Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30/04/2024, 04:16
General
-
Target
08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe
-
Size
73KB
-
MD5
08ffac908feba4ec5c98de62dbbb5675
-
SHA1
7e46ab811b0daa55abbc6131b26d6d482371ff5d
-
SHA256
30b44745dd4b271b93a12b71a74f4083c397d11ec56635993e8851dc8bb701a7
-
SHA512
eb4aecd010c923a71e147036b5277900ad64cdf652ef19e856ddd05a5a486e51b41680d357367224144423682f332affd3bfd25c782e8a5fa89677214440b0ec
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+DQmqc7EfmV+LS:ymb3NkkiQ3mdBjF+3TCg7Ph
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 23 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 29 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvp.exec:\vpjvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhnntn.exec:\nhnntn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjddv.exec:\pjddv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rllxxl.exec:\7rllxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlflrr.exec:\frlflrr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7pjjp.exec:\7pjjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpjvd.exec:\vpjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xffrfxl.exec:\xffrfxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1lrfflx.exec:\1lrfflx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbthnh.exec:\hbthnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1jddj.exec:\1jddj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdpjj.exec:\jdpjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrflr.exec:\fxrrflr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nhntt.exec:\1nhntt.exe17⤵
- Executes dropped EXE
-
\??\c:\nbhhnn.exec:\nbhhnn.exe18⤵
- Executes dropped EXE
-
\??\c:\9pvjp.exec:\9pvjp.exe19⤵
- Executes dropped EXE
-
\??\c:\xfxxxrf.exec:\xfxxxrf.exe20⤵
- Executes dropped EXE
-
\??\c:\lfrrrxf.exec:\lfrrrxf.exe21⤵
- Executes dropped EXE
-
\??\c:\btnbnh.exec:\btnbnh.exe22⤵
- Executes dropped EXE
-
\??\c:\hbthhn.exec:\hbthhn.exe23⤵
- Executes dropped EXE
-
\??\c:\3jdpd.exec:\3jdpd.exe24⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe25⤵
- Executes dropped EXE
-
\??\c:\lxlllll.exec:\lxlllll.exe26⤵
- Executes dropped EXE
-
\??\c:\hbhhnn.exec:\hbhhnn.exe27⤵
- Executes dropped EXE
-
\??\c:\vpvvd.exec:\vpvvd.exe28⤵
- Executes dropped EXE
-
\??\c:\jdvdj.exec:\jdvdj.exe29⤵
- Executes dropped EXE
-
\??\c:\fxffxll.exec:\fxffxll.exe30⤵
- Executes dropped EXE
-
\??\c:\fxllxxf.exec:\fxllxxf.exe31⤵
- Executes dropped EXE
-
\??\c:\tnhnht.exec:\tnhnht.exe32⤵
- Executes dropped EXE
-
\??\c:\5thnnt.exec:\5thnnt.exe33⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe34⤵
- Executes dropped EXE
-
\??\c:\xrlrfxl.exec:\xrlrfxl.exe35⤵
- Executes dropped EXE
-
\??\c:\ffrxffl.exec:\ffrxffl.exe36⤵
- Executes dropped EXE
-
\??\c:\tbtthh.exec:\tbtthh.exe37⤵
- Executes dropped EXE
-
\??\c:\7bbttb.exec:\7bbttb.exe38⤵
- Executes dropped EXE
-
\??\c:\pvpvp.exec:\pvpvp.exe39⤵
- Executes dropped EXE
-
\??\c:\vpddj.exec:\vpddj.exe40⤵
- Executes dropped EXE
-
\??\c:\rlfllrx.exec:\rlfllrx.exe41⤵
- Executes dropped EXE
-
\??\c:\xrlffxf.exec:\xrlffxf.exe42⤵
- Executes dropped EXE
-
\??\c:\5nhhnn.exec:\5nhhnn.exe43⤵
- Executes dropped EXE
-
\??\c:\hhtbbb.exec:\hhtbbb.exe44⤵
- Executes dropped EXE
-
\??\c:\bnbbnt.exec:\bnbbnt.exe45⤵
- Executes dropped EXE
-
\??\c:\7pvdd.exec:\7pvdd.exe46⤵
- Executes dropped EXE
-
\??\c:\ppdpp.exec:\ppdpp.exe47⤵
- Executes dropped EXE
-
\??\c:\ffxlxlx.exec:\ffxlxlx.exe48⤵
- Executes dropped EXE
-
\??\c:\bbtbbb.exec:\bbtbbb.exe49⤵
- Executes dropped EXE
-
\??\c:\tbbtbn.exec:\tbbtbn.exe50⤵
- Executes dropped EXE
-
\??\c:\nbnttn.exec:\nbnttn.exe51⤵
- Executes dropped EXE
-
\??\c:\pjjpv.exec:\pjjpv.exe52⤵
- Executes dropped EXE
-
\??\c:\1xxrfxf.exec:\1xxrfxf.exe53⤵
- Executes dropped EXE
-
\??\c:\rrrlrlr.exec:\rrrlrlr.exe54⤵
- Executes dropped EXE
-
\??\c:\fxfllrl.exec:\fxfllrl.exe55⤵
- Executes dropped EXE
-
\??\c:\btnthb.exec:\btnthb.exe56⤵
- Executes dropped EXE
-
\??\c:\pjpvd.exec:\pjpvd.exe57⤵
- Executes dropped EXE
-
\??\c:\pdjvv.exec:\pdjvv.exe58⤵
- Executes dropped EXE
-
\??\c:\9xfffrx.exec:\9xfffrx.exe59⤵
- Executes dropped EXE
-
\??\c:\3xxxffl.exec:\3xxxffl.exe60⤵
- Executes dropped EXE
-
\??\c:\nhbbhh.exec:\nhbbhh.exe61⤵
- Executes dropped EXE
-
\??\c:\5hntbh.exec:\5hntbh.exe62⤵
- Executes dropped EXE
-
\??\c:\3jjjv.exec:\3jjjv.exe63⤵
- Executes dropped EXE
-
\??\c:\ddvvd.exec:\ddvvd.exe64⤵
- Executes dropped EXE
-
\??\c:\xrflllf.exec:\xrflllf.exe65⤵
- Executes dropped EXE
-
\??\c:\lrflxxr.exec:\lrflxxr.exe66⤵
-
\??\c:\tnbnnt.exec:\tnbnnt.exe67⤵
-
\??\c:\bhttnt.exec:\bhttnt.exe68⤵
-
\??\c:\jdvdj.exec:\jdvdj.exe69⤵
-
\??\c:\jdpvd.exec:\jdpvd.exe70⤵
-
\??\c:\xrrfffx.exec:\xrrfffx.exe71⤵
-
\??\c:\xxxlrxl.exec:\xxxlrxl.exe72⤵
-
\??\c:\vvppd.exec:\vvppd.exe73⤵
-
\??\c:\dpjpj.exec:\dpjpj.exe74⤵
-
\??\c:\9xrxxxf.exec:\9xrxxxf.exe75⤵
-
\??\c:\1frllff.exec:\1frllff.exe76⤵
-
\??\c:\hbtbbb.exec:\hbtbbb.exe77⤵
-
\??\c:\1hhnhn.exec:\1hhnhn.exe78⤵
-
\??\c:\jvjvj.exec:\jvjvj.exe79⤵
-
\??\c:\9xrxrrx.exec:\9xrxrrx.exe80⤵
-
\??\c:\htbbnn.exec:\htbbnn.exe81⤵
-
\??\c:\nhhttb.exec:\nhhttb.exe82⤵
-
\??\c:\1pppv.exec:\1pppv.exe83⤵
-
\??\c:\jdvjd.exec:\jdvjd.exe84⤵
-
\??\c:\frrlrlr.exec:\frrlrlr.exe85⤵
-
\??\c:\bntnnn.exec:\bntnnn.exe86⤵
-
\??\c:\bthbhh.exec:\bthbhh.exe87⤵
-
\??\c:\5vddv.exec:\5vddv.exe88⤵
-
\??\c:\vpddj.exec:\vpddj.exe89⤵
-
\??\c:\7rlrrrf.exec:\7rlrrrf.exe90⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe91⤵
-
\??\c:\thtttb.exec:\thtttb.exe92⤵
-
\??\c:\vjvdv.exec:\vjvdv.exe93⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe94⤵
-
\??\c:\fxrrlrr.exec:\fxrrlrr.exe95⤵
-
\??\c:\bthhtt.exec:\bthhtt.exe96⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe97⤵
-
\??\c:\jdjdj.exec:\jdjdj.exe98⤵
-
\??\c:\pjvvv.exec:\pjvvv.exe99⤵
-
\??\c:\dvjpp.exec:\dvjpp.exe100⤵
-
\??\c:\xxlrflr.exec:\xxlrflr.exe101⤵
-
\??\c:\1fllrrr.exec:\1fllrrr.exe102⤵
-
\??\c:\1thhnt.exec:\1thhnt.exe103⤵
-
\??\c:\nbhbhb.exec:\nbhbhb.exe104⤵
-
\??\c:\jdjjv.exec:\jdjjv.exe105⤵
-
\??\c:\dvddj.exec:\dvddj.exe106⤵
-
\??\c:\vpdjj.exec:\vpdjj.exe107⤵
-
\??\c:\lfrlrrf.exec:\lfrlrrf.exe108⤵
-
\??\c:\rlflrfr.exec:\rlflrfr.exe109⤵
-
\??\c:\htttbb.exec:\htttbb.exe110⤵
-
\??\c:\7nhttb.exec:\7nhttb.exe111⤵
-
\??\c:\jvvjp.exec:\jvvjp.exe112⤵
-
\??\c:\jvpjp.exec:\jvpjp.exe113⤵
-
\??\c:\xrlllrx.exec:\xrlllrx.exe114⤵
-
\??\c:\rflrxfl.exec:\rflrxfl.exe115⤵
-
\??\c:\nhthtn.exec:\nhthtn.exe116⤵
-
\??\c:\tnhntt.exec:\tnhntt.exe117⤵
-
\??\c:\pjjpj.exec:\pjjpj.exe118⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe119⤵
-
\??\c:\xlxrrrr.exec:\xlxrrrr.exe120⤵
-
\??\c:\xlrrfll.exec:\xlrrfll.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-