Analysis
-
max time kernel
149s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
04/05/2024, 09:25
General
-
Target
12180c3605b3e9d5bfa6e6f990b012d8_JaffaCakes118.exe
-
Size
75KB
-
MD5
12180c3605b3e9d5bfa6e6f990b012d8
-
SHA1
f21b1314e7b1fb3adb109958c9904ae7f966ead3
-
SHA256
1de64702f8f94e5a6b28fa6a699c1d5dc782a4d691181efe86f63d7967c1af2b
-
SHA512
09269e8ad9ebe80e4895e3082dd66a728a1094cad3eb0dcd0270cf29695e874c01e94208fa371c26a6ab0fd7699cc84173ffad2f82a1e6fa701242dc01353b18
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND+3T4+DQmqc7vMohS:ymb3NkkiQ3mdBjF+3TCg7EQS
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12180c3605b3e9d5bfa6e6f990b012d8_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\12180c3605b3e9d5bfa6e6f990b012d8_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxlfrr.exec:\xxxlfrr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnnhh.exec:\hbnnhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1vpjd.exec:\1vpjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdv.exec:\jjjdv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rllfxxr.exec:\rllfxxr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxxrrll.exec:\xxxrrll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tnbbtt.exec:\tnbbtt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bhhhhn.exec:\bhhhhn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpjpd.exec:\dpjpd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5lrrlll.exec:\5lrrlll.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nbhhhh.exec:\nbhhhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jdjjd.exec:\jdjjd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vjvvp.exec:\vjvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxfxxrr.exec:\fxfxxrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbnntt.exec:\hbnntt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dpppj.exec:\dpppj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\ppvpj.exec:\ppvpj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rxffxlx.exec:\rxffxlx.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhbtt.exec:\nhhbtt.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3dvvj.exec:\3dvvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1xfxrlf.exec:\1xfxrlf.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nhhhbb.exec:\nhhhbb.exe23⤵
- Executes dropped EXE
-
\??\c:\pdjpp.exec:\pdjpp.exe24⤵
- Executes dropped EXE
-
\??\c:\xxxrlxx.exec:\xxxrlxx.exe25⤵
- Executes dropped EXE
-
\??\c:\fxlxxxf.exec:\fxlxxxf.exe26⤵
- Executes dropped EXE
-
\??\c:\ttthnh.exec:\ttthnh.exe27⤵
- Executes dropped EXE
-
\??\c:\3vdvv.exec:\3vdvv.exe28⤵
- Executes dropped EXE
-
\??\c:\rlrrrrr.exec:\rlrrrrr.exe29⤵
- Executes dropped EXE
-
\??\c:\bhnttb.exec:\bhnttb.exe30⤵
- Executes dropped EXE
-
\??\c:\vjpdd.exec:\vjpdd.exe31⤵
- Executes dropped EXE
-
\??\c:\djvjv.exec:\djvjv.exe32⤵
- Executes dropped EXE
-
\??\c:\xrlxlfr.exec:\xrlxlfr.exe33⤵
- Executes dropped EXE
-
\??\c:\bbhhbb.exec:\bbhhbb.exe34⤵
- Executes dropped EXE
-
\??\c:\hnbnnt.exec:\hnbnnt.exe35⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe36⤵
- Executes dropped EXE
-
\??\c:\ppvvv.exec:\ppvvv.exe37⤵
- Executes dropped EXE
-
\??\c:\hbhhbb.exec:\hbhhbb.exe38⤵
- Executes dropped EXE
-
\??\c:\nhhhbb.exec:\nhhhbb.exe39⤵
- Executes dropped EXE
-
\??\c:\vvvdd.exec:\vvvdd.exe40⤵
- Executes dropped EXE
-
\??\c:\xrllrrx.exec:\xrllrrx.exe41⤵
- Executes dropped EXE
-
\??\c:\xxxxrrr.exec:\xxxxrrr.exe42⤵
- Executes dropped EXE
-
\??\c:\nhnhtn.exec:\nhnhtn.exe43⤵
- Executes dropped EXE
-
\??\c:\hntnhh.exec:\hntnhh.exe44⤵
- Executes dropped EXE
-
\??\c:\rrxlrxr.exec:\rrxlrxr.exe45⤵
- Executes dropped EXE
-
\??\c:\bbtbtt.exec:\bbtbtt.exe46⤵
- Executes dropped EXE
-
\??\c:\nhhbtt.exec:\nhhbtt.exe47⤵
- Executes dropped EXE
-
\??\c:\pdjpj.exec:\pdjpj.exe48⤵
- Executes dropped EXE
-
\??\c:\5vvpj.exec:\5vvpj.exe49⤵
- Executes dropped EXE
-
\??\c:\xlrrlll.exec:\xlrrlll.exe50⤵
- Executes dropped EXE
-
\??\c:\bnbbbb.exec:\bnbbbb.exe51⤵
- Executes dropped EXE
-
\??\c:\jpppp.exec:\jpppp.exe52⤵
- Executes dropped EXE
-
\??\c:\nnhhhh.exec:\nnhhhh.exe53⤵
- Executes dropped EXE
-
\??\c:\vppjd.exec:\vppjd.exe54⤵
- Executes dropped EXE
-
\??\c:\lxxxrxl.exec:\lxxxrxl.exe55⤵
- Executes dropped EXE
-
\??\c:\hhhhhn.exec:\hhhhhn.exe56⤵
- Executes dropped EXE
-
\??\c:\bhtttt.exec:\bhtttt.exe57⤵
- Executes dropped EXE
-
\??\c:\jpjpv.exec:\jpjpv.exe58⤵
- Executes dropped EXE
-
\??\c:\ppjdp.exec:\ppjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\3fxlxrx.exec:\3fxlxrx.exe60⤵
- Executes dropped EXE
-
\??\c:\rfxrfrl.exec:\rfxrfrl.exe61⤵
- Executes dropped EXE
-
\??\c:\hhtbhh.exec:\hhtbhh.exe62⤵
- Executes dropped EXE
-
\??\c:\nbnhtn.exec:\nbnhtn.exe63⤵
- Executes dropped EXE
-
\??\c:\jvddv.exec:\jvddv.exe64⤵
- Executes dropped EXE
-
\??\c:\pjjdv.exec:\pjjdv.exe65⤵
- Executes dropped EXE
-
\??\c:\rxrfxxf.exec:\rxrfxxf.exe66⤵
-
\??\c:\llffxxr.exec:\llffxxr.exe67⤵
-
\??\c:\ttnbtt.exec:\ttnbtt.exe68⤵
-
\??\c:\nhnhtb.exec:\nhnhtb.exe69⤵
-
\??\c:\vvvvv.exec:\vvvvv.exe70⤵
-
\??\c:\rxfxxfx.exec:\rxfxxfx.exe71⤵
-
\??\c:\hbbthh.exec:\hbbthh.exe72⤵
-
\??\c:\dpvpj.exec:\dpvpj.exe73⤵
-
\??\c:\rrxxrxx.exec:\rrxxrxx.exe74⤵
-
\??\c:\rflffxr.exec:\rflffxr.exe75⤵
-
\??\c:\nhntnh.exec:\nhntnh.exe76⤵
-
\??\c:\ntbnbt.exec:\ntbnbt.exe77⤵
-
\??\c:\pvvvp.exec:\pvvvp.exe78⤵
-
\??\c:\vpvpj.exec:\vpvpj.exe79⤵
-
\??\c:\xllfxfx.exec:\xllfxfx.exe80⤵
-
\??\c:\bhhnnn.exec:\bhhnnn.exe81⤵
-
\??\c:\ttbttn.exec:\ttbttn.exe82⤵
-
\??\c:\vpppd.exec:\vpppd.exe83⤵
-
\??\c:\vjjpd.exec:\vjjpd.exe84⤵
-
\??\c:\fxxrffx.exec:\fxxrffx.exe85⤵
-
\??\c:\frlfllx.exec:\frlfllx.exe86⤵
-
\??\c:\hbtnhh.exec:\hbtnhh.exe87⤵
-
\??\c:\7nhbtt.exec:\7nhbtt.exe88⤵
-
\??\c:\jpvpv.exec:\jpvpv.exe89⤵
-
\??\c:\djvpp.exec:\djvpp.exe90⤵
-
\??\c:\rlrxxxx.exec:\rlrxxxx.exe91⤵
-
\??\c:\1xrlffx.exec:\1xrlffx.exe92⤵
-
\??\c:\bbtnhh.exec:\bbtnhh.exe93⤵
-
\??\c:\tnnnbn.exec:\tnnnbn.exe94⤵
-
\??\c:\7pvjv.exec:\7pvjv.exe95⤵
-
\??\c:\pdjdp.exec:\pdjdp.exe96⤵
-
\??\c:\lrxllfx.exec:\lrxllfx.exe97⤵
-
\??\c:\rrrxfrr.exec:\rrrxfrr.exe98⤵
-
\??\c:\bntttt.exec:\bntttt.exe99⤵
-
\??\c:\5bbnnn.exec:\5bbnnn.exe100⤵
-
\??\c:\pjdpd.exec:\pjdpd.exe101⤵
-
\??\c:\jvddv.exec:\jvddv.exe102⤵
-
\??\c:\fxrrfrr.exec:\fxrrfrr.exe103⤵
-
\??\c:\9rrlffx.exec:\9rrlffx.exe104⤵
-
\??\c:\nbhnhn.exec:\nbhnhn.exe105⤵
-
\??\c:\hbbbnb.exec:\hbbbnb.exe106⤵
-
\??\c:\ddjdj.exec:\ddjdj.exe107⤵
-
\??\c:\rllfxrl.exec:\rllfxrl.exe108⤵
-
\??\c:\5fxlflr.exec:\5fxlflr.exe109⤵
-
\??\c:\hnhbbh.exec:\hnhbbh.exe110⤵
-
\??\c:\htttnn.exec:\htttnn.exe111⤵
-
\??\c:\3jjjv.exec:\3jjjv.exe112⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe113⤵
-
\??\c:\llrlffx.exec:\llrlffx.exe114⤵
-
\??\c:\ntbttn.exec:\ntbttn.exe115⤵
-
\??\c:\ntbbbb.exec:\ntbbbb.exe116⤵
-
\??\c:\dvvpj.exec:\dvvpj.exe117⤵
-
\??\c:\7pddv.exec:\7pddv.exe118⤵
-
\??\c:\lxxrfff.exec:\lxxrfff.exe119⤵
-
\??\c:\lflfxxx.exec:\lflfxxx.exe120⤵
-
\??\c:\hhnhhh.exec:\hhnhhh.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-