Analysis
-
max time kernel
63s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
30-04-2024 04:16
Errors
Reason
Machine shutdown
General
-
Target
08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe
-
Size
73KB
-
MD5
08ffac908feba4ec5c98de62dbbb5675
-
SHA1
7e46ab811b0daa55abbc6131b26d6d482371ff5d
-
SHA256
30b44745dd4b271b93a12b71a74f4083c397d11ec56635993e8851dc8bb701a7
-
SHA512
eb4aecd010c923a71e147036b5277900ad64cdf652ef19e856ddd05a5a486e51b41680d357367224144423682f332affd3bfd25c782e8a5fa89677214440b0ec
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+DQmqc7EfmV+LS:ymb3NkkiQ3mdBjF+3TCg7Ph
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 29 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 31 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\08ffac908feba4ec5c98de62dbbb5675_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\ttnhbb.exec:\ttnhbb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbbhbt.exec:\nbbhbt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7djpv.exec:\7djpv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rrfrlf.exec:\1rrfrlf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7rlxrlx.exec:\7rlxrlx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbtn.exec:\thhbtn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7nnhtn.exec:\7nnhtn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvpjp.exec:\dvpjp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhbhb.exec:\nbhbhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pjvp.exec:\5pjvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpv.exec:\ppvpv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxxlxrx.exec:\rxxlxrx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5nthtn.exec:\5nthtn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5pvpv.exec:\5pvpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvvpd.exec:\jvvpd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xxlxxr.exec:\1xxlxxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlflxrl.exec:\rlflxrl.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhntb.exec:\nbhntb.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjvj.exec:\dpjvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdvp.exec:\pjdvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrflflx.exec:\rrflflx.exe23⤵
- Executes dropped EXE
-
\??\c:\fxrfrlf.exec:\fxrfrlf.exe24⤵
- Executes dropped EXE
-
\??\c:\bnhbnb.exec:\bnhbnb.exe25⤵
- Executes dropped EXE
-
\??\c:\3djdp.exec:\3djdp.exe26⤵
- Executes dropped EXE
-
\??\c:\7hhbhb.exec:\7hhbhb.exe27⤵
- Executes dropped EXE
-
\??\c:\7tnbhh.exec:\7tnbhh.exe28⤵
- Executes dropped EXE
-
\??\c:\jvpdv.exec:\jvpdv.exe29⤵
- Executes dropped EXE
-
\??\c:\xllxlfl.exec:\xllxlfl.exe30⤵
- Executes dropped EXE
-
\??\c:\nhtnhb.exec:\nhtnhb.exe31⤵
- Executes dropped EXE
-
\??\c:\bhhtnh.exec:\bhhtnh.exe32⤵
- Executes dropped EXE
-
\??\c:\jvdvj.exec:\jvdvj.exe33⤵
- Executes dropped EXE
-
\??\c:\nbbnbt.exec:\nbbnbt.exe34⤵
- Executes dropped EXE
-
\??\c:\bbthtn.exec:\bbthtn.exe35⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe36⤵
- Executes dropped EXE
-
\??\c:\flfrxxl.exec:\flfrxxl.exe37⤵
- Executes dropped EXE
-
\??\c:\rrlfxrf.exec:\rrlfxrf.exe38⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe39⤵
- Executes dropped EXE
-
\??\c:\9hnbhh.exec:\9hnbhh.exe40⤵
- Executes dropped EXE
-
\??\c:\1vpjp.exec:\1vpjp.exe41⤵
- Executes dropped EXE
-
\??\c:\lxrflfx.exec:\lxrflfx.exe42⤵
- Executes dropped EXE
-
\??\c:\9llfxxr.exec:\9llfxxr.exe43⤵
- Executes dropped EXE
-
\??\c:\1hbtnh.exec:\1hbtnh.exe44⤵
- Executes dropped EXE
-
\??\c:\nnttbh.exec:\nnttbh.exe45⤵
- Executes dropped EXE
-
\??\c:\djdpd.exec:\djdpd.exe46⤵
- Executes dropped EXE
-
\??\c:\frfxrrx.exec:\frfxrrx.exe47⤵
- Executes dropped EXE
-
\??\c:\xxfrlxr.exec:\xxfrlxr.exe48⤵
- Executes dropped EXE
-
\??\c:\hhhbtb.exec:\hhhbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\bbbnhb.exec:\bbbnhb.exe50⤵
- Executes dropped EXE
-
\??\c:\pdvjd.exec:\pdvjd.exe51⤵
- Executes dropped EXE
-
\??\c:\rlfxllf.exec:\rlfxllf.exe52⤵
- Executes dropped EXE
-
\??\c:\xxllxxr.exec:\xxllxxr.exe53⤵
- Executes dropped EXE
-
\??\c:\5rlfrlf.exec:\5rlfrlf.exe54⤵
- Executes dropped EXE
-
\??\c:\hththt.exec:\hththt.exe55⤵
- Executes dropped EXE
-
\??\c:\5pjpj.exec:\5pjpj.exe56⤵
- Executes dropped EXE
-
\??\c:\ddjpj.exec:\ddjpj.exe57⤵
- Executes dropped EXE
-
\??\c:\lfllxlr.exec:\lfllxlr.exe58⤵
- Executes dropped EXE
-
\??\c:\9flxlfx.exec:\9flxlfx.exe59⤵
- Executes dropped EXE
-
\??\c:\9ntnhh.exec:\9ntnhh.exe60⤵
- Executes dropped EXE
-
\??\c:\ntnbnh.exec:\ntnbnh.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvjv.exec:\jvvjv.exe62⤵
- Executes dropped EXE
-
\??\c:\5ddjv.exec:\5ddjv.exe63⤵
- Executes dropped EXE
-
\??\c:\xrfrlll.exec:\xrfrlll.exe64⤵
- Executes dropped EXE
-
\??\c:\flfxlfr.exec:\flfxlfr.exe65⤵
- Executes dropped EXE
-
\??\c:\tbbnht.exec:\tbbnht.exe66⤵
-
\??\c:\5nnhnn.exec:\5nnhnn.exe67⤵
-
\??\c:\9vpjp.exec:\9vpjp.exe68⤵
-
\??\c:\vjjdp.exec:\vjjdp.exe69⤵
-
\??\c:\5xxxfxr.exec:\5xxxfxr.exe70⤵
-
\??\c:\5hhtnb.exec:\5hhtnb.exe71⤵
-
\??\c:\nbbnbb.exec:\nbbnbb.exe72⤵
-
\??\c:\7xrlrlr.exec:\7xrlrlr.exe73⤵
-
\??\c:\bhttnb.exec:\bhttnb.exe74⤵
-
\??\c:\3pjdp.exec:\3pjdp.exe75⤵
-
\??\c:\5nbthh.exec:\5nbthh.exe76⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe77⤵
-
\??\c:\djdpd.exec:\djdpd.exe78⤵
-
\??\c:\lfffxxr.exec:\lfffxxr.exe79⤵
-
\??\c:\rxxlfxr.exec:\rxxlfxr.exe80⤵
-
\??\c:\btbtbt.exec:\btbtbt.exe81⤵
-
\??\c:\5ttttn.exec:\5ttttn.exe82⤵
-
\??\c:\jdvpp.exec:\jdvpp.exe83⤵
-
\??\c:\dvjpd.exec:\dvjpd.exe84⤵
-
\??\c:\lflflfr.exec:\lflflfr.exe85⤵
-
\??\c:\flfxrlf.exec:\flfxrlf.exe86⤵
-
\??\c:\thhbnh.exec:\thhbnh.exe87⤵
-
\??\c:\bhhthb.exec:\bhhthb.exe88⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe89⤵
-
\??\c:\dvpdp.exec:\dvpdp.exe90⤵
-
\??\c:\9rrfxrf.exec:\9rrfxrf.exe91⤵
-
\??\c:\btnttb.exec:\btnttb.exe92⤵
-
\??\c:\htnbnh.exec:\htnbnh.exe93⤵
-
\??\c:\pjddp.exec:\pjddp.exe94⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe95⤵
-
\??\c:\xllfxxx.exec:\xllfxxx.exe96⤵
-
\??\c:\1rlxrlf.exec:\1rlxrlf.exe97⤵
-
\??\c:\nhntnn.exec:\nhntnn.exe98⤵
-
\??\c:\5pppp.exec:\5pppp.exe99⤵
-
\??\c:\ddvjv.exec:\ddvjv.exe100⤵
-
\??\c:\9rrfrlf.exec:\9rrfrlf.exe101⤵
-
\??\c:\5rrfrlx.exec:\5rrfrlx.exe102⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe103⤵
-
\??\c:\btnbhb.exec:\btnbhb.exe104⤵
-
\??\c:\vpdvj.exec:\vpdvj.exe105⤵
-
\??\c:\xrfxfxr.exec:\xrfxfxr.exe106⤵
-
\??\c:\fllfxrl.exec:\fllfxrl.exe107⤵
-
\??\c:\bnbtnh.exec:\bnbtnh.exe108⤵
-
\??\c:\thhnbt.exec:\thhnbt.exe109⤵
-
\??\c:\1dvjj.exec:\1dvjj.exe110⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe111⤵
-
\??\c:\frxrxxf.exec:\frxrxxf.exe112⤵
-
\??\c:\ntnhbt.exec:\ntnhbt.exe113⤵
-
\??\c:\ntntnh.exec:\ntntnh.exe114⤵
-
\??\c:\vpjjv.exec:\vpjjv.exe115⤵
-
\??\c:\9rxlrlf.exec:\9rxlrlf.exe116⤵
-
\??\c:\bhhbtn.exec:\bhhbtn.exe117⤵
-
\??\c:\7nnntt.exec:\7nnntt.exe118⤵
-
\??\c:\djvpj.exec:\djvpj.exe119⤵
-
\??\c:\xrlxrll.exec:\xrlxrll.exe120⤵
-
\??\c:\rxrlxrf.exec:\rxrlxrf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-