846762c938
-
SHA512
6a18065daff329169ab68caebf4139670fa7d7894e7d7eb7c870834aa74e99266ba69cd691bf58fb3a9c5907f839ca917235e0573915b573c16fde3bd0fee501
-
SSDEEP
1536:PvQBeOGtrYSSsrc93UBIfdC67m6AJiqgT4+C2HVMc:PhOm2sI93UufdC67ciJTU2HVB
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0767f9d87034325e62e6fa9e967c650e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0767f9d87034325e62e6fa9e967c650e_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\7llxlxl.exec:\7llxlxl.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bhtnb.exec:\5bhtnb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpp.exec:\jvvpp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ddjvj.exec:\ddjvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rflxlfx.exec:\rflxlfx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpvpd.exec:\dpvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xflxrlf.exec:\xflxrlf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnbtt.exec:\3bnbtt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vddjv.exec:\vddjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjv.exec:\vjpjv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dppdv.exec:\dppdv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vvjv.exec:\1vvjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfrfx.exec:\rllfrfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbnbt.exec:\tnbnbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7jpdv.exec:\7jpdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5rxxxfx.exec:\5rxxxfx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hhnbtn.exec:\hhnbtn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvdvj.exec:\jvdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ffxlfx.exec:\3ffxlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5bthbt.exec:\5bthbt.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vvjv.exec:\5vvjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxrrfxr.exec:\lxrrfxr.exe23⤵
- Executes dropped EXE
-
\??\c:\tnnhnh.exec:\tnnhnh.exe24⤵
- Executes dropped EXE
-
\??\c:\jjjvj.exec:\jjjvj.exe25⤵
- Executes dropped EXE
-
\??\c:\lffxlfr.exec:\lffxlfr.exe26⤵
- Executes dropped EXE
-
\??\c:\bhhbtn.exec:\bhhbtn.exe27⤵
- Executes dropped EXE
-
\??\c:\pvdpv.exec:\pvdpv.exe28⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe29⤵
- Executes dropped EXE
-
\??\c:\httntn.exec:\httntn.exe30⤵
- Executes dropped EXE
-
\??\c:\pvdpd.exec:\pvdpd.exe31⤵
- Executes dropped EXE
-
\??\c:\pdjvp.exec:\pdjvp.exe32⤵
- Executes dropped EXE
-
\??\c:\rxxxrrl.exec:\rxxxrrl.exe33⤵
- Executes dropped EXE
-
\??\c:\bntnbt.exec:\bntnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\ttnhbt.exec:\ttnhbt.exe35⤵
- Executes dropped EXE
-
\??\c:\vdpjd.exec:\vdpjd.exe36⤵
- Executes dropped EXE
-
\??\c:\pvdvj.exec:\pvdvj.exe37⤵
- Executes dropped EXE
-
\??\c:\xrlfrlf.exec:\xrlfrlf.exe38⤵
- Executes dropped EXE
-
\??\c:\1nhbtt.exec:\1nhbtt.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnnhb.exec:\nnnnhb.exe40⤵
- Executes dropped EXE
-
\??\c:\djpjd.exec:\djpjd.exe41⤵
- Executes dropped EXE
-
\??\c:\3ddvj.exec:\3ddvj.exe42⤵
- Executes dropped EXE
-
\??\c:\xrlfrll.exec:\xrlfrll.exe43⤵
- Executes dropped EXE
-
\??\c:\ththbn.exec:\ththbn.exe44⤵
- Executes dropped EXE
-
\??\c:\nnnbnh.exec:\nnnbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\3vpjv.exec:\3vpjv.exe46⤵
- Executes dropped EXE
-
\??\c:\vppdp.exec:\vppdp.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxlflf.exec:\ffxlflf.exe48⤵
- Executes dropped EXE
-
\??\c:\3flfxrl.exec:\3flfxrl.exe49⤵
- Executes dropped EXE
-
\??\c:\nbthtn.exec:\nbthtn.exe50⤵
- Executes dropped EXE
-
\??\c:\vpjvp.exec:\vpjvp.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe52⤵
- Executes dropped EXE
-
\??\c:\rlfxlff.exec:\rlfxlff.exe53⤵
- Executes dropped EXE
-
\??\c:\llrrffr.exec:\llrrffr.exe54⤵
- Executes dropped EXE
-
\??\c:\btnbnh.exec:\btnbnh.exe55⤵
- Executes dropped EXE
-
\??\c:\3ttnbb.exec:\3ttnbb.exe56⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe57⤵
- Executes dropped EXE
-
\??\c:\ddjjv.exec:\ddjjv.exe58⤵
- Executes dropped EXE
-
\??\c:\xffxlfx.exec:\xffxlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\ffxxxrr.exec:\ffxxxrr.exe60⤵
- Executes dropped EXE
-
\??\c:\7hhtnh.exec:\7hhtnh.exe61⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe62⤵
- Executes dropped EXE
-
\??\c:\jjdpd.exec:\jjdpd.exe63⤵
- Executes dropped EXE
-
\??\c:\lfrrrll.exec:\lfrrrll.exe64⤵
- Executes dropped EXE
-
\??\c:\3xrlxxr.exec:\3xrlxxr.exe65⤵
- Executes dropped EXE
-
\??\c:\7htnnh.exec:\7htnnh.exe66⤵
-
\??\c:\jvjdj.exec:\jvjdj.exe67⤵
-
\??\c:\rrrlffr.exec:\rrrlffr.exe68⤵
-
\??\c:\tbbnbt.exec:\tbbnbt.exe69⤵
-
\??\c:\dvppj.exec:\dvppj.exe70⤵
-
\??\c:\rflfrrl.exec:\rflfrrl.exe71⤵
-
\??\c:\xffrllf.exec:\xffrllf.exe72⤵
-
\??\c:\bnnhbb.exec:\bnnhbb.exe73⤵
-
\??\c:\thnnhn.exec:\thnnhn.exe74⤵
-
\??\c:\vvpvp.exec:\vvpvp.exe75⤵
-
\??\c:\vjvpp.exec:\vjvpp.exe76⤵
-
\??\c:\rxfxlfx.exec:\rxfxlfx.exe77⤵
-
\??\c:\llrrlxr.exec:\llrrlxr.exe78⤵
-
\??\c:\ttnnhb.exec:\ttnnhb.exe79⤵
-
\??\c:\nnhtbt.exec:\nnhtbt.exe80⤵
-
\??\c:\9pvjv.exec:\9pvjv.exe81⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe82⤵
-
\??\c:\lxxrllf.exec:\lxxrllf.exe83⤵
-
\??\c:\xrrxllf.exec:\xrrxllf.exe84⤵
-
\??\c:\tbbthb.exec:\tbbthb.exe85⤵
-
\??\c:\3pvdd.exec:\3pvdd.exe86⤵
-
\??\c:\pvdpd.exec:\pvdpd.exe87⤵
-
\??\c:\fxffxfl.exec:\fxffxfl.exe88⤵
-
\??\c:\llffxrx.exec:\llffxrx.exe89⤵
-
\??\c:\nnbnhn.exec:\nnbnhn.exe90⤵
-
\??\c:\9hnbtb.exec:\9hnbtb.exe91⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe92⤵
-
\??\c:\dvdvp.exec:\dvdvp.exe93⤵
-
\??\c:\fxrlxrl.exec:\fxrlxrl.exe94⤵
-
\??\c:\5htnhb.exec:\5htnhb.exe95⤵
-
\??\c:\httnnh.exec:\httnnh.exe96⤵
-
\??\c:\fxlxrlx.exec:\fxlxrlx.exe97⤵
-
\??\c:\7ffxrlf.exec:\7ffxrlf.exe98⤵
-
\??\c:\9hhtnh.exec:\9hhtnh.exe99⤵
-
\??\c:\jvdvv.exec:\jvdvv.exe100⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe101⤵
-
\??\c:\lfxllfx.exec:\lfxllfx.exe102⤵
-
\??\c:\llrlfxr.exec:\llrlfxr.exe103⤵
-
\??\c:\btbtnh.exec:\btbtnh.exe104⤵
-
\??\c:\dvpjd.exec:\dvpjd.exe105⤵
-
\??\c:\lxxrfxr.exec:\lxxrfxr.exe106⤵
-
\??\c:\hntnhb.exec:\hntnhb.exe107⤵
-
\??\c:\htnhbb.exec:\htnhbb.exe108⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe109⤵
-
\??\c:\lrrlxlf.exec:\lrrlxlf.exe110⤵
-
\??\c:\rxxrlfx.exec:\rxxrlfx.exe111⤵
-
\??\c:\btnnbt.exec:\btnnbt.exe112⤵
-
\??\c:\bhnnbt.exec:\bhnnbt.exe113⤵
-
\??\c:\5jdvj.exec:\5jdvj.exe114⤵
-
\??\c:\xrlxrlf.exec:\xrlxrlf.exe115⤵
-
\??\c:\nbnbtn.exec:\nbnbtn.exe116⤵
-
\??\c:\nbnhhb.exec:\nbnhhb.exe117⤵
-
\??\c:\vpjdp.exec:\vpjdp.exe118⤵
-
\??\c:\3dvpv.exec:\3dvpv.exe119⤵
-
\??\c:\bnnhtn.exec:\bnnhtn.exe120⤵
-
\??\c:\3bbnbt.exec:\3bbnbt.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-