Analysis
-
max time kernel
150s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
01/05/2024, 10:36
General
-
Target
0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe
-
Size
375KB
-
MD5
0b93ed3db386dc4c80abd7848470eccc
-
SHA1
bcd9b96ea3b7e56f23e9a2796d4dd9f9b3df072f
-
SHA256
c8b665a23514bc5142d09154b5e25b670ec1b1042b9c19d7a85b1c7f6d9a3aa2
-
SHA512
bcd8eec141ed3cfb1d3b89edf535ee7627f920dcecd2ef62fa07e739c0ad0e0baba797825c7550cfd792a969c3066ed19fcfce8840d8a52cd2e8a73c0604d3be
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFwCFz7:8cm7ImGddXmNt251UriZFwCFz7
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 63 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0b93ed3db386dc4c80abd7848470eccc_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xffxxxx.exec:\xffxxxx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnnht.exec:\9hnnht.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhbthh.exec:\nhbthh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppddd.exec:\ppddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdj.exec:\jjjdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrrxxx.exec:\xxrrxxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1rxrlll.exec:\1rxrlll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\httnhb.exec:\httnhb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9ffxflf.exec:\9ffxflf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7llffff.exec:\7llffff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3tbbtb.exec:\3tbbtb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9xrrllf.exec:\9xrrllf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hnthbh.exec:\hnthbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ttttnn.exec:\ttttnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdddv.exec:\jdddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nthtbb.exec:\nthtbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjdpd.exec:\pjdpd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ffrrrrx.exec:\ffrrrrx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbhh.exec:\hthbhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjjv.exec:\jjjjv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthbbb.exec:\hthbbb.exe23⤵
- Executes dropped EXE
-
\??\c:\ddpdv.exec:\ddpdv.exe24⤵
- Executes dropped EXE
-
\??\c:\xlxxxxx.exec:\xlxxxxx.exe25⤵
- Executes dropped EXE
-
\??\c:\ppjjp.exec:\ppjjp.exe26⤵
- Executes dropped EXE
-
\??\c:\9xfxllf.exec:\9xfxllf.exe27⤵
- Executes dropped EXE
-
\??\c:\jjvpj.exec:\jjvpj.exe28⤵
- Executes dropped EXE
-
\??\c:\rlllfff.exec:\rlllfff.exe29⤵
- Executes dropped EXE
-
\??\c:\bhbbtt.exec:\bhbbtt.exe30⤵
- Executes dropped EXE
-
\??\c:\ddpjj.exec:\ddpjj.exe31⤵
- Executes dropped EXE
-
\??\c:\hnntnt.exec:\hnntnt.exe32⤵
- Executes dropped EXE
-
\??\c:\bntnnh.exec:\bntnnh.exe33⤵
- Executes dropped EXE
-
\??\c:\rlflrrx.exec:\rlflrrx.exe34⤵
- Executes dropped EXE
-
\??\c:\xfrlfff.exec:\xfrlfff.exe35⤵
- Executes dropped EXE
-
\??\c:\bbtnbb.exec:\bbtnbb.exe36⤵
- Executes dropped EXE
-
\??\c:\vpppp.exec:\vpppp.exe37⤵
- Executes dropped EXE
-
\??\c:\xlfrlll.exec:\xlfrlll.exe38⤵
- Executes dropped EXE
-
\??\c:\pdjjj.exec:\pdjjj.exe39⤵
- Executes dropped EXE
-
\??\c:\vjvpd.exec:\vjvpd.exe40⤵
- Executes dropped EXE
-
\??\c:\1lrlflx.exec:\1lrlflx.exe41⤵
- Executes dropped EXE
-
\??\c:\thnnhh.exec:\thnnhh.exe42⤵
- Executes dropped EXE
-
\??\c:\jpppj.exec:\jpppj.exe43⤵
- Executes dropped EXE
-
\??\c:\9djdd.exec:\9djdd.exe44⤵
- Executes dropped EXE
-
\??\c:\rlrrlff.exec:\rlrrlff.exe45⤵
- Executes dropped EXE
-
\??\c:\1bbbtt.exec:\1bbbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\9vjdj.exec:\9vjdj.exe47⤵
- Executes dropped EXE
-
\??\c:\dvdvv.exec:\dvdvv.exe48⤵
- Executes dropped EXE
-
\??\c:\xlrlfll.exec:\xlrlfll.exe49⤵
- Executes dropped EXE
-
\??\c:\9btnhh.exec:\9btnhh.exe50⤵
- Executes dropped EXE
-
\??\c:\pjpjd.exec:\pjpjd.exe51⤵
- Executes dropped EXE
-
\??\c:\ppvpd.exec:\ppvpd.exe52⤵
- Executes dropped EXE
-
\??\c:\5rxxxxx.exec:\5rxxxxx.exe53⤵
- Executes dropped EXE
-
\??\c:\hthbhh.exec:\hthbhh.exe54⤵
- Executes dropped EXE
-
\??\c:\7tttnt.exec:\7tttnt.exe55⤵
- Executes dropped EXE
-
\??\c:\9djvp.exec:\9djvp.exe56⤵
- Executes dropped EXE
-
\??\c:\rflfxxr.exec:\rflfxxr.exe57⤵
- Executes dropped EXE
-
\??\c:\hbnhbt.exec:\hbnhbt.exe58⤵
- Executes dropped EXE
-
\??\c:\1jppd.exec:\1jppd.exe59⤵
- Executes dropped EXE
-
\??\c:\ffrfrrx.exec:\ffrfrrx.exe60⤵
- Executes dropped EXE
-
\??\c:\bbnhbb.exec:\bbnhbb.exe61⤵
- Executes dropped EXE
-
\??\c:\jvvpj.exec:\jvvpj.exe62⤵
- Executes dropped EXE
-
\??\c:\ffllxxx.exec:\ffllxxx.exe63⤵
- Executes dropped EXE
-
\??\c:\ttbhtn.exec:\ttbhtn.exe64⤵
- Executes dropped EXE
-
\??\c:\hnbhtt.exec:\hnbhtt.exe65⤵
- Executes dropped EXE
-
\??\c:\jdpjd.exec:\jdpjd.exe66⤵
-
\??\c:\vvvpp.exec:\vvvpp.exe67⤵
-
\??\c:\llllrrx.exec:\llllrrx.exe68⤵
-
\??\c:\5ntttt.exec:\5ntttt.exe69⤵
-
\??\c:\ppvjv.exec:\ppvjv.exe70⤵
-
\??\c:\fxxrrrl.exec:\fxxrrrl.exe71⤵
-
\??\c:\1lxrlfl.exec:\1lxrlfl.exe72⤵
-
\??\c:\nhhbbb.exec:\nhhbbb.exe73⤵
-
\??\c:\1pvvd.exec:\1pvvd.exe74⤵
-
\??\c:\5lllffx.exec:\5lllffx.exe75⤵
-
\??\c:\tnnhtn.exec:\tnnhtn.exe76⤵
-
\??\c:\7tnbnh.exec:\7tnbnh.exe77⤵
-
\??\c:\pjpjv.exec:\pjpjv.exe78⤵
-
\??\c:\lxxxrff.exec:\lxxxrff.exe79⤵
-
\??\c:\btnbhh.exec:\btnbhh.exe80⤵
-
\??\c:\tbhbbh.exec:\tbhbbh.exe81⤵
-
\??\c:\5jvdd.exec:\5jvdd.exe82⤵
-
\??\c:\hbbttt.exec:\hbbttt.exe83⤵
-
\??\c:\7nnhbb.exec:\7nnhbb.exe84⤵
-
\??\c:\vjjjd.exec:\vjjjd.exe85⤵
-
\??\c:\flrfllx.exec:\flrfllx.exe86⤵
-
\??\c:\hbtttt.exec:\hbtttt.exe87⤵
-
\??\c:\htbttt.exec:\htbttt.exe88⤵
-
\??\c:\vdddj.exec:\vdddj.exe89⤵
-
\??\c:\xlrlfxx.exec:\xlrlfxx.exe90⤵
-
\??\c:\hhhhbb.exec:\hhhhbb.exe91⤵
-
\??\c:\dvjvp.exec:\dvjvp.exe92⤵
-
\??\c:\jvvpj.exec:\jvvpj.exe93⤵
-
\??\c:\rrrxxll.exec:\rrrxxll.exe94⤵
-
\??\c:\btbtbh.exec:\btbtbh.exe95⤵
-
\??\c:\5pvpp.exec:\5pvpp.exe96⤵
-
\??\c:\1llllrr.exec:\1llllrr.exe97⤵
-
\??\c:\rxfxrlf.exec:\rxfxrlf.exe98⤵
-
\??\c:\thtntt.exec:\thtntt.exe99⤵
-
\??\c:\ppdvp.exec:\ppdvp.exe100⤵
-
\??\c:\ffffrrr.exec:\ffffrrr.exe101⤵
-
\??\c:\bbnhnn.exec:\bbnhnn.exe102⤵
-
\??\c:\nthbtt.exec:\nthbtt.exe103⤵
-
\??\c:\dpdvp.exec:\dpdvp.exe104⤵
-
\??\c:\flxfxxr.exec:\flxfxxr.exe105⤵
-
\??\c:\nhbtnn.exec:\nhbtnn.exe106⤵
-
\??\c:\nhttnb.exec:\nhttnb.exe107⤵
-
\??\c:\vvjdj.exec:\vvjdj.exe108⤵
-
\??\c:\vpdvp.exec:\vpdvp.exe109⤵
-
\??\c:\xrfrffx.exec:\xrfrffx.exe110⤵
-
\??\c:\xlrrlll.exec:\xlrrlll.exe111⤵
-
\??\c:\btttnt.exec:\btttnt.exe112⤵
-
\??\c:\tnttnn.exec:\tnttnn.exe113⤵
-
\??\c:\vdjdd.exec:\vdjdd.exe114⤵
-
\??\c:\xlrlllf.exec:\xlrlllf.exe115⤵
-
\??\c:\hbbbbb.exec:\hbbbbb.exe116⤵
-
\??\c:\9ttnhh.exec:\9ttnhh.exe117⤵
-
\??\c:\pjjdv.exec:\pjjdv.exe118⤵
-
\??\c:\ppddd.exec:\ppddd.exe119⤵
-
\??\c:\flfrlxx.exec:\flfrlxx.exe120⤵
-
\??\c:\hbnhbb.exec:\hbnhbb.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-