Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
01/05/2024, 10:36
General
-
Target
0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe
-
Size
375KB
-
MD5
0b93ed3db386dc4c80abd7848470eccc
-
SHA1
bcd9b96ea3b7e56f23e9a2796d4dd9f9b3df072f
-
SHA256
c8b665a23514bc5142d09154b5e25b670ec1b1042b9c19d7a85b1c7f6d9a3aa2
-
SHA512
bcd8eec141ed3cfb1d3b89edf535ee7627f920dcecd2ef62fa07e739c0ad0e0baba797825c7550cfd792a969c3066ed19fcfce8840d8a52cd2e8a73c0604d3be
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFwCFz7:8cm7ImGddXmNt251UriZFwCFz7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 36 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\frflxxf.exec:\frflxxf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjv.exec:\vpdjv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xrrrrfl.exec:\xrrrrfl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1tbhhh.exec:\1tbhhh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvddj.exec:\jvddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3frlrrx.exec:\3frlrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhtbnn.exec:\nhtbnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpvd.exec:\pjpvd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxlxllx.exec:\fxlxllx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbntn.exec:\tnbntn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpdjp.exec:\vpdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3bnhnh.exec:\3bnhnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdjv.exec:\1pdjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5dppp.exec:\5dppp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnntbn.exec:\hnntbn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhbbh.exec:\nnhbbh.exe17⤵
- Executes dropped EXE
-
\??\c:\9vjdj.exec:\9vjdj.exe18⤵
- Executes dropped EXE
-
\??\c:\frfrrff.exec:\frfrrff.exe19⤵
- Executes dropped EXE
-
\??\c:\hbnntt.exec:\hbnntt.exe20⤵
- Executes dropped EXE
-
\??\c:\frxfrxx.exec:\frxfrxx.exe21⤵
- Executes dropped EXE
-
\??\c:\btbbnn.exec:\btbbnn.exe22⤵
- Executes dropped EXE
-
\??\c:\9djjj.exec:\9djjj.exe23⤵
- Executes dropped EXE
-
\??\c:\lflfllx.exec:\lflfllx.exe24⤵
- Executes dropped EXE
-
\??\c:\3ththb.exec:\3ththb.exe25⤵
- Executes dropped EXE
-
\??\c:\dpvjv.exec:\dpvjv.exe26⤵
- Executes dropped EXE
-
\??\c:\fxllllr.exec:\fxllllr.exe27⤵
- Executes dropped EXE
-
\??\c:\bhtttn.exec:\bhtttn.exe28⤵
- Executes dropped EXE
-
\??\c:\vvjpv.exec:\vvjpv.exe29⤵
- Executes dropped EXE
-
\??\c:\9flflxx.exec:\9flflxx.exe30⤵
- Executes dropped EXE
-
\??\c:\xrrxfff.exec:\xrrxfff.exe31⤵
- Executes dropped EXE
-
\??\c:\9hthnn.exec:\9hthnn.exe32⤵
- Executes dropped EXE
-
\??\c:\vpvdp.exec:\vpvdp.exe33⤵
- Executes dropped EXE
-
\??\c:\fxllxrx.exec:\fxllxrx.exe34⤵
- Executes dropped EXE
-
\??\c:\htbttb.exec:\htbttb.exe35⤵
- Executes dropped EXE
-
\??\c:\ttnhnt.exec:\ttnhnt.exe36⤵
- Executes dropped EXE
-
\??\c:\9jppv.exec:\9jppv.exe37⤵
- Executes dropped EXE
-
\??\c:\jddvv.exec:\jddvv.exe38⤵
- Executes dropped EXE
-
\??\c:\xrlfllr.exec:\xrlfllr.exe39⤵
- Executes dropped EXE
-
\??\c:\tnthbt.exec:\tnthbt.exe40⤵
- Executes dropped EXE
-
\??\c:\vvvpp.exec:\vvvpp.exe41⤵
- Executes dropped EXE
-
\??\c:\tntbnt.exec:\tntbnt.exe42⤵
- Executes dropped EXE
-
\??\c:\9jvvv.exec:\9jvvv.exe43⤵
- Executes dropped EXE
-
\??\c:\rllrxrr.exec:\rllrxrr.exe44⤵
- Executes dropped EXE
-
\??\c:\nhtbnn.exec:\nhtbnn.exe45⤵
- Executes dropped EXE
-
\??\c:\pjddj.exec:\pjddj.exe46⤵
- Executes dropped EXE
-
\??\c:\ddvjd.exec:\ddvjd.exe47⤵
- Executes dropped EXE
-
\??\c:\rlxlrxx.exec:\rlxlrxx.exe48⤵
- Executes dropped EXE
-
\??\c:\1bnbtb.exec:\1bnbtb.exe49⤵
- Executes dropped EXE
-
\??\c:\jdjpv.exec:\jdjpv.exe50⤵
- Executes dropped EXE
-
\??\c:\rrllfxr.exec:\rrllfxr.exe51⤵
- Executes dropped EXE
-
\??\c:\1htntb.exec:\1htntb.exe52⤵
- Executes dropped EXE
-
\??\c:\1tntht.exec:\1tntht.exe53⤵
- Executes dropped EXE
-
\??\c:\vvppd.exec:\vvppd.exe54⤵
- Executes dropped EXE
-
\??\c:\llfrllx.exec:\llfrllx.exe55⤵
- Executes dropped EXE
-
\??\c:\xlxrrrf.exec:\xlxrrrf.exe56⤵
- Executes dropped EXE
-
\??\c:\nhtnbb.exec:\nhtnbb.exe57⤵
- Executes dropped EXE
-
\??\c:\jjvjd.exec:\jjvjd.exe58⤵
- Executes dropped EXE
-
\??\c:\1xlrrxf.exec:\1xlrrxf.exe59⤵
- Executes dropped EXE
-
\??\c:\hbnthh.exec:\hbnthh.exe60⤵
- Executes dropped EXE
-
\??\c:\tnhhtn.exec:\tnhhtn.exe61⤵
- Executes dropped EXE
-
\??\c:\1pvvp.exec:\1pvvp.exe62⤵
- Executes dropped EXE
-
\??\c:\5jdvd.exec:\5jdvd.exe63⤵
- Executes dropped EXE
-
\??\c:\1rxlxxf.exec:\1rxlxxf.exe64⤵
- Executes dropped EXE
-
\??\c:\1hnnnn.exec:\1hnnnn.exe65⤵
- Executes dropped EXE
-
\??\c:\ddpvj.exec:\ddpvj.exe66⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe67⤵
-
\??\c:\rlrxxrf.exec:\rlrxxrf.exe68⤵
-
\??\c:\3hhbhh.exec:\3hhbhh.exe69⤵
-
\??\c:\1nbtbb.exec:\1nbtbb.exe70⤵
-
\??\c:\jvdpp.exec:\jvdpp.exe71⤵
-
\??\c:\llllxfx.exec:\llllxfx.exe72⤵
-
\??\c:\7xlrfrr.exec:\7xlrfrr.exe73⤵
-
\??\c:\btbbnn.exec:\btbbnn.exe74⤵
-
\??\c:\7vpdj.exec:\7vpdj.exe75⤵
-
\??\c:\vjppv.exec:\vjppv.exe76⤵
-
\??\c:\rfrxfxl.exec:\rfrxfxl.exe77⤵
-
\??\c:\hbhnnn.exec:\hbhnnn.exe78⤵
-
\??\c:\7ntbhh.exec:\7ntbhh.exe79⤵
-
\??\c:\3pjpv.exec:\3pjpv.exe80⤵
-
\??\c:\7fxxffl.exec:\7fxxffl.exe81⤵
-
\??\c:\9rflxxl.exec:\9rflxxl.exe82⤵
-
\??\c:\nhnnnn.exec:\nhnnnn.exe83⤵
-
\??\c:\bhtttb.exec:\bhtttb.exe84⤵
-
\??\c:\pdvvj.exec:\pdvvj.exe85⤵
-
\??\c:\7flrxxf.exec:\7flrxxf.exe86⤵
-
\??\c:\lxlrxrf.exec:\lxlrxrf.exe87⤵
-
\??\c:\3tbbbt.exec:\3tbbbt.exe88⤵
-
\??\c:\3bnthb.exec:\3bnthb.exe89⤵
-
\??\c:\jvddd.exec:\jvddd.exe90⤵
-
\??\c:\xlxxxxf.exec:\xlxxxxf.exe91⤵
-
\??\c:\lflxxxr.exec:\lflxxxr.exe92⤵
-
\??\c:\thtbhh.exec:\thtbhh.exe93⤵
-
\??\c:\5tnntt.exec:\5tnntt.exe94⤵
-
\??\c:\5dvjd.exec:\5dvjd.exe95⤵
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe96⤵
-
\??\c:\lllllfl.exec:\lllllfl.exe97⤵
-
\??\c:\nhbbhn.exec:\nhbbhn.exe98⤵
-
\??\c:\dpjpv.exec:\dpjpv.exe99⤵
-
\??\c:\vjppv.exec:\vjppv.exe100⤵
-
\??\c:\lfxxxrr.exec:\lfxxxrr.exe101⤵
-
\??\c:\xrrxfrl.exec:\xrrxfrl.exe102⤵
-
\??\c:\nhtbth.exec:\nhtbth.exe103⤵
-
\??\c:\nhhhnb.exec:\nhhhnb.exe104⤵
-
\??\c:\9dddj.exec:\9dddj.exe105⤵
-
\??\c:\flfrxxl.exec:\flfrxxl.exe106⤵
-
\??\c:\llfflxr.exec:\llfflxr.exe107⤵
-
\??\c:\tnntbt.exec:\tnntbt.exe108⤵
-
\??\c:\dvpjv.exec:\dvpjv.exe109⤵
-
\??\c:\jvpjj.exec:\jvpjj.exe110⤵
-
\??\c:\rlflxxl.exec:\rlflxxl.exe111⤵
-
\??\c:\1bhbhb.exec:\1bhbhb.exe112⤵
-
\??\c:\nnhbhn.exec:\nnhbhn.exe113⤵
-
\??\c:\ppjjd.exec:\ppjjd.exe114⤵
-
\??\c:\rfrxfff.exec:\rfrxfff.exe115⤵
-
\??\c:\3xlffff.exec:\3xlffff.exe116⤵
-
\??\c:\3htbbb.exec:\3htbbb.exe117⤵
-
\??\c:\ddppp.exec:\ddppp.exe118⤵
-
\??\c:\vvvpv.exec:\vvvpv.exe119⤵
-
\??\c:\3rlxflx.exec:\3rlxflx.exe120⤵
-
\??\c:\bbttbh.exec:\bbttbh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-