Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
03/05/2024, 15:24
General
-
Target
10d4a15bca794b6ef16152907fa0ab9d_JaffaCakes118.exe
-
Size
211KB
-
MD5
10d4a15bca794b6ef16152907fa0ab9d
-
SHA1
d78da5933b9c51cc1c2cef17914a0e4663cc1712
-
SHA256
f05ad4441a6258ae559e1e6a499bd2a10d68ace224372e82322e6ac5fde4bb07
-
SHA512
622fc9034f68fcd7667812b677442f9d348f96b3de41ca0bd5715abd6550ead6cf17f6552abb8c5d432e72cdb8caffd7e9555766c8dc2d75886329f2642eec8a
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoGs:Pcm7ImGddXtWrXF5lpKGs
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 64 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10d4a15bca794b6ef16152907fa0ab9d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\10d4a15bca794b6ef16152907fa0ab9d_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\djdpj.exec:\djdpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frfrrlf.exec:\frfrrlf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\frlrlfr.exec:\frlrlfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnhbtn.exec:\tnhbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3vdpj.exec:\3vdpj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1pdvj.exec:\1pdvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thhbnh.exec:\thhbnh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddjv.exec:\7ddjv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxrrlll.exec:\fxrrlll.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thnhnh.exec:\thnhnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7ddvp.exec:\7ddvp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hntnhb.exec:\hntnhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dpjp.exec:\1dpjp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lxxrrrr.exec:\lxxrrrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5hhbbt.exec:\5hhbbt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xfffffr.exec:\xfffffr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnntnn.exec:\tnntnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1nbntt.exec:\1nbntt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjpjp.exec:\vjpjp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbbbhb.exec:\hbbbhb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlxrf.exec:\xxxlxrf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htthtn.exec:\htthtn.exe23⤵
- Executes dropped EXE
-
\??\c:\pdvdv.exec:\pdvdv.exe24⤵
- Executes dropped EXE
-
\??\c:\9rrfxxr.exec:\9rrfxxr.exe25⤵
- Executes dropped EXE
-
\??\c:\pjjjj.exec:\pjjjj.exe26⤵
- Executes dropped EXE
-
\??\c:\5vvjv.exec:\5vvjv.exe27⤵
- Executes dropped EXE
-
\??\c:\ntthht.exec:\ntthht.exe28⤵
- Executes dropped EXE
-
\??\c:\7vpjd.exec:\7vpjd.exe29⤵
- Executes dropped EXE
-
\??\c:\fxxxlll.exec:\fxxxlll.exe30⤵
- Executes dropped EXE
-
\??\c:\thhtnh.exec:\thhtnh.exe31⤵
- Executes dropped EXE
-
\??\c:\vjpdp.exec:\vjpdp.exe32⤵
- Executes dropped EXE
-
\??\c:\vjpjd.exec:\vjpjd.exe33⤵
- Executes dropped EXE
-
\??\c:\rllxlfr.exec:\rllxlfr.exe34⤵
- Executes dropped EXE
-
\??\c:\3ttnbt.exec:\3ttnbt.exe35⤵
- Executes dropped EXE
-
\??\c:\bnnbtn.exec:\bnnbtn.exe36⤵
- Executes dropped EXE
-
\??\c:\pjpdj.exec:\pjpdj.exe37⤵
- Executes dropped EXE
-
\??\c:\5llrlfr.exec:\5llrlfr.exe38⤵
- Executes dropped EXE
-
\??\c:\lxfxrll.exec:\lxfxrll.exe39⤵
- Executes dropped EXE
-
\??\c:\nnnhbt.exec:\nnnhbt.exe40⤵
- Executes dropped EXE
-
\??\c:\9bnhtn.exec:\9bnhtn.exe41⤵
- Executes dropped EXE
-
\??\c:\7ppjv.exec:\7ppjv.exe42⤵
- Executes dropped EXE
-
\??\c:\pjdvj.exec:\pjdvj.exe43⤵
- Executes dropped EXE
-
\??\c:\1xrfxxl.exec:\1xrfxxl.exe44⤵
- Executes dropped EXE
-
\??\c:\hbhbnh.exec:\hbhbnh.exe45⤵
- Executes dropped EXE
-
\??\c:\vpjdd.exec:\vpjdd.exe46⤵
- Executes dropped EXE
-
\??\c:\lxlfllr.exec:\lxlfllr.exe47⤵
- Executes dropped EXE
-
\??\c:\nnttnt.exec:\nnttnt.exe48⤵
- Executes dropped EXE
-
\??\c:\jpvpj.exec:\jpvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\dvpjd.exec:\dvpjd.exe50⤵
- Executes dropped EXE
-
\??\c:\rlrfxrl.exec:\rlrfxrl.exe51⤵
- Executes dropped EXE
-
\??\c:\bnntbt.exec:\bnntbt.exe52⤵
- Executes dropped EXE
-
\??\c:\5pvjd.exec:\5pvjd.exe53⤵
- Executes dropped EXE
-
\??\c:\pjjvv.exec:\pjjvv.exe54⤵
- Executes dropped EXE
-
\??\c:\3flxxxf.exec:\3flxxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\rfrlfxx.exec:\rfrlfxx.exe56⤵
- Executes dropped EXE
-
\??\c:\3tthtn.exec:\3tthtn.exe57⤵
- Executes dropped EXE
-
\??\c:\thhbtn.exec:\thhbtn.exe58⤵
- Executes dropped EXE
-
\??\c:\dvpjv.exec:\dvpjv.exe59⤵
- Executes dropped EXE
-
\??\c:\9lfxlfx.exec:\9lfxlfx.exe60⤵
- Executes dropped EXE
-
\??\c:\9ffxlfr.exec:\9ffxlfr.exe61⤵
- Executes dropped EXE
-
\??\c:\nbbttn.exec:\nbbttn.exe62⤵
- Executes dropped EXE
-
\??\c:\tttnnh.exec:\tttnnh.exe63⤵
- Executes dropped EXE
-
\??\c:\vvvvj.exec:\vvvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\xrlrllx.exec:\xrlrllx.exe65⤵
- Executes dropped EXE
-
\??\c:\rlffrfx.exec:\rlffrfx.exe66⤵
-
\??\c:\bhhbnh.exec:\bhhbnh.exe67⤵
-
\??\c:\hbnbbh.exec:\hbnbbh.exe68⤵
-
\??\c:\7vvdv.exec:\7vvdv.exe69⤵
-
\??\c:\fllfxrr.exec:\fllfxrr.exe70⤵
-
\??\c:\3xrlfxr.exec:\3xrlfxr.exe71⤵
-
\??\c:\tbtnhb.exec:\tbtnhb.exe72⤵
-
\??\c:\jvvjd.exec:\jvvjd.exe73⤵
-
\??\c:\dvdvv.exec:\dvdvv.exe74⤵
-
\??\c:\5frfxlx.exec:\5frfxlx.exe75⤵
-
\??\c:\lxxxrfx.exec:\lxxxrfx.exe76⤵
-
\??\c:\bhnhhb.exec:\bhnhhb.exe77⤵
-
\??\c:\tnthtn.exec:\tnthtn.exe78⤵
-
\??\c:\7vpdd.exec:\7vpdd.exe79⤵
-
\??\c:\pjdvp.exec:\pjdvp.exe80⤵
-
\??\c:\xlrffxx.exec:\xlrffxx.exe81⤵
-
\??\c:\rlxrlff.exec:\rlxrlff.exe82⤵
-
\??\c:\tnhhnn.exec:\tnhhnn.exe83⤵
-
\??\c:\5jjdv.exec:\5jjdv.exe84⤵
-
\??\c:\jjvpj.exec:\jjvpj.exe85⤵
-
\??\c:\xfllfll.exec:\xfllfll.exe86⤵
-
\??\c:\5rlfrlf.exec:\5rlfrlf.exe87⤵
-
\??\c:\nbbnbt.exec:\nbbnbt.exe88⤵
-
\??\c:\9nhbtt.exec:\9nhbtt.exe89⤵
-
\??\c:\vppdv.exec:\vppdv.exe90⤵
-
\??\c:\dvvpp.exec:\dvvpp.exe91⤵
-
\??\c:\lxxfrlf.exec:\lxxfrlf.exe92⤵
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe93⤵
-
\??\c:\1ttbtt.exec:\1ttbtt.exe94⤵
-
\??\c:\nhbtbb.exec:\nhbtbb.exe95⤵
-
\??\c:\1pdvj.exec:\1pdvj.exe96⤵
-
\??\c:\dvdpd.exec:\dvdpd.exe97⤵
-
\??\c:\7rlxlfx.exec:\7rlxlfx.exe98⤵
-
\??\c:\xxfxxrl.exec:\xxfxxrl.exe99⤵
-
\??\c:\tnbtnh.exec:\tnbtnh.exe100⤵
-
\??\c:\5vdvp.exec:\5vdvp.exe101⤵
-
\??\c:\vjppp.exec:\vjppp.exe102⤵
-
\??\c:\ffxrxrl.exec:\ffxrxrl.exe103⤵
-
\??\c:\xfrlxxl.exec:\xfrlxxl.exe104⤵
-
\??\c:\btnhbh.exec:\btnhbh.exe105⤵
-
\??\c:\vjpjv.exec:\vjpjv.exe106⤵
-
\??\c:\9vppj.exec:\9vppj.exe107⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe108⤵
-
\??\c:\fxxrxxl.exec:\fxxrxxl.exe109⤵
-
\??\c:\9nnhtb.exec:\9nnhtb.exe110⤵
-
\??\c:\5hthhb.exec:\5hthhb.exe111⤵
-
\??\c:\vvpjv.exec:\vvpjv.exe112⤵
-
\??\c:\pvddd.exec:\pvddd.exe113⤵
-
\??\c:\xlrllll.exec:\xlrllll.exe114⤵
-
\??\c:\pvdvj.exec:\pvdvj.exe115⤵
-
\??\c:\lxxrlfx.exec:\lxxrlfx.exe116⤵
-
\??\c:\frrlrlr.exec:\frrlrlr.exe117⤵
-
\??\c:\bnnhtt.exec:\bnnhtt.exe118⤵
-
\??\c:\1btttn.exec:\1btttn.exe119⤵
-
\??\c:\jdpjv.exec:\jdpjv.exe120⤵
-
\??\c:\fxxxlrl.exec:\fxxxlrl.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-